# Exploitation & Reconnaissance Detection Astral provides detection capabilities focused on identifying reconnaissance activity and exploitation attempts that typically precede or enable cyber attacks. These detections are designed to uncover early-stage attacker behavior, allowing security teams to respond before successful compromise occurs. Reconnaissance detection in Astral focuses on identifying activities aimed at discovering systems, services, and vulnerabilities within the environment. This includes detection of scanning behavior, enumeration attempts, and repeated probing of network services. By analyzing connection patterns, request frequency, and access attempts across multiple targets, Astral is able to distinguish legitimate operational activity from malicious reconnaissance. Exploitation detection addresses attempts to actively abuse vulnerabilities or misconfigurations. Astral evaluates traffic patterns, request structures, and known malicious indicators to identify exploitation attempts against network services, applications, and exposed interfaces. These detections include identification of malicious requests and behaviors consistent with known attack techniques. Astral correlates reconnaissance and exploitation signals across time and data sources to reduce false positives and increase confidence in detections. For example, scanning activity followed by targeted exploitation attempts is treated as a higher-risk scenario than isolated events. This correlation enables Astral to detect attack chains rather than individual actions. Once reconnaissance or exploitation activity is identified, the detections are forwarded to Inopli’s Response and RPA capabilities. This integration enables rapid investigation, containment, and mitigation actions, ensuring that early-stage attack activity is addressed before it escalates into a confirmed intrusion. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inopli.com/astral/rules/detection-capabilities/exploitation-and-reconnaissance-detection.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.