Carbon Black Cloud: What Classifies A System As Scanning Host?
Article ID: 291103
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
What determines a system as scanning host?
Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: All Supported Versions
Resolution
- The scanning host determination is made by the sensor when it detects the same source generating network events for multiple ports on the endpoint.
- When that number exceeds the sensor's threshold it is marked a scanning host and subsequent events will be marked with that message.
Feedback
Yes
No
Powered by
