It's been a bit of time with my SecurityOnion server monitoring my network (out-of-band) and wanted to do an update on the type of alerts that I am seeing, and at least try to identify what some of them might be.
Below is a screen shot of some of the alerts. I also noticed that I am having issues Pivoting to PCAP inside SecurityOnion right now, not sure if it is something I possibly did, or just something with the .130 update (I have not done PCAP since the upgrade)
2. I pay for Spotify for the family, so not really going to delve to deep on this one.
3. The next 2x are discord which I know is in use also
4. .cloud - Family is mostly Apple, and a quick look they are all the apple devices.
5. Microsoft Update - Validated
6. ET-DNS as Non-Compliant DNS traffic - Well this is my new cell phone, unsure what is doing.
7. DNS Query TOR Hidden (.onion) - Also my cell phone.
***Cell phone is Samsung 22 Ultra (Unlocked) on Tmobile. I will have to do some more research on these two to see what the phone is doing.
No comments:
Post a Comment