Anomalous Outbound Network Calls

Scenario

You received a detection alert for an anomalous outbound network call either via Email/ Slack notification or a failed GitHub Check. Click on the insights link in the notification or the GitHub Check details.

Reviewing the insights page

To determine the cause of the anomalous network call, follow these steps:

Step 1: Identify the source

Review the job and step that triggered the anomalous network call.
Locate the specific step in the Insights page and click on it to view the associated build log

Step 2: Inspect the Process ID (PID)

Click on the PID of the process responsible for the anomalous network call to reveal the process arguments.

Step 3: Check for recent workflow modifications

Review any new commits that may have altered the workflow file.

Triage

Based on the above information,

If you believe the endpoint is not expected, reach out to your security team or to support@stepsecurity.io
If you believe the endpoint is expected, no action is required. The endpoint will get added to the baseline for this job and you will not be notified of it again

PreviousRunbooks NextOrchestrate Security

Last updated 7 days ago