Hi All, Do others get this experience?
Have you noticed on the Report template section 'hosts already compromised' on template report "Attack Risk "report is incorrect?
I get dmz devices coming up as connected to CNC servers, however when investigating the traffic it is full of Internet Initiated traffic (from known CNC servers) that gets dropped straight away, it never reaches my DMZ. And my DMZ servers have never initiated to the CNC server (which is part of what CNC is).
Such results makes the Template report unusable as its the first thing a manager brings up, and it is not accurate.
Just wanting to compare results/thoughts