Hi, we are using Kaspersky Endpoint Security Version 11.5 Advanced with EDR Support.
Always i receive the DoS.Generic.Flood.TCPSYN in attack report which occurred between about 10 clients in a special VLAN. Kaspersky detect these attacks but i could not find the source of attack, Can EDR report specify the process or service that make this attack? Is there any way create filter to find out the start point of attack ? client os is windows 10. For example in past 5 days i received 1290 attack from 8 attack IP to 5 attacked devices.