ping_scan_int-int

Explanation

The ping_scan_int-int is a security event that detects Internal to Internal Ping Scans on a network.

What to Look For

To examine the results of the ping_scan_int-int event, you should look for suspicious ICMP traffic between internal hosts. This traffic could indicate an attempt to map out the internal network, which may be used for reconnaissance before launching a larger attack. If ping_scan_int-int is detected, it is important to investigate and identify the source of the ping scan to verify if the ping scan is authorized.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise

Active Scanning, Technique T1595 - Enterprise