2015-04-26 01:21 AM
Hi everyone,
I was curious if anyone has used SA to detect nmap scans on their network? If someone has I would be interested in what you used to search within SA.
Cheers.
2015-04-26 01:22 AM
2015-04-30 12:31 PM
you can look for syn flgs in connections to different ports in certain amount of time, i believe in Live Module are esa rules for network scanning.
