Endpoint Protection

 View Only

  • 1.  Symantec IPS logs -Intrusion Payload URL

    Posted Feb 15, 2017 11:26 PM

    Can any body explain that what is difference between Intrusion URL and Intrusion Payload URL? and why Intrusion payload URL is not capturing in the logs



  • 2.  RE: Symantec IPS logs -Intrusion Payload URL

    Posted Feb 16, 2017 10:13 AM

    It may vary depending on the direction of the traffic.

    The Intrusion URL is the URL that SEP detected as malicious and may re-direct to a file download script execution attempt.

    The Intrusion Payload URL is the malicious "file" download attempt.



  • 3.  RE: Symantec IPS logs -Intrusion Payload URL

    Posted Feb 16, 2017 12:20 PM

    Hi Ayyanar,

    Thanks for the query.  One has all of the parameters included in the traffic and the other lets you known which domains you may need to block at the corporate firewall.  (That is how I use them, anyway!)

    Hope this helps!  Please do keep the thread up-to-date with your progress or mark it solved if you have received your answer.

    Mick



  • 4.  RE: Symantec IPS logs -Intrusion Payload URL
    Best Answer

    Posted Feb 17, 2017 08:06 AM

    Hi Ayyanar,

    Just a ping to see if your question has been answered? The thread is still marked "needs solution."

    Mick



  • 5.  RE: Symantec IPS logs -Intrusion Payload URL

    Posted Mar 20, 2017 08:00 AM

    Hi All,

     

    Thanks for your quick response and prompt answer,

     

    I got my answer

     

    Thanks & Regards,

    Ayyanar



  • 6.  RE: Symantec IPS logs -Intrusion Payload URL

    Posted Mar 20, 2017 08:01 AM

    What is the correct answer? Please mark it as such.