3 Replies Latest reply on May 3, 2016 2:28 PM by yassinezeroual

    Port Scan alert on Firewall

    bskartik

      Hello all,

      I am in the middle of creating few alerts on McAfee SIEM.

       

      1. Port Scan alert on Firewall:

      I have performed an Nmap scan on the Firewall. I have only received the ACL denied events. This is a very generic event and if I create an alert for the same, it would fire like hell. It becomes very difficult to understand legitimate scan and a false positive. Is there a way to find out port scan alert on the firewall? There is no IPS/IDS implemented in the Infra. We have a Cisco 5500 ASA FW.

       

      Any help in this regard would be appreciated.

       

      Best Regards,

      Kartik