Scanning Activity

Description

Triggers when a device exhibits either horizontal/vertical scanning patterns or appears to be sending data to a large number of ports per destination device.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Lateral Movement

Alert Volume

High (?)

SPL Difficulty

None

Journey

Stage 6

MITRE ATT&CK Tactics

Discovery

MITRE ATT&CK Techniques

Network Service Scanning

MITRE Threat Groups

APT32
APT39
APT41
Cobalt Group
DarkVishnya
FIN6
Leafminer
OilRig
Rocke
Suckfly
Threat Group-3390
Tropic Trooper
menuPass

Data Sources

Network Communication