So I'm trying to reduce the noise on my firewall logs.
My method is:
1. Look at the firewall logging
2. download it as an Excel file
3. sort by ip address
I've created a junk portscanner rule in my Network Protection\Firewall setup. By identifying large swaths of ip addresses that are numerically similar, I search and find the offending company and...
4. add their network (not individual ip address) to the junk rule.
5. I've indicated 'don't log' this traffic in the junk rule.
My problem is when I go back and search the logs the next day, the same networks I identified and added to the junk rule are still coming up.
Evidently, signifying 'don't log this traffic' in a firewall rule doesn't work, otherwise these source networks of portscanners wouldn't keep popping up.
What can I do to both block these portscans and reduce this noise in the logs?
Thanks!
clarification
[edited by: SalishSwede at 12:11 AM (GMT -7) on 8 Apr 2024]