staged attack by computer operation is a specialization of cyber attack and an instance of ScriptedEventType. Each instance of staged attack by computer operation is a complex event which procedes in four stages. First, the attacker scans the target range of addresses. Second, the attacker scans active IP addresses to find open ports on them. Third, the attacker launches a banner scan to on the open ports to ascertain what specific services are running on the open ports. Finally, the attacker runs an exploit on the faulty services identified by the banner scan. Instances of staged attack by computer operation are often preceded by a domain search query to determine which range of IP addresses correspond to a particular domain name. For collections representing the various stages of this sort of attack, see probing of a computer network (with its sub-event types IP discovery scan, port scan, and banner scan) and placing a malicious program.