Document toolboxDocument toolbox

Use case: Port Scan

Purpose

This Use Case shows a complete Port Scan attack and it is composed of one injector to simulate the attack and one receptor to monitor it. A Port Scan is a standard technique hackers use to discover open doors or weak points in a network, it also can help cybercriminals find ports and figure out whether they are receiving or sending data, and reveal whether active security devices like firewalls are being used by an organization.

Name

Type

Content

Name

Type

Content

Firewall Injection for Port Scan

Injector: Synthetic data

Firewall events prepared to simulate access patterns. The injection is performed once (stops after injecting the last event).

Port Scan detection

Receptor: Alert pack

Alert conditions prepared to detect potential threats.

Open use case

Receptor: once the use case has been launched, you can use the Open button at the top right of the card in Exchange to access the receptor, where you can carry out certain actions depending on the type of item the receptor is. You can also access the receptor in question via the Navigation pane.

Injector: if you want to open the injector to check the data it contains, you can click on its name in the Included contents section to access its card and then click the Open button at the top right of the card. You can also access the data table using finders or LINQ via the Navigation pane (Data Search area → Explore your data tab).

Work with use case

Receptor: after launching the use case, you can use the receptor for the intended purpose, which can be an Activeboard to visualize and analyze data graphically, an alert with conditions to find anomalous events, or an application to further operate with the data.

Injector: you can also use the synthetic data in contexts other than the intended one or event manipulate the data in the search window.