[Medium] Detection de scan reseau

[Mobaka9]

SPL Query index=suricata | stats dc(dest_port) as num_dest_port dc(dest_ip) as num_dest_ip by src_ip | where num_dest_port >100 OR num_dest_ip >100