Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Security services logs

Hello everyone.

I hope that everyone's doing well.


On the AppFlow report, I have a bunch of vírus or intrusions that were detected by my firewall.

Were can I find the IPs that got infected?

Because if i press the name of the vírus it just gives me a description of the virus.

Already tried to search for it, but no luck...


Category: Firewall Security Services
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    edited September 2021 Answer ✓

    Hi @César_S AFAIK the AppFlow Report does not give you option to drill down. Maybe you could try to use the AppFlow Monitor, select the Tab Threats and show AllFlows, then you set a filter for the specific Threat and have the IP addresses listed at Initiator IPs.

    Depending on the time of the incident the event might be already flushed out of the memory of the Appliance, for that scenario something external like Analytics or a SIEM is required.

    --Michael@BWC

Answers

Sign In or Register to comment.