New Relic port scanning alerting

Hello,
We are often port scanned by bots. Although New Relic alerts us to these scans it does so as 404 errors.

Is there a way we can monitor these scans so we can differentiate between applications errors causing 404 errors and 404s caused by port scans?
Is there something perhaps we can configure on our dashboards and then set up and alert in our alert policy?

Or does anyone have any other method?

Thanks

Hello @pajd.

I hope you are well.

I see you have reached out on a similar post. There is a solution provided here and I wanted to follow up to see if you were able to try this: https://discuss.newrelic.com/t/my-website-is-successfully-repelling-attacks-but-the-errors-keep-triggering-alerts/166396/3. Please let us know if you are needing further assistance and we will do our best to support you.

Hello @michaelfrederick there is no solution on that post that the user implemented?

Hi @pajd

The short answer would be yes, the NRQL-based conditions can be configured to ignore specific scenarios and also you can create other conditions to alert you when those scenarios happen.

The only key point is that we need to identify the scenario.

I mean we need to identify a pattern of the transaction when the 404 was created by a bot.

So, in the transaction created for those requests that ended in 404s we need to see, an attribute that has a specific value when it is a legit 404 and when it is a bot 404. Does it make sense?

If you could send me the link to the transaction in your app that resulted in a 404 and was created by a bot and another that wasn’t I’d be happy to check.

*I’m supposing that your app is being monitored by any of the APM Agents from New Relic.


Also if this helped resolve the issue please consider selecting the :white_check_mark: Solution option below this post. Find more information here: How to Use the Official Solution Checkbox


thanks

Rodrigo