After configuration of a 3rd party intelligence thread feed, an internal host has been observed either generating DNS activity or making direct connections associated with malicious external IPs or Domains identified by Vectra Threat Intelligence.
Possible Root Causes
A host is communicating with a confirmed malicious IP or Domain that may be associated with staged malware, command and control, or client-side attacks.
A user has been redirected to a site associated with phishing or credential compromise.
A host is communicating with a benign service co-hosted on an IP or Domain with a poor or malicious reputation.
Business Impact
Compromised assets or user credentials provide adversaries with the internal foothold necessary to begin to stage an attack.
The identification of internal connections to known bad IP addresses or domains demonstrates positive risk to organizational assets and users and may indicate active attack progression.
Steps to Verify
Investigate the host and accounts associated for further indications of compromise.
Using appropriate operational security and safeguards, verify the risk posed by this known bad IP or Domain by consulting external third party sources.
Verify if supplemental preventative security controls protected the asset from full communication.
In the case of phishing, verify with the user if credentials may have been compromised or take appropriate risk-based containment activities to include session revocation and password resets.
Verify host integrity, the presence of new, unauthorized, or malicious software, and take appropriate incident handling or response activities.
Vectra Threat Intelligence Match
Possible root causes
Malicious Detection
Benign Detection
Vectra Threat Intelligence Match
Example scenarios
Vectra Threat Intelligence Match
Business impact
If this detection indicates a genuine threat, the organization faces significant risks:
Our interactive demo provides a deep dive into the advanced capabilities of our cybersecurity platform, showcasing real-time detection, comprehensive analysis, and proactive threat mitigation.
Don't just read about the possibilities – experience them.