minor limit change in basic scanning

cyences_app_for_splunk/default/savedsearches.conf

@@ -1359,7 +1359,7 @@ counttype = number of events
 quantity = 0
 relation = greater than
 cron_schedule = 29 * * * *
-description = This alert scans for hosts that either reach out to 1000 or more destination ip or 100 or more distincts ports in a short period (1 hour) of time.\
+description = This alert scans for hosts that either reach out to 1500 or more destination ip or 100 or more distincts ports in a short period (1 hour) of time.\
 \
 Data Collection - Palo Alto Networks firewalls, and with any other device that uses the Splunk common information model.
 dispatch.earliest_time = -62m@m
@@ -1371,7 +1371,7 @@ request.ui_dispatch_app = cyences_app_for_splunk
 request.ui_dispatch_view = search
 search = index=* ( (tag=network tag=communicate) OR sourcetype=pan*traffic OR sourcetype=opsec OR sourcetype=cisco:asa) \
 | stats dc(dest_port) as num_dest_port dc(dest_ip) as num_dest_ip by sourcetype, src_ip \
-| where num_dest_port > 100 OR num_dest_ip > 1000 \
+| where num_dest_port > 100 OR num_dest_ip > 1500 \
 | eval cyences_severity = case(num_dest_port>1000 or num_dest_ip>10000, "critical", num_dest_port>500 or num_dest_ip>3000, "high", true(), "medium") \
 | `cs_scanning_basic_scanning_filter`
 action.cyences_notable_event_action = 1