Robert Wardlow
asked on
Need a network traffic report.
My client has a SonicWall TZ 105 firewall. Their network was hit with Ransomware. I need to determine whether encryption was the only malicious activity or if data was compromised. I know the date and time of the malicious activity.
How can I print a report of:
Outbound network traffic to all or specific WAN addresses by date and time?
Thank you very much for your help.
Bob
How can I print a report of:
Outbound network traffic to all or specific WAN addresses by date and time?
Thank you very much for your help.
Bob
Look at the Exchange or Email logs. Ransomware comes in this way much, much more frequently than back door attacks.
ASKER
Hello John, We have determined that the attack came from a remote desktop hack. We see the user logging in at a given time and we see encryption beginning a short time afterward. I want to know how much data was sent to an external address at and after that time. Is there a report I can print that shows how much data was sent to external WAN addresses. Ideally sorted by address and possibly country of those addresses.
Thank you for your suggestion
Bob
Thank you for your suggestion
Bob
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you John, I will try that
Bob
Bob
ASKER
Thank you John
You are very welcome and I was happy to assist you.