Welcome, Guest [Login]

• File
• Home
• Events
• Traffic
• Hosts
• Services
• Reports
  • View
  • Explore
  • Query
  • Edit
  • Schedule
  • Install
  • Script
• Maps
• Search
• Help

Filter:

Category All Accounting Events Host Interfaces Inventory Miscellaneous QoS Security Services Switching Traffic Section All Detect Routers ICMP Port Unreachable Inter-Group Access Moved/New MAC Addresses New/Changed MAC Addresses Newly Active IP Addresses Newly Active MAC Addresses Port Scanning Activity Trojan Activity Unauthorized DHCP Servers

Port Scanning Activity
Section
Description
incl (optional)		Search
Exclude Protocol (optional)		Search
Attacker	AnyNon-LocalLocal
Victim	AnyNon-LocalLocal
Interval (?)		Last 5 Minutes (last5minutes) Last 10 Minutes (last10minutes) Last 15 Minutes (last15minutes) Last 20 Minutes (last20minutes) Last 30 Minutes (last30minutes) Last 60 Minutes (last60minutes) Last 3 Hours (last3hours) Last 6 Hours (last6hours) Last 12 Hours (last12hours) Last 24 Hours (last24hours) Today (today) Yesterday (yesterday) Last 24 Hours (last24hours) This Week (thisweek) Last Week (lastweek) Last 7 Days (last7days) This Month (thismonth) Last Month (lastmonth) Last 30 Days (last30days)
Truncate
Severity	IgnoreInformWarnSevere
Notification Cache	Last 5 MinutesLast HourLast 24 HoursLast 7 Days
Show	Only New HostsNew Hosts and Cached Hosts
Threshold (optional)
Where (optional) (?)		AOE Operation (aoeoperation) AOE Status (aoestatus) AOE Target (aoetarget) ARP H/W Type (arphardwaretype) ARP IP Sender (arpipsender) ARP IP Target (arpiptarget) ARP MAC Sender (arpmacsender) ARP MAC Target (arpmactarget) ARP Operation (arpoperation) ARP Protocol Type (arpprotocoltype) Client Address (clientaddress) Client Country (clientcountry) Client Enterprise (cliententerprise) Client Group (clientgroup) Client Name (clientname) Client Path (clientpath) Client Port (clientport) Client Site (clientsite) Client Subnet (clientsubnet) Client Zone (clientzone) Datasource Class-Index (dsci) Destination AS (bgpdestinationas) Destination Address (destinationaddress) Destination Country (destinationcountry) Destination Domain (destinationdomain2) Destination Enterprise (destinationenterprise) Destination Group (destinationgroup) Destination I/F (routerifdst) Destination Name (destinationname) Destination Path (destinationpath) Destination Port (destinationport) Destination Site (destinationsite) Destination Subnet (destinationsubnet) Destination User (useriddestination) Destination Zone (destinationzone) Discard HW Group (hwtrap_group) Discard HW Name (hwtrap_name) Discard Reason Linux (linux_reason) Discard Reason (reason) Egress VRF ID (vrf_out) Ethernet Protocol (ethernetprotocol) FC Client (fcclient) FC Destination (fcdestination) FC Server (fcserver) FC Source (fcsource) Function (function) GENEVE VNI (geneve_vni) GRE version (gre_version) Group Path (grouppath) HTTP Command (httpcommand) HTTP Method (httpmethod) Has App. Counters? (has_app) Has HTTP Counters? (has_http) Has Host Counters? (has_host) Has I/F Counters? (has_if) Has Java Counters? (has_java) Has Memcache Counters? (has_memcache) Has Switch Counters? (has_switch) Has VM Counters? (has_vm) Host Destination Enterprise (destinationagententerprise) Host Destination Group (destinationagentgroup) Host Destination Site (destinationagentsite) Host Destination Zone (destinationagentzone) Host Destination? (dstishost) Host Source Enterprise (sourceagententerprise) Host Source Group (sourceagentgroup) Host Source Site (sourceagentsite) Host Source Zone (sourceagentzone) Host Source? (srcishost) I/F In (inputinterface) I/F Out (outputinterface) ICMP Code (icmpcode) ICMP Type (icmptype) ICMP Unreachable Port (icmpunreachableport) ICMPv6 Code (icmp6code) ICMPv6 Type (icmp6type) IEEE 802 SAP (ieee802sap) IGMP Group (igmpip) IP Client (ipclient) IP DSCP (ipdscp) IP Destination Name (ipdestinationname) IP Destination Subnet (ipdestinationsubnet) IP Destination (ipdestination) IP Next Hop (ipnexthoprouter) IP Protocol (ipprotocol) IP Server (ipserver) IP Source Name (ipsourcename) IP Source Subnet (ipsourcesubnet) IP Source (ipsource) IP TOS (iptos) IP TTL (ipttl) IP Version (ipversion) IPv6 DSCP (ip6dscp) IPv6 Destination Name (ip6destinationname) IPv6 Source Name (ip6sourcename) ISCSI opcode (iscsiopcode) IfIndex In (inputifindex) IfIndex Out (outputifindex) Ingress VRF ID (vrf_in) Inner Ethernet Protocol (ethernetprotocol.1) Inner ICMP Code (icmpcode.1) Inner ICMP Type (icmptype.1) Inner ICMPv6 Code (icmp6code.1) Inner ICMPv6 Type (icmp6type.1) Inner IP DSCP (ipdscp.1) Inner IP Destination (ipdestination.1) Inner IP Protocol (ipprotocol.1) Inner IP Source (ipsource.1) Inner IP TOS (iptos.1) Inner IP TTL (ipttl.1) Inner IP Version (ipversion.1) Inner IPv6 DSCP (ip6dscp.1) Inner IPv6 Destination (ip6destination.1) Inner IPv6 Label (ip6label.1) Inner IPv6 Source (ip6source.1) Inner IPv6 TOS (ip6tos.1) Inner MAC Destination (macdestination.1) Inner MAC Source (macsource.1) Inner TCP Destination Port (tcpdestinationport.1) Inner TCP Source Port (tcpsourceport.1) Inner UDP Destination Port (udpdestinationport.1) Inner UDP Source Port (udpsourceport.1) MAC Client (macclient) MAC Destination Vendor Code (macdestinationvendor) MAC Destination (macdestination) MAC Server (macserver) MAC Source Vendor Code (macsourcevendor) MAC Source (macsource) MPLS CoS In (mplscosin) MPLS CoS Out (mplscosout) NAT Destination Port (natdstport) NAT Source Port (natsrcport) NVGRE VSID (gre_vsid) Output Queue (outputqueue) PBB Destination (pbbdst) PBB ISID (pbbisid) PBB Source (pbbsrc) Priority In (vlansourcepriority) Priority Out (vlandestinationpriority) Priority (vlanpriority) Protocol Classification ID (classificationid) Protocol Group (protocolgroup) Protocol Stack (protocolstack) Protocol (protocol) RTP Codec (rtppayload) SCSI LUN Id (scsilunidx) SCSI LUN (scsilun) SCSI Operation (scsiop) SIP Method (sipmethod) SIP Target (siptarget) STP Root (stproot) Server Address (serveraddress) Server Country (servercountry) Server Enterprise (serverenterprise) Server Group (servergroup) Server Name (servername) Server Path (serverpath) Server Port (serverport) Server Site (serversite) Server Subnet (serversubnet) Server Zone (serverzone) Site Path (sitepath) Source AS (bgpsourceas) Source Address (sourceaddress) Source Country (sourcecountry) Source Domain (sourcedomain2) Source Enterprise (sourceenterprise) Source Group (sourcegroup) Source I/F (routerifsrc) Source Name (sourcename) Source Path (sourcepath) Source Port (sourceport) Source Site (sourcesite) Source Subnet (sourcesubnet) Source User (useridsource) Source Zone (sourcezone) TCP Destination Port (tcpdestinationport) TCP Flags (tcpflags) TCP Source Port (tcpsourceport) TRILL Hops (trillhops) TRILL Options (trilloptions) TRILL RBridge Egress (trillbridgeout) TRILL RBridge Ingress (trillbridgein) Time (time) UDP Destination Port (udpdestinationport) UDP Source Port (udpsourceport) UUID Client (uuidclient) UUID Destination (uuiddestination) UUID Server (uuidserver) UUID Source (uuidsource) VLAN In (vlansource) VLAN Name In (vlansourcename) VLAN Name Out (vlandestinationname) VLAN Out (vlandestination) VLAN Stack (vlanstack) VLAN (vlan) VNI in (vni_in) VNI out (vni_out) VXLAN VNI (vxlan_vni) WiFi BSSID (wifibssid) WiFi Channel (wifichannel) WiFi Cipher (wificipher) WiFi Ctrl. St. (wifictrlst) WiFi SSID (wifissid) WiFi Version (wifiversion) Zone Path (zonepath) myipversion (myipversion) =!=~!~ Add & | ( !( ) <- Clr
DefaultsResetSubmit

Usage: Specify Protocols to Ignore or Include. Set a Threshold on the number of hosts scanned and a Severity to generate notifications when a scanning host is detected. Set the Notification Cache interval to suppress duplicate events, only generating an event when a new host starts scanning, or resumes having been silent for the Notification Cache interval. To continuously monitor for scanning activity, include this section in a report and schedule the report to run at the same frequency as the specified Interval.

Copyright © 1999-2023 InMon Corp. ALL RIGHTS RESERVED