...
Expand | ||
---|---|---|
| ||
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Source table → |
Expand | ||
---|---|---|
| ||
Detect a domain with a TLD, not in Mozilla TLD List. Source table → |
Expand | ||
---|---|---|
| ||
Unusual User Agent length detected. It can be associated with some type of attack or vulnerability. Source table → |
Expand | ||
---|---|---|
| ||
The REvil Ransomware has hit 40 service providers globally due to multiple Kaseya VSA Zero-days. the attack was pushed out via a infected IT Management update from Kaseya. Source table → |
Expand | ||
---|---|---|
| ||
Too long subdomains could be part of Application Layer Protocols. Source table → |
Expand | ||
---|---|---|
| ||
Monitor TXT and ANY responses to detect infiltrations or possible reflection attacks. Source table → |
Expand | ||
---|---|---|
| ||
Possible DNS exfiltration detected. Source table → |
Expand | ||
---|---|---|
| ||
Detects if a tripe A DNS response contains or not an IP announced. In case the response contains a non-announced IPv6, we can think there is a kind of cover-channel communication attempt. Source table → |
Expand | |
---|---|
|
...
| |
Detects suspicious DNS queries to external service interaction domains often used for out-of-band interactions after successful RCE. Source table → |
Expand | |
---|---|
|
...
| |
Alert that checks attempts of exploiting CVE-2021-44228 known as Log4shell. The query looks for payload patterns associated with this vulnerability on the log raw message. This would include payloads included in the url, user-agent header, referer header or POST and PUT HTTP bodies. [WARNING] This alert detects attack patterns and can generate a high volume of events due to the number of scanners currently testing systems on the Internet. It is therefore likely to need some kind of tunning. Source table → |
Expand | ||
---|---|---|
| ||
Alert that checks attempts of exploiting CVE-2021-44228 known as Log4shell. The query looks for payload patterns associated with this vulnerability in the log raw message. This would include payloads included in the URL, user-agent header, referrer header, or POST and PUT HTTP bodies. [WARNING] This alert detects attack patterns and can generate a high volume of events due to the number of scanners currently testing systems on the Internet. It is therefore likely to need some kind of tunning. Source table → |