LoFP
/
t1189
t1189
Title
Tags
internal vulnerability scanners can cause some serious fps when used, if you experience a lot of fps due to this think of adding more filters such as \"user agent\" strings and more response codes
t1189
t1190
t1221
sigma
javascripts,css files and png files
t1189
sigma
legitimate browser install, update and recovery scripts
t1059
t1189
t1203
macos
sigma
some users and applications may leverage dynamic dns to reach out to some domains on the internet since dynamic dns by itself is not malicious, however this activity must be verified.
t1189
endpoint
splunk
unknown flash download locations
t1036
t1036.005
t1189
t1204
t1204.002
sigma
user searches in search boxes of the respective website
t1189
t1190
t1221
t1505
t1505.003
sigma
web activity that occurs rarely in small quantities can trigger this alert. possible examples are browsing technical support or vendor urls that are used very sparsely. a user who visits a new and unique web destination may trigger this alert when the activity is sparse. web applications that generate urls unique to a transaction may trigger this when they are used sparsely. web domains can be excluded in cases such as these.
t1041
t1071
t1102
t1105
t1189
t1566
ml
elastic
LoFP
/
t1189