network_scan event NXQL (classic)
A network scan is a sequence of failed TCP connections or UDP packets made to the same port to more than 50 destinations within a few seconds.
Name | Type | Operating systems | Properties |
---|---|---|---|
cardinality | integer | Windows | macOS | |
Number of underlying connections, consolidated over time | |||
device_ip_address | ip_address | Windows | macOS | |
IP address of the connection source | |||
duration | millisecond | Windows | macOS | |
The time between the start of the first connection and end of the last underlying connection | |||
end_time | datetime | Windows | macOS | |
Scanning end time, corresponding to the moment when the last underlying connection was closed. | |||
id | identifier | Windows | macOS | |
Unique scanning identifier | |||
network | ip_network | Windows | macOS | |
Minimum IP network including all scanned destinations | |||
start_time | datetime | Windows | macOS | |
Scanning start time | |||
status | enum | Windows | macOS | |
Status of the Scanning (established, closed) | |||
type | enum | Windows | macOS | |
Type of the port scanning (tcp, udp) |
Last updated