Difference between revisions of "HIDS 30114"
(Created page with "{{Infobox |header1= Rule 30114 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = mod_qos invalid request detected }} = Description = This rule is triggered ...") |
Latest revision as of 17:13, 4 February 2014
Rule 30114 | |
---|---|
Status | Active |
Alert Message | mod_qos invalid request detected |
Contents |
[edit] Description
This rule is triggered when a third party QOS system, specially mod_qos, has reported an event that it has blocked. Specifically if mod_qos has blocked an invalid request.
These events are not triggered, caused, configured or managed by by ASL, and ASL does not cause the blocking action or alert. The Third Party IDS is the cause of this event.
ASL will shun on this event by default.
[edit] Details
This rule is designed to detect the third party mod_qos event and to alert when it has blocked an invalid connection.
ASL does not control or configure mod_qos, it merely reports when this occurs. Therefore, if your mod_qos is in error, please contact the vendor that installed mod_qos for assistance with configuring it.
Disabling this rule will not prevent mod_qos blocking this activity. It will simply "silence" the alert in ASL, and prevent ASL from shunning this event. However mod_qos will continue to block this activity. We do not recommend you disable this rule.
[edit] Troubleshooting
[edit] False Positives
None.
[edit] Tuning Guidance
If you do not wish to shun on these alerts, just set Active Response in the ASL rule manager for rule 30114 to "no".
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.