Python Initiated Connection (bef0bc5a-b9ae-425d-85c6-7b2d705980c6)
Detects a Python process initiating a network connection. While this often relates to package installation, it can also indicate a potential malicious script communicating with a C&C server.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) | Attack Pattern | Python Initiated Connection (bef0bc5a-b9ae-425d-85c6-7b2d705980c6) | Sigma-Rules | 1 |