8000_scan_external_internal
Explanation
This NDM is designed to detect scanning for port 8000 that is hitting the customer’s network from the Internet. Port 8000 has been used by numerous technologies as an alternative HTTP/HTTPS port.
What to Look For
Scanning activity on the Internet is quite commonplace. On must networks, port 8000 should not be exposed to the Internet.
Related MITRE ATT&CK Categories
Reconnaissance: Active Scanning, Technique T1595 - Enterprise
Updated 14 days ago