port_scan event NXQL (classic)
A port scan is a sequence of failed TCP connections or UDP packets made to the same destination to more than 50 ports within a few seconds.
cardinality
integer
Windows | macOS
Number of underlying connections, consolidated over time
destination_ip_address
ip_address
Windows | macOS
IP address of the scanned destination
device_ip_address
ip_address
Windows | macOS
IP address of the connection source
duration
millisecond
Windows | macOS
The time between the start of the first connection and end of the last underlying connection.
end_time
datetime
Windows | macOS
Scanning end time, corresponding to the moment when the last underlying connection was closed.
first_scanned_port
port
Windows | macOS
First port scanning
id
identifier
Windows | macOS
Unique scanning identifier
last_scanned_port
port
Windows | macOS
Last port scanning
start_time
datetime
Windows | macOS
Scanning start time
status
enum
Windows | macOS
Status of the Scanning (established, closed)
type
enum
Windows | macOS
Type of the port scanning (tcp, udp)
Last updated
Was this helpful?