Vulnerability Scanner Detected (by events)

Description

Detects a potential vulnerability scanner by detecting devices that have triggered a large number of unique events. Vulnerability scanners generally trigger a high number unique events when scanning a host since each vulnerability check tends to trigger a unique event.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring, Compliance

Category

Scanning

Alert Volume

Detects a potential vulnerability scanner by detecting devices that have triggered a large number of unique events. Vulnerability scanners generally trigger a high number unique events when scanning a host since each vulnerability check tends to trigger a unique event.

SPL Difficulty

Medium

Journey

Stage 4

MITRE ATT&CK Tactics

Discovery

MITRE ATT&CK Techniques

Network Service Scanning
Remote System Discovery

MITRE Threat Groups

APT3
APT32
APT39
APT41
BRONZE BUTLER
Cobalt Group
DarkVishnya
Deep Panda
Dragonfly 2.0
FIN5
FIN6
FIN8
Ke3chang
Leafminer
OilRig
Rocke
Sandworm Team
Silence
Soft Cell
Suckfly
Threat Group-3390
Tropic Trooper
Turla
Wizard Spider
menuPass

Data Sources

IDS or IPS