Link Search Menu Expand Document

Client_Upload_Bandwidth_Threshold_Exceeded

ID: 100238

Description:

Client upload bandwidth exceeded 1GB threshold within an hour

Repository: Group: Network Type: event

Default Status:

Disabled

Tags:
Network
 

Selector:

Query:

Filters:

Field MUST hit
   
Field MUST NOT hit
   

Behavior Rule:

Key Type Behavior Category
@fields.client_mac mac address application activity

Risks:

Risks Base Score Dimension
     

Attributes:

Alias Key
ClientMAC @fields.client_mac
Source @source
Sender @sender
TransBytes @fields.txB

Correlation Rules:

Aggregation:

Name Window Field AggType Match
ThresholdExceeded 1 hour @fields.txB sum gt 1e+09
  Risks: BANDWIDTH_ANOMALY    

History:

User Date
em*n@fluencysecurity.com 2021 Apr 17 04:37:50 EDT

This page was automatically created/formatted on Tue, 2021 Oct 19 00:29:17 EDT, from rule_dump.json (db47c470500ce8686ead334f5eda0596)