Description: To decrease false positives, you can ignore Port Scan traffic from known traffic sources (such as internal scanners) and still receive other connection attempts : SSH, Telnet, SMB access...
Follow the steps below to add an ignore for known Port Scan traffic from specific Source IPs to the ignore list on your Console:
Step 1:
Log in to your Console.
Step 2:
Click on the Gear Icon and then Global Settings.
Step 3:
Click on Ignored IPs and Ports and then enable Ignored IPs and Ports from the menu.
Step 4:
There are a few different options when it comes to ignoring Port Scan activity
- Comments can be added to help organise the list.
- Ignore based on single IP Addresses and Port Scan activity.
- Ignore a range of IP Addresses and Port Scan activity.
- Multiple IP's can be separated by commas ( , )
- A wildcard ( * ) can be used on the last byte.
- Additional Ports can be added and separated by commas ( , )