This alert is triggered when an ICMP echo request (ping) with a specific payload pattern, commonly associated with Windows systems, is sent from an external network to an internal network. This may indicate network scanning or probing activity.
This alert is triggered when an ICMP Echo Reply message is received from an external network to the internal network. ICMP Echo Replies are typically responses to ping requests; however, unexpected Echo Replies may indicate a device is responding to pings from outside.