Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Port Scan Dashboard

tonythomas42
New Member
‎02-23-2020 11:12 PM

I want a dashboard to be created for port scan(to detect 2000 port scan attempts from one single IP towards single destination within 5 min)
I tried creating one dashboard but the values in the dashboard keep on changing every time the dashboard refreshes. I want a dashboard that will display all the port scan attempts for last 24 hrs satisfying the condition (2000 port scan attempts in 5 min) and the values in the dashboard should stay till 24 hrs.

Tags (1)
0 Karma
Reply

sumanssah
Communicator
‎02-29-2020 08:04 PM

try using below-mentioned search for "port scan to single IP multiple ports"

| tstats `summariesonly`   dc(All_Traffic.dest_port) as dc_dest_port  values(All_Traffic.dest_zone) as dest_zone min(All_Traffic.dest_port) as min_port max(All_Traffic.dest_port as max_port values(All_Traffic.action) as action  from datamodel=Network_Traffic.All_Traffic where NOT (All_Traffic.dest_port=443 OR  All_Traffic.dest_port=80 )  by All_Traffic.src_ip All_Traffic.dest_ip _time span=5m
| `drop_dm_object_name(All_Traffic)`  
| where dc_dest_port>2000  
| eval ip_range=min_port."-".max_port
0 Karma
Reply

to4kawa
Ultra Champion
‎02-29-2020 07:20 PM

Which do you want to do?
Create something: good luck. you only know your logs.
Find Apps: splunk security essentials

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...