# nmapfingerprint **Explanation** The nmapfingerprint NDM detects the presence of the NMAP fingerprint on the network. **What to Look For** To examine the results of the nmapfingerprint NDM Event, look for NMAP fingerprinting activities on your network. This may include unusual scanning activities or port probing. The NMAP tool is often used by attackers to identify vulnerabilities, and its usage should be carefully monitored. To remedy this problem, investigate any machines or IP addresses that are being scanned or probed by NMAP. Check for signs of malicious activity, such as unauthorized access attempts or attempts to exploit known vulnerabilities. It's also important to ensure that all systems on your network are properly configured and up-to-date to prevent exploitation. Note that NMAP fingerprinting involves analyzing various networking protocols, such as TCP/IP, and can provide detailed information about a target machine's operating system, open ports, and services. This NDM takes into account the specific data that NMAP uses to identify machine fingerprints. **Related MITRE ATT\&CK Categories** [Discovery: Network Service Discovery, Technique T1046 - Enterprise](https://attack.mitre.org/techniques/T1046) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fusion.vectra.ai/detection-models/library/reconnaissance/nmapfingerprint.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.