Track destinations

I would like to create a rule to detect outbound port scanning using this logic: “Drop traffic if this user already accessed port ABC to X different IP addresses on last Y seconds”.
Thank you!

Please don’t create a new thread with more or less the same content another post of you had.

1 Like