I need a solution

I keep getting alerts for attacks/scans/etc that were blocked, but have no idea the souce. Keep seeing the same ones, thinking they come from the same place so I was going to add a firewall rule to block the IP or maybe the range.

This doesn’t help, I don’t see anything on the client itself, and I don’t see anythign in the portal (or I’m looking in the wrong place).

A high-risk intrusion was detected on SERVER2.domain.local within group Default Group on 3/31/2018 9:28: AM.

IPS Name
: an intrusion attempt was blocked.

Status
Blocked

Attack Signature
Web Attack: Malicious Scan Request

Targeted Application
SYSTEM

Targeted IP
192.168.1.3

Targeted Port Number
80

Targeted Host Name
N/A

0



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here