Skip to main content


Splunk Lantern

Detecting network and port scanning


  • Product: Splunk Enterprise or Splunk Cloud
  • Feature: Search
  • Function: Firewall log monitoring

To optimize the search shown below, you should specify an index. 


Attackers scan networks for IP addresses and ports so they can find a good entry point into your organization. You want to see if scanning activity is coming from someone other than an authorized person internally.


Additional resources

For more great content from the Splunk Education and Training team, check out Splunk How-To on YouTube or sign up for a course. In addition, these Splunk resources might help you understand and implement this search:

  • Was this article helpful?