An abnormal communication was seen from an internal entity to a rare external address.
Communicate with malicious code running on your network enabling further access to the endpoint and network, performing software updates on the endpoint, or for taking inventory of infected machines.
Synopsis
Description
An abnormal communication was seen from an internal entity to a rare external address.
Attacker's Goals
Communicate with malicious code running on your network enabling further access to the endpoint and network, performing software updates on the endpoint, or for taking inventory of infected machines.
Investigative actions
- Identify if the external IP address belongs to a reputable organization or an asset used in a public cloud.
- Identify if the source of the traffic is malware. If the source of the traffic is a malicious file, Cortex XDR Analytics also raises a malware alert for the file on the endpoint. Malware may contact legitimate IP addresses, therefore check for unusual apps used, or unusual ports or volumes accessed.
- View all related traffic generated by the suspicious process to understand the purpose.
- Look for other endpoints on your network that are also contacting the suspicious IP address.
- Examine file-system operations performed by the process that initiated the traffic and look for potential artifacts on infected endpoints.
Synopsis
Description
An abnormal communication was seen from an internal entity to a rare external address.
Attacker's Goals
Communicate with malicious code running on your network enabling further access to the endpoint and network, performing software updates on the endpoint, or for taking inventory of infected machines.
Investigative actions
- Identify if the external IP address belongs to a reputable organization or an asset used in a public cloud.
- Identify if the source of the traffic is malware. If the source of the traffic is a malicious file, Cortex XDR Analytics also raises a malware alert for the file on the endpoint. Malware may contact legitimate IP addresses, therefore check for unusual apps used, or unusual ports or volumes accessed.
- View all related traffic generated by the suspicious process to understand the purpose.
- Look for other endpoints on your network that are also contacting the suspicious IP address.
- Examine file-system operations performed by the process that initiated the traffic and look for potential artifacts on infected endpoints.
Synopsis
Description
An abnormal communication was seen from an internal entity to a rare external address.
Attacker's Goals
Communicate with malicious code running on your network enabling further access to the endpoint and network, performing software updates on the endpoint, or for taking inventory of infected machines.
Investigative actions
- Identify if the external IP address belongs to a reputable organization or an asset used in a public cloud.
- Identify if the source of the traffic is malware. If the source of the traffic is a malicious file, Cortex XDR Analytics also raises a malware alert for the file on the endpoint. Malware may contact legitimate IP addresses, therefore check for unusual apps used, or unusual ports or volumes accessed.
- View all related traffic generated by the suspicious process to understand the purpose.
- Look for other endpoints on your network that are also contacting the suspicious IP address.
- Examine file-system operations performed by the process that initiated the traffic and look for potential artifacts on infected endpoints.
Synopsis
Description
An abnormal communication was seen from an internal entity to a rare external address.
Attacker's Goals
Communicate with malicious code running on your network enabling further access to the endpoint and network, performing software updates on the endpoint, or for taking inventory of infected machines.
Investigative actions
- Identify if the external IP address belongs to a reputable organization or an asset used in a public cloud.
- Identify if the source of the traffic is malware. If the source of the traffic is a malicious file, Cortex XDR Analytics also raises a malware alert for the file on the endpoint. Malware may contact legitimate IP addresses, therefore check for unusual apps used, or unusual ports or volumes accessed.
- View all related traffic generated by the suspicious process to understand the purpose.
- Look for other endpoints on your network that are also contacting the suspicious IP address.
- Examine file-system operations performed by the process that initiated the traffic and look for potential artifacts on infected endpoints.
Synopsis
Description
An abnormal communication was seen from an internal entity to a rare external address.
Attacker's Goals
Communicate with malicious code running on your network enabling further access to the endpoint and network, performing software updates on the endpoint, or for taking inventory of infected machines.
Investigative actions
- Identify if the external IP address belongs to a reputable organization or an asset used in a public cloud.
- Identify if the source of the traffic is malware. If the source of the traffic is a malicious file, Cortex XDR Analytics also raises a malware alert for the file on the endpoint. Malware may contact legitimate IP addresses, therefore check for unusual apps used, or unusual ports or volumes accessed.
- View all related traffic generated by the suspicious process to understand the purpose.
- Look for other endpoints on your network that are also contacting the suspicious IP address.
- Examine file-system operations performed by the process that initiated the traffic and look for potential artifacts on infected endpoints.
Synopsis
Description
An abnormal communication was seen from an internal entity to a rare external address.
Attacker's Goals
Communicate with malicious code running on your network enabling further access to the endpoint and network, performing software updates on the endpoint, or for taking inventory of infected machines.
Investigative actions
- Identify if the external IP address belongs to a reputable organization or an asset used in a public cloud.
- Identify if the source of the traffic is malware. If the source of the traffic is a malicious file, Cortex XDR Analytics also raises a malware alert for the file on the endpoint. Malware may contact legitimate IP addresses, therefore check for unusual apps used, or unusual ports or volumes accessed.
- View all related traffic generated by the suspicious process to understand the purpose.
- Look for other endpoints on your network that are also contacting the suspicious IP address.
- Examine file-system operations performed by the process that initiated the traffic and look for potential artifacts on infected endpoints.