Oui, j'ai besoin d'une solution
Hello,
Yesterday we saw SEP NTP detect and block an SID 27847 wordpress arbitrary file download attack from a remote IP. We've seen this detection in the past and as usual wordpress is not installed on the internal web facing server which was targeted. However in this case the log shows OUTBOUND traffic rather than inbound. Please see attached. Is this accurate and if so what does it indicate?
We are running SEP 12.1.4112.4156.
Thank you,
Matt