Dňa 4. októbra 2024 18:39:20 UTC používateľ Johnnie W Adams via Exim-users <exim-users@lists.exim.org> napísal: >The SIEM doesn't get that deep into the connection--it just gives >source, destination, and port.
Thus IMO you have do it by self, eg. logging traffic in firewall or capturing traffic to/from these ports. Capturing traffic can be more easy and no problem in your case (low traffic server), tcpdump can be your friend. Then you can compare... I have no experiences with SIEM, but anyway, i would try to ask more details from them. They are responsible what they reports and should to provide evidence about incidents. No reason to hesitate ;-) BTW, i asked more details about simmilar reports from shadowserver some (long) time ago, and by that ask they found bug in their code -- mistake happens... regards -- Slavko https://www.slavino.sk/ -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
