Network Service Scanning via Port

Network Service Scanning via incoming network port scanning

id:4f64ef9e-ee9b-4245-a3f4-777e550ebb37 categories:hunt confidence:low os:windows, macos, linux created:7/26/2019 updated:7/26/2019

MITRE ATT&CK™ Mapping

tactics:Discovery techniques:T1046 Network Service Scanning

Query

network where subtype.incoming
| unique unique_pid destination_port
| unique_count unique_pid
| filter count > 25

Contributors

• Endgame