I recently took over a Systems/Networking admin position for a mid sized company(500ish employees, 50 sites). We have a Fortinet firewall partially managed/hosted by our MPLS provider.
Prior to me being here they really didn't do anything with any of the IPS Critical/High alerts, they weren't even being notified when they occurred. What is your process for investigating, and processing these kind of alerts? Do you block the IP or the whole range? Do nothing? Any other tips or advice?
No comments:
Post a Comment