Cleartext Protocol Usage Via Netflow

Original Source: [Sigma source]
Title: Cleartext Protocol Usage Via Netflow
Status: stable
Description:Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels Ensure that an encryption is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access.
References:
  -https://www.cisecurity.org/controls/cis-controls-list/
   -https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
   -https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
 Author: Alexandr Yampolskyi, SOC Prime
Date: 2019-03-26
modified:2022-11-18
Tags:
  • -'attack.credential-access'
Logsource:
  • service: netflow
Detection:
  selection:
    destination.port:
      -'8080'
      -'21'
      -'80'
      -'23'
      -'50000'
      -'1521'
      -'27017'
      -'1433'
      -'11211'
      -'3306'
      -'15672'
      -'5900'
      -'5901'
      -'5902'
      -'5903'
      -'5904'

  condition:selection
Falsepositives:
  -Unknown
Level: low

© 2024 DetectionCode Website. All Rights Reserved.