Hello,
This is kind of a general question regarding viewing live traffic on the Sophos. Every night around 9:30 pm (when the other half of the world is waking up), our website goes offline for just a couple seconds and comes back (we get both Pingdom alerts and Cloudflare alerts). We suspect someone is attempting to hack our site. Every time I check the website, it is up.
I am wondering where would be a good place to go on the Sophos router to try and gain insight on this traffic? So far I am going to Log Viewer --> Web Server Protection area.
In addition to live traffic, does anyone know of a good report I can create to gather the bulk of this traffic during these times? We put the WAF in place a couple months ago but I am still very new to it. The most I have done with that so far is have to whitelist a particular "ID" so something will work on our site. Below is our current protection policy (ignore the weird garbled text, I had to zoom out to get the whole page):
Thanks!
This thread was automatically locked due to age.
