Hi,
I am constantly receiving these e-mails from my Symantec Endpoint Protection .cloud service:
A high-risk intrusion was detected on SERVER.domain.local within group Servers on 8/21/2015 7:47:49 AM.
Intrusion Name
Attack: an intrusion attempt was blocked.
Targeted Application
None
Targeted IP
10.10.3.3
Targeted Port Number
0
Targeted Host Name
Unknown
Status
Blocked
But what exactly was the attacker trying to do? It would be incredibly helpful to know more about what triggered SEP to further hardening the server(s) in question.
The administration web site (hostedendpoint.spn.com) offers no further information.
How to I get the information out of SEP?