This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

An attempt to communicate with a botnet or command and control server has been detected.

Badrobot over 6 years ago

Sophos Central Event Details

What happened: An attempt to communicate with a botnet or command and control server has been detected.

Where it happened: Serial Number of Firewall

User associated with device: n/a

How severe it is: Medium

What Sophos has done so far: Sophos has logged details about the event, and notified administrators.

What you need to do: XG Firewall has detected and possibly blocked this traffic. It is recommended that you configure the firewall to block these events if it is not already configured to do so. Under Advanced threat menu, check that the policy is set to "Log and Drop". If it is already set to drop these events, then no further action is needed.

I got the above alert in Sophos Central, figured I would post in both spots, really odd, there is nothing in the central logs than what is listed above, anyone know how to get more information on this other than going through every blocked packet in the logs.

This thread was automatically locked due to age.

0 Keyur over 6 years ago

Hi Badrobot

Thank you for contacting us.

The given alert would be available on Sophos central as a part of detection but Sophos Central will not be able to take any action, XG will take the required action.

You may check the log viewer or reports for more details.
Cancel
Vote Up 0 Vote Down

Cancel