I am tasked with monitoring the UTMs for my company, and normally there is a similar amount of traffic that passes through the firewall on a daily basis. Yesterday, we had about double the amount of traffic. I am trying to see what caused this, but all I can see is that on the internal NIC on the UTM there was a massive spike in outbound traffic at 11.30am, and a smaller, but significant one at 9.15am. I do not know how to investigate what caused this further, can someone advise please?
This thread was automatically locked due to age.