A port scan is a sequence of failed TCP connections or UDP packets made to the same destination to more than 50 ports within a few seconds.

Platforms:

Name

Type

Windows black.pngMac black.pngMobile black.png

Properties

cardinality

integer

Windows black.pngMac black.pngMobile black.png

Number of underlying connections, consolidated over time

destination_ip_address

ip_address

Windows black.pngMac black.pngMobile gray disabled.png

IP address of the scanned destination

device_ip_address

ip_address

Windows black.pngMac black.pngMobile gray disabled.png

IP address of the connection source

duration

millisecond

Windows black.pngMac black.pngMobile gray disabled.png

The time between the start of the first connection and end of the last underlying connection.

end_time

datetime

Windows black.pngMac black.pngMobile gray disabled.png

Scanning end time, corresponding to the moment when the last underlying connection was closed.

first_scanned_port

port

Windows black.pngMac black.pngMobile gray disabled.png

First port scanning

id

identifier

Windows black.pngMac black.pngMobile gray disabled.png

Unique scanning identifier

last_scanned_port

port

Windows black.pngMac black.pngMobile gray disabled.png

Last port scanning

start_time

datetime

Windows black.pngMac black.pngMobile gray disabled.png

Scanning start time

status

enum

Windows black.pngMac black.pngMobile gray disabled.png

Status of the Scanning (established, closed)

type

enum

Windows black.pngMac black.pngMobile gray disabled.png

Type of the port scanning (tcp, udp)