Why am I seeing this?
While we’ve worked hard to make sure that when a Canary chirps, you know that it matters, some network devices will occasionally touch Canaries in ways that look a lot like attacker behaviour.
We want to let you know this is happening, but we also want to let you know that from our vantage point, this doesn’t look like a full-blown attack.
We use these tiny but visible annotations of alerts to let you know our thoughts.
What's McAfee RSD?
McAfee RSD makes anti-virus & security software suites for Windows, Mac and Android machines. In some configurations, the software will scan and probe other machines on the network.
So what does this mean?
If you have seen this annotation, we have deduced that the alert looks sufficiently like a port scan from McAfee RSD. This does not mean that the event should be ignored.
We annotate it here as an attempt to add some context to why you may be seeing this incident.
Ignoring annotated alerts
Annotations allow us to reduce noise in the alert feed, while still keeping track of activity that hits your Canaries. Users can mark these annotated alerts as ignored by hitting the "Ignore alerts like this" button on any annotated alert. This will cause them to no longer show up as incidents in your Console.