Topic
  • 1 reply
  • Latest Post - ‏2012-11-27T18:08:54Z by SystemAdmin
SystemAdmin
SystemAdmin
184 Posts

Pinned topic UDP Reconnaissance - Event CRE to one IP and one port

‏2012-08-09T02:39:55Z |
I have a CRE that is described as following:
Local UDP Scanner Detected
Detected a source IP address attempting reconnaissance or suspicious connections on common UDP ports to more than 60 hosts in 10 minutes.
When I open the event, there is only one destination IP and only one destination port.
What's wrong? Or what is it that I am not seeing here?-------Posted BY Leszek Adamiak
Updated on 2012-11-27T18:08:54Z at 2012-11-27T18:08:54Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    184 Posts

    Re: Are you looking at an offense

    ‏2012-11-27T18:08:54Z  
    Are you looking at an offense generated by this rule or an event? If you are looking at the offense, are you looking at both flows and events that are associated to the offense?
    Posted By scott.vanwart