Detect hosts reaching out to many other hosts or ports (> 10) in any given hour, indicating potential scanning activity or infected hosts. List corresponding subnets.
Category: Network Activity
Use Cases: Audit, Detect
Data Sources: VPC Flow Logs
| BigQuery | Chronicle | Log Analytics |
|---|---|---|
| SQL | YARA-L | Contribute query |
No event generation steps provided. Contribute emulation test to this use case.
No log samples provided. Contribute log samples to this use case.