Category: Radiflow
( 189 Alerts)NF – SCAN Potential SSH Scan
This alert is triggered when detecting an SSH scan of an asset. SSH is a secure protocol to provide access to an asset in a network. This alert may be triggered when an adversary is attempting to scan a network and creat an initial connection.
NF – SCAN Potential VNC Scan 5800-5820
This alert is triggered when detecting communication on ports 5800-5820 from an external source. Ports 5800-5820 are used by the virtual network computing service (VNC), which creates a screen-sharing system opening the network to remote communication. This alert may be triggered when an adversary is attempting to scan the network or gain initial access.
ET SCAN Suspicious inbound to mySQL port 3306
This alert is triggered when detecting inbound communication from an external network to the database (DB) on port 3306 (mySQL). This alert may be triggered when an adversary is attempting to gain initial access to the DB or is attempting to read or write data to the DB.
ET SCAN Suspicious inbound to PostgreSQL port 5432
This alert is triggered when detecting inbound communication from an external network to the database (DB) on port 5432 (PostgreSQL). This alert may be triggered when an adversary is attempting to gain initial access to the DB or is attempting to read or write data to the DB.
NF – SCAN NBTStat Query Response to External Destination, Possible Windows Network Enumeration
This alert is triggered when detecting a NetBIOS status communication sent from an internal asset to an axternal destination.
ET SCAN Potential VNC Scan 5900-5920
This alert is triggered when detecting communication on ports 5900-5920 from an external source. Ports 5900-5920 are used by the virtual network computing service (VNC), which creates a screen-sharing system opening the network to remote communication. This alert may be triggered when an adversary is attempting to scan the network or gain initial access.
ET SCAN Suspicious inbound to mSQL port 4333
This alert is triggered when detecting inbound communication from an external network to the database (DB) on port 4333 (mSQL). This alert may be triggered when an adversary is attempting to gain initial access to the DB or is attempting to read or write data to the DB.
ET SCAN Suspicious inbound to MSSQL port 1433
This alert is triggered when detecting inbound communication from an external network to the database (DB) on port 1433 (MSSQL). This alert may be triggered when an adversary is attempting to gain initial access to the DB or is attempting to read or write data to the DB.
ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack
This alert is triggered when detecting frequent attempts to create an SSH Connection to an asset. SSH is a secure protocol to provide access to an asset in a network. This alert may be triggered when an adversary is attempting a brute-force Attack.
ET SCAN Nessus User Agent
This alert is triggered when detecting external communication to a Nessus User Agent on an asset in the network. Nessus User Agents are management programs that collect vulnerability, compliance and system data. This alert may by trigerd by an adversery atempting to comunicat with the Nessus user agent in order to get information on the asset.