This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9 shows a Botnet/command-and-control traffic detected in Advanced Threat Protection on my SG430 firewall

UTM 9 shows a Botnet/command-and-control traffic detected in Advanced Threat Protection.

When I select the threat it takes me to the Advanced Threat Protection screen showing me the event, ip address, threat name, destination but no date.

How do  I identify if this is a recent current threat or just an old one that needs to be cleared out?

This is for an SG430.



This thread was automatically locked due to age.
  • Hi There,

    You should check Advanced Threat Protection and Firewall logs in the UTM. Please navigate to Logging & Reporting > View Log Files > Today's Log Files or check archived log files. You should also be able to see that in your Daily Executive report if you've configured one.

    Regards

    Jaydeep

  • I guess my concern is that it appears that 'Management >> Notifications' has not been configured.

    Please show a picture of what you're seeing in WebAdmin so that we can suggest a command-line approach that will simplify the search for the origin.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA