Forum Discussion
KQL rule to Detect Scanning Activty
I want assistance in building KQL query to detect scanning activity in my network. For example - if any IP or Host is trying to attempt/scan more than 500 distinct IPs or Ports in short interval of ...
Thanks majo01 - well spotted 😉
I missed the "distinct" word in the question.
Thank you for helping me out