Docs

imap_scan_external_internal

Suggest Edits

Explanation

This NDM is designed to detect scanning for IMAP that is hitting the customer’s network from the Internet. IMAP is an internet standard protocol for email retrieval.

What to Look For

Scanning activity on the Internet is quite commonplace.

Related MITRE ATT&CK Categories

Reconnaissance: Active Scanning, Technique T1595 - Enterprise

Updated 8 days ago