Hello,
Does anyone now the source address 0.0.127.243?
<row>
<field name="time" value="2024-10-07T12:08:55Z" resolved="Today, 14:08:55"/>
<field name="id" value="c5e61144-9f5d-c7c6-6703-cf5700000180"/>
<field name="sequencenum" value="205"/>
<field name="src" value="0.0.127.243"/>
<field name="dst" value="10.x.y.z"/>
<field name="attack" value="Windows SMB Protection Violation"/>
<field name="attack_info" value="Brute Force Scanning of CIFS Ports"/>
<field name="protection_name" value="Brute Force Scanning of CIFS Ports"/>
<field name="protection_id" value="asm_dynamic_prop_CIFS_BF_PORT_SCAN"/>
<field name="severity" value="Medium" icon="Levels/Color_4_2"/>
<field name="confidence_level" value="Low" icon="Levels/Blue_5_1"/>
<field name="performance_impact" value="Critical" icon="Levels/Color_5_5"/>
<field name="protection_type" value="IPS" icon="Protection/Protections"/>
This kind of log entry is visible in Log sinceR81.20 ~HFA70:
I know IP like 0.0.0.x, but this seems different.
Regards
Peter