Defend | Runtime | Container Policy rule | Networking: Detect port scanning | Missing information regarding the Network protection

[YossiMarzuk]

Defend | Runtime | Container Policy rule | Networking: Detect port scanning | Missing information regarding the Network protection.

Links: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/runtime_defense_networking https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/incident_types/port_scanning 

Mentioned: "Port scanning incidents indicate that a container is attempting to make an unusual number of outbound network connections to hosts and ports to which it does not normally connect.".

The documentation refers to an 'unusual number of outbound network connections' that let the customer believe that there is a notion of threshold regarding the number of connections. It is not clear and could we add more info for this. Since the customers expect also to have no. of connections etc (we saw it has been aggregated to only one event).