what is Attack.HTTP.NSE.2 in BitDefender?

threathunter
threathunter Snr. Threat Hunter
edited November 2023 in Enterprise Security

We have this Notification in Bitdefender.

Content Control:

Network Attack Defense has blocked an attack attempt

your device is being used to conduct an attack attempt of type Attack.HTTP.NSE.2.Please contact your system administrator.

Upon checking the URL or IP is 10.0.1.53 and 10.0.1.55, this is a local IP right?

What could trigger this event? We cannot find the source of this event, not available or no detailed attack flow in Bitdefender Gravityzone Dashboard, we want to know the Parent Process or source and Child process for this event.

Hoping for your kind assistance on this.

Thank You : )

 

Answers

  • Gjoksi
    Gjoksi Defender of the month mod

    Hello.

    Since you need help with business product, @Andrei_S Enterprise (who provides support for business products) could take a look here and help you with the issue.

    Also, you can always contact the Bitdefender business support:

    Regards.

  • Andrei_S Enterprise
    Andrei_S Enterprise Business Support Manager BD Staff

    Hello @threathunter ,

    The mentioned detection is usually generate for tools that do a network scan (ex. Kaseya probe, nmap, zenmap) or when pentesting is performed.

    The IPs 10.0.1.53 and 10.0.1.55 are local. You can check if there are tools that could generate this event on one of the mentioned IPs.

    If you are not able to identify them, please reach out to the Enterprise Support Team so we can check the event.

    Kind Regards