Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1964
Views
0
Helpful
0
Replies

Abundance of alerts

JRodMan
Level 1
Level 1

‎02-10-2019 11:03 AM - edited ‎03-12-2019 07:17 AM

Hello to all,

 

I am receiving an abundance of these particular type of alerts. --

133:59:1] dcerpc2: SMB - Nextcommand specified in SMB2 header is beyond payload boundary

 [133:27:2] dcerpc2: Connection-oriented DCE/RPC - Invalid major version 

 

How can assess this issue considering it appears to be a false positive. That being said, upon monitoring the IPs of communication, it appears to be between a server and workstation within my clients company. I am also trying to decipher whether or not these are in-fact false positives and that someone is not rdp onto another workstation internally and trying to communicate with others. I am stuck between trying to white-list the IP or suppress them, and am having a difficult time trying to do so. I want to white-list a particular IP for a particular alert, I do not want to white-list an IP and have nothing alerted.

Would this incorporate me having to create a rule?

 

Any thoughts?

 

Thanks guys

 

 

9 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card