ivantiava_scan_external

Explanation

This NDM is designed to detect scanning for Ivanti Avalanche that is hitting the customer’s network from the Internet. Ivanti Avalanche is an enterprise mobility management & mobile device management (MDM) solution.

What to Look For

Scanning activity on the Internet is quite commonplace. Ivanti Avalanche should not be exposed to the open Internet.

Related MITRE ATT&CK Categories

Reconnaissance: Active Scanning, Technique T1595 - Enterprise