Large Upload (FTP)
The Cortex XDR – Analytics Large Upload (FTP) alert indicates that a non-FTP server process is transferring an excessive amount of data.
None. All limit values are predetermined.
An entity or device which is not an FTP server is transferring an excessively large amounts of data to a single destination. The data limit used to trigger this alert is predetermined, and is not computed from baseline activity seen on your network.
Transfer data he has stolen from your network to a location that is convenient and useful to him.
- Verify that the source is not an FTP server. If Cortex XDR – Analytics has failed to identify the entity as a valid FTP server, this alert is likely to be a false positive.
- Identify the entity performing the data transfer to determine if the transfer is sanctioned.
- Use Pathfinder to interrogate the endpoint for suspicious artifacts that are using endpoint processes or loaded modules.
Large Upload SMTP
Large Upload (SMTP) The Cortex XDR – Analytics Large Upload (SMTP) alert indicates that an endpoint is emailing an excessive amount of data from your network. ...
Large Upload HTTPs
Large Upload (HTTPS) The Cortex XDR – Analytics Large Upload (HTTPS) alert indicates that an endpoint is transferring an excessive amount of data over HTTP/S to ...
Large Upload Generic
Large Upload (Generic) The Cortex XDR – Analytics Large Upload (Generic) alert indicates that an endpoint is transferring an excessive amount of data to an external ...
The Cortex XDR – Analytics Analytics Engine
Cortex XDR – Analytics uses a parallel processing data engine to analyze network data in order to determine what is and is not normal network activity. ...
Cortex XDR – Analytics Data Exfiltration Alerts
Data Exfiltration Alerts Alert Description Large Upload (FTP) Cortex XDR™ – Analytics has detected excessively large data transfers over FTP from a source that is ...
Cortex XDR – Analytics Log Formats
Cortex XDR – Analytics Log Format Cortex XDR™ – Analytics logs its alerts to the Cortex Data Lake as Magnifier alert logs. When Magnifier alert logs ...
SpamBot Traffic The Cortex XDR – Analytics SpamBot Traffic alert indicates that a non-SMTP server is connecting to an excessive number of external endpoints. Synopsis Detection ...
Possible Cortex XDR – Analytics Alerts
All possible Cortex XDR – Analytics alerts grouped by attack category. ...
Cortex XDR – Analytics Detectors
Cortex XDR – Analytics detectors are algorithms that examine logs, create baselines, and raise alerts as needed. ...