MozDef/alerts/plugins/port_scan_enrichment.json

{
  "indicesToSearch": [
    "events-weekly"
  ],
  "maxConnections": 32,
  "matchTags": [
    "portscan"
  ],
  "searchWindow": {
    "hours": 24
  }
}