cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
500
Views
0
Helpful
1
Replies
Highlighted

File_Malware_Event

Hi All,

 

I am observing the event File_Malware_Event triggered from the Cisco Source File console. On SIEM console , I have checked the payload fileEventData.direction = 2 and fileeventData.action=3. Traffic observed from the source  IP 10.13.x.x  towards the destination IP 10.13.x.x over the port 445.

 

I am unable to understand this event and can someone help me on this. Am i safe or should I need to pay any attention. 

1 REPLY 1
Highlighted
Enthusiast

Based on your source and destination IPs looking like they are both inside your network I would definitely look into those hosts!  Check the FMC to figure out the direction and action events to correlate with your SEIM console and then you will know what they mean.

Content for Community-Ad