Skip to content
This repository was archived by the owner on Aug 15, 2025. It is now read-only.

6.01.md

Latest commit

 

History

History
26 lines (18 loc) · 941 Bytes

6.01.md

File metadata and controls

26 lines (18 loc) · 941 Bytes

6.01 - Hosts reaching out to many other hosts or ports per hour

Detect hosts reaching out to many other hosts or ports (> 10) in any given hour, indicating potential scanning activity or infected hosts. List corresponding subnets.

Category: Network Activity
Use Cases: Audit, Detect
Data Sources: VPC Flow Logs

Queries or Rules

BigQuery Log Analytics Google SecOps
SQL SQL YARA-L

Event Generation

No event generation steps provided. Contribute emulation test to this use case.

Sample Event

No log samples provided. Contribute log samples to this use case.