mysql_scan_internal_external

Explanation

This NDM is designed to detect scanning for MySQL databases that is hitting the customer’s network from the Internet.

What to Look For

Scanning activity on the Internet is quite commonplace. Under normal circumstances, database servers should not be exposed to the open Internet.

Related MITRE ATT&CK Categories

Reconnaissance: Active Scanning, Technique T1595 - Enterprise