Since yesterday, I get a lot of these alerts:
Intrusion Prevention Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: MALWARE-OTHER CobaltStrike beacon.dll download attempt
Details........: https://www.snort.org/search?query=53757
Time...........: 2021-05-07 13:06:57
Packet dropped.: yes
Priority.......: high
Classification.: A Network Trojan was Detected IP protocol....: 6 (TCP)
Source IP address: 93.184.221.240
Source port: 80 (http)
Destination IP address: 10.0.0.2 Destination port: 1240 (instantia)
This is coming from a Windows Desktop, but also from an Ubuntu system checking for updates.
It seems like a false positive, the Snort link contained in the mail is leading to a different alert.
The IP adresses are static content providers like Akamai or Canonical in case of Ubuntu
This thread was automatically locked due to age.