censys_scanning
Explanation
The censys_scanning NDM is designed to detect any activity on your network that is related to Censys scanning.
What to Look For
If the censys_scanning NDM is triggered, you should examine network configurations of devices like the firewall to ensure that you want to allow Censys to scan your network. Additionally, examine endpoint logs to identify any anomalies or security events that may have been caused by the scanning activity. To remediate the issue, you may need to block traffic from the identified IP addresses or take additional security measures to protect your network from potential attacks.
Related MITRE ATT&CK Categories
Updated 4 days ago