Click Through the Attack Chain:
Command & Control
A compromised device on your network is attempting to contact an attacker's external Command and Control (C&C) server. Once a connection is established, the C&C server can send additional malware, instructions for remote remote execution, and/or payloads required to support the attack. Reveal(x) detects when an internal device is communicating to a suspicious system outside of your network in support of an attack.
An attacker has compromised a device and is using it to learn about your network. The attacker is looking for potential targets (critical assets) and associated vulnerabilities. Reveal(x) detects when an internal device is performing suspicious scans of devices, ports, services, applications, or files on your network as well as attempts to gain direct control of resources.
An attacker is progressively moving through your network from device to device in search of data and critical assets that are ultimately the target of their attack campaign. Reveal(x) detects unusual movement of users or data within your network.
An attacker is attempting an unauthorized transfer data from your network to a system the attacker controls. Reveal(x) detects unusual transfers of data from devices within your network to external systems.