10-23-2017 12:08 AM - edited 02-21-2020 06:33 AM
Hello,
I've had this problem even before where FireSIGHT was indicating this message from a host. I did a full scan to the host with its anti-virus but nothing was captured.
CnC Connected | Intrusion Event - malware-cnc |
Now I'm seeing this message again from 3 hosts, and one of the hosts is the public DNS (from ISP). I don't know what to do because the option "Scan Host" is not available in my FireSIGHT.
Thank you.
Enid.
Solved! Go to Solution.
10-23-2017 02:22 AM - edited 10-23-2017 02:36 AM
Hi,
You need to configure an instance of nmap scanner under Policy>Actions>Scanners before you can use "scan" button under host view.
Configuration example:
br, Micke
10-23-2017 02:22 AM - edited 10-23-2017 02:36 AM
Hi,
You need to configure an instance of nmap scanner under Policy>Actions>Scanners before you can use "scan" button under host view.
Configuration example:
br, Micke
10-23-2017 05:20 AM - edited 10-23-2017 05:59 AM
Hello Micke,
Thank you so much, I found the results of the scanning and I see only the host's ports if they are filtered or opened but not anything about any possible intrusion.
Enid.
10-23-2017 11:08 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide