HI
We use palo alto WF-500 ATP.
So I can see some url filtering logs which have blocked access to a malicious domains, the source IP for these is the VM machine inside the WF-500 ATP.
This indicates the PA FW sent a file to the ATP which was then run by the VM machine and it is this file which tried to communicate to the malicious domain.
However how can I find out which client on the network was downloading this file while the PA sent it the the ATP appliance?
Thanks.
No comments:
Post a Comment