Carbon Black Cloud: How Can An External Host Be Considered A Scanning Host?
search cancel

Carbon Black Cloud: How Can An External Host Be Considered A Scanning Host?

book

Article ID: 285438

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How Can An External Host Be Considered A scanning Host?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: All Supported Versions

Resolution

The scanning host determination is made on an endpoint with an installed sensor and which is receiving the connection requests. The sensor tracks recent received connections from the same originating IP to multiple ports and flags the next connection request once the number becomes high enough to be considered suspicious
Powered by Wolken Software