external_snmp_sweep

Explanation

This security event is triggered when an SNMP sweep is detected entering the customer's network. SNMP, or Simple Network Management Protocol, is a protocol used for managing and monitoring network devices such as routers, switches, and servers. An SNMP sweep is an attempt to gather information about these devices, including their configuration and network topology.

What to Look For

To examine the results of this event, the customer should look for any suspicious SNMP traffic entering their network. This could include a large number of SNMP requests or responses from a single source IP address, or a sudden increase in SNMP traffic from multiple devices. They should also check their network devices to ensure that their SNMP configurations are secure and up to date, and that they are not using default authentication credentials. By identifying and addressing these issues, customers can prevent attackers from using an SNMP sweep to gather information about their network and potentially launch further attacks.

Related MITRE ATT&CK Categories

• Network Service Discovery, Technique T1046 - Enterprise