Skip to main content

Out-of-band application security testing traffic requiring investigation

ID:oast_traffic
Data type:DNS,IP,HTTP
Severity:
High
MITRE ATT&CK:TA0040:T1565

Description

AlphaSOC detected network traffic directed to a known out-of-band application security testing (OAST) domain. This may indicate an attempt by threat actors to bypass security measures, exfiltrate data, or establish command and control (C2) channels.

Impact

OAST traffic can evade traditional security controls, enabling attackers to persist within the network, exfiltrate sensitive data, or establish covert communication channels.

Severity

SeverityCondition
High
Traffic to a known OAST application security testing domain

Investigation and Remediation

Investigate the source and destination of the detected traffic. Determine if the activity is part of an authorized security assessment. If unauthorized, isolate the affected systems, analyze logs and network traffic for indications of compromise, and assess the extent of potential damage. Remove any malicious tools or software and address any exploited vulnerabilities.

Known False Positives

  • Legitimate security testing by internal teams
  • Authorized third-party penetration tests or assessments