Detections
Analytics
External Remote Services
Description
Adversaries may leverage external-facing remote services to initially access and/or persist within a network. Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gateways that manage connections and credential authentication for these services. Services such as Windows Remote Management and VNC can also be used externally.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Cloud Security | Security group | Read-only | API | Security group Connectivity | ||
| Tenable Attack Surface Management | Internet | Read-only | HTTP, DNS | External Assets | ||
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | OS Command | Computer Connectivity | Plugin ID: 64582 |
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | OS Command | Computer Connectivity | Plugin ID: 19506 |
Notes: fix me
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Initial Access, Persistence
Technique: External Remote Services
Platform: Windows
Products Required: Tenable Attack Surface Management and Tenable Vulnerability Management and Tenable Cloud Security
Tenable Release Date: 2022 Q4