Hi, Can someone confirm if SandBlast Threat Extraction can help dropping attacker's specific active connection? or we need to create a SAM rulebase by looking at active log connection that we want to block
it is not the purpose of threat extraction to be honest , you can achieve that with the antibot blade but this is post infection , threat extraction extract active code execution or similar from a file
If you want to block a specific active connection, you need to use SAM or fw samp.
Retrieving data ...