high no. of deny firewall connections from same source outbound

jeeneet December 25, 2021

Outbound suspicious conditon

1. Bot installed in system

2. Malware installed give control to attacker and IP is blocked in firewall

3. Some team is running new application Ann it's trying to connect but ip is blocked in firewall

Attribute :- high no. of deny firewall connections from same source outbound

Outbound filter

Aggregation

how to integrate window devices in Arcsight