Hello,
I have created a Firewall Logon Failure with Inference notification. An email notification was added to the actions which was followed by several notifications being sent out.
Checking the filters, TCPPortScan has hundreds of events and I am wondering how I can make use of this information.
Alot of the AlertActivityType is "TCP Missing SYN Flag" - can anybody provide information on what this is?
Obviously the idea is to customise this rule and ignore any false-positives.
Many thanks