3 Replies Latest reply on May 3, 2016 2:28 PM by yassinezeroual

    Port Scan alert on Firewall


      Hello all,

      I am in the middle of creating few alerts on McAfee SIEM.


      1. Port Scan alert on Firewall:

      I have performed an Nmap scan on the Firewall. I have only received the ACL denied events. This is a very generic event and if I create an alert for the same, it would fire like hell. It becomes very difficult to understand legitimate scan and a false positive. Is there a way to find out port scan alert on the firewall? There is no IPS/IDS implemented in the Infra. We have a Cisco 5500 ASA FW.


      Any help in this regard would be appreciated.


      Best Regards,