Owner: Emmanuel Technology Consulting
Former Sophos SG(Astaro) advocate/researcher/Silver Partner
PfSense w/Suricata, ntopng,
Other addons to follow
Your suggestion makes sense. Can you get that reported to Support as a bug?
then this is a regression because ATP used to log the dns entires IF it was a dns related alert. It otherwise only logs the ips of the offending parties.
Your suggestion makes sense. Can you get that reported to Support as a bug? Thanks, Bob. I've sent an email to Sophos Support.
Can anyone advise how to identify the actual host with the infection through looking at the DNS server's log?