ResourcesCompanyPricing Install StepSecurity App Login

Introduction
Getting Started
- Quickstart (Community Tier)
- Quickstart (Enterprise Tier)
Guides
Overview
Harden-Runner
Orchestrate Security
Run Policies
- Policies
- Policy Evaluations
Artifact Monitor
Actions Secret
Actions
Settings
Admin Console
Partnerships
- RunsOn
Who's Using Harden-Runner?
Enterprise Readiness

Powered by GitBook

On this page

Scenario
Reviewing the insights page
Triage

Was this helpful?

Harden-Runner

Runbooks

Anomalous Outbound Network Calls

PreviousRunbooks NextHow to Determine Minimum Token Permissions

Last updated 2 months ago

Was this helpful?

Scenario

You received a detection alert for an anomalous outbound network call either via or a failed .

Click on the in the notification or the GitHub Check details.

Reviewing the insights page

To determine the cause of the anomalous network call, follow these steps:

Step 1: Identify the source

Review the job and step that triggered the anomalous network call.
Locate the specific step in the Insights page and click on it to view the associated build log

Step 2: Inspect the Process ID (PID)

Click on the PID of the process responsible for the anomalous network call to reveal the process arguments.

Step 3: Check for recent workflow modifications

Review any new commits that may have altered the workflow file.

Triage

Based on the above information,

If you believe the endpoint is expected, no action is required. The endpoint will get added to the baseline for this job and you will not be notified of it again

If you believe the endpoint is not expected, reach out to your security team or to

support@stepsecurity.io

Email/ Slack notification

StepSecurity Insights page showing Network Events

StepSecurity Insights page showing Network Events