To make it quick, we have found out from our ISP through subpoena someone was torrenting on the open guest WiFi. We are currently locking things down but I want to know if there are any places I can find logs of the torrenting taking place and find the mac address to get closer to see who it is.
Edit: I am currently dealing with the initial blowback so I didn't type enough. This location has never had their security audited so I want to know what default logging in the DCs or in the Cisco ASA 5508 is available for me to start looking at things.
No comments:
Post a Comment