imap_scan_external_internal
Explanation
This NDM is designed to detect scanning for IMAP that is hitting the customer’s network from the Internet. IMAP is an internet standard protocol for email retrieval.
What to Look For
Scanning activity on the Internet is quite commonplace.
Related MITRE ATT&CK Categories
Reconnaissance: Active Scanning, Technique T1595 - Enterprise
Updated 2 months ago
Did this page help you?