SPL
port scan attack (by juniper)
Description
1 0
index=* sourcetype="juniper:firewall" src!="192.168.*" | bin _time span=5m | stats dc(dest_port) as distinct_port by src,dest,_time |where distinct_port >1000
GoSplunk SPL + dashboard repository
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.