LoFP LoFP / t1595

t1595

TitleTags
some administrator activity can be potentially triggered, please add those users to the filter macro.
there is a potential for false positives if the container is used for legitimate tasks that require the use of network utilities, such as network troubleshooting, testing or system monitoring. it is important to investigate any alerts generated by this rule to determine if they are indicative of malicious activity or part of legitimate container activity.