The most recent content from our members.
I am receiving massive amounts of denied TCP packets and Telnet requests from outside sources EX.Russia,Germany, Netherlands,Venezuela, and some US states. These alerts are coming from a custom filter I created: "TCPTrafficAudit.DestinationMachine=Internal IP". Apart from creating geo-blocks and restrictions on my…
Dear All, I would like to know the meaning of Port Scanner results which are 'No Response', 'Unexpected Response' and 'Closed'. Please let me know if you know what does these results represent. Thank you, Pradeep K
What is the ideal correlation condition for port scan? I mean the No of Events per Second so it doesn't result in to false positives.
Is there any default rule in LEM to detect below attacks? If not with default, How can we create custom rules for them? BruteForce Attack Directory Harvesting Attack InValid TCP Traffic
Hello, I have configured a port scan alter using the in-built template in LEM. I was wondering who else uses this alert and if they have any tips for amending the policy to receive more useful information. Currently, I am getting a lot of "Deny TCP (no connection)" Are there any knowledge base articles on understanding the…
It looks like you're new here. Sign in or register to get started.