WAAS Policy Configuration (Brute force) & port scanning

1. Does WAAS in Prisma Compute have the capability to detect Brute force attack? If yes, how to enable this detection and create rules to detect/prevent the same?
2. Does WAAS in Prisma Compute have the ability to detect port scanning attempts? (run from an outside host to scan for open ports)

• Prisma Cloud Compute - Self-hosted & SaaS
• Application host/container

• Yes, WAAS does have the ability to detect as well as protect from a Brute force attack. Now, quoting from the Brute force documentation: 

"A Brute Force incident surfaces a combination of audit events that indicate a protected resource is potentially being affected by an attempted DoS"

This means that a Brute force attack is a part of DoS protection since the nature of both attacks is similar. There are several ways to protect against Brute force/DoS attacks, one of them is rate limitation where users can set DoS protection to enforce rate limitations like Burst Rate and Average Rate. Users are able to specify match conditions for qualifying requests to be included in the count. Match conditions are based on HTTP methods, File Extensions and HTTP response codes. Additionally users can use the advance settings in DoS protection. For example users can apply thresholds for POST requests resulting with HTTP status code in the range of 300-599. DoS protection actions allows you to either receive an Alert, or Ban the request based on your policy configuration.

• No, Port scanning is not an activity in the scope of WAAS (Since WAAS is a layer 7 protection). However, Prisma Compute does have an ability to detect open/listening ports. Port scanning incidents indicate that a container is attempting to make an unusual number of outbound network connections to hosts and ports to which it does not normally connect.