TCP Port Scan Actions are typically used to validate network segmentation or to simulate typical reconnaissance activities like full port scans and services fingerprinting.
- Within the Director, click on Library > Actions in the top navigation bar.
- Click Add Action and select TCP Port Scan. The Add TCP Action form displays.
- Populate the Form.
- Name
- Description
- Attacker location
- Ports to be scanned
- Separate multiple entries with commas
- Ranges: use a dash (-) in between the first and last port
- Ports that should show as closed/unreachable: Add a pound sign (#) in front of the port number
- Seconds to Sleep between Ports
- (Optional) Select Randomize Port Order.
-
Click Save Port Scan.
The Action Library displays. A confirmation message that your Action was created successfully is shown and the Action is selected and displayed in the Action preview.
Adding a TCP Port Scan Action
When a TCP port scan cannot reach out on ports configured in the Actor Communication settings, the map reflects no communication. This is likely from a firewall or device recognizing the behavior and preventing it.