Endpoint Protection

 View Only

  • 1.  How to generate BotNet traffic report on SEPM

    Posted Oct 24, 2014 09:38 PM

    Good Day,

     

    Is there a way on SEPM for me to generate all BotNet traffic separately from risk report?

    SEPM version 12.1 RU2 with embedded database running on Windows server 2008

     

    Best Regards,



  • 2.  RE: How to generate BotNet traffic report on SEPM

    Posted Oct 24, 2014 09:40 PM

    You could run the Network Threat Protection >> Attacks report to show that type of traffic.



  • 3.  RE: How to generate BotNet traffic report on SEPM

    Posted Oct 24, 2014 09:51 PM

    Will it also show the type of Botnet?



  • 4.  RE: How to generate BotNet traffic report on SEPM

    Posted Oct 24, 2014 10:05 PM

    The IPS does have signatures to detect botnet activity. If you've configured firewall rules to detect botnet activity it will also show up here.



  • 5.  RE: How to generate BotNet traffic report on SEPM

    Posted Feb 19, 2015 09:29 PM

    Hi Brian,

    Do you have any knowledge base articles that I can check for your mentioned firewall rules? Thanks

     



  • 6.  RE: How to generate BotNet traffic report on SEPM

    Posted Feb 19, 2015 09:40 PM

    They would be custom rules based on traffic to known malicious IPs



  • 7.  RE: How to generate BotNet traffic report on SEPM

    Posted Feb 20, 2015 12:12 AM

    Can I follow this procedure http://www.symantec.com/docs/TECH92405 to block the traffic from this url's

     

    wkooora.sytes.net:4242/is-ready

    8.no-ip.biz:100/is-ready

    4tag16ag100.com:443

    alrewesh3.no-ip.org:5510/is-ready

    jeflex.no-ip.org:221/is-ready

     

    Thanks,



  • 8.  RE: How to generate BotNet traffic report on SEPM

    Posted Feb 20, 2015 07:51 AM

    You can only block domain names so for example:

    sytes.net

    *.sytes.net

    4tag16ag100.com