1. Home
  2. Detection Strategies
  3. Detection of Port Scan

Detection of Port Scan

Technique Detected:  Port Scan | T0846.001

ID: DET0907
Domains: ICS
Analytics: AN2050
Version: 1.0
Created: 22 April 2026
Last Modified: 24 April 2026
Version Permalink

Analytics

AN2050

Monitor for new processes engaging in scanning activity or connecting to multiple systems by correlating process creation network data.

Monitor for hosts enumerating network connected resources using non-ICS enterprise protocols.

Log Sources
Data Component Name Channel
Network Traffic Flow (DC0078) Network Traffic None
Network Traffic Content (DC0085) Traffic None
Process Creation (DC0032) Process None
Network Connection Creation (DC0082) Network None