ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection
This rule detects unusual TCP traffic on port 1433, commonly associated with Microsoft SQL Server. Specifically, it looks for SYN packets coming from internal network addresses to any destination on port 1433 and triggers an alert if a certain threshold of such traffic is reached within a specific time frame. This kind of rule is often used to detect scanning behavior or potential infections targeting specific ports.
Traffic Stopped on Network Interface
No tarffic was detected on the interface for a period of time greater than the 'Inactive range' that was defined as part of interface configuration.
Link became inactive
No traffic was detcted on the link for a period longer than 'Time Silent'. Time silent is automatically calculated during Learning mode.