New Link Detected
link refers to source and destination and port. a new link will appear when a source and destination that haven't spoken before will speak for the first time
ID Number
9000003
Signature
-
MITRE ATT&CK Technique
-
Severity
medium
Recommendations/Investigative actions
Identify the source and destination, call the POC(Point of contact) to check If the communication is authorized - close the event. If not look for a relevant cyber attack alerts on the same time, can be an attempt to perform leteral movement. If one of the IPs from the internet check if there any relations with a known virus