IPS Notifications - Domain Name inclusion
I have Sophos UTM Setup with IPS and WebServer Protection. I have about 4 Virtual Servers, but one real Web server. everything works the way it should however, when i get an IPS intrusion, then email does not show which domain was under attack. is it possible to add this manually into some template Sophos uses or is there a setting I am missing to show that feature?
Intrusion Prevention Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt
Details........: https://www.snort.org/search?query=37077
Time...........: 2016-06-02 08:25:04
Packet dropped.: yes
Priority.......: high
Classification.: Attempted User Privilege Gain
IP protocol....: 6 (TCP)
Source IP address: x5.1x.1x.6x (xx.xxxxxx.xx)
Source port: 55922
Destination IP address: 1x2.1x.1x.x1 (xxxxxx)
Destination port: 80 (http)
--
System Uptime : 2 days 9 hours 5 minutes
System Load : 0.02
System Version : Sophos UTM 9.403-4
Please refer to the manual for detailed instructions.
I would like something like
Destination Domain: ***.xxxx.com
to be also included.
is there anyway this can be done?
Regards Simon