# external\_snmp\_sweep

**Explanation**

This security event is triggered when an SNMP sweep is detected entering the customer's network. SNMP, or Simple Network Management Protocol, is a protocol used for managing and monitoring network devices such as routers, switches, and servers. An SNMP sweep is an attempt to gather information about these devices, including their configuration and network topology.

**What to Look For**

To examine the results of this event, the customer should look for any suspicious SNMP traffic entering their network. This could include a large number of SNMP requests or responses from a single source IP address, or a sudden increase in SNMP traffic from multiple devices. They should also check their network devices to ensure that their SNMP configurations are secure and up to date, and that they are not using default authentication credentials. By identifying and addressing these issues, customers can prevent attackers from using an SNMP sweep to gather information about their network and potentially launch further attacks.

**Related MITRE ATT\&CK Categories**

[Reconnaissance: Active Scanning, Technique T1595 - Enterprise](https://attack.mitre.org/techniques/T1595)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fusion.vectra.ai/detection-models/library/misconfiguration/external_snmp_sweep.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.