Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2120
Views
0
Helpful
1
Replies

Firepower Report - Host connected to CNC Servers - Incorrect

evan.chadwick1
Level 1
Level 1

‎03-17-2019 04:24 PM

Hi All, Do others get this experience?

Have you noticed on the Report template section 'hosts already compromised' on template report "Attack Risk "report is incorrect?

I get dmz devices coming up as connected to CNC servers, however when investigating the traffic it is full of Internet Initiated traffic (from known CNC servers) that gets dropped straight away, it never reaches my DMZ. And my DMZ servers have never initiated to the CNC server (which is part of what CNC is).

 

Such results makes the Template report unusable as its the first thing a manager brings up, and it is not accurate.

Just wanting to compare results/thoughts

Labels:
0 Helpful
1 Reply 1

evan.chadwick1
Level 1
Level 1

‎07-11-2021 02:57 PM

I still find this a very disappointing 'feature'

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card