Products: Amazon AWS - VpcFlowLogs
Rule ID | Rule Name |
---|---|
MATCH-S00553 | Allowed Inbound RDP Traffic |
THRESHOLD-S00003 | Amazon VPC - Network Scan |
THRESHOLD-S00004 | Amazon VPC - Port Scan |
THRESHOLD-S00074 | Excessive Firewall Denies |
THRESHOLD-S00085 | Excessive Outbound Firewall Blocks |
MATCH-S00454 | Firewall Allowed SMB Traffic |
FIRST-S00030 | First Seen Outbound Connection to External IP Address on Port 445 from IP Address |
FIRST-S00025 | First Seen SMB Allowed Traffic From IP |
THRESHOLD-S00079 | Inbound Port Scan |
MATCH-S00554 | Outbound IRC Traffic |
THRESHOLD-S00048 | Outbound Traffic to Countries Outside the United States |
MATCH-S00558 | Potential Inbound VNC Traffic |
MATCH-S00502 | RDP Traffic to Unexpected Host |
MATCH-S00560 | SMTP Traffic from Non-SMTP Servers |
MATCH-S00555 | Threat Intel - Inbound Traffic Context |
LEGACY-S00107 | Threat Intel Match - IP Address |
Log Mapper ID | Log Mapper Name |
---|---|
63a6eb64-cb0f-49c3-9155-b54b0bd62d46 | AWS VPC Flow Logs - Default Format |
edc80da0-7594-413c-9b55-3f1c1bad3acf | AWS VPC Flow Logs - JSON Format |