# bitcoin\_node\_internal\_external **Explanation** The bitcoin\_node\_internal\_external event monitors network traffic for possible Bitcoin mining activity. Bitcoin mining is a process of verifying transactions in the Bitcoin blockchain by solving complex mathematical problems, and is typically done using specialized equipment and software. This event looks for signs of mining activity on the network, which may indicate that an attacker has compromised a system or network to mine Bitcoin. **What to Look For** To examine the results of the bitcoin\_node\_internal\_external event, look for traffic patterns that suggest Bitcoin mining activity, such as a large amount of traffic to Bitcoin mining pools or to the Stratum mining protocol. Additionally, examine activity on individual endpoints for signs of Bitcoin mining software or high CPU usage, which may indicate that a system is being used to mine Bitcoin. If you identify Bitcoin mining on your network, take action to identify and remediate any compromised systems or networks. **Related MITRE ATT\&CK Categories** [Impact: Resource Hijacking, Technique T1496 - Enterprise](https://attack.mitre.org/techniques/T1496) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fusion.vectra.ai/detection-models/library/operational-governance/bitcoin_node_internal_external.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.