network_scan event NXQL (classic)

A network scan is a sequence of failed TCP connections or UDP packets made to the same port to more than 50 destinations within a few seconds.

Name	Type	Operating systems
cardinality	integer	Windows \| macOS
	Number of underlying connections, consolidated over time
device_ip_address	ip_address	Windows \| macOS
	IP address of the connection source
duration	millisecond	Windows \| macOS
	The time between the start of the first connection and end of the last underlying connection
end_time	datetime	Windows \| macOS
	Scanning end time, corresponding to the moment when the last underlying connection was closed.
id	identifier	Windows \| macOS
	Unique scanning identifier
network	ip_network	Windows \| macOS
	Minimum IP network including all scanned destinations
start_time	datetime	Windows \| macOS
	Scanning start time
status	enum	Windows \| macOS
	Status of the Scanning (established, closed)
type	enum	Windows \| macOS
	Type of the port scanning (tcp, udp)

Name

Type

Operating systems

Properties

cardinality

integer

Windows | macOS

Number of underlying connections, consolidated over time

device_ip_address

ip_address

Windows | macOS

IP address of the connection source

duration

millisecond

Windows | macOS

The time between the start of the first connection and end of the last underlying connection

end_time

datetime

Windows | macOS

Scanning end time, corresponding to the moment when the last underlying connection was closed.

identifier

Windows | macOS

Unique scanning identifier

network

ip_network

Windows | macOS

Minimum IP network including all scanned destinations

start_time

datetime

Windows | macOS

Scanning start time

status

enum

Windows | macOS

Status of the Scanning (established, closed)

type

enum

Windows | macOS

Type of the port scanning (tcp, udp)

Last updated 16 days ago