Skip to content

Latest commit

 

History

History
22 lines (16 loc) · 600 Bytes

6.11.md

File metadata and controls

22 lines (16 loc) · 600 Bytes

6.11 - Connections to a malicious IP

Detect any connection to a known malicious IP (hardcoded).

Category: Network Activity
Use Cases: Detect, Respond
Data Sources: VPC Flow Logs

Queries or Rules

BigQuery Chronicle
SQL Contribute rule

Event Generation

No event generation steps provided. Contribute emulation test to this use case.

Sample Event

No log samples provided. Contribute log samples to this use case.