Hi ,

sebrjohnson · ‎08-18-2016

The FMC logged several events with two internal IPs initiating a connection to Hong Kong, the connection was blocked, no packets were logged, and when I drill down into the event there is no more information to give me why these two IPs are trying to establish an outbound connection to Hong Kong.

I am just trying to figure out why is this happening?

What could be the issue?

Jetsy Mathew · ‎09-06-2016

Are you referring to the Intrusion events or the connection events that you are receiving ?

sebrjohnson · ‎09-07-2016

It is the connection events for an internal IP address, that initiating to hong kong. Thanks for the response.

Aastha Bhardwaj · ‎09-09-2016

Hi ,

You can Edit Search on the Analysis > Connections , and check in Table view of connections for more info as in what ports , protocol etc it was hitting .

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Jetsy Mathew · ‎09-16-2016

Hello Sebrjohnson,

Have you able to find which policy the specific connection event IP was hitting and what are the other details and actions taken place ?

Regards

Jetsy

Security Intel Event Question