Where do I find the details of a Virus alert from the CSC-MA (GMS)?
I received the following email alert, generated at 1:30 this morning, Thursday September 10:
You are receiving this email because Capture Security Center Alert Notification Service has generated an alert for Firewall Metro TZ600, monitored by Capture Security Center with Serial xxxxxxxxxxx.
The Alert Rule is named as Threat Notification Rule and is defined as
info = THREAT-TYPE :: Virus, Name :: UPX_Packed_Executable_0 (Trojan), SRCIP :: 192.168.1.63 (Private IP), DSTIP :: 18.104.22.168 (United States)
I'm having a hard time discerning where this information could be located (and, knowing me, it may be in plain site). So where in CSC-MA can I identify the exact executable that was flagged?
Turns out the DSTIP address is LogMeIn, and I'm of the impression that this might be a false positive. If so, I'd like to get it reported.