I have Sophos UTM Setup with IPS and WebServer Protection. I have about 4 Virtual Servers, but one real Web server. everything works the way it should however, when i get an IPS intrusion, then email does not show which domain was under attack. is it possible to add this manually into some template Sophos uses or is there a setting I am missing to show that feature? [quote]Intrusion Prevention Alert An intrusion has been detected. The packet has been dropped automatically. You can toggle this rule between "drop" and "alert only" in WebAdmin. Details about the intrusion alert: Message........: SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt Details........: https://www.snort.org/search?query=37077 Time...........: 2016-06-02 08:25:04 Packet dropped.: yes Priority.......: high Classification.: Attempted User Privilege Gain IP protocol....: 6 (TCP) Source IP address: x5.1x.1x.6x (xx .xxxxxx.xx ) Source port: 55922 Destination IP address: 1x2.1x.1x.x1 (xxxxxx) Destination port: 80 (http) -- System Uptime : 2 days 9 hours 5 minutes System Load : 0.02 System Version : Sophos UTM 9.403-4 Please refer to the manual for detailed instructions.[/quote] I would like something like Destination Domain: xxx.xxxx.com to be also included. is there anyway this can be done?
↧