• Support
  • Forums
  • Blogs

Suspicious Behavior (OTX Indicators of Compromise)

arburnssbcarburnssbc

New Life Form
Hi all

I have just recently re-installed a new sensor in my network and seeing lots of alarms being generated. These alarms appear to be external IP's trying to attack my external IP. They mention watch lists SSH/telnet honeypot logs 2017-02-06 plus others.

Am i correct in thinking these are just malicious hosts trying to compromise my firewall?


Thanks

Share post:

Best Answer

  • Answer ✓
    arburnssbc,

    This alert is all about the risk profile. ;)

    The OTX watch list indicators for honeypot provide a list of IP addresses which have attempted to access honeypot networks. While this alone is not evidence of an attempt to infiltrate your network, OTX provides an indicator that the IP address is known to have been the source of bad behavior in the past, warranting an increased risk assigned to the traffic.

Answers

Sign In or Register to comment.