LoFP / system updates, scheduled backups, or misconfigured services may trigger this alert.

Techniques

• T1041
• T1068
• T1204
• T1498
• T1499

Sample rules

Spike in host-based traffic

• source: elastic
• technicques:
  • T1041
  • T1068
  • T1204
  • T1498
  • T1499

Description

A machine learning job has detected a sudden spike in host based traffic. This can be due to a range of security issues, such as a compromised system, DDoS attacks, malware infections, privilege escalation, or data exfiltration.

Detection logic