Link Search Menu Expand Document

Device_Bandwidth_Exceeds_Threshold

ID: 100236

Description:

A device has used more than 1GB in the last 12 hours

Repository: Group: Network Type: metaflow

Default Status:

Disabled

Tags:
Network
 

Selector:

Query:

sip:192.168.50.* OR dip:192.168.50.*

Filters:

Field MUST hit
   
Field MUST NOT hit
   

Behavior Rule:

Key Type Behavior Category
meta.device asset application activity

Risks:

Risks Base Score Dimension
     

Attributes:

Alias Key
TotalBytes totalB
Device meta.device
SourceIP sip
TransBytes txB
RecvBytes rxB
Hostname s_asset.hostname

Correlation Rules:

Aggregation:

Name Window Field AggType Match
ThresholdExceeded 12 hours totalB sum gt 1e+09
  Risks: BANDWIDTH_ANOMALY    

History:

User Date
em*n@fluencysecurity.com 2021 Apr 17 04:21:35 EDT
em*n@fluencysecurity.com 2021 Apr 19 14:11:08 EDT
ho*d@fluencysecurity.com 2021 Apr 19 16:11:59 EDT

This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)