OpenCanary - NMAP NULL Scan

Original Source: [Sigma source]
Title: OpenCanary - NMAP NULL Scan
Status: experimental
Description:Detects instances where an OpenCanary node has been targeted by a NMAP NULL Scan
References:
  -https://opencanary.readthedocs.io/en/latest/starting/configuration.html#services-configuration
   -https://github.com/thinkst/opencanary/blob/a0896adfcaf0328cfd5829fe10d2878c7445138e/opencanary/logger.py#L52
 Author: Marco Pedrinazzi (@pedrinazziM)
Date: 2026-01-06
modified:None
Tags:
  • -'attack.discovery'
  • -'attack.t1046'
Logsource:
  • category: application
  • product: opencanary
Detection:
  selection:
    logtype: '5003'
  condition:selection
Falsepositives:
  -Unlikely
Level: high

© 2024 DetectionCode Website. All Rights Reserved.