Hello guys ,
Cortex flagged a security alert(low severity) related to 'Failed Connections' .
Observed these are network connections are initiated by brave browser helper / Firefox helper and these connections are made to private IP's. No malicious files are found after initiating malware scan on the endpoint.
why these Firefox/ Brave helpers are connecting to Private IP ranges ?
Does anyone faced same issue ?kindly help here.
Hi @Anil_Racharla ,
Thank you for writing to Live community!
It would be too difficult to say why unless investigated, but Cortex XDR analytics does not depend on malicious process data rather it generates on behavioural and network traffic analysis. In this case, this behaviour must have been observed as a unique behaviour on the specific endpoint attempting to making network connections to private IP ranges using firefox and brave browser processes. There is a possibility of a user using tools like network mappers or web applications which attempt network discovery and hence needs to be observed on the same.
On top of this, Analytics alerts will not generate alerts on malware scans, rather it will generate alerts on behaviour(as stated above)
Hope this answers your question.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!