Detects external IP address lookups by non-browser processes via services such as "api.ipify.org". This could be indicative of potential post compromise internet test activity.
Detects enumeration of local network configuration
Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems
Detects nltest commands that can be used for information discovery
Detects use of nslookup to look up the local nameserver as part of host discovery
Find information about network devices that is not stored in config files