cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Stealthwatch SLIC Issue-Question

reheindel
Level 1
Level 1

Things appeared to go sideways yesterday (02/10) with regard to the data in the SLIC feed - as we received 40+ alerts of C&C activity as users were browsing to www.google.com - the destination IPs were what is expected for Google

 

The destination C&C server group in question was Azorult

 

Today it seems to have returned to normal

 

Couple of questions:

 

I'm looking for a way to query the IP addresses in a given SLIC feel host group

 

Curious if anybody else saw similar behavior


Thanks,
Bob

Who Me Too'd this topic