Product
medium
advisory
Detect Large ICMP Traffic
2 rules 1 TTPThis analytic identifies ICMP traffic to external IP addresses with total bytes greater than 1,000 bytes, leveraging the Network_Traffic data model to detect potential information smuggling, covert communication, or command-and-control (C2) activities.
Palo Alto Network Traffic +4
network
command-and-control
icmp
2r
1t
medium
advisory
Large ICMP Traffic Detection
2 rules 1 TTPThis analytic identifies excessive ICMP traffic to external IP addresses exceeding 1,000 bytes, potentially indicating command and control activity, data exfiltration, or covert communication channels.
Splunk Enterprise +4
network-traffic
command-and-control
data-exfiltration
2r
1t