IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs SIEM Guide [7.6] Detections (Beta) Prebuilt rule reference
« Nmap Process Activity PPTP (Point to Point Tunneling Protocol) Activity »

Nping Process Activityedit

Nping ran on a Linux host. Nping is part of the Nmap tool suite and has the ability to construct raw packets for a wide variety of security testing applications, including denial of service testing.

Rule indices:

  • auditbeat-*

Severity: medium

Risk score: 47

Runs every: 5 minutes

Searches indices from: now-6m (Date Math format, see also Additional look-back time)

Maximum signals per execution: 100

References:

Tags:

  • Elastic
  • Linux

Rule version: 1

Added (Elastic Stack release): 7.6.0

Potential false positivesedit

Some normal use of this command may originate from security engineers and network or server administrators, but this is usually not routine or unannounced. Use of Nping by non-engineers or ordinary users is uncommon.

Rule queryedit

process.name: nping and event.action:executed
« Nmap Process Activity PPTP (Point to Point Tunneling Protocol) Activity »