Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Identifies a source IP scanning multiple open ports on Azure Firewall. This can indicate malicious scanning of ports by an attacker, trying to reveal open ports in the organization that can be compromised for initial access. Configurable Parameters: - Port scan time - the time range to look for multiple ports scanned. Default is set to 30 seconds. - Minimum different ports threshold - alert only if more than this number of ports scanned. Default is set to 100.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Azure Firewall |
| ID | b2c5907b-1040-4692-9802-9946031017e8 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Discovery |
| Techniques | T1046 |
| Required Connectors | AzureFirewall |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AZFWApplicationRule |
✓ | ✗ | ? |
AZFWNetworkRule |
✓ | ✗ | ? |
AzureDiagnostics 🔶 |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊