Good Day,
Is there a way on SEPM for me to generate all BotNet traffic separately from risk report?
SEPM version 12.1 RU2 with embedded database running on Windows server 2008
Best Regards,
You could run the Network Threat Protection >> Attacks report to show that type of traffic.
Will it also show the type of Botnet?
The IPS does have signatures to detect botnet activity. If you've configured firewall rules to detect botnet activity it will also show up here.
Hi Brian,
Do you have any knowledge base articles that I can check for your mentioned firewall rules? Thanks
They would be custom rules based on traffic to known malicious IPs
Can I follow this procedure http://www.symantec.com/docs/TECH92405 to block the traffic from this url's
wkooora.sytes.net:4242/is-ready
8.no-ip.biz:100/is-ready
4tag16ag100.com:443
alrewesh3.no-ip.org:5510/is-ready
jeflex.no-ip.org:221/is-ready
Thanks,
You can only block domain names so for example:
sytes.net
*.sytes.net
4tag16ag100.com