Difference between revisions of "WAF 360000"

From Atomicorp Wiki
Jump to: navigation, search
m
m
 
Line 13: Line 13:
 
'''False Positives'''
 
'''False Positives'''
  
There are no known False Positives for this, however if you believe this is a false positive, it is recommended that you report this to our security team can determine if this is a legitimate case, or if its clever attack on your system and that you not disable this rule until our security team has reviewed the attack.  Instructions to report false positives are detailed on the [[Reporting False Positives]] wiki page.
+
A false positive can occur is a domain is no longer serving up malware.  If you believe this is the case, and it is therefore a false positive, it is recommended that you report this to our security team to determine if this is a legitimate case, or if its clever attack on your system and that you not disable this rule until our security team has reviewed the event.  Instructions to report false positives are detailed on the [[Reporting False Positives]] wiki page.
  
 
'''Similar Rules'''
 
'''Similar Rules'''

Latest revision as of 12:01, 23 June 2011

Rule ID

360000

Alert Message

Atomicorp.com Malware Blacklist: Malware Site detected in Argument (AE)

Description

This rules detects if arguments inside POSTs contains a known malware site.

False Positives

A false positive can occur is a domain is no longer serving up malware. If you believe this is the case, and it is therefore a false positive, it is recommended that you report this to our security team to determine if this is a legitimate case, or if its clever attack on your system and that you not disable this rule until our security team has reviewed the event. Instructions to report false positives are detailed on the Reporting False Positives wiki page.

Similar Rules

WAF_360002

WAF_360003

WAF_360004

Outside References

Personal tools