04-05-2016 09:24 AM
Is there any way to drill into a Security Intelligence Event in Sourcefire? I am seeing numerous outbound CnC events coming from a host but cannot see what application, service, etc. is causing the triggered event.
Thanks!!
Scot Lymer
04-06-2016 11:10 PM
Hi
Unfortunately there is no way of doing that.
Security Intelligence is the same as Blacklists. It stops the traffic before it knows what Application/Protocol that is used.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community