Locate a specific outbound IP request

With reduced staff, I have not had the time for training on Solarwinds SEM.  Last night, our external IPS detected an outbound request that it flagged a malware and blocked it.  We would like to figure out where it came from internally.  our firewall (cisco ASA) logs to to the SEM.  How do i find this in the SEM console?

Parents
  • I'd search for events with info that matches the IPS and any parts of the event that was flagged to look for other related information.  The nDepth search is pretty powerful once you learn a little about how it works but even freefrom text just typed in with some names or IP's can find a LOT.

    Bill

Reply
  • I'd search for events with info that matches the IPS and any parts of the event that was flagged to look for other related information.  The nDepth search is pretty powerful once you learn a little about how it works but even freefrom text just typed in with some names or IP's can find a LOT.

    Bill

Children