Orion NPM 11.5
Management is asking if either the NPM or NTA product that we have can monitor if any of the IP's associated with the recent Apple Malware incident are trafficed through our network.
I was thinking I could do this with NTA but now looking I am not sure so I thought I would ask the experts here.
Do you have a list of IP addresses? According to the article below you should check HTTP traffic for init.icloud-analysis.com entries in your firewalls or proxies logs. I know you could resolve this domain to an IP easily enough but it may change if there is a CDN involved,