Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 27 subscribers
  • Views 5431 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Alerts in Sophos Central

Vincent II Villaluz

Hi can anyone help us regarding alert in Sophos Central

 "An attempt to communicate with a botnet or command and control server has been detected?"

How can we find this kind of attack in our network



This thread was automatically locked due to age.
Parents
  • 0

    Hi There, 

    From the dashboard, are you able to view any other details such as Source or any other event details? Have you received an email alert notification for this? 

  • 0 in reply to Shweta

    we receive email alert notification other than that there is no details regarding the source and event.

  • 0 in reply to Vincent II Villaluz

    Hi  

    Could you please check the XG log viewer and search for a similar event?

    Please also PM us the email of the notification you have received.

  • 0 in reply to Keyur
    C2/Generic-A
     differentia.ru
      IPS
      Alert
      18009

    This kind of threat what we saw in log viewer. 

     

    Here's the email of notification what we received

     

    What happened: An attempt to communicate with a botnet or command and control server has been detected.

    Where it happened: C330XXXXXXXXXXXXXXXXX

    User associated with device: n/a

    How severe it is: Medium

    What Sophos has done so far: Sophos has logged details about the event, and notified administrators.

    What you need to do: XG Firewall has detected and possibly blocked this traffic. It is recommended that you configure the firewall to block these events if it is not already configured to do so. Under Advanced threat menu, check that the policy is set to "Log and Drop". If it is already set to drop these events, then no further action is needed.

Reply
  • 0 in reply to Keyur
    C2/Generic-A
     differentia.ru
      IPS
      Alert
      18009

    This kind of threat what we saw in log viewer. 

     

    Here's the email of notification what we received

     

    What happened: An attempt to communicate with a botnet or command and control server has been detected.

    Where it happened: C330XXXXXXXXXXXXXXXXX

    User associated with device: n/a

    How severe it is: Medium

    What Sophos has done so far: Sophos has logged details about the event, and notified administrators.

    What you need to do: XG Firewall has detected and possibly blocked this traffic. It is recommended that you configure the firewall to block these events if it is not already configured to do so. Under Advanced threat menu, check that the policy is set to "Log and Drop". If it is already set to drop these events, then no further action is needed.

Children