port_8443_scanning_outbound

Suggest Edits

Explanation

The port_8443_scanning_outbound NDM detects outbound scans on port 8443 from the customer’s network.

What to Look For

To examine the results of the port_8443_scanning_outbound NDM, check the network logs for outbound traffic on port 8443 from an internal source IP. Check the endpoint logs for any suspicious activity related to scanning or port 8443. This event indicates a potential security threat and should be investigated further to prevent any malicious activity.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise
Active Scanning, Technique T1595 - Enterprise

Updated 13 days ago