I have configured a port scan alter using the in-built template in LEM.
I was wondering who else uses this alert and if they have any tips for amending the policy to receive more useful information.
Currently, I am getting a lot of "Deny TCP (no connection)"
Are there any knowledge base articles on understanding the alerts?
Retrieving data ...