splApache-2.0from splunk/security_content

Internal Vulnerability Scan

This analytic detects internal hosts triggering multiple IDS signatures, which may include either more than 25 signatures against a single host or a single signature across over 25 destination IP addresses. Such patterns can indicate active vulnerability scanning activities within the network. By monitoring IDS logs, this detection helps identify and respond to potential vulnerability scanning attempts, enhancing the network's security posture and preventing potential exploits.

Quality

FP risk

—

Forks

Views

Rule source🔒 locked

title: ████████████████████████
id: ████████-████-████-████-████████████
status: ██████████
description: ██████████████████████████████████████████
             ████████████████████████████████████████
author: ████████
tags:
  - attack.████
  - attack.████
logsource:
  product: ████████
  category: ████████████
detection:
  selection:
    Image|endswith: '████████████████'
    CommandLine|contains:
      - '████████████████████████'
      - '████████████████████████'
      - '██████████████████'
  condition: selection
level: ████████
falsepositives:
  - ████████████████████

🔒

Sign in to view the rule source

Free accounts can view the source for the top-ranked rules. Create one in seconds — no credit card required.