Alerts: - Abnormal Recurring Communications to a Rare Domain to a Suspicious Autonomous System (AS)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Alerts: - Abnormal Recurring Communications to a Rare Domain to a Suspicious Autonomous System (AS)

L0 Member

Hello Friends

 

Our XDR system recently reported a lot of these warnings, "Abnormal Recurring Communications to a Rare Domain to a Suspicious Autonomous System (AS)". Through information from XDR from the user's computer that has queried a website through Google Chrome or MS Edge. The investigation activity gets the user's access information that they have accessed and not accessed those website addresses.
This warning keeps appearing, so how to turn it off or how to find the exact cause of why this warning is there.

 

Thank you.

2 REPLIES 2

Cyber Elite
Cyber Elite

@H.NguyenNgoc,

XDR should be telling you the actual domain does it not? This would start usually as a pretty typical check of the endpoint; verify that the user doesn't have any malicious extensions added and remove any of the websites that they may have granted notification access to would be the first things that I would check.

 

Hello BPry

Thank for your reply.

Yes, the domain name is in the notifications. We checked endpoints browser, most alerts from google chrome and we find no any domain in alert has granted notification access and there is no extension installed on the browser.

 

 

 

  • 215 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!