# scanner\_rwth\_aachen\_univ **Explanation** The scanner\_rwth\_aachen\_univ NDM is designed to detect unauthorized access attempts to the research scanning systems at RWTH Aachen University. The NDM creates an alert when an attempt is made to access the university's scanning infrastructure using an unapproved device or from an unauthorized location. **What to Look For** Users should monitor their network activity for any attempts to access RWTH Aachen University's scanning systems from unauthorized devices or locations. Endpoints should be checked for suspicious activity or attempts to install new software or access protected files. Any unusual or unapproved activity should be immediately investigated to prevent potential security breaches. RWTH Aachen University is a renowned research institution located in Aachen, Germany. Established in 1870, it is one of the largest and oldest technical universities in the country, offering a wide range of academic and research programs in engineering, natural sciences, medicine, humanities, and social sciences. The university is particularly known for its strong emphasis on applied research, interdisciplinary collaboration, and close connections to the industry. One reason that RWTH Aachen University scans the internet is for cybersecurity research. The university has a strong focus on various aspects of computer science and cybersecurity, and scanning the internet is a crucial component of understanding the current state of online security, identifying vulnerabilities, and developing solutions to protect users, systems, and networks. Scanning the internet involves systematically probing internet-connected devices, servers, and services to gather information about their configurations, security measures, and potential vulnerabilities. This data can then be used to analyze trends, detect security weaknesses, and develop more robust security mechanisms. Researchers at RWTH Aachen University, along with researchers from other academic institutions and security organizations, use the data obtained from internet scanning to: 1. Study the prevalence of known vulnerabilities in real-world systems and track their patching progress. 2. Discover previously unknown security flaws in widely used software and hardware. 3. Analyze the security posture of different types of devices, such as IoT (Internet of Things) devices or industrial control systems. 4. Develop and validate new security solutions, tools, and techniques. 5. Understand the behavior and evolution of threats like malware, botnets, or distributed denial-of-service (DDoS) attacks. By scanning the internet and conducting cybersecurity research, RWTH Aachen University contributes to enhancing the overall security and resilience of internet infrastructure and connected systems. This research also helps inform best practices for system administrators, developers, and policymakers in the cybersecurity domain. **Related MITRE ATT\&CK Categories** [Reconnaissance: Active Scanning, Technique T1595 - Enterprise](https://attack.mitre.org/techniques/T1595) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fusion.vectra.ai/detection-models/library/reconnaissance/scanner_rwth_aachen_univ.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.