Docs

port_1433_scanning_internal

Suggest Edits

Explanation

This NDM is triggered when there is an internal scanning activity on port 1433. This port is commonly associated with Microsoft's SQL server and is often targeted by attackers looking for vulnerable systems to exploit.

What to Look For

To analyze the results of this NDM event, you should examine the network for any internal scanning activity on port 1433. This may indicate the presence of an attacker looking for open SQL servers to exploit. You should also check endpoint logs for any signs of infection or abnormal network activity from the Review Source IP. It is important to take immediate action to contain the threat if any suspicious behavior is detected.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise

Active Scanning, Technique T1595 - Enterprise

Updated 13 days ago