What Do People Even Do With These Firewall Alerts?

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

Post Flair (click to view more posts with a particular flair)

Analysis

Post Body

We use Palo Alto Firewalls and get alerts saying "beacon detection" and "malware" connections were detected. What would an enterprise even do with this information other than scan for malware or re-image the laptop?

CORRELATION ALERT

domain: 1

receive_time: 2023/09/11 23:34:50

serial: 012345678910

type: CORRELATION

subtype:

config_ver:

time_generated: 2023/09/11 23:34:50

src: 10.xxx.xxx.xxx

srcuser:

vsys: vsys9

category: compromised-host

severity: medium

dg_hier_level_1: 25

dg_hier_level_2: 41

dg_hier_level_3: 0

dg_hier_level_4: 0

vsys_name: vsys9

device_name: sparkybunsFirewall222

object_name: Beacon Detection

object_id: 6005

evidence: Host visited known malware URL (11 times).

Author

Account Strength

10%

Account Age

1 year

Verified Email

Verified Flair

Total Karma

Link Karma

Comment Karma

Profile updated: 2 days ago

sysbaddmin

Subreddit

r/AskNetsec

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.

Posted: 1 year ago
Reddit URL: View post on reddit.com
External URL: reddit.com/r/AskNetsec/c...