kerberos_scan_external_internal
Explanation
This NDM is designed to detect Kerberos scanning that is hitting the customer’s network from the Internet. Kerberos is a protocol for authenticating requests between hosts on a network.
What to Look For
Scanning activity on the Internet is quite commonplace. Under normal circumstances, Kerberos should not be exposed to the open Internet.
Related MITRE ATT&CK Categories
Updated about 1 month ago