UTM 9 shows a Botnet/command-and-control traffic detected in Advanced Threat Protection on my SG430 firewall

UTM 9 shows a Botnet/command-and-control traffic detected in Advanced Threat Protection.

When I select the threat it takes me to the Advanced Threat Protection screen showing me the event, ip address, threat name, destination but no date.

How do  I identify if this is a recent current threat or just an old one that needs to be cleared out?

This is for an SG430.

  • Hi There,

    You should check Advanced Threat Protection and Firewall logs in the UTM. Please navigate to Logging & Reporting > View Log Files > Today's Log Files or check archived log files. You should also be able to see that in your Daily Executive report if you've configured one.

  • I guess my concern is that it appears that 'Management >> Notifications' has not been configured.

    Please show a picture of what you're seeing in WebAdmin so that we can suggest a command-line approach that will simplify the search for the origin.

    Cheers - Bob