SEP 15 Firewall Report Inbound Attack Sources?

I need a solution

We just noticed that our weekly Firewall Report (default) is showing a bunch of internal IP addresses as our top sources of inbound attacks. We’re trying to understand this and not having any luck finding any further information about this report. Looking on the console, I don’t see any security events that match up with these addresses. Does anyone have any clue about this, or can you point me to any documentation? Trying to figure out why/how we’d have our own machines as our top attack sources without this activity showing up in our alerts and security events. I know that some kinds of scans can get flagged as attacks, so it’s possible that these are false positives, but not finding any way to verify this.

Also not sure if this is the right forum to post about SEP 15, but the cloud console link took me here, so…

Thank you!



Leave a Reply