Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: All Supported Versions
Question
What determines a system as scanning host?
Answer
- The scanning host determination is made by the sensor when it detects the same source generating network events for multiple ports on the endpoint.
- When that number exceeds the sensor's threshold it is marked a scanning host and subsequent events will be marked with that message.
Related Content
