what is Attack.HTTP.NSE.2 in BitDefender?

threathunter

We have this Notification in Bitdefender.

Content Control:

Network Attack Defense has blocked an attack attempt

your device is being used to conduct an attack attempt of type Attack.HTTP.NSE.2.Please contact your system administrator.

Upon checking the URL or IP is 10.0.1.53 and 10.0.1.55, this is a local IP right?

What could trigger this event? We cannot find the source of this event, not available or no detailed attack flow in Bitdefender Gravityzone Dashboard, we want to know the Parent Process or source and Child process for this event.

Hoping for your kind assistance on this.

Thank You : )

 

Gjoksi

Hello.

Since you need help with business product, @Andrei_S Enterprise (who provides support for business products) could take a look here and help you with the issue.

Also, you can always contact the Bitdefender business support:

https://www.bitdefender.com/business/support/en/71263-85158-contact.html

Regards.

Andrei_S Enterprise

Hello @threathunter ,

The mentioned detection is usually generate for tools that do a network scan (ex. Kaseya probe, nmap, zenmap) or when pentesting is performed.

The IPs 10.0.1.53 and 10.0.1.55 are local. You can check if there are tools that could generate this event on one of the mentioned IPs.

If you are not able to identify them, please reach out to the Enterprise Support Team so we can check the event.

Kind Regards