Hi,
Is there any option to detect internal network port scans from within the network or networks? Like for example using nmap or netcat or others from inside the local network, not from a wan source.
I'm posting this in endpoint as well.
Thanks,
Hello Wajdiaa,
Thank you for reaching out to the community forum.
If you are using Intercept X Advance with XDR, You can do so with Live Discover.
You may refer to this community, Reads. Port scan detection using Sophos Firewall data in the Data Lake
This will give you a good overview of all "scans" in your network or from WAN.
