Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
'Identifies a source IP scanning same open ports on the Azure Firewall IPs. This can indicate malicious scanning of port by an attacker, trying to reveal IPs with specific ports open in the organization. The ports can be compromised by attackers for initial access, most often by exploiting vulnerability. Configurable Parameters: - Port sweep time - the time range to look for multiple hosts scanned. Default is set to 30 seconds. - Minimum different hosts threshold - alert only if more than this
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Azure Firewall |
| ID | 720335f4-ee8c-4270-9424-d0859222168c |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Discovery, Reconnaissance |
| Techniques | T1046, T1595.001 |
| Required Connectors | AzureFirewall |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AZFWApplicationRule |
✓ | ✗ | ✓ |
AZFWNetworkRule |
✓ | ✗ | ✓ |
AzureDiagnostics 🔶 |
✗ | ✗ | ✗ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊