DET0800 Detection of Network Sniffing
| Item | Value |
|---|---|
| ID | DET0800 |
| Version | 1.0 |
| Created | 21 October 2025 |
| Last Modified | 21 October 2025 |
Technique Detected: T0842 (Network Sniffing)
Analytics
ICS
AN1932
Monitor for newly executed processes that can aid in sniffing network traffic to capture information about an environment. Monitor executed commands and arguments for actions that aid in sniffing network traffic to capture information about an environment.
Log Sources
| Data Component | Name | Channel |
|---|---|---|
| Process Creation (DC0032) | Process | None |
| Command Execution (DC0064) | Command | None |
Mutable Elements
| Field | Description |
|---|---|