port_scan event NXQL (classic)
A port scan is a sequence of failed TCP connections or UDP packets made to the same destination to more than 50 ports within a few seconds.
| Name | Type | Operating systems | Properties |
|---|---|---|---|
cardinality | integer | Windows | macOS | |
Number of underlying connections, consolidated over time | |||
destination_ip_address | ip_address | Windows | macOS | |
IP address of the scanned destination | |||
device_ip_address | ip_address | Windows | macOS | |
IP address of the connection source | |||
duration | millisecond | Windows | macOS | |
The time between the start of the first connection and end of the last underlying connection. | |||
end_time | datetime | Windows | macOS | |
Scanning end time, corresponding to the moment when the last underlying connection was closed. | |||
first_scanned_port | port | Windows | macOS | |
First port scanning | |||
id | identifier | Windows | macOS | |
Unique scanning identifier | |||
last_scanned_port | port | Windows | macOS | |
Last port scanning | |||
start_time | datetime | Windows | macOS | |
Scanning start time | |||
status | enum | Windows | macOS | |
Status of the Scanning (established, closed) | |||
type | enum | Windows | macOS | |
Type of the port scanning (tcp, udp) |
Last updated