portscan

Explanation

Port scanning is a common technique used by attackers to identify vulnerabilities in a network.

What to Look For

When analyzing the results of this NDM event, look for unusual traffic patterns that may indicate port scanning activity. This could include a high number of consecutive connection attempts to different ports or protocols from a single IP address or a sudden burst in network traffic. To remediate, investigate the source of the traffic and determine if it is legitimate or malicious.

Related MITRE ATT&CK Categories

Discovery: Network Service Discovery, Technique T1046 - Enterprise

Reconnaissance: Active Scanning, Technique T1595 - Enterprise