While trying to troubleshoot advanced threat protection false positives, I noticed only 1 entry for today in its log, with nothing over the weekend, though it had marked 4 threats.
in the atp.log only threats are logged which are detected by appctrl, iptables or dns. Threats which are detected by IPS or by the http proxy are logged to ips.log / http.log and not to the atp.log. At the moment we are working on a solution to make the reporting more transparent.
in the atp.log only threats are logged which are detected by appctrl, iptables or dns. Threats which are detected by IPS or by the http proxy are logged to ips.log / http.log and not to the atp.log. At the moment we are working on a solution to make the reporting more transparent.
