SUM: Sophos UTM Manager App UTM 9 shows a Botnet/command-and-control traffic detected in Advanced Threat Protection on my SG430 firewall

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 3 subscribers
Views 2763 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9 shows a Botnet/command-and-control traffic detected in Advanced Threat Protection on my SG430 firewall

lanman777 over 5 years ago

UTM 9 shows a Botnet/command-and-control traffic detected in Advanced Threat Protection.

When I select the threat it takes me to the Advanced Threat Protection screen showing me the event, ip address, threat name, destination but no date.

How do I identify if this is a recent current threat or just an old one that needs to be cleared out?

This is for an SG430.

This thread was automatically locked due to age.

Parents

0 Jaydeep over 5 years ago

Hi There,

You should check Advanced Threat Protection and Firewall logs in the UTM. Please navigate to Logging & Reporting > View Log Files > Today's Log Files or check archived log files. You should also be able to see that in your Daily Executive report if you've configured one.

Regards

Jaydeep
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Jaydeep over 5 years ago

Hi There,

You should check Advanced Threat Protection and Firewall logs in the UTM. Please navigate to Logging & Reporting > View Log Files > Today's Log Files or check archived log files. You should also be able to see that in your Daily Executive report if you've configured one.

Regards

Jaydeep
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data

Share Feedback

×

Submitted a Tech Support Case lately from the Support Portal?