Notifications
Clear all

Scanning

aghani
(@aghani)
Active Member

The Cyences app includes a multitude of saved searches, but one of the more active searches covers scanning as it can help detect any scanned networks on a host/port level that may affect your Splunk environment. This saved search looks for hosts that reach out to more than 500 hosts or 100 ports in a short period of time. 

As you can see from the screenshots, there are two scanned systems in this Splunk instance with a heavier concentration towards Palo Alto Networks over Cisco Meraki. The dashboard panels provide insightful information such as the source IP address, the number of attacks committed per IP address, and the number of times a host or port was scanned within the specified time range. 

Quote
Topic starter Posted : 18/11/2020 4:29 pm
Topic Tags
Share: