ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Suspicious User Agent from a Scanner

Risk Factors

A user-agent string that appears in HTTP and other protocol headers can identify software running on a client. Certain types of pen testing software perform scans that can be identified by a user agent (UA). Authorized scans will not damage an application, but unauthorized scans should be investigated.

Kill Chain

Caution

Risk Score

41

Detection diagram
Next in Caution: TLS Connection to a Suspicious Domain

Attack Background

N/A

Mitigation Options

Quarantine devices with unexpected scanning activity to prevent further network access
Implement network segmentation, security zones, and firewall policies that limit how devices can communicate
Disable services that are not required and close unnecessary ports

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right