Phoenix
Sigma IntelligenceBeta
Back to Rules
Compliancelowstable

Cleartext Protocol Usage Via Netflow

Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels Ensure that an encryption is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Launch
Alexandr Yampolskyi, SOC PrimeCreated Tue Mar 26Updated Fri Nov 187e4bfe58-4a47-4709-828d-d86c78b7cc1fother
Log Source
netflow
Servicenetflow← raw: netflow
Detection Logic
Detection Logic1 selector
detection:
    selection:
        destination.port:
            - 8080
            - 21
            - 80
            - 23
            - 50000
            - 1521
            - 27017
            - 1433
            - 11211
            - 3306
            - 15672
            - 5900
            - 5901
            - 5902
            - 5903
            - 5904
    condition: selection
False Positives
Unknown

False positive likelihood has not been assessed. Additional context may be needed during triage.

References
1
Resolving title…
cisecurity.org
2
Resolving title…
pcisecuritystandards.org
3
Resolving title…
nvlpubs.nist.gov
MITRE ATT&CK
Rule Metadata
Rule ID
7e4bfe58-4a47-4709-828d-d86c78b7cc1f
Status
stable
Level
low
Type
Compliance
Created
Tue Mar 26
Modified
Fri Nov 18
Author
Alexandr Yampolskyi, SOC Prime
Path
rules-compliance/other/netflow_cleartext_protocols.yml
Raw Tags
attack.credential-access
View on GitHub