Good Morning All,
09/03/2015 - I have edited the title in an attempt to more accurately reflect the question.
I would like to know if it is possible to create a Report,
Filter, Rule, and/or Alert to notify me when a user logs into the network
(example: Domain Controller), and/or escalates privileges, then runs a Port
Scan. Is this currently possible, and if so, would someone provide me with
clear detailed instruction. At a minimum, help me understand some of the logic behind
how such a rule would be created. With this logic, hopefully, I’d be able to
use the knowledge of my network architecture to create such.
Thank you