In this post I share 9 links to resources related to Network Beacon detection.

Network beacons are continuous automated communications between 2 hosts. Network beacon detection focuses on identifying this automated traffic with the primary goal of aiding in detecting malware infections or adversary activity that have been missed by other controls.

Beacon detection is a useful building block analytic with many different usecases.

  • Threat Hunting and Malware command and control (C2) detection - aid in detecting malware missed by anti-virus products.
  • Detection of automated third party traffic - detection of ongoing automated traffic to third parties may reveal unknown or emerging business relationships.
  • Identify automated web application dependencies (within an enterprise or external to an enterprise)



The “short links” format was inspired by O’Reilly’s Four Short Links series.