Skip to content

Latest commit

 

History

History
26 lines (18 loc) · 899 Bytes

6.10.md

File metadata and controls

26 lines (18 loc) · 899 Bytes
Raw

6.10 - Connections from a new IP to an in-scope network

Connections from a new IP to a subnet, say prod-customer-data subnet, which is in-scope (e.g. GDPR, PCI, or other). New IP is any src IP address first-time seen in the last 24 hours. Default lookback window is 60 days.

Category: Network Activity
Use Cases: Audit, Detect, Respond
Data Sources: VPC Flow Logs

Queries or Rules

BigQuery Log Analytics Google SecOps
SQL SQL Contribute rule

Event Generation

No event generation steps provided. Contribute emulation test to this use case.

Sample Event

No log samples provided. Contribute log samples to this use case.