ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

New Outbound LDAP Connection

Risk Factors

New connections to external LDAP servers are uncommon and can be indicators of compromise. Attack tools and techniques that leverage external LDAP servers are available to attackers with any skill level. External LDAP servers can deliver malicious payloads or enable other attacks, such as leaked credentials, command-and-control communication, or data exfiltration.

The system might change the risk score for this detection.

Kill Chain

Caution

Risk Score

83

Detection diagram
Next in Caution: New Outbound NFS Connection

Attack Background

N/A

Mitigation Options

Quarantine the device while checking for indicators of compromise
Block suspicious inbound and outbound traffic at the network perimeter

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right