Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Masood_ahmad
Participant

Dropping intruders specific active connection

Hi, Can someone confirm if SandBlast Threat Extraction can help dropping attacker's specific active connection? or we need to create a SAM rulebase by looking at active log connection that we want to block

0 Kudos
2 Replies
Marco_Valenti
Advisor

it is not the purpose of threat extraction to be honest , you can achieve that with the antibot blade but this is post infection , threat extraction extract active code execution or similar from a file

0 Kudos
PhoneBoy
Admin
Admin

If you want to block a specific active connection, you need to use SAM or fw samp.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events