Hi everyone, im new to both this forum and Sentinel
Im looking for a KQL query which will detect port scanning. I have a query which will detect nmap scanning but this only works from devices onboarded to our defender 365 product. Im looking for non domain devices, connected to our network, scanning IP's for open ports. I have tried modifying to Paolo alto built in KQL query but dont seem to be able to find the scans im actually doing to try and produce this alert.
Any help would be greatly appreciated