![]() And for the record, I have done my own nmap port scans and other things and I can clearly see my IP coming through in the connection log under Security Services category and I constantly see other events from other external scans and threats. For some reason their activity never really popped up in the connection logs under Security Services where that stuff would normally show up as port scan or some other threat. ![]() The main issue I have with this is that this raw data doesnt seem to be able to be offloaded somewhere else for later cataloging, sorting, analytics and reporting - at least not in a meaningful way.Įach year, my company has external pen-tests and the last 2 years, they have done an nmap port scan, nessus vuln scan, and a couple other things on our WAN connections. ![]() The best I can do is if I just log into the device and pull up the connection log and filter for "Security Services" and view things there which for example shows me what IP addresses are showing "possible port scan" and other things like that. Network visibility has always been a challenge/blind spot in that I can't just easily get a view of things like network analytics or threat events such as port scans or ddos attacks, etc. I have been using NSA 3600 at my job for years.
0 Comments
Leave a Reply. |