kibana_scan_external

Explanation

This NDM is designed to detect scanning for Kibana (port 5601) that is hitting the customer’s network from the Internet. Kibana is an open source data visualization platform that has been subject to critical vulnerability disclosures.

What to Look For

Scanning activity on the Internet is quite commonplace. Kibana should not be exposed to the open Internet.

Related MITRE ATT&CK Categories

Reconnaissance: Active Scanning, Technique T1595 - Enterprise