Hello,
While looking for a way to enable port scan detection on my XG18, all I can find is articles from years ago on how to configure it on the UTM. Are their any recent articles detailing how to be notified of this sort of scanning? You would think it wouldn't be this difficult to set up alerts for this sort of red flag!
If you are a Sophos Endpoint XDR Customer, you can do this with Live Discovery as well: https://community.sophos.com/intercept-x-endpoint/i/network/port-scan-detection-using-sophos-firewall-data-in-the-data-lake
This will give you a good overview of all "scans" in your network or from WAN.
You can configure your own threshold (when should it be considered to be a scan?").
BTW: Looking at such Port Scan features, there are actually useless from my point of view. Look how shodan does it. They actually have a entire network of clients, scanning all the time. They will not be visible on any port scan tool, if not configured "highly aggressive", which leads to False positives.
And in the end, what are you gonna do about it? Its like looking at the street: If some car drives all the time around your house, looking at your house. What are you gonna do? Attacker do not scan from there devices, they use jump hosts, bot nets etc.
