Skip to content

Latest commit

 

History

History
41 lines (34 loc) · 1.49 KB

LEGACY-S00056.md

File metadata and controls

41 lines (34 loc) · 1.49 KB
Raw

Rules: Outbound TFTP Traffic

Description

TFTP is rarely used externally and has been observed as a means to deliver malicious code from the outside.

Additional Details

Detail Value
Type Match
Category Execution
Apply Risk to Entities device_ip, user_username, device_hostname, srcDevice_ip
Signal Name Outbound TFTP Traffic
Summary Expression Outbound TFTP traffic from IP: {{srcDevice_ip}} to IP: {{dstDevice_ip}}
Score/Severity Static: 5
Enabled by Default True
Prototype False
Tags _mitreAttackTactic:TA0002, _mitreAttackTactic:TA0011, _mitreAttackTechnique:T1071, _mitreAttackTechnique:T1071.002

Vendors and Products

Fields Used

Origin Field
Normalized Schema device_hostname
Normalized Schema device_ip
Normalized Schema dstDevice_ip_isInternal
Normalized Schema dstPort
Normalized Schema ipProtocol
Normalized Schema listMatches
Normalized Schema srcDevice_ip
Normalized Schema srcDevice_ip_isInternal
Normalized Schema user_username