EXPLORE
← Back to Explore
T1049

System Network Connections Discovery

Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for information over the network. An adversary who gains access to a system that is part of a cloud-based environment may map out Virtual Private Clouds or Virtual Networks in order to determine what systems and services are connected. The actions performed are likely the same types of discovery techniques depending on the operating s...

ESXiIaaSLinuxmacOSNetwork DevicesWindows
22
Detections
3
Sources
32
Threat Actors

BY SOURCE

8sigma8splunk_escu6elastic

PROCEDURES (13)

Process Creation Monitoring3 detections

Auto-extracted: 3 detections for process creation monitoring

Service2 detections

Auto-extracted: 2 detections for service

Remote2 detections

Auto-extracted: 2 detections for remote

Remote2 detections

Auto-extracted: 2 detections for remote

Remote2 detections

Auto-extracted: 2 detections for remote

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Privilege1 detections

Auto-extracted: 1 detections for privilege

Privilege1 detections

Auto-extracted: 1 detections for privilege

Service1 detections

Auto-extracted: 1 detections for service

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

DETECTIONS (22)