LetsDefend Monitoring Alert
Potential Network Sniffing Activity Detected
May, 28, 2024, 02:51 PM
Event ID: 260
Event Time: May, 28, 2024, 02:51 PM
Rule Name: SOC284 - Potential Network Sniffing Activity Detected
Alert Type: Unauthorized Access
MITRE Technique:
T1078 - Initial Access - Valid Accounts,
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1560 - Collection - Archive Collected Data,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,
T1040 - Discovery - Network Sniffing,
Severity: Medium
Incident Responder