---
title: Bitdefender excessive access to blocked port or application detected
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Bitdefender excessive access to blocked
  port or application detected
---

# Bitdefender excessive access to blocked port or application detected

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1016-system-network-configuration-discovery](https://attack.mitre.org/techniques/T1016) 
## Goal{% #goal %}

This rule detects when more than 10 blocked ports or applications have been accessed.

## Strategy{% #strategy %}

This rule monitors firewall logs to identify excessive access to blocked ports or applications.

## Triage and Response{% #triage-and-response %}

1. Analyze the firewall logs for Computer IP: `{{@params.events.computer_ip}}` associated with the spike in accessing blocked ports or applications.
1. Temporarily isolate the device from the network to prevent further access attempts while investigations are ongoing.
1. Conduct a security assessment of the endpoint to identify potential network misconfigurations or software errors that could expose vulnerabilities.
1. Check for signs of malware or compromised applications that may be attempting unauthorized access.
1. Implement necessary patches or configuration changes to address identified vulnerabilities.