Network Protection: Firewall, NAT, QoS, & IPS ATP Alert - Confused

UTM Firewall requires membership for participation - click to join

Thread Info

State Verified Answer
Locked Locked
Replies 3 replies
Subscribers 5 subscribers
Views 5627 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ATP Alert - Confused

Boris60 over 9 years ago

Hi,

ATP is giving me a detection of C2/Generic-A from a User/Host that is a public IP that has nothing to do with our network.

Any advise on where I should start investigating?

Thanks

This thread was automatically locked due to age.

Parents

0 vilic over 9 years ago

Did it happen on 20th March, if yes check this thread:

https://community.sophos.com/products/unified-threat-management/f/54/t/75688
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 vilic over 9 years ago

Did it happen on 20th March, if yes check this thread:

https://community.sophos.com/products/unified-threat-management/f/54/t/75688
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Boris60 over 9 years ago in reply to vilic

Hi Vilic,

Thanks - that's exactly what the problem was. The IP address was the one mentioned by all the other posters in that discussion.

Still not sure how the alert happened in that I thought ATP dealt with outgoing connections, but I'll switch across to the existing thread.

Thanks again.
Cancel
Vote Up 0 Vote Down

Cancel