Hello, I have recently had some doubts about some security logs in a 790 firewall, such as the following three examples:
Both the source and the destination are servers on the same network segment, for example 180.80.0.0/24. The three events shown are sourced by the same server (180.80.0.10) but at two destinations (180.80.0.13, 180.80.0.14). This leads me to think that the 180.80.0.10 server has malware, but it has the Harmony Endpoint installed, I have verified and everything seems to be fine.
But the alerts keep coming constantly, what can I do in this case?
While on the other console of the 790, it tells me that it is infected.
_
Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsThu 05 Dec 2024 @ 10:00 AM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - EMEATue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
