Vulnerability Scanner Detected (by targets)

Description

Detects a potential vulnerability scanner by detecting devices that have triggered events against a large number of unique targets. Vulnerability scanners generally trigger events against a high number of unique hosts when they are scanning a network for vulnerable hosts.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring, Compliance

Category

Scanning

Alert Volume

Detects a potential vulnerability scanner by detecting devices that have triggered events against a large number of unique targets. Vulnerability scanners generally trigger events against a high number of unique hosts when they are scanning a network for vulnerable hosts.

SPL Difficulty

Medium

Journey

Stage 4

MITRE ATT&CK Tactics

Discovery

MITRE ATT&CK Techniques

Network Service Scanning

MITRE Threat Groups

APT32
APT39
APT41
Cobalt Group
DarkVishnya
FIN6
Leafminer
OilRig
Rocke
Suckfly
Threat Group-3390
Tropic Trooper
menuPass

Data Sources

IDS or IPS