Skip to content

Commit

Permalink
Add FTP monitoring
Browse files Browse the repository at this point in the history
  • Loading branch information
@mrrothe
mrrothe committed Oct 16, 2023
1 parent 24383b8 commit 2d39da5
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions n4sysmon-dec2020.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -377,6 +377,7 @@
<Image condition="image">psinfo.exe</Image>
<Image name="technique_id=T1218,technique_name=Signed Binary Proxy Execution" condition="image">Mavinject.exe</Image>
<!--Ports: Suspicious-->
<DestinationPort name="FTP" condition="is">21</DestinationPort> <!--FTP - File Transfer-->
<DestinationPort name="SSH" condition="is">22</DestinationPort> <!--SSH protocol, monitor admin connections-->
<DestinationPort name="Telnet" condition="is">23</DestinationPort> <!--Telnet protocol, monitor admin connections, insecure-->
<DestinationPort name="SMTP" condition="is">25</DestinationPort> <!--SMTP mail protocol port, insecure, used by threats-->
Expand Down
1 change: 1 addition & 0 deletions n4sysmon-endpoints.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -377,6 +377,7 @@
<Image condition="image">psinfo.exe</Image>
<Image name="technique_id=T1218,technique_name=Signed Binary Proxy Execution" condition="image">Mavinject.exe</Image>
<!--Ports: Suspicious-->
<DestinationPort name="FTP" condition="is">21</DestinationPort> <!--FTP - File Transfer-->
<DestinationPort name="SSH" condition="is">22</DestinationPort> <!--SSH protocol, monitor admin connections-->
<DestinationPort name="Telnet" condition="is">23</DestinationPort> <!--Telnet protocol, monitor admin connections, insecure-->
<DestinationPort name="SMTP" condition="is">25</DestinationPort> <!--SMTP mail protocol port, insecure, used by threats-->
Expand Down

0 comments on commit 2d39da5

Please sign in to comment.