Create and enable a SEM rule to identify port scanning traffic
To identify suspicious firewall traffic indicative of port scanning, clone and enable the PortScans rule. This rule generates a default TCPPortScan event, which the SolarWinds SEM console displays in the default Security Events filter. Use this event to monitor suspicious network traffic and prevent unauthorized access to your firewall.
- On the SEM Console, click the Rules tab.
- On the Rules toolbar, click Create rule from template.
- In the search box, enter PortScans.
- Select the PortScans rule template, and then click Next.
- Review (and if necessary edit) the existing conditions and values, and click Next.
- Review and adjust the rule details where needed, and then click Create.
See Create a new rule for additional guidance.