Device_Bandwidth_Exceeds_Threshold
ID: 100236
Description:
A device has used more than 1GB in the last 12 hours
Repository: Group: Network Type: metaflow
Default Status:
Disabled
| Tags: |
|---|
| Network |
Selector:
Query:
sip:192.168.50.* OR dip:192.168.50.*
Filters:
| Field | MUST hit |
|---|---|
| Field | MUST NOT hit |
|---|---|
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| meta.device | asset | application activity |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
Attributes:
| Alias | Key |
|---|---|
| TotalBytes | totalB |
| Device | meta.device |
| SourceIP | sip |
| TransBytes | txB |
| RecvBytes | rxB |
| Hostname | s_asset.hostname |
Correlation Rules:
Aggregation:
| Name | Window | Field | AggType | Match |
|---|---|---|---|---|
| ThresholdExceeded | 12 hours | totalB | sum | gt 1e+09 |
| Risks: | BANDWIDTH_ANOMALY |
History:
| User | Date |
|---|---|
| em*n@fluencysecurity.com | 2021 Apr 17 04:21:35 EDT |
| em*n@fluencysecurity.com | 2021 Apr 19 14:11:08 EDT |
| ho*d@fluencysecurity.com | 2021 Apr 19 16:11:59 EDT |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)