Create and enable a SEM rule to identify port scanning traffic
To identify suspicious firewall traffic indicative of port scanning, clone and enable the PortScans rule. This rule generates a default TCPPortScan event, which the SEM console displays in the default Security Events filter. Use this event to monitor suspicious network traffic and prevent unauthorized access to your firewall.
Log in to the SEM Console.
- In the toolbar, click Rules.
On the Rules toolbar, click Create rule from template.
- In the search box, enter PortScans.
- Select the PortScans rule template, and then click Next.
Review the existing conditions and values. Click Edit and updated if required.
- Click Next.
Review and adjust the rule details where needed.
- Click Create.
See Create a new rule for more information.