MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Reconnaissance/ T1595

T1595Active Scanning

T1595 — Active Scanning is a MITRE ATT&CK technique in the Reconnaissance tactic. Clankerusecase tracks 6 detection use cases covering it.

Reconnaissance

View on the matrix → Filter Detection Library MITRE official spec ↗

6Use cases

0Articles

3Sub-techniques

1Tactic

Sub-techniques (3)

T1595.001 · Scanning IP Blocks T1595.002 · Vulnerability Scanning T1595.003 · Wordlist Scanning

Use cases covering this technique (6)

Ollama Possible API Endpoint Scan Reconnaissance ESCU actions · hunting P Attacker Tools On Endpoint ESCU actions · alerting P Windows Netspy Network Scanner Execution ESCU actions · hunting P Cisco SA - Automated Web Reconnaissance via HTTP Access Errors ESCU actions · hunting P Cisco SD-WAN - Uncommon User-Agent Multi-URI Activity ESCU actions · hunting P HTTP Rapid POST with Mixed Status Codes ESCU actions · hunting P