Detect Portscans

Versions Opensearch 2.0.0

Describe the issue: Searching for a way to detect Portscans, It seems that Anomaly Detection Jobs don’t really work well for this kind of task.

We are using Winlogbeat and Netflow to get Logs, but we can’t figure out how we can detect a Port scan with the tools provided by Opensearch.

Hello @mschneiderEvo - welcome to the OpenSearch community.

what kind of pattern/spikes in the logs are looking to catch the event? (one of our developers asked)