Hey,
this noon our entire network crashed for a couple of minutes.
All i can see in our sophos portal is, that the "Sessions" graphs at the Control center --> "SSL/TLS" and "Network" spiked unusually high shortly before this outage happened. (see screenshots)
My first guess was a DoS attack because in my opinion the behaviour seemed to fit, but sophos hasnt recognignized it as such (according to the intrusion prevention page).
Is there any way to furtther check these spikes? e.g. what kind of traffic it was, where it originated (country, ip adress whatever)?
Since we want to avoid outages at all costs, we need to check what caused it. It couldve been the issue of our provider as well, but we wanna include everything in our search of the source.
kind regards
This thread was automatically locked due to age.