Managed Sentinel – Alert 039

Alert IDMS-A039
Alert NameNetwork Scan detected
DescriptionDetects many failed connection attempts to different ports or hosts
Severity LevelMedium
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsPersistence
Log sourcesFirewall Traffic Logs
False PositivesInventarization systems
Vulnerability scans
Penetration testing activity
RecommendationsIdentify the source IP address (originator) of the scan. Block any inbound traffic from this IP address (or subnet) inbound to your perimeter firewall