Detecting network and port scanning
Attackers scan networks for IP addresses and ports so they can find a good entry point into your organization. You want to see if scanning activity is coming from someone other than an authorized person internally.
Data required
How to use Splunk software for this use case
Next steps
For more great content from the Splunk Education and Training team, check out Splunk How-To on YouTube or sign up for a course.