Attackers scan networks for IP addresses and ports so they can find a good entry point into your organization. You want to see if scanning activity is coming from someone other than an authorized person internally.
How to use Splunk software for this use case
This article has been brought to you by Splunk Education. We’ve learned that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever with more than 20 self-paced, free eLearning courses. You can start with foundational courses like What is Splunk or dive into more advanced courses like Search Under the Hood, Result Modification, and many more. Enroll today so you have the skills to detect the good, the bad, and the unproductive.