Home

Does port enumeration attack make sentinel create incident?

%3CLINGO-SUB%20id%3D%22lingo-sub-977638%22%20slang%3D%22en-US%22%3EDoes%20port%20enumeration%20attack%20make%20sentinel%20create%20incident%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-977638%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20testing%20Azure%20Sentinel.%20I%20have%20a%20data%20connector%2Cwindows%20firewall.The%20windows%20firewall%20agent%20is%20on%20a%20window%20machine.%20I%20scanned%20windows%20machine%20with%20nmap.%20I%20get%20logs%20from%20firewall%20and%20show%20in%20sentinel.%20But%20no%20incident.%20I%20think%20it%20is%20not%20enough%20to%20be%20a%20incident.%20What%20can%20I%20do%20to%20get%20one%20incident%3F%20How%20can%20I%20make%20attack%20to%20get%20so%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-979769%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20port%20enumeration%20attack%20make%20sentinel%20create%20incident%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-979769%22%20slang%3D%22en-US%22%3EHi%20KoKyi%2C%20If%20you%20think%20you%20need%20to%20treat%20particular%20event%20as%20a%20case.%20You%20can%20create%20an%20alert%20for%20it%2C%20by%20going%20to%20Configuration-%26gt%3B%20Analytics.%20There%20are%20lots%20of%20alert%20rule%20template%20to%20pick%20from.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-982145%22%20slang%3D%22en-US%22%3ERe%3A%20Does%20port%20enumeration%20attack%20make%20sentinel%20create%20incident%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-982145%22%20slang%3D%22en-US%22%3EHi%20akhilnx%2C%20I%20see%20now.%20Thanks%20for%20your%20help.%3C%2FLINGO-BODY%3E
KoKyi
New Contributor

I am testing Azure Sentinel. I have a data connector,windows firewall.The windows firewall agent is on a window machine. I scanned windows machine with nmap. I get logs from firewall and show in sentinel. But no incident. I think it is not enough to be a incident. What can I do to get one incident? How can I make attack to get so?

2 Replies
Hi KoKyi, If you think you need to treat particular event as a case. You can create an alert for it, by going to Configuration-> Analytics. There are lots of alert rule template to pick from.

Hi akhilnx, I see now. Thanks for your help.
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies