AnsweredAssumed Answered

PI Internet Traffic

Question asked by erick.marrero on Mar 30, 2017
Latest reply on Mar 31, 2017 by rsun

Hi all,

 

I tried to open a tech support case but I got I message saying that "we can't process your request at this moment". For that reason I'm posting this question here.

 

Our security team noticed an unexpected volume (anything >0 is unexpected) of outbound internet traffic from our PI Archive server. See the snippet below as example.

 

28 Mar 2017 20:47:52.965 { "timestamp": "2017-03-28T20:48:20.000Z", "asset": "%PISERVERNAME%", "user": "unknown", "source_address": "10.1.150.6", "source_port": "57392", "destination_address": "13.107.4.50", "destination_port": "80", "connection_status": "DENY", "direction": "OUTBOUND", "geoip_organization": "Microsoft Azure", "geoip_country_code": "US", "geoip_country_name": "United States", "geoip_city": "Redmond", "geoip_region": "WA", "source_data": "<164>Mar 28 2017 20:48:20: %ASA-4-106023: Deny tcp src production1:10.1.150.6/57392 dst outside:13.107.4.50/80 by access-group \"acl-production1\" [0x3395ac61, 0x0] " } Context

 

» 28 Mar 2017 20:47:53.483 { "timestamp": "2017-03-28T20:48:20.000Z", "asset": "%PISERVERNAME%", "user": "unknown", "source_address": "10.1.150.6", "source_port": "57392", "destination_address": "13.107.4.50", "destination_port": "80", "connection_status": "DENY", "direction": "OUTBOUND", "geoip_organization": "Microsoft Azure", "geoip_country_code": "US", "geoip_country_name": "United States", "geoip_city": "Redmond", "geoip_region": "WA", "source_data": "<164>Mar 28 2017 20:48:20: %ASA-4-106023: Deny tcp src production1:10.1.150.6/57392 dst outside:13.107.4.50/80 by access-group \"acl-production1\" [0x3395ac61, 0x0] " } Context

 

 

Are there any PI Archive components that would be initiating such traffic or any malware that might be?

Outcomes