Did WatchGuard change the vendor / rules for botnet detection recently? We rarely get botnet reports for destination IP addresses but beginning 7/13/20 we are noticing about 1 a day now.
They changed the vendor recently.
From an e-mail:
WatchGuard is switching Botnet Blocklist providers
By rarroyo on Jul 07, 2020 08:02 am
WatchGuard is switching Botnet Blocklist providers rarroyo Tue, 07/07/2020 - 08:02
Greetings valued WatchGuard Partners and Customers. For those that are not aware, or even those that just need a refresher, the firebox downloads a list of known malicious Command and Control IP addresses that it blocks. This is commonly referred to as the Botnet Blocklist and is Licensed as part of RED service in the Basic Security package. As part of our commitment to provide the best security to you, a new Botnet Block list is being deployed globally on July 13th. Should you or any of your customers encounter a false positive please add the offending IP address to the Blocked Sites Exceptions list and submit a technical support case. Thank you to everyone for reading and enjoy the rest of your day.
Thank you Bruce.
You can subscribe to these kind of e-mails, here:https://www.watchguard.com/wgrd-content/watchguard-blog-subscribe-email
Done. Thanks again.