Documentation forSecurity Event Manager

Create and enable a SEM rule to identify port scanning traffic

To identify suspicious firewall traffic indicative of port scanning, clone and enable the PortScans rule. This rule generates a default TCPPortScan event, which the SolarWinds SEM console displays in the default Security Events filter. Use this event to monitor suspicious network traffic and prevent unauthorized access to your firewall.

  1. In the SEM Events Console, click the Rules tab.

  2. On the Rules toolbar, click Create rule from template.

  3. In the search box, enter PortScans.

  4. Select the PortScans rule template, and then click Next.
  5. Review and edit the existing conditions and values where needed, and then click Next.
  6. Review and adjust the rule details where needed, and then click Create.

    See Create a new rule for additional guidance.