I've had the opportunity to use ATM in UTM since it was made available. I have spent time trying to work with it and find value in it and I have come to the conclusion that I have failed utterly.
therefore, I'd like someone to explain it to me.
Here is what I have 99.9% of the time: a an alarm about my DNS server making an (unspecified) DNS query to an (unspecified) DNS server in behalf of an (unspecify) client.
The alarms links to this "document":
C2/Generic-A - Viruses and Spyware - Web Threat, Virus and Spyware Detection and Removal | Sophos - Threat Center - Cloud Antivirus, Endpoint, UTM, Encryption, Mobile, DLP, Server, Web, Wireless Security, Network Storage and Next-Gen Firewall Solutio
What the heck am I supposed to do with that ? There is NOTHING that can be used to identify any offensive clients and the few times I digged though the DNS log and was able to identify the given query, it ended up being a large torrent tracker.
Obviously, someone thought that ATP was providing some level of security (or value) so I must be missing something.
This thread was automatically locked due to age.
