Thread Info
  • State Not Answered
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Subscribers 14 subscribers
  • Views 2534 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lots of [CRIT-861] Advanced Threat Protection Alerts generated after recent pattern update

floppyraid

Have about 100 Sophos SG's deployed. Several of them automatically updated to pattern version # 198832 today. Starting at roughly 3PM Central Time 5/6/2021 today we started receiving advanced threat detection alerts. The IP being flagged is 104.18.20.226. Oddly, alienvault shows the most recent DNS name associated with that IP is " sophos.naumann-systemhaus.de " 

anyone else seeing this? is this just a bad pattern push?



This thread was automatically locked due to age.
Parents
  • 0

    We're seeing it as well.  It resolves here to a GlobalSign server. I'm also having difficulty reaching websites with GlobalSign SSL certs. I think anytime someone tries to verify a GlobalSign SSL cert, it tries to reach this server.

Reply
  • 0

    We're seeing it as well.  It resolves here to a GlobalSign server. I'm also having difficulty reaching websites with GlobalSign SSL certs. I think anytime someone tries to verify a GlobalSign SSL cert, it tries to reach this server.

Children
No Data
Unfiltered HTML