This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[CRIT-861] Advanced Threat Protection Alert

Hi guys, since yesterday I'm getting quite a lot of warning "[CRIT-861] Advanced Threat Protection Alert" from different customers.

The problem is that Sophos Sandstorm point me to the internal Domain Controller, that is also the main internal DNS Server

Is there a way to detect the original PC whit the infection? Thanks a lot

Advanced Threat Protection

A threat has been detected in your network

The source IP/host listed below was found to communicate with a potentially malicious site outside your company.

Details about the alert:

Threat name....: C2/Generic-A

Time...........: 2017-08-30 12:52:06

Traffic blocked: yes

Source IP address or host: 192.168.0.3

System Uptime : 31 days 18 hours 56 minutes

System Load : 12.64

System Version : Sophos UTM 9.502-4

This thread was automatically locked due to age.

Parents

Reply

Children

No Data