Does port enumeration attack make sentinel create incident?

Question

I am testing Azure Sentinel. I have a data connector,windows firewall.The windows firewall agent is on a window machine. I scanned windows machine with nmap. I get logs from firewall and show in sentinel. But no incident. I think it is not enough to be a incident. What can I do to get one incident? How can I make attack to get so?

akhilnz · Answer

Hi KoKyi, If you think you need to treat particular event as a case. You can create an alert for it, by going to Configuration-&gt; Analytics. There are lots of alert rule template to pick from.

kokyi · Answer

Hi akhilnx, I see now. Thanks for your help.

Forum Discussion

Does port enumeration attack make sentinel create incident?

2 Replies

Resources