Skip to main content

Anomalous Outbound Network Calls

Scenario

You received a detection alert for an anomalous outbound network call either via Email/ Slack notification or a failed GitHub Check. Click on the insights link in the notification or the GitHub Check details.

Review the insights page

  1. Review the exact job and step that made the anomalous network call
  2. Click on the step to view the build log for that step Step details
  3. Review the process that made the anomalous network call
  4. Click on the Process ID (PID) to view the process arguments Process and PID
  5. Review any new commits that modified the workflow file

Triage

Based on the above information,

  • If you believe the endpoint is not expected, reach out to your security team or to support@stepsecurity.io
  • If you believe the endpoint is expected, no action is required. The endpoint will get added to the baseline for this job and you will not be notified of it again