Managed Sentinel – Alert 145
| Alert ID | MS-A145 |
| Alert Name | High count of connections by client IP on many ports |
| Description | Identifies when 30 or more ports are used for a given client IP in 10 minutes occurring on the IIS server. This could be indicative of attempted port scanning or exploit attempt at internet facing web applications. This could also simply indicate a misconfigured service or device. |
| Severity Level | Medium |
| Threat Indicator | |
| MITRE ATT&CK Tactics | Discovery |
| Log sources | W3CIISLog |
| False Positives | |
| Recommendations |