Port Scan Activity (External) too much noise but can there be a way to really Alert only on risky ports (config is vulnerable)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Port Scan Activity (External) too much noise but can there be a way to really Alert only on risky ports (config is vulnerable)

L0 Member

I got an AHA/Idea (aka RFE) for Prisma Cloud's Network Anomaly of Port Scan Activity (external) as Prisma Cloud just alerts as-is if someone is knocking at our door regardless if the port is secure otherwise.

 

We want some intelligence built-in to check first if that port scanned is a real threat with a risky configuration but if it is hardened and secured then it should NOT alert at all to not add to the noise.

 

Here's my IDEA- please vote for it for the vendor to work into adding more checks and intelligence to the Policy:  

 

1 REPLY 1

L2 Linker

Hello @MManangan,

 

We investigated a bit on those alerts and in our context, it seems false positive most of the time.

I will vote on you request 🙂

 

JB

JB
  • 1785 Views
  • 1 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!