Subject: *ALERT* Sophos XG Firewall - Advanced threat protection DROP
Alert for XG430 (SFOS 18.0.1 MR-1-Build396) xxxSNxxxxx
Device Information:
Hostname: xxxxfirewall's-hostnamexxx
Management Interface IP: Not configured/Not available
Date/Time: 2020-12-11 14:36:02
Alert ID: 18010
Message:
Drop by Advanced threat protection (ATP).
No IP addresses listed. I have to look in livelog viewer.
Is this as how it should be?
Background: a internal machine did DNS resolution to menece.com with the XG Fw as resolver. Would expect the ATP bahaviour if this is a bad domain, where I don't care about in this case. But the alert should not be so useless.
Edited TAGs
[edited by: emmosophos at 6:22 PM (GMT -7) on 7 Jun 2021]
