portscan
Explanation
Port scanning is a common technique used by attackers to identify vulnerabilities in a network.
What to Look For
When analyzing the results of this NDM event, look for unusual traffic patterns that may indicate port scanning activity. This could include a high number of consecutive connection attempts to different ports or protocols from a single IP address or a sudden burst in network traffic. To remediate, investigate the source of the traffic and determine if it is legitimate or malicious.
Related MITRE ATT&CK Categories
Updated 4 days ago