Hi All...
i'll first describe my scenario..
i have logs that contains entries regarding open ports like:
1-1-2000 192.168.0.1 port=80 service=http
1-1-2000 192.168.0.1 port=22 service=ssh
1-3-2000 192.168.0.1 port=80 service=http
1-3-2000 192.168.0.1 port=3350 service=unknown
1-3-2000 192.168.0.1 port=80 service=http
now' you can see that on the 1-3 an open port (3350) was detected, while that same port was not detected before.
how can i search for events like this? how can i compare results from scanA at a specific date to another one?
... View more