Netography Detection Model Release – May 1, 2023
The Netography Threat Research Team has released its latest detections:
The team creates Netography Detection Models (NDMs) to detect command and control, invalid traffic, peer-to-peer communication, data exfiltration, phishing, SPAM, Distributed Denial of Service (DDoS) activity and more. These powerful threat and network configuration detection models are included at no additional charge and are continuously refined, with new NDMs being added frequently as threats evolve. There is no need to download packages or push updates, as all models are fully open for your analysts to work with.
Netography Detection Model Updates:
Threat Detection
external_kerberos_access – This NDM was adjusted to improve efficacy.
knownbotnet – This NDM was adjusted to improve efficacy.
knownddos – This NDM was adjusted to improve efficacy.
knownmobilethreat – This NDM was adjusted to improve efficacy.
knownspamsrc – This NDM was adjusted to improve efficacy.
knownphisher – This NDM was adjusted to improve efficacy.
knownproxy – This NDM was adjusted to improve efficacy.
knowntorproxy – This NDM was adjusted to improve efficacy.
knownwebattack – This NDM was adjusted to improve efficacy.
Post-Compromise Detection
outbound_tor_connection – This NDM was adjusted to use Netography Threat Research generated intelligence.
inbound_established_non_http – This NDM looks for established connections between two hosts on high port connections. This NDM is disabled by default and results will need to be reviewed for efficacy and tuning using the “Discard” function in the customer’s NDM environment.
The Netography Threat Research Team constantly updates and improves our detection capabilities, seamlessly integrating them into the Netography Fusion® platform, so our customers can write once, then detect everywhere.