Anomalous Outbound Network Calls
Scenario
You received a detection alert for an anomalous outbound network call either via Email/ Slack notification or a failed GitHub Check.
Click on the insights link in the notification or the GitHub Check details.
Reviewing the insights page
To determine the cause of the anomalous network call, follow these steps:
Step 1: Identify the source
Review the job and step that triggered the anomalous network call.
Locate the specific step in the Insights page and click on it to view the associated build log

Step 2: Inspect the Process ID (PID)
Click on the PID of the process responsible for the anomalous network call to reveal the process arguments.

Step 3: Check for recent workflow modifications
Review any new commits that may have altered the workflow file.
Triage
Based on the above information,
If you believe the endpoint is not expected, reach out to your security team or to [email protected]
If you believe the endpoint is expected, no action is required. The endpoint will get added to the baseline for this job and you will not be notified of it again
Last updated
Was this helpful?