Difference between revisions of "HIDS 40106"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "{{Infobox |header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = audit failure event }} = Description = Possible buffer overflow attempt == ...")
 

Latest revision as of 10:16, 23 October 2020

Rule 1
Status Active
Alert Message audit failure event

Contents

[edit] Description

Possible buffer overflow attempt

[edit] What you should do

This is an anomaly detection event. The service has logged an unusual request containing "@@@@@@@@@@@@@@@@@@@@@@@@". This could be padding indicating a stack overflow attack, or a very misconfigured application.

[edit] Troubleshooting

[edit] False Positives

There are no false positives with this rule.

[edit] Tuning Guidance

There is no guidance for tuning this rule, this is a generic error and the rule should not be disabled.

[edit] Additional Information

[edit] Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes

Personal tools