Port scanning events are characterized by any host that is observed trying to contact a service on another host that is not expected or supported. This risk vector also accounts for hosts that may be scanning darknet space. This type of activity is often performed by a worm looking for additional devices to infect.
What triggers a port scanner event?
