In the last 2 days we received several ATP Mail alerts from the UTM.
The hostname / IP shown in the mail is not listed in the ATP Log but i can see the IP of the host on the ATP Dashboard (Advanced Protection Statistics) in webadmin.
There is no exception for that host.
How is this possible?
Advanced Threat Protection
A threat has been detected in your network The source IP/host listed below was found to communicate with a potentially malicious site outside your company.
Details about the alert:
Threat name....: C2/Torpig-A (SID: 16693)
Details........: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Torpig-A.aspx
Time...........: 2021-03-02 15:01:46
Traffic blocked: yes
Source IP address or host: internal.fqdn.name
--
HA Status : HA MASTER (node id: 2)
System Uptime : 52 days 4 hours 15 minutes
System Load : 0.71
System Version : Sophos UTM 9.705-3
This thread was automatically locked due to age.