Recently got firepower based firewalls and all this ngfw is cool and finally have eyes on the wire with ips but have seen alot of ioc's with say cnc or malware but are blocked once I drill into host. What should I do next regarding these marks/alerts, should I simply ignore, uncheck so mgmt doesnt freak out, or should I dig deeper with vulnerability scans, malware scans, and port scans against this host?
Also what applications are people using to check for vulnerabilities and verification of open ports?
No comments:
Post a Comment