Monitoring the content of network traffic can help detect patterns associated with active scanning activities. This can include identifying repeated connection attempts, unusual scanning behaviors, or probing activity targeting multiple IP addresses across a network.
Monitor network data for uncommon data flows. Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious.
| Data Component | Name | Channel |
|---|---|---|
| Network Traffic Content (DC0085) | Network Traffic | None |
| Network Traffic Flow (DC0078) | Network Traffic | None |