Skip to content

Latest commit

 

History

History
24 lines (18 loc) · 783 Bytes

6.10.md

File metadata and controls

24 lines (18 loc) · 783 Bytes

6.10 - Connections from a new IP to an in-scope network

Connections from a new IP to a subnet, say prod-customer-data subnet, which is in-scope (e.g. GDPR, PCI, or other). New IP is any src IP address first-time seen in the last 24 hours. Default lookback window is 60 days.

Category: Network Activity
Use Cases: Audit, Detect, Respond
Data Sources: VPC Flow Logs

Queries or Rules

BigQuery Chronicle
SQL Contribute rule

Event Generation

No event generation steps provided. Contribute emulation test to this use case.

Sample Event

No log samples provided. Contribute log samples to this use case.