Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1856
Views
0
Helpful
4
Replies

Security Intel Event Question

sebrjohnson
Level 1
Level 1

‎08-18-2016 08:13 AM

The FMC logged several events with two internal IPs initiating a connection to Hong Kong, the connection was blocked, no packets were logged, and when I drill down into the event there is no more information to give me why these two IPs are trying to establish an outbound connection to Hong Kong.

I am just trying to figure out why is this happening? 

What could be the issue?

Labels:
0 Helpful
4 Replies 4

Jetsy Mathew
Cisco Employee
Cisco Employee

‎09-06-2016 10:15 PM

Are you referring to the Intrusion events or the connection events  that you are receiving ?

0 Helpful

sebrjohnson
Level 1
Level 1
In response to Jetsy Mathew

‎09-07-2016 05:41 AM

It is the connection events for an internal IP address, that initiating to hong kong. Thanks for the response.

0 Helpful

Aastha Bhardwaj
Cisco Employee
Cisco Employee
In response to sebrjohnson

‎09-09-2016 05:34 AM

Hi ,

You can Edit Search on the Analysis > Connections , and check in Table view of connections for more info as in what ports , protocol etc  it was hitting .

Regards,

Aastha Bhardwaj

Rate if that helps!!!

0 Helpful

Jetsy Mathew
Cisco Employee
Cisco Employee
In response to sebrjohnson

‎09-16-2016 08:29 AM

Hello Sebrjohnson,

Have you able to find which policy the specific connection event IP was hitting and what are the other details and actions taken place ?

Regards

Jetsy 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card