This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lots of [CRIT-861] Advanced Threat Protection Alerts generated after recent pattern update

Have about 100 Sophos SG's deployed. Several of them automatically updated to pattern version # 198832 today. Starting at roughly 3PM Central Time 5/6/2021 today we started receiving advanced threat detection alerts. The IP being flagged is 104.18.20.226. Oddly, alienvault shows the most recent DNS name associated with that IP is " sophos.naumann-systemhaus.de "

https://otx.alienvault.com/indicator/ip/104.18.20.226

anyone else seeing this? is this just a bad pattern push?

This thread was automatically locked due to age.

0 Ol Go over 3 years ago in reply to BAlfson

Alerts started on 6 May 22:45 (UTC +1) and the last was seen 7 May 00:48 (UTC +1). The "u2d-aptp-9.38712" where be installed on 07 May 22:04 (UTC+1).
Cancel
Vote Up 0 Vote Down

Cancel