network_scan event NXQL (classic)
A network scan is a sequence of failed TCP connections or UDP packets made to the same port to more than 50 destinations within a few seconds.
cardinality
integer
Windows | macOS
Number of underlying connections, consolidated over time
device_ip_address
ip_address
Windows | macOS
IP address of the connection source
duration
millisecond
Windows | macOS
The time between the start of the first connection and end of the last underlying connection
end_time
datetime
Windows | macOS
Scanning end time, corresponding to the moment when the last underlying connection was closed.
id
identifier
Windows | macOS
Unique scanning identifier
network
ip_network
Windows | macOS
Minimum IP network including all scanned destinations
start_time
datetime
Windows | macOS
Scanning start time
status
enum
Windows | macOS
Status of the Scanning (established, closed)
type
enum
Windows | macOS
Type of the port scanning (tcp, udp)
Last updated
Was this helpful?