Description
Detects outbound connections to domains or IP addresses associated with the Tor anonymity network. While Tor may be used for privacy-preserving purposes, its presence in enterprise or cloud environments is often linked to malicious activity such as command-and-control communication, evasion, or data exfiltration. This rule helps identify potentially unauthorized or suspicious use of Tor infrastructure.
Remediation
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.
