Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
AndrewFirst of all, make sure you have enough interesting devices reporting to CS-MARS. IDS, FW, Netflow events from the network should be a good subset to work with. Port scan can be detected and therefore reported by the IDS, FW. If the port scan t...
