DET0868 Detection of Wordlist Scanning
| Item | Value |
|---|---|
| ID | DET0868 |
| Version | 1.0 |
| Created | 21 October 2025 |
| Last Modified | 21 October 2025 |
Technique Detected: T1595.003 (Wordlist Scanning)
Analytics
PRE
AN2000
Monitor for suspicious network traffic that could be indicative of scanning, such as large quantities originating from a single source (especially if the source is known to be associated with an adversary/botnet).
Log Sources
| Data Component | Name | Channel |
|---|---|---|
| Network Traffic Content (DC0085) | Network Traffic | None |
Mutable Elements
| Field | Description |
|---|---|