Installed zeek/theflakes/bro-large_uploads (installed: master) - Raise notices on outgoing files over X bytes in size.
Getting a lot of events logged in notices log files. Fairly certain at this time that these events are due to Cylance application sending data to Cylance cloud services for analysis.
Unable to get a specific list of aws ec2 servers as they are using a lot of them and they change regularly.
Any ideas on how to reduce these notices so the unusual events are more apparent?
Since it is looking at network packets I don’t think there is any way to tie the file transfer back to the application.
Examples of the events found in the notices log files below.
Installed zeek/theflakes/bro-large_uploads (installed: master) - Raise notices on outgoing files over X bytes in size.
Getting a lot of events logged in notices log files. Fairly certain at this time that these events are due to Cylance application sending data to Cylance cloud services for analysis.
Unable to get a specific list of aws ec2 servers as they are using a lot of them and they change regularly.
Any ideas on how to reduce these notices so the unusual events are more apparent?
Since it is looking at network packets I don’t think there is any way to tie the file transfer back to the application.
Examples of the events found in the notices log files below.