Use Splunk to Locate Port Scanners

If you are hosting a web application, then the only open TCP ports through your firewall should be 80 and 443.  If anything tries to connect on other ports such as 23, 3389, 12345, etc. then it’s more than likely hostile.  More so, for example, if you see attempts to connect to sequential port numbers Read more about Use Splunk to Locate Port Scanners[…]