Forum Discussion
KQL rule to Detect Scanning Activty
I want assistance in building KQL query to detect scanning activity in my network. For example - if any IP or Host is trying to attempt/scan more than 500 distinct IPs or Ports in short interval of ...
Hello mchhetry14
Sorry to disappoint you but this is the Microsoft Learn community and is not exactly specialized on your topic/question. Although one or the other MCT specialized in this technology could be visiting this community I have the feeling that your question should be posted in the respective community.
Thank you for your understanding. Here is the link to the community:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ct-p/CoreInfrastructureandSecurity
Cheers
Rolf
#MCT #LearnWithRolf #TheCloud42