LoFP
/
t1590
t1590
Title
Tags
a misconfgured network application or firewall may trigger this alert. security scans or test cycles may trigger this alert.
t1041
t1046
t1071
t1498
t1499
t1590
ml
elastic
expected if you legitimately use the advanced ip or port scanner utilities in your environement.
t1590
sigma
legitimate dns queries to llm model hosting platforms by authorized developers, ml engineers, and researchers during model training, fine-tuning, or experimentation. approved ai/ml sandboxes and lab environments where llm model downloads are expected. automated ml pipelines and workflows that interact with llm model hosting services as part of their normal operation. third-party applications and services that access llm model platforms for legitimate purposes.
t1590
endpoint
splunk
legitimate usage of ip lookup services such as ipify api
t1590
windows
sigma
LoFP
/
t1590