For reasons similar to masscan, it is worth investigating if Nmap is discovered on an unexpected host.
rule nmap
{
meta:
description = "Nmap network scanner"
reference = "https://nmap.org"
strings:
$ = "Usage: nmap [Scan Type(s)] [Options] {target specification}"
condition:
all of them
}
Pingback: Week 05 – 2022 – This Week In 4n6