ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

NDR Detections

How ExtraHop Modern NDR Detects Adversaries in Your Network

Advanced threat actors target your multi-cloud and on-prem environments with a range of evasive techniques that bypass your existing detection and response architecture. Although their tactics may vary, every adversary leaves signals on your network as they move undetected in your network.

ExtraHop’s Modern NDR platform turns those signals into high-confidence, high-fidelity detections. It delivers holistic visibility of malicious and anomalous activity on your network with unified decryption at scale, network and protocol visibility, identity awareness, packet-level network forensics, and cloud-scale machine learning.

Our approach identifies adversarial activity within your network by detecting subtle deviations of normal traffic that other NDR tools cannot detect. You get the context and confidence to act on a range of behaviors before they can disrupt operations and spike costs, including:

  • Reconnaissance
  • Exploitation
  • Command-and-Control
  • Lateral Movement
  • Data Exfiltration

Detection Categories

Filter Categories

Primary Kill Chain

Risk Score Range

to
AD Credential Theft with ntdsutil
Risk 88
Exploitation
AD Database File Transfer over SMB
Risk 88
Actions on Objective
AD Explorer Snapshot Activity
Risk 37
Reconnaissance
AS-REP Roasting LDAP Reconnaissance Activity
Risk 83
Reconnaissance
AWS Cloud Service Enumeration
Risk 33
Reconnaissance
AWS Instance Metadata Service (IMDS) Proxy
Risk 84
Exploitation
Active Directory Domain Services Exploit Attempt - CVE-2022-26923
Risk 88
Lateral Movement
AdFind Activity
Risk 37
Reconnaissance
Adobe ColdFusion Exploit Attempt - CVE-2018-15961
Risk 83
Exploitation
Alias Member Enumeration Attempt
Risk 37
Reconnaissance
Anonymous FTP Login
Risk 60
Hardening
Apache APISIX Exploit Attempt - CVE-2022-24112
Risk 87
Exploitation
Apache ActiveMQ Exploit - CVE-2023-46604
Risk 83
Exploitation
Apache CouchDB Exploit Attempt - CVE-2017-12635
Risk 83
Exploitation
Apache HTTP Server Path Traversal Exploit - [Multiple CVEs]
Risk 87
Exploitation
Apache Solr Exploit - CVE-2019-17558
Risk 70
Exploitation
Apache Solr Exploit Attempt - CVE-2019-0193
Risk 64
Exploitation
Apache Spark Exploit Attempt - CVE-2022-33891
Risk 83
Exploitation
Apache Struts 2 Exploit Attempt - CVE-2017-9805
Risk 83
Exploitation
Apache Struts 2 Exploit Attempt - [Multiple CVEs]
Risk 87
Exploitation
Apache Tomcat JSP Exploit Attempt - [Multiple CVEs]
Risk 83
Exploitation
Atlassian Bitbucket Server and Data Center Exploit - CVE-2022-36804
Risk 83
Exploitation
Atlassian Confluence Exploit - CVE-2021-26084
Risk 87
Exploitation
Atlassian Confluence Exploit - CVE-2022-26134
Risk 92
Exploitation
Atlassian Confluence Exploit - CVE-2023-22518
Risk 87
Exploitation
Atlassian Confluence Exploit Attempt - CVE-2023-22518
Risk 87
Exploitation
Atlassian Crowd Exploit - CVE-2019-11580
Risk 83
Exploitation
BITS Download
Risk 60
Actions on Objective
BackConnect Protocol Activity
Risk 88
Command-and-Control
BackConnect XOR Protocol Activity
Risk 88
Command-and-Control

Showing 30 of 432 detections