Hello, I have recently had some doubts about some security logs in a 790 firewall, such as the following three examples:
Both the source and the destination are servers on the same network segment, for example 184.108.40.206/24. The three events shown are sourced by the same server (220.127.116.11) but at two destinations (18.104.22.168, 22.214.171.124). This leads me to think that the 126.96.36.199 server has malware, but it has the Harmony Endpoint installed, I have verified and everything seems to be fine.
But the alerts keep coming constantly, what can I do in this case?
While on the other console of the 790, it tells me that it is infected.