IP Reputation: False positive

rainpwn
rainpwn Posts: 13  Freshman Member
Friend Collector First Comment First Anniversary
in Security

Hi, im receiving alerts from SecuReporter:


2023-09-19 14:00:00

Network Security

IP Reputation-Outgoing

IP Reputation detect 192.168.10.234 is connecting to threat IP 244 times (exceed threshold 5 within 60 minutes)

Threat IP is 89.46.110.73.

Looking on Cisco Talos:

image.png

Could you verify please?

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,370  Zyxel Employee
    Sixth Anniversary 1000 Comments 100 Answers Zyxel Certified Sales Associate
    edited September 2023 Answer ✓

    Hi @0xAlessandro,

    The IP address is added into the allow list in the next signature version. You can test the IP again later this week. Thanks!

    Best regards,
    Emily

    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. For free! https://bit.ly/4g2pS9L

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,370  Zyxel Employee
    Sixth Anniversary 1000 Comments 100 Answers Zyxel Certified Sales Associate
    edited September 2023 Answer ✓

    Hi @0xAlessandro,

    The IP address is added into the allow list in the next signature version. You can test the IP again later this week. Thanks!

    Best regards,
    Emily

    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. For free! https://bit.ly/4g2pS9L

  • rainpwn
    rainpwn Posts: 13  Freshman Member
    Friend Collector First Comment First Anniversary

    Could you also whitelist 185.81.1.164


    2023-09-19 14:00:00

    Network Security

    IP Reputation-Outgoing

    IP Reputation detect 192.168.11.12 is connecting to threat IP 96 times (exceed threshold 5 within 60 minutes)

    image.png

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,370  Zyxel Employee
    Sixth Anniversary 1000 Comments 100 Answers Zyxel Certified Sales Associate
    edited September 2023

    Hi @0xAlessandro,

    The IP 185.81.1.164 is also added into the allow list in the next signature version. Thanks!

    Best regards,
    Emily

    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. For free! https://bit.ly/4g2pS9L

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,370  Zyxel Employee
    Sixth Anniversary 1000 Comments 100 Answers Zyxel Certified Sales Associate

    Hi @0xAlessandro,

    Signature version: 1.0.0.20230920.0

    Two IP addresses are neutral now.

    image.png
    image.png

    Best regards,
    Emily

    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. For free! https://bit.ly/4g2pS9L

  • rainpwn
    rainpwn Posts: 13  Freshman Member
    Friend Collector First Comment First Anniversary

    Hi, thank you.

    There are 2 new IP (Cloudflare) which got blocked by IP Reputation.

    • 104.21.9.40
    • 172.67.141.113
    image.png
    image.png

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,370  Zyxel Employee
    Sixth Anniversary 1000 Comments 100 Answers Zyxel Certified Sales Associate

    Hi @0xAlessandro,

    The following IP addresses are also added into the allow list in the next signature version. Thanks!
    104.21.9.40
    172.67.141.113

    Best regards,
    Emily

    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. For free! https://bit.ly/4g2pS9L

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)