port scan attack (by juniper)

index=* sourcetype="juniper:firewall"  src!="192.168.*"
| bin _time span=5m
| stats dc(dest_port) as distinct_port by src,dest,_time
|where distinct_port >1000
Share This:
Tagged:

Leave A Comment?