IMPORTANT: No additional bug fixes or documentation updates will be released for this version.
Nping ran on a Linux host. Nping is part of the Nmap tool suite and has the ability to construct raw packets for a wide variety of security testing applications, including denial of service testing.
Rule type: query
Risk score: 47
Runs every: 5 minutes
Maximum signals per execution: 100
Version: 2 (version history)
Added (Elastic Stack release): 7.6.0
Last modified (Elastic Stack release): 7.7.0
Some normal use of this command may originate from security engineers and
network or server administrators, but this is usually not routine or
unannounced. Use of
Nping by non-engineers or ordinary users is uncommon.
process.name:nping and event.action:executed
- Version 2 (7.7.0 release)
Updated query, changed from:
process.name: nping and event.action:executed