Alerts in Sophos Central

Hi There, 

From the dashboard, are you able to view any other details such as Source or any other event details? Have you received an email alert notification for this? 

we receive email alert notification other than that there is no details regarding the source and event.

Hi Vincent II Villaluz 

Could you please check the XG log viewer and search for a similar event?

Please also PM us the email of the notification you have received.

This kind of threat what we saw in log viewer. 

Here's the email of notification what we received

What happened: An attempt to communicate with a botnet or command and control server has been detected.

Where it happened: C330XXXXXXXXXXXXXXXXX

User associated with device: n/a

How severe it is: Medium

What Sophos has done so far: Sophos has logged details about the event, and notified administrators.

What you need to do: XG Firewall has detected and possibly blocked this traffic. It is recommended that you configure the firewall to block these events if it is not already configured to do so. Under Advanced threat menu, check that the policy is set to "Log and Drop". If it is already set to drop these events, then no further action is needed.

Hi Vincent II Villaluz 

I would recommend referring to the articles.

C2/Generic Detection Explained- https://community.sophos.com/kb/en-us/132941

How to investigate C2/Generic-C Detection- https://community.sophos.com/kb/en-us/133271

C2/Generic are the one that cause of this notification ("An attempt to communicate with a botnet or command and control server has been detected?")

Hi Vincent II Villaluz 

I would recommend referring to the articles. It will provide you all the relevant information.

C2/Generic Detection Explained- https://community.sophos.com/kb/en-us/132941

How to investigate C2/Generic-C Detection- https://community.sophos.com/kb/en-us/133271

Please contact technical support and open a service request for further investigation.

XG Firewall has detected and possibly blocked this traffic. It is recommended that you configure the firewall to block these events if it is not already configured to do so. Under the Advanced threat menu, check that the policy is set to "Log and Drop". If it is already set to drop these events, then no further action is needed.

Thank sir Keyur :-)

Thank sir Keyur :-)