🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Portscanning and Broadscanning

detectors


The Portscanning and Broadscanning Detectors identify attempts by a threat actor to search assets in your environment for open ports that might present attack opportunities. They do this by attempting to open a connection from one machine to another, and if the connection succeeds, then the port is open.

There are two subversions of this activity:

These detectors process streams of netflow data and look for the combinations of events that match the threshold criteria.

Portscanning Alert

Portscanning Alert

Broadscanning Alert

Broadscanning Alert

Schema

Netflow

Event Filtering

Events are filtered to match the following criteria:

Outputs

Alerts generated by Tactic Graphs™ are pushed to the Secureworks® Taegis™ XDR Alert Triage Dashboard.

MITRE ATT&CK Category

 

On this page: