IP Reputation: False positive

Options

Hi, im receiving alerts from SecuReporter:


2023-09-19 14:00:00

Network Security

IP Reputation-Outgoing

IP Reputation detect 192.168.10.234 is connecting to threat IP 244 times (exceed threshold 5 within 60 minutes)

Threat IP is 89.46.110.73.

Looking on Cisco Talos:

Could you verify please?

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited September 2023 Answer ✓
    Options

    Hi @0xAlessandro,

    The IP address is added into the allow list in the next signature version. You can test the IP again later this week. Thanks!

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited September 2023 Answer ✓
    Options

    Hi @0xAlessandro,

    The IP address is added into the allow list in the next signature version. You can test the IP again later this week. Thanks!

  • rainpwn
    Options

    Could you also whitelist 185.81.1.164


    2023-09-19 14:00:00

    Network Security

    IP Reputation-Outgoing

    IP Reputation detect 192.168.11.12 is connecting to threat IP 96 times (exceed threshold 5 within 60 minutes)

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited September 2023
    Options

    Hi @0xAlessandro,

    The IP 185.81.1.164 is also added into the allow list in the next signature version. Thanks!

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @0xAlessandro,

    Signature version: 1.0.0.20230920.0

    Two IP addresses are neutral now.

  • rainpwn
    Options

    Hi, thank you.

    There are 2 new IP (Cloudflare) which got blocked by IP Reputation.

    • 104.21.9.40
    • 172.67.141.113

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @0xAlessandro,

    The following IP addresses are also added into the allow list in the next signature version. Thanks!
    104.21.9.40
    172.67.141.113

Security Highlight