IPS/4/CNC
Message
IPS/4/CNC(l): A malware domain was detected. (SyslogId=[syslog-id], VSys=[vsys-name], Policy=[policy-name], SrcIp=[source-ip-address], DstIp=[destination-ip-address], SrcPort=[source-port], DstPort=[destination-port], SrcZone=[source-zone], DstZone=[destination-zone], User=[user-name], Protocol=[protocol], Application=[application-name],Profile=[profile-name],DomainName=[domain-name], EventNum=[event-number], Action=[action])
Description
The device determined that the received packet was destined for a malicious domain name using the domain name-filtering function.
Parameters
Parameter Name | Parameter Meaning |
---|---|
[syslog-id] | Log ID |
[vsys-name] | Name of the virtual system |
[policy-name] | Name of the security policy |
[source-ip] | Source IP address of packets |
[destination-ip] | Destination IP address of packets |
[source-port] | Source port of packets (the field is 0 for ICMP packets) |
[destination-port] | Destination port of packets (the field is 0 for ICMP packets) |
[source-zone] | Source security zone of packets |
[destination-zone] | Destination security zone of packets |
[user-name] | User name |
[protocol] | Protocol of the packets matching the signature |
[application-name] | Application of the packets matching the signature |
[profile-name] | Profile name |
[domain-name] | Malicious domain name |
[event-number] | Match count |
[action] | Action for the signature
|