Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Reconnaissance Protection tresholds

L1 Bithead

Hello there,


I am in the process of configuring our reconnaissance protection profile and need some advice on best practices for interval and tresholds (events). I have been searching through the docs and can't find recommended settings for the below interval and threshold. 


- TCP Port Scan

- Host Sweep

- UDP Port Scan


I currently set 2 seconds for interval and 10 events for treshold.  Wondering what is the best practice here.


Device:  PA 850

OS: 8.0.18



Who Me Too'd this topic