The Devo SciSec Team (Devo’s Threat Research Team) has released our second alert pack in all Devo domains! This alert pack brings our SecOps related content to our non-SecOps customers and can help jumpstart threat coverage. Inside of this pack we have a plethora of detections that will alert when an attacker is using common reconnaissance tactics. These tactics are ones that are often some of the first used to help the attacker get a layout of the environment they intend to attack.

Complete information on this threat vector. 

More detail from the Mitre organization:
Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to plan and execute Initial Access, to scope and prioritize post-compromise objectives, or to drive and lead further Reconnaissance efforts.
 

Download now directly from Devo Exchange by clicking here.

Full release notes and details of every alert in this Alert Pack.

Inside of this pack we have these alerts that cover multiple technologies, including the most commonly attacked technologies:

SecOpsFWIpScanExternal: Alerts when an outsider tries to scan firewall ports.

SecOpsFWExcessFirewallDenies: Alerts when there is excessive and rapid firewall denies. Often used to try and find an open port within a firewall.

SecOpsFWPortScanExternalSource: Alerts when an outside source is scanning the firewall looking for open ports.

SecOpsGCPPortScan: Alerts when an attacker is scanning your GCP environment for open ports.

SecOpsVpcNetworkScan: Alerts when an attacker is scanning the network.