FScan.exe is an open-source tool used by threat actors for network reconnaissance, identifying open ports, and discovering vulnerabilities within target environments. This detection rule aims to identify unauthorized network scanning activities conducted via the FScan tool by monitoring hosts that send an excessive number of ICMP pings to private IP address ranges. Specifically, it looks for instances where a target machine generates more than 100 rapid ICMP pings within a 30-second window, which matches the typical behavior of FScan's automated commands. The logic for monitoring this is implemented within a Splunk query that filters for process creation events related to ping commands. The rule captures relevant information such as time, host, user, and process details to highlight potential reconnaissance activities, as excessive ICMP requests could indicate a scanning attempt rather than legitimate network traffic. The techniques associated with this detection include remote system discovery (T1018) and network service discovery (T1046).