ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Suspicious User Agent

Risk Factors

A user-agent string that appears in HTTP and other protocol headers can identify software running on a client. Certain types of pen testing software perform scans that can be identified by a user agent (UA). These scans do not negatively affect network performance, but they can enable attackers to discover vulnerabilities on a web server.

Kill Chain

Caution

Risk Score

60

Detection diagram
Next in Caution: Suspicious User Agent from a Scanner

Attack Background

N/A

Mitigation Options

Block inbound and outbound traffic from public scanner suspicious IP addresses at the network perimeter
Implement network segmentation, security zones, and firewall policies that limit how devices can communicate
Disable services that are not required and close unnecessary ports

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right