ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection
This alert is triggered when there is unusual traffic to port 1433 (commonly used by Microsoft SQL Server) with a high volume of SYN packets, suggesting a potential scan or infection attempt.
NF – TLD domain – .su DNS quer
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .su (Soviet Union). The .su domain remains in use today and is less regulated, making it attractive to hackers, scammers, and cybercriminals.
NF – POLICY – Windows XP making Internet connection – IE 6 – Company Policy Violation
This alert is triggered when a Windows XP machine with Internet Explorer 6 attempts to connect to an external HTTP server. Windows XP is outdated and insecure, making such connections a potential policy violation.
NF – POLICY – Windows XP making Internet connection – IE 7 – Company Policy Violation
This alert is triggered when a Windows XP machine with Internet Explorer 7 attempts to connect to an external HTTP server. Windows XP is outdated and insecure, making such connections a potential policy violation.
NF – POLICY – Windows XP making Internet connection – IE 8 – Company Policy Violation
This alert is triggered when a Windows XP machine with Internet Explorer 8 attempts to connect to an external HTTP server. Windows XP is outdated and insecure, making such connections a potential policy violation.