Advanced Threat Protection

 View Only
  • 1.  ATP: Network > Multiple SIPVicious Tools Activity detections

    Posted May 13, 2016 01:29 PM

    Hi Team

    There's a POC that since the beginning is detecting hundreds Multiple SIPVicious Tools Activity  detections on customer side.

    Issues:

    1. Events reported External IP as Internals .

         1.1 - Settings>Appliances>Edit >Add Internal Network   :: I used that to add two different network subnets,

    Question: Why the activity appears to be showing the external IP as an internal?

    2. Hundreds of  Multiple SIPVicious Tools Activity  detections but just 2 incidents

        1.2 - Malicious Connections show the External IP from the customer.

        1.3 - ATP Priority is low for this incident.

    Question:

    How it's suggested to handle this incident?

    Best Regards

     



  • 2.  RE: ATP: Network > Multiple SIPVicious Tools Activity detections
    Best Answer

    Posted May 25, 2016 10:11 AM

    Related with Issue No 1:

    https://www-secure.symantec.com/connect/ideas/manual-enabling-disabling-and-download-network-traffic-capture