Managed Sentinel – Alert 039
| Alert ID | MS-A039 |
| Alert Name | Network Scan detected |
| Description | Detects many failed connection attempts to different ports or hosts |
| Severity Level | Medium |
| Threat Indicator | Improper Usage |
| MITRE ATT&CK Tactics | Persistence Discovery Collection |
| Log sources | Firewall Traffic Logs |
| False Positives | Inventarization systems Vulnerability scans Penetration testing activity |
| Recommendations | Identify the source IP address (originator) of the scan. Block any inbound traffic from this IP address (or subnet) inbound to your perimeter firewall |