Attack Tool

Tactic:

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Detects when a known security tool performs a scan against your services.

The detection rule identifies known security scanners by using common fingerprints associated with the scanners.

The signal severity is set to LOW because those tools are mostly used during the discovery phase.

The severity is raised to MEDIUM if multiple distinct security tools are detected. This may indicate broader reconnaissance against your systems.

If the tool discovers a vulnerability, a HIGH severity signal is emitted.

Block the attacking IP(s) temporarily to limit vulnerability discovery and service load.
Review routes targeted, kinds of attacks performed, and possible application errors to assess the attacker’s focus. Datadog Application Vulnerability Management can provide insight into risks of production vulnerabilities.