3000_scan_external

Explanation

This NDM is designed to detect scanning for port 3000 that is hitting the customer’s network from the Internet. Numerous technologies have used port 3000. One noteworthy example is Grafana, an open source data visualization platform that has been subject to a number of critical vulnerability disclosures.

What to Look For

Scanning activity on the Internet is quite commonplace. On must networks, port 3000 should not be exposed to the Internet.

Related MITRE ATT&CK Categories

Reconnaissance: Active Scanning, Technique T1595 - Enterprise