locked
Firewall showing as attack source RRS feed

  • Question

  • Hello,

    We have setup ATA using lightweight gateways, with the central server located within Azure. From testing ATA using the ATA playbook we are not seeing the end client IP but the firewall. This attack client is on the network behind the firewall and non-domain joined, is there further windows event logs required to capture the end client IP.

    Many Thanks

    Friday, February 24, 2017 10:53 AM

Answers

  • To answer my own question.

    This was a SNAT on the firewall masking the clients. 

    • Marked as answer by Hodgkinson Friday, February 24, 2017 8:23 PM
    Friday, February 24, 2017 1:19 PM