# Ressources

- [Alerts](/n.scope-v2.0-english/ressources/alerts.md)
- [Command & Control](/n.scope-v2.0-english/ressources/alerts/command-and-control.md)
- [CNC01 - Oversized UDP DNS](/n.scope-v2.0-english/ressources/alerts/command-and-control/cnc01-oversized-udp-dns.md): This template allows the detection and alerting when DNS packets are bigger than the RFC specification. This may be an indication of perimeter breach.
- [CNC02 - Protocols Ports Missmatch](/n.scope-v2.0-english/ressources/alerts/command-and-control/cnc02-protocols-ports-missmatch.md): This alert will trigger when an RFC-standardized protocol is detected using a non-standard UDP or TCP Port.
- [CNC03 - BETA - Threat Intelligence Match](/n.scope-v2.0-english/ressources/alerts/command-and-control/cnc03-beta-threat-intelligence-match.md): This alert triggers when an internal asset exchange traffic with an IPv4, IPv6 address, or URL that are flagged malicious by a Threat Intelligence feed.
- [Denial of Service](/n.scope-v2.0-english/ressources/alerts/denial-of-service.md)
- [DOS01 - DHCP Starvation](/n.scope-v2.0-english/ressources/alerts/denial-of-service/dos01-dhcp-starvation.md): This alert template triggers when a rapid sequence of DHCP request coming from an internal host is happening. This may be an indication of a DHCP Starvation attack.
- [DOS02 - AI Smart Alert - Distributed Denial of Service](/n.scope-v2.0-english/ressources/alerts/denial-of-service/dos02-ai-smart-alert-distributed-denial-of-service.md): This alert triggers when an incoming DDOS Attack is detected toward an asset of the organization.
- [DOS03 - Excessive ICMP Rate](/n.scope-v2.0-english/ressources/alerts/denial-of-service/dos03-excessive-icmp-rate.md): This alert template will trigger when an excessive amount of ICMP traffic is detected in the specified subnets.
- [Exfiltration](/n.scope-v2.0-english/ressources/alerts/exfiltration.md)
- [EXF01 - Deprecated TLS](/n.scope-v2.0-english/ressources/alerts/exfiltration/exf01-deprecated-tls.md): This template detected the use of deprecated or insecure versions of the SSL/TLS protocols’ cryptographic settings, which can expose systems to data interception.
- [Initial Access](/n.scope-v2.0-english/ressources/alerts/initial-access.md)
- [IAC01 - Suspicious SSH Admin](/n.scope-v2.0-english/ressources/alerts/initial-access/iac01-suspicious-ssh-admin.md): This alert will trigger when an inbound SSH session from an external IP address is detected, which can be abused for Initial Access by a threat actor.
- [IAC02 - Unauthorized Application](/n.scope-v2.0-english/ressources/alerts/initial-access/iac02-unauthorized-application.md): This alert triggers when traffic is detected with a matching TLS certificate name.
- [IAC03 - Malicious TLS Signatures](/n.scope-v2.0-english/ressources/alerts/initial-access/iac03-malicious-tls-signatures.md): This alert triggers when a malicious JA3/JA3S signature is detected in TLS traffic, both client-side and server-side.
- [Reconnaissance](/n.scope-v2.0-english/ressources/alerts/reconnaissance.md)
- [REC01 - Suspicious Port Scan](/n.scope-v2.0-english/ressources/alerts/reconnaissance/rec01-suspicious-port-scan.md): This alert triggers when detecting an internal host that is performing a serialized open port discovery on a target host, potentially indicating reconnaissance activities.
- [REC02 - BETA - AI Smart Alert - Suspicious Port Sweep](/n.scope-v2.0-english/ressources/alerts/reconnaissance/rec02-beta-ai-smart-alert-suspicious-port-sweep.md): Detecting an internal host that has attempted to reach a large number of internal IP addresses, but on a small number of ports.
- [Security Policies](/n.scope-v2.0-english/ressources/alerts/security-policies.md)
- [NPC01 - Unwanted Protocol](/n.scope-v2.0-english/ressources/alerts/security-policies/npc01-unwanted-protocol.md): This template allows the detection and alerting when the probes see the specified protocol or set of protocols on one or multiple subnets.
- [NPC02 - Subnet Whitelist](/n.scope-v2.0-english/ressources/alerts/security-policies/npc02-subnet-whitelist.md): Use this alert to configure a virtual fence to enforce security policies in the organization’s network.
- [NPC03 - Trusted Protocol](/n.scope-v2.0-english/ressources/alerts/security-policies/npc03-trusted-protocol.md): This template allows the detection and alerting when the probes does not see the specified protocol or set of protocols on one or multiple subnets.
- [NPC04 - Insecure Email Protocol](/n.scope-v2.0-english/ressources/alerts/security-policies/npc04-insecure-email-protocol.md): This template allows the detection of an insecure Email protocol (POP, SMTP, IMAP).
- [NPC05 - Device Whitelist](/n.scope-v2.0-english/ressources/alerts/security-policies/npc05-device-whitelist.md): This alert template will trigger when, in a given network perimeter, trafic is detected that from unlisted IP address.
- [Integrations](/n.scope-v2.0-english/ressources/integrations.md)
- [Alerting](/n.scope-v2.0-english/ressources/integrations/alerting.md)
- [Discord](/n.scope-v2.0-english/ressources/integrations/alerting/discord.md)
- [Slack](/n.scope-v2.0-english/ressources/integrations/alerting/slack.md)
- [Cyber Threat Intelligence](/n.scope-v2.0-english/ressources/integrations/cyber-threat-intelligence.md)
- [Single-Sign-On](/n.scope-v2.0-english/ressources/integrations/single-sign-on.md)
- [Azure AD SSO](/n.scope-v2.0-english/ressources/integrations/single-sign-on/azure-ad-sso.md)
- [Network Protocols](/n.scope-v2.0-english/ressources/network-protocols.md)