Internet scanners may be used to look for patterns associated with malicious content designed to collect host hardware information from visitors.[1][2]
Much of this activity may have a very high occurrence and associated false positive rate, as well as potentially taking place outside the visibility of the target organization, making detection difficult for defenders. Detection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access.
| Data Component | Name | Channel |
|---|---|---|
| Response Content (DC0104) | Internet Scan | None |