Detections
Analytics
External Remote Services
Description
Adversaries may leverage external-facing remote services to initially access and/or persist within a network. Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gateways that manage connections and credential authentication for these services. Services such as Windows Remote Management and VNC can also be used externally.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Legacy Cloud Security | Security group | Read-only | API | Security group Connectivity |
Notes: fix me
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Initial Access, Persistence
Technique: External Remote Services
Platform: Windows
Products Required: Tenable Cloud Security
Tenable Release Date: 2022 Q4