Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
4
Replies

How to find network scanners via stealthwatch

dijix1990
VIP Alumni
VIP Alumni

‎03-11-2025 06:05 AM - edited ‎03-11-2025 06:05 AM

Hello, I try to use option from stealthwatch to find network scanners. I started ping scan from my PC. After a while I saw that I have Top Security Event for my host  Ping_Scan with CI = 590,400, after it I went to Report - Visibility Assessment - Internal Network Scanners and found out that there wasn't my host which did ping scan

Labels:
0 Helpful
4 Replies 4

David Salter
Cisco Employee
Cisco Employee

‎03-17-2025 03:07 AM

Is the IP for your PC included in an Inside Host Group? 

0 Helpful

dijix1990
VIP Alumni
VIP Alumni
In response to David Salter

‎03-17-2025 03:10 AM

yes

0 Helpful

David Salter
Cisco Employee
Cisco Employee

‎03-17-2025 06:51 AM

While a host generating a ping scan (and no other behaviors) will accrue CI points and trigger a High Concern Index alarm, it will not appear in the 'Internal Network Scanners' section of the Visibility Assessment.  The Assessment reports on more complex scans where a host is running an address scan or port scan rather than a more simplistic ping sweep.

0 Helpful

dijix1990
VIP Alumni
VIP Alumni
In response to David Salter

‎03-17-2025 06:56 AM

So it's very awful and bad. We need to do some researches to find more reliable product

0 Helpful
Customers Also Viewed These Support Documents