Product
This brief focuses on detecting Remote Procedure Call (RPC) traffic originating from the internet, a common initial access vector, by monitoring network connections to TCP port 135 and filtering known internal IP ranges.