Filter log entries generated from Internet scanners that pose significantly less risk. Less log volume means less potential security events.
Identify who is performing mass-scanning and what services they are probing. Uncommon or infrequent port scanning could suggest a new vulnerability being exploited.
Add additional context and meta-data to security events to speed up analysis. Give your team the most accurate and detailed information.
Avoid the risk of ever being exploited by a mass scanner by blocking all requests. Block specific IP addresses or entire networks.