Battle of the Week - Nessus Scanning
A local County’s network infrastructure.
Informing the necessary people about scans and vulnerability checks being conducted on the network.
An analyst was monitoring networks when a large number of alarms were generated for a customer. The analyst investigated the alarms to find that a program was scanning their network. The analyst found that the program was the Nessus scanning tool. The customer was promptly notified and ask if they could verify that a scan was being conducted on their network. The response back confirmed they were using Nessus to scan their network.
Since Nessus scanning patterns resemble other scanning tools, NIDS and HIDS will pick this activity up as malicious. Informing the necessary people to avoid false positives in the future.
Having people informed about the scan can help save time and resources when conducting a scan on a network.