redis_scan_external

Explanation

This NDM is designed to detect Redis scanning that is hitting the customer’s network from the Internet. Redis is a memory based key/value store that is often used to support web services.

What to Look For

Scanning activity on the Internet is quite commonplace. Under normal circumstances, Redis servers should not be exposed to the open Internet.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise
Active Scanning, Technique T1595 - Enterprise