Logpoint - Logpoint NDR - NDR Notifications/Detections
Latest (latest)
Logpoint - Logpoint NDR - NDR Notifications/Detections
Version:
Latest (latest)
×
Page Contents
Table of Content
Table of Content
¶
NDR Notifications/Detections
Software version changed
Vulnerable version
Traceroute detected
Address scan detected
Port scan detected
FTP brute force login detected
FTP site execute detected
HTTP SQL injection detected
HTTP SQL injection victim detected
Secure com password guessing attempts detected
Interesting hostname login
Invalid OCSP response detected
Weak key for encryption
Weak cipher for encryption
DarkNet or Tor activity detected
Blacklist match file
Blacklist match domain
Blacklist match HTTP
Blacklist match SSL
Blacklist match SSH
Blacklist match certificate
Blacklist match IP
P2P port usage
BitTorrent port usage
P2P traffic patterns
RDP Outgoing Connection
DNS Multiple Domain Not Found
DNS Tunnelling
Point Anomaly
Anomaly - Out of hours
Anomaly - Data Transfer
Anomaly - Unusual Context
Anomaly - Unexpected Service
Anomaly - Unexpected Interaction
Anomaly - Unexpected Port
Anomaly - Unexpected Service And Port
SMB Suspicious File Renaming
Crypto Currencies Mining Pool Activity
Reverse SSH
SSH external connection
Bruteforce attack
HTTP Authentication Bruteforce
Misconfigured HTTP basic auth client
SSH failed attempts
Sensitive file
HTTP Crawler
Global address scan
Global port scan
Cloud Filesharing Usage
External SMTP e-mail server
External IMAP e-mail server
External POP3 e-mail server
External DNS server
Credential dumping using RPC
Event log clearing or forced reboot using RPC
Remote execution using RPC
Lateral movement using SMB admin shares
Lateral movement and execution
Persistence using RPC
Expired SSL certificate from external server
Expired SSL certificate from internal server
Soon to expire SSL certificate from external server
Soon to expire SSL certificate from internal server
Not yet valid SSL certificate from external server
Not yet valid SSL certificate from internal server
Invalid SSL certificate from external server
Invalid SSL certificate from internal server
Vulnerable internal SSL connection (ID 68)
Vulnerable internal SSL connection (ID 69)
Large transfer sent to internal host
Large transfer sent to external host
Large transfer downloaded from internal host
Large transfer downloaded from external host
DNS over HTTPS (DOH) usage
Helpful?
Yes
No
We are glad this guide helped.
Please don't include any personal information in your comment
Contact Support
×
Navigation
next
NDR Notifications/Detections latest documentation
»
