kqlElastic-2.0from elastic/detection-rules
Potential Network Scan Executed From Host
Quality
92
FP risk
—
Forks
0
Views
0
Rule sourcerules/linux/discovery_ping_sweep_detected.toml
event.category:process and host.os.type:linux and event.type:start and
event.action:(exec or exec_event or executed or process_started or start or ProcessRollup2) and
process.name:(ping or nping or hping or hping2 or hping3 or nc or ncat or netcat or socat)