censys_scanning

Explanation

The censys_scanning NDM is designed to detect any activity on your network that is related to Censys scanning.

What to Look For

If the censys_scanning NDM is triggered, you should examine network configurations of devices like the firewall to ensure that you want to allow Censys to scan your network. Additionally, examine endpoint logs to identify any anomalies or security events that may have been caused by the scanning activity. To remediate the issue, you may need to block traffic from the identified IP addresses or take additional security measures to protect your network from potential attacks.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise

Active Scanning, Technique T1595 - Enterprise