Try in Splunk Security Cloud


Leverage searches that allow you to detect and investigate unusual activities that might relate to the network discovery, including looking for network configuration, settings such as IP, MAC address, firewall settings and many more.

  • Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
  • Datamodel: Endpoint, Network_Traffic
  • Last Updated: 2022-02-14
  • Author: Teoderick Contreras, Splunk
  • ID: af228995-f182-49d7-90b3-2a732944f00f


Adversaries may use the information from System Network Configuration Discovery during automated discovery to shape follow-on behaviors, including determining certain access within the target network and what actions to do next.


Name Technique Type
Internal Horizontal Port Scan Network Service Discovery TTP
Internal Vertical Port Scan Network Service Discovery TTP
Internal Vulnerability Scan Vulnerability Scanning, Network Service Discovery TTP
Linux System Network Discovery System Network Configuration Discovery Anomaly
Windows Network Share Interaction With Net Network Share Discovery, Data from Network Shared Drive TTP


source | version: 1