Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MattDunn
Advisor

Anti-Bot Correlated Logs

When I filter on Blade:Anti-Bot all I see is this.  When I open a log card I have no meaningful information.  What is causing these logs? 

Should I worry, or just ignore them? 

If I should worry - why? 

If I should ignore them - how do I stop them from happening in the first place?

AB.png

0 Kudos
3 Replies
Bjoern_Baumann
Participant

Have you managed to figure out the meaning of these logs?

0 Kudos
MattDunn
Advisor

Nope!  I'd still like to though.

I'm upgrading this particular system later this week from R80.40 to R81.10 so I'll see if that makes any difference...

0 Kudos
Timothy_Hall
Champion
Champion

My first impression is that these correlated logs were just showing anti-bot scanning statistics (Scan Hosts ...), but the presence of "CU (Correlation Unit) Rule" means that it has something to do with SmartEvent.  Looks like a false positive, see here: sk105300: SmartEvent Server sends out email alerts for Anti-bot detection with no corresponding logs...

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos