DDI RULE 4634

October 30, 2021

Email
Facebook
Twitter
Google+
Linkedin

DESCRIPTION NAME:

Encryption Channel - HTTP(Request)

CONFIDENCE LEVEL: HIGH

SEVERITY INBOUND:

SEVERITY OUTBOUND:

Informational

Low

Medium

High

OVERVIEW

TECHNICAL DETAILS

Attack Phase: Command and Control Communication

Protocol: HTTP

Risk Type: OTHERS
(Note: OTHERS can be network connections related to hacking attempts, exploits, connections done by grayware, or suspicious traffic.)

Threat Type: Suspicious Behavior

Confidence Level: High

Severity: Informational(Outbound)

DDI Default Rule Status: Disable

Event Class: Suspicious Traffic

Event Sub Class: HTTP

Behavior Indicator: Suspicious Traffic

APT Related: YES

SOLUTION

Network Content Inspection Pattern Version: 1.14713.00

Network Content Inspection Pattern Release Date: 27 Oct 2021

Network Content Correlation Pattern Version: 1.14597.00

Network Content Correlation Pattern Release Date: 27 Oct 2021

Did this description help? Tell us how we did.