rockwellics_tcp_scan_external_internal

Explanation

This NDM is designed to detect scanning for Rockwell Automation ICS systems on TCP port 44818 that is hitting the customer's network from the internet. Rockwell Automation provides programmable controllers for industrial applications.

What to Look For

Scanning activity on the Internet is quite commonplace. Under normal circumstances, Rockwell Automation ICS systems should not be exposed to the open Internet.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise

Active Scanning, Technique T1595 - Enterprise