any idea to write the query to capture the first packet recorded of the reconnaissance from the vulnerability scanner
What’s the logic you applied to detect vulnerability scanner?
Share your logic to guide you to get first event of vulnerability scanner?