Make something useful for Commonly Used Port category

Question

Make something useful for Commonly Used Port category

Opened this issue 5 years ago · 0 comments

Blanket alerting on ports in the Commonly Used Port category - https://attack.mitre.org/techniques/T1043/ - tends to make a super-massive FP / noise flood. Develop a high signal / noise search set for network events using network behavioral profiling and anomaly detection.