You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is feature request. Would it be possible to devise an algorithm to aggregate IP addresses for some detection modules, most importantly the horizontal scan detection to whole subnets?
The reason is that when an attacker scans an entire /16 network, we only see a handful of IPs. Reporting subnets would make a lot of sense here. I can imagine that reporting subnets with > 90+% scanned would be really useful.
The text was updated successfully, but these errors were encountered:
This is feature request. Would it be possible to devise an algorithm to aggregate IP addresses for some detection modules, most importantly the horizontal scan detection to whole subnets?
The reason is that when an attacker scans an entire /16 network, we only see a handful of IPs. Reporting subnets would make a lot of sense here. I can imagine that reporting subnets with > 90+% scanned would be really useful.
The text was updated successfully, but these errors were encountered: