suricata and nfs findings

[ByteAndBits]

Version

2.4.60

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

128

RAM

1TB

Storage for /

60TB

Storage for /nsm

60TB

Network Traffic Collection

span port

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Hi,

we have a lot of findings between our ESX hosts and the nfs service of a nas.
In the datastream suricata will saw log4j, powershell, coinminer and more. On Datastore only runs one windows VM without any findings from MS defender.

Are this false positive?

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[dougburks]

It's possible but that's something you would have to answer based on your knowledge of the environment and your review of the traffic and the rules that generated the alerts.

[ByteAndBits]

OK, it was hard to find but, the surikata alerts are from attack patterns from a vm in our enfironment. This patterns match the surikata patterns :).