High volume of outbound traffic over SSH
Description
AlphaSOC detected unusual outbound SSH (Secure Shell) traffic. SSH is commonly used for remote logins and file transfers. Threat actors often use OSI application layer protocols such as SSH to communicate with compromised systems within a victim's network. This allows them to blend malicious activity with legitimate traffic and avoid detection.