This is not so much of a OSSIM question, but more of a Linux > Debian question.

So I'm running OSSIM 5.7.6 on Debian 8 on a VM and as of late, the server repeatedly tries to connect to two IP-addresses that is already flagged and prevented by OTX signatures. Which creates new alarms in the system periodically.

All alarms point to a seemingly non-existent filename: 5b0d8775e81751768fc457f4

I've tried to search for the file through: find, locate, WinSCP 'find files' but no luck.

And because the alarm came from a OTX signature, this prevented my server from being infected with trojan.

The server tried to communicate with 13.33.96.251 and 13.33.96.153 through HTTPS: screenshot of SIEM logs

I would like to find this file (to analyze) and stop the alarm from re-occuring periodically, any help is much appreciated.