Hi guys, since yesterday I'm getting quite a lot of warning "[CRIT-861] Advanced Threat Protection Alert" from different customers.
The problem is that Sophos Sandstorm point me to the internal Domain Controller, that is also the main internal DNS Server
Is there a way to detect the original PC whit the infection? Thanks a lot
Advanced Threat Protection
A threat has been detected in your network
The source IP/host listed below was found to communicate with a potentially malicious site outside your company.
Details about the alert:
Threat name....: C2/Generic-A
Details........: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx
Time...........: 2017-08-30 12:52:06
Traffic blocked: yes
Source IP address or host: 192.168.0.3
--
System Uptime : 31 days 18 hours 56 minutes
System Load : 12.64
System Version : Sophos UTM 9.502-4
This thread was automatically locked due to age.
