WAF 340069
Rule 340069 | |
---|---|
Status | Active |
Alert Message | Atomicorp.com WAF Rules: Web vulnerability scanner |
Contents |
[edit] Description
This rule is triggered when known vulnerability scanner actions are detected. This looks for events that vulnerability scanners do on purpose to identify themselves to the system they are testing.
[edit] Troubleshooting
[edit] False Positives
There are no known false positives with this rule. The rule looks for the known actions that vulnerability scanners take to specifically identify that they are testing the system, and that do this on purpose so that the operators of the system know that they are being scanned. This is a bit akin to asking the police to check your home for security issues, and upon arriving the police ring your doorbell and tell you they will be starting the assessment. Some vulnerability scanners "announce" themselves, and that is what this rule looks for.
False positives with this rule are essentially unheard of. But if you believe you have one, please follow the process documented in the Reporting_False_Positives procedure.
[edit] Tuning Guidance
Please see the Tuning the Atomicorp WAF Rules page for more information.
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.