Create and enable a SEM rule to identify port scanning traffic
To identify suspicious firewall traffic indicative of port scanning, clone and enable the PortScans rule. This rule generates a default TCPPortScan event, which the SolarWinds SEM console displays in the default Security Events filter. Use this event to monitor suspicious network traffic and prevent unauthorized access to your firewall.
- In the SEM Events Console, click the Rules tab.
On the Rules toolbar, click Create rule from template.
- In the search box, enter PortScans.
- Select the PortScans rule template, and then click Next.
- Review and edit the existing conditions and values where needed, and then click Next.
- Review and adjust the rule details where needed, and then click Create.
See Create a new rule for additional guidance.