Oui, j'ai besoin d'une solution
Hello,
I have a question regarding Port scan detection. We have 2 Location in our SEP environment - Corporate and Public.
For Corporate location, in FW policy we have the option "Automatically blocks an attacker's IP address for 600 sec" un-checked but "Enable port scan detection" is checked and in the NTP logs we don't see anything for Port scan logged.
Does it mean that in order to log the port scan, we must enable "Automatically block an attacker's IP address"? What about if we want only to log the port scan and not to block anything?
For Public location both options are enabled and we can see in the logs Port scan events.
Thanks
