Docs

pop3_scan_external_internal

Suggest Edits

Explanation

This NDM is designed to detect scanning for POP3 that is hitting the customer’s network from the Internet. POP3 is an internet standard protocol for email retrieval.

What to Look For

Scanning activity on the Internet is quite commonplace.

Related MITRE ATT&CK Categories

Reconnaissance: Active Scanning, Technique T1595 - Enterprise

Updated 8 days ago