Hello all,
Our MX-84 is showing a SSH_Event_Respoverflow threat for an address that our backup appliance uses to send data offsite, causing the offsite backups to not replicate (cant make an SSH Connection essentially as the Meraki appears to be blocking it). I have the IP address and hostname that is being blocked as a threat.
I reached out to support to see how to whitelist this essentially- to which I was told the only thing that can be whitelisted is a URL under AMP (Advanced Malware Protection)- which I don't believe is related to what i'm working with here.
What is my best way to basically mark this as a false positive to allow this traffic to pass? I see that I can whitelist the threat, but is that whitelisting any SSH_Event_RESPOVERFLOW instance that comes across or just this specific instance?
Hopefully I'm just missing something here/confused- thanks in advance here for any info.