s.thebrighttag.com
Hi,
That last couple of days, i have been spammed by these alarms:
Host: AK47-PC
Score: 7
Attempted Date/Time: 08/08/2019 8:27:36 AM UTC
Id: 6596ae54781a355f49101b1852c6d6f067d1c356
Action: Kill Process
Indicator Details:
Host: s.thebrighttag.com
Path: c:\program files (x86)\Google\Chrome\application
Process: chrome.exe
Reputation: 91
How do i exclude a mail alarm for this specific incident?
0
Sign In to comment.
Comments
We also get hundreds of these, there must be something going on with this, surely we are not the only two? It doesn't seem to affect anything and when I visit the workstations I can't find any trace of the computer trying to access this URL. Must be embedded in something else I guess?
I created a policy denying access to s.thebrighttag.com without logging.
Good morning! Is the goal here just to reduce the amount of Email, or are you also dis-satisfied with the number of Indicators that are showing up in your TDR Dashboard?
Ricardo Arroyo | Principal Product Manager / ThreatSync Guru
WatchGuard Technologies, Inc.
Hi Ricardo. If I can jump in, I would say that the alerts for this specific occurrence are not helpful. It seems to be borderline false positive and so the alerts are nothing more than spam....
You are NOT alone! The alerts on that site are (to me) a false positive.
Gregg Hill
I think, it is. We are also using Heimdal Security which does not trigger an alert for this site. And for the dashboard view, i think Heimdal does a much better job.