[netsa-tools-discuss] SiLK — rwscan
Chris Frazier
chris200712 at icloud.com
Wed Aug 19 21:58:28 EDT 2020
Any chance I could get clarification on rwscan and the usage of bags to detect scanning activity?
In identifying that a external host is a scanner, how can one find who is being scanned? Is this where the internal set comes to play? Would you utilize type=in to identify pivots? When incorporating rwscan with bags, can i define custom alerting options where pipeline creates ascii alerts in an entirely separate location than alerts defined in separate .conf files?
Thank you!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SiLK ? rwscan.png
Type: image/jpeg
Size: 270050 bytes
Desc: not available
URL: <http://lists.sei.cmu.edu/pipermail/netsa-tools-discuss/attachments/20200820/c9df62a6/attachment.jpe>
-------------- next part --------------
Sent from my iPhone
More information about the netsa-tools-discuss
mailing list