Create and enable a SEM rule to identify port scanning traffic

To identify suspicious firewall traffic indicative of port scanning, clone and enable the PortScans rule. This rule generates a default TCPPortScan event, which the SEM console displays in the default Security Events filter. Use this event to monitor suspicious network traffic and prevent unauthorized access to your firewall.

1. Log in to the SEM Console.

2. In the toolbar, click Rules.

3. On the Rules toolbar, click Create rule from template.

4. In the search box, enter PortScans.
5. Select the PortScans rule template, and then click Next.

6. Review the existing rule conditions and click Edit rule to update, if required.

7. Click Next.

8. Review and adjust the rule details where needed.

9. Click Create.

   See Create a new rule for more information.