s.thebrighttag.com

Hi,

That last couple of days, i have been spammed by these alarms:
Host: AK47-PC
Score: 7
Attempted Date/Time: 08/08/2019 8:27:36 AM UTC
Id: 6596ae54781a355f49101b1852c6d6f067d1c356
Action: Kill Process

Indicator Details:
Host: s.thebrighttag.com
Path: c:\program files (x86)\Google\Chrome\application
Process: chrome.exe
Reputation: 91

How do i exclude a mail alarm for this specific incident?

Comments

  • We also get hundreds of these, there must be something going on with this, surely we are not the only two? It doesn't seem to affect anything and when I visit the workstations I can't find any trace of the computer trying to access this URL. Must be embedded in something else I guess?

  • I created a policy denying access to s.thebrighttag.com without logging.

  • Ricardo_ArroyoRicardo_Arroyo WatchGuard Representative

    Good morning! Is the goal here just to reduce the amount of Email, or are you also dis-satisfied with the number of Indicators that are showing up in your TDR Dashboard?

    Ricardo Arroyo | Sr. Technical Product Manager / ThreatSync Guru
    WatchGuard Technologies, Inc.

  • Hi Ricardo. If I can jump in, I would say that the alerts for this specific occurrence are not helpful. It seems to be borderline false positive and so the alerts are nothing more than spam....

  • You are NOT alone! The alerts on that site are (to me) a false positive.

    Gregg Hill

  • I think, it is. We are also using Heimdal Security which does not trigger an alert for this site. And for the dashboard view, i think Heimdal does a much better job.

Sign In to comment.