Client_Upload_Bandwidth_Threshold_Exceeded
ID: 100238
Description:
Client upload bandwidth exceeded 1GB threshold within an hour
Repository: Group: Network Type: event
Default Status:
Disabled
| Tags: |
|---|
| Network |
Selector:
Query:
Filters:
| Field | MUST hit |
|---|---|
| Field | MUST NOT hit |
|---|---|
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @fields.client_mac | mac address | application activity |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
Attributes:
| Alias | Key |
|---|---|
| ClientMAC | @fields.client_mac |
| Source | @source |
| Sender | @sender |
| TransBytes | @fields.txB |
Correlation Rules:
Aggregation:
| Name | Window | Field | AggType | Match |
|---|---|---|---|---|
| ThresholdExceeded | 1 hour | @fields.txB | sum | gt 1e+09 |
| Risks: | BANDWIDTH_ANOMALY |
History:
| User | Date |
|---|---|
| em*n@fluencysecurity.com | 2021 Apr 17 04:37:50 EDT |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)