Has anyone been succesful in detecting scans like nmap scans, port
scans, vuln scans etc? The first time I tried using an ESA rule from RSA
Live it basically exploded NetWitness with false positives and I never
went back to look at it. We're now gett...