Network Detections

Name	Data Source	Technique	Type	Analytic Story	Date
Detect Large Outbound ICMP Packets	Palo Alto Network Traffic	Non-Application Layer Protocol	TTP	Backdoor Pingpong, China-Nexus Threat Activity, Command And Control	2025-05-02
Cisco Secure Firewall - Bits Network Activity	Cisco Secure Firewall Threat Defense Connection Event	N/A	Anomaly	Cisco Secure Firewall Threat Defense Analytics	2025-05-02
Detect IPv6 Network Infrastructure Threats		Hardware Additions Network Denial of Service ARP Cache Poisoning	TTP	Router and Infrastructure Security	2025-05-02
Detect Large ICMP Traffic	Palo Alto Network Traffic	Non-Application Layer Protocol	TTP	Backdoor Pingpong, China-Nexus Threat Activity, Command And Control	2025-05-02
Detect Outbound LDAP Traffic	Palo Alto Network Traffic	Exploit Public-Facing Application Command and Scripting Interpreter	Hunting	Log4Shell CVE-2021-44228	2025-05-02
Detect Remote Access Software Usage Traffic	Palo Alto Network Traffic	Remote Access Tools	Anomaly	Command And Control, Insider Threat, Ransomware, Remote Monitoring and Management Software	2025-05-02
Detect Software Download To Network Device		TFTP Boot	TTP	Router and Infrastructure Security	2025-05-02
F5 BIG-IP iControl REST Vulnerability CVE-2022-1388	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	TTP	CISA AA24-241A, F5 BIG-IP Vulnerability CVE-2022-1388	2025-05-02
Hosts receiving high volume of network traffic from email server		Remote Email Collection	Anomaly	Collection and Staging	2025-05-02
Prohibited Network Traffic Allowed	Zeek Conn	Exfiltration Over Alternative Protocol	TTP	Command And Control, Prohibited Traffic Allowed or Protocol Mismatch, Ransomware	2025-05-02
Remote Desktop Network Traffic	Zeek Conn	Remote Desktop Protocol	Anomaly	Active Directory Lateral Movement, Hidden Cobra Malware, Ryuk Ransomware, SamSam Ransomware	2025-05-02
TOR Traffic	Palo Alto Network Traffic	Multi-hop Proxy	TTP	Command And Control, NOBELIUM Group, Prohibited Traffic Allowed or Protocol Mismatch, Ransomware	2025-05-02
Citrix ADC Exploitation CVE-2023-3519	Palo Alto Network Threat	Exploit Public-Facing Application	Hunting	CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519	2025-05-02
Confluence Unauthenticated Remote Code Execution CVE-2022-26134	Palo Alto Network Threat	Server Software Component Exploit Public-Facing Application External Remote Services	TTP	Atlassian Confluence Server and Data Center CVE-2022-26134, Confluence Data Center and Confluence Server Vulnerabilities	2025-05-02
Detect Remote Access Software Usage URL	Palo Alto Network Threat	Remote Access Tools	Anomaly	CISA AA24-241A, Command And Control, Insider Threat, Ransomware, Remote Monitoring and Management Software	2025-05-02
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	TTP	Fortinet FortiNAC CVE-2022-39952	2025-05-02
Fortinet Appliance Auth bypass	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	TTP	CVE-2022-40684 Fortinet Appliance Auth bypass	2025-05-02
Juniper Networks Remote Code Execution Exploit Detection	Suricata	Exploit Public-Facing Application Ingress Tool Transfer Command and Scripting Interpreter	TTP	Juniper JunOS Remote Code Execution	2025-05-02
VMWare Aria Operations Exploit Attempt	Palo Alto Network Threat	External Remote Services Exploit Public-Facing Application Exploitation of Remote Services Exploitation for Privilege Escalation	TTP	VMware Aria Operations vRealize CVE-2023-20887	2025-05-02
VMware Server Side Template Injection Hunt	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	Hunting	VMware Server Side Injection and Privilege Escalation	2025-05-02
VMware Workspace ONE Freemarker Server-side Template Injection	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	Anomaly	VMware Server Side Injection and Privilege Escalation	2025-05-02