Detect hosts reaching out to many other hosts or ports (> 10) in any given hour, indicating potential scanning activity or infected hosts. List corresponding subnets.
Category: Network Activity
Use Cases: Audit, Detect
Data Sources: VPC Flow Logs
| BigQuery | Log Analytics | Google SecOps |
|---|---|---|
| SQL | SQL | YARA-L |
No event generation steps provided. Contribute emulation test to this use case.
No log samples provided. Contribute log samples to this use case.