I am getting lot attack alert from internal ip address from our nsm. Could you please check and let me know what to do in this type of attach.
Network Security Platform has detected a "High (9)" severity attack. Please view the Threat Analyzer for details. These notification messages will be suppressed for the next 10 minutes.
Both source and target are within the network.
The "Unknown" attack was detected at 2016-02-01 12:38:29 IST
Details of attack:
Alert ID: 6197622331532002980 Time: 2016-02-01 12:38:29 IST
Attack: Unknown (0x41703b00)
Attack type: Signature, Severity: High
(Signature: N/A, BTP: N/A)
Admin domain: My Company
Sensor: NIPS_Sensor_HA, interface 1A-1B
Source: x.x.x.x:N/A, Target: x.x.x.x:N/A
The Attack ID '0x41703b00' is for 'LDAP: Microsoft Active Directory Heap Overflow'
If you view the alerts within the RTTA do you get any more information?
What NSM version software are you running?
What SigSet version are you using?
What model of sensor and software version are you using?
When was the last time you tuned your database?
Were you able to resolve your issue?
I see there was a problem with SigSet 220.127.116.11 that caused it to generate false positives for this alert, details are available on the support site;
Network Security Platform (NSP) Signature Set 18.104.22.168 may generate false positives for certain attack signatures
Technical Articles ID: KB86223