ping_scan_int-int
Explanation
The ping_scan_int-int is a security event that detects Internal to Internal Ping Scans on a network.
What to Look For
To examine the results of the ping_scan_int-int event, you should look for suspicious ICMP traffic between internal hosts. This traffic could indicate an attempt to map out the internal network, which may be used for reconnaissance before launching a larger attack. If ping_scan_int-int is detected, it is important to investigate and identify the source of the ping scan to verify if the ping scan is authorized.
Related MITRE ATT&CK Categories
Updated 4 days ago