Suresh Thanikachalam

Suspicious Activity Detected: Reconnaissance

Discussion created by Suresh Thanikachalam on May 20, 2018

Hi All,

We are trying to enabled the default rule 'Suspicious Activity Detected: Reconnaissance" which is under the "Incident Rule" in Netwitness version 11.0, But since we are getting the below error in the linked ESA rules ("Port Scan Horizontal Packet","Port Scan Vertical Packet","Port Scan Horizontal Log","Port Scan Vertical Log")  we are not getting any events or incidents under this rule and it is not of any help to us.

 

Kindly let us know if we have enabled in a proper format or if we need to updated the rules.

 

Rule which need to be enabled 

Original Rule

Error Message 

 

Regards

Suresh Thanika

         

Outcomes