You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Attackers will often perform reconnaissance against customer environments to better understand resources on the network. In doing this behavior they are usually blocked by firewall rules while performing their discovery. This rule looks for a single source IP address network traffic by AWS security groups to at least 10 different destination IP addresses within a 5-minute window.
Additional Details
Detail
Value
Type
Threshold
Category
Discovery
Apply Risk to Entities
srcDevice_ip
Signal Name
Amazon VPC - Network Scan
Summary Expression
Potential network scan activity detected from {{srcDevice_ip}}