IC SunsetThe developerWorks Connections platform will be sunset on December 31, 2019. On January 1, 2020, this forum will no longer be available. More details available on our FAQ.
  • No replies
2 Posts

Pinned topic Include "Destination Port(s)" in Offenses tab

‏2016-08-26T17:59:10Z |

How can I display "Destination Port" in the "All Offenses" and "My Offenses" views?

Use case:  I see several several port-scanning offenses involving an external IP scanning a set of Destination IPs and the same obscure Destination port like 5060 or 53413 that I know is blocked by our firewall.  In order to disposition all of these in a similar way, I have to open each of the multiple offenses and look at all of the events in order to confirm that the Destination port is the same for all events in all of the offenses.

Requirement:  I'd like to be able to disposition all of these like offenses without opening every offense and checking the Destination Port of every event in the offense.  Seeing the Destination Port in the Offenses view would save me time for this use case.