https://community.splunk.com/t5/Splunk-Search/How-to-write-splunk-query-for-Horizontal-and-Vertical-port-scan/m-p/676728#M231425 <P>What events are you dealing with? Please share an anonymised sample selection.</P><P>What do your expected results look like?</P><P>What have you tried so far?</P> Tue, 06 Feb 2024 12:08:49 GMT ITWhisperer 2024-02-06T12:08:49Z https://community.splunk.com/t5/Splunk-Search/How-to-write-splunk-query-for-Horizontal-and-Vertical-port-scan/m-p/676723#M231424 <P>Horizontal Scan:&nbsp;</P><P><SPAN>External scan against a group of IPs for a single port</SPAN>.&nbsp;</P><P>&nbsp;</P><P>Vertical Scan:&nbsp;</P><P>External Single IP being scan against multiple port.&nbsp;</P> Tue, 06 Feb 2024 11:41:08 GMT https://community.splunk.com/t5/Splunk-Search/How-to-write-splunk-query-for-Horizontal-and-Vertical-port-scan/m-p/676723#M231424 nilesh1 2024-02-06T11:41:08Z https://community.splunk.com/t5/Splunk-Search/How-to-write-splunk-query-for-Horizontal-and-Vertical-port-scan/m-p/676728#M231425 <P>What events are you dealing with? Please share an anonymised sample selection.</P><P>What do your expected results look like?</P><P>What have you tried so far?</P> Tue, 06 Feb 2024 12:08:49 GMT https://community.splunk.com/t5/Splunk-Search/How-to-write-splunk-query-for-Horizontal-and-Vertical-port-scan/m-p/676728#M231425 ITWhisperer 2024-02-06T12:08:49Z https://community.splunk.com/t5/Splunk-Search/How-to-write-splunk-query-for-Horizontal-and-Vertical-port-scan/m-p/676938#M231490 <P>I'm dealing with Cisco firewall events.&nbsp;&nbsp;</P> Thu, 08 Feb 2024 06:03:17 GMT https://community.splunk.com/t5/Splunk-Search/How-to-write-splunk-query-for-Horizontal-and-Vertical-port-scan/m-p/676938#M231490 nilesh1 2024-02-08T06:03:17Z https://community.splunk.com/t5/Splunk-Search/How-to-write-splunk-query-for-Horizontal-and-Vertical-port-scan/m-p/676943#M231492 <P>I see that you are new here. &nbsp;But this is a Splunk forum. &nbsp;Very few people will know what Cisco firewall events entail. &nbsp;In fact, Cisco firewall can also have multiple forms. &nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225168">@ITWhisperer</a>&nbsp;is asking you to post sample (anonymized) or mock data. &nbsp;You can use raw events, or field tables. You should also illustrate desired results. &nbsp;Additionally, explain very clearly which part of the data will lead to your desired result and how. &nbsp;In short, you need to explain how to get your desired results WITHOUT Splunk.</P> Thu, 08 Feb 2024 07:09:23 GMT https://community.splunk.com/t5/Splunk-Search/How-to-write-splunk-query-for-Horizontal-and-Vertical-port-scan/m-p/676943#M231492 yuanliu 2024-02-08T07:09:23Z