Good Day All ,
protocol direction: TCP inbound
remote host IP address: 192.X.X.X
Traffic intiated from the remote IP 192.X.X.X is class c subnet range and it is an private IP, communicates towards our known workstation.
Signature triggered is OS Attack: Microsoft SMB MS17-010 .
SEP client installed on that workstation blocked this traffic. So there is no impact but we are unable to find the traffic intiated from the remote IP. Since We do not have any information about this IP, it is not the standard IP segment used in our environment and we are not able to trace this IP.
Any suggestion from your end is highly helpful.
Thanks in advance.