Hello, everyone.
A client has asked with a problem:
When receiving a Zmap scan email notification, the email displays uuid instead of source ip. In SmartConsole logs, the ip address is displayed correctly. For other alerts, full information including ip is also displayed. The mail notification is configured via internal_sendmail.
I would like to clarify why this is happening and is it possible to change this?
I am also unable to reproduce this problem in the test lab. When scanning with Zmap, IPS detects Port Scan (Host Port Scan or Sweep Scan depending on scan settings) and does not catch Zmap. What could this be related to?
