Need your assist on verify the capture logs is normal or abnormal. Please refer to the attached screenshot as your reference.
Noticed Muieblackcat is doing port scanning, and when we check on the attack logs but some of it shows n/a. Besides that, we found out the Source IP were NSM IP.
The 'BOT Muieblackcat activity detection' alert that NSP triggers is only to detect the occurrence of the Muieblackcat activity. This mean the alert will show a result of n/a. There is also a signature called 'BOT Muieblackcat traffic detected I' that has the blocking option disabled by default but has alerting enabled by default.
Please can you provide the screenshots and captures of the BOT Muieblackcat alert so we can review the detection.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.