Port Sweep on port 445 and 5986 from ntoskrnl.exe
I noticed a port sweep connection by ntkrnlmp.exe. Alerts are getting generated everyday in SIEM Sentinel. We discovered an internal source IP (private) attempting to connect to numerous internal private IP addresses over port 445 and port 5986(WinRM).
_Im_NetworkSession table in sentinel capturing these logs under DeviceNeworkEvents. Initiating process is 'ntkrnlmp.exe' It's likely that some system-level processes or services are utilizing network resources, possibly for legitimate purposes like system management, updates, or communication with other systems. But not sure what is causing this issue.