Hi Team
There's a POC that since the beginning is detecting hundreds Multiple SIPVicious Tools Activity detections on customer side.
Issues:
1. Events reported External IP as Internals .
1.1 - Settings>Appliances>Edit >Add Internal Network :: I used that to add two different network subnets,
Question: Why the activity appears to be showing the external IP as an internal?
2. Hundreds of Multiple SIPVicious Tools Activity detections but just 2 incidents
1.2 - Malicious Connections show the External IP from the customer.
1.3 - ATP Priority is low for this incident.
Question:
How it's suggested to handle this incident?
Best Regards