Juniper Archives -

port scan attack (by juniper)

Juniper
MaryamSaniee
1 0

index=* sourcetype="juniper:firewall"  src!="192.168.*"
| bin _time span=5m
| stats dc(dest_port) as distinct_port by src,dest,_time
|where distinct_port >1000

index=* sourcetype="juniper:firewall" src!="192.168.*"

| bin _time span=5m

| stats dc(dest_port) as distinct_port by src,dest,_time

|where distinct_port >1000

Continue Reading →

Count of Attackers on Juniper Devices

Juniper
ItsJohnLocke
3 8

The following is a Splunk search query that indicates potential “attacks” by source IP. Further investigation will be needed to determine accuracy of attacks.

sourcetype = "juniper:idp" attack* | stats count by src_ip

1	sourcetype = "juniper:idp" attack* \| stats count by src_ip

Credit given to bbosearch.

Continue Reading →

Newest | Active

chiboy

Active 8 hours, 37 minutes ago
myacoub

Active 1 week ago
secninjago

Active 1 week, 1 day ago
abistarosta

Active 1 week, 2 days ago
shakeer01

Active 1 week, 4 days ago

Sourcetype: Juniper

port scan attack (by juniper)

Count of Attackers on Juniper Devices