TOR activity in your reports is indicative of common in-bound scanning and service enumeration seen frequently online. This type of activity is frequently a precursor to attack attempts and is therefore tracked by Field Effect.
Field Effect monitors your environment and will alert us to TOR's presence triggering follow-on analysis and investigation to determine if the activity is benign or suspicious.
An ARO will be produced any time suspicious activity is observed and will describe the specific issue, system(s) involved and offer remediation or local investigation steps.
In the context of the monthly reports, its aim to to simply provide you with some high level metrics around these events and will add some clarity for readers. Monitoring these high-level patterns of activity on your network can provide you and Field Effect analysts with insight into potential future threats and the performance of current defensive configurations.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article