Hi All,
Recently, our group of companies merged their IT department.
Upon checking the logs of the other's company firewall I have noticed below:
Does this mean that the IP stated on the logs are infected? Or user simply just visit websites that has a lot of adware?
I have noticed also that the destination is Google DNS. Am I having a wrong impression here? Since the action is tag Detect, others are Prevent, I'm kinda worried here since our other firewall doesn't have this kind of logs (DNS reputation) even the DNS trap is On.
Version is R80.40
PS: I'm new in the security field, I'm currently having a hard time grasping all the information regarding fw logs and stuffs.
Hope you can help me clear things up.
Hi Val,
What confuse me is that the destination is Google DNS. Also the action is mixed Detect and Prevent.
| User | Count |
|---|---|
| 7 | |
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 |
Thu 02 May 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?Thu 02 May 2024 @ 04:00 PM (CEST)
CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WANThu 02 May 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?Thu 02 May 2024 @ 04:00 PM (CEST)
CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
