HIDS 40106
From Atomicorp Wiki
| Rule 1 | |
|---|---|
| Status | Active |
| Alert Message | audit failure event |
Contents |
Description
Possible buffer overflow attempt
What you should do
This is an anomaly detection event. The service has logged an unusual request containing "@@@@@@@@@@@@@@@@@@@@@@@@". This could be padding indicating a stack overflow attack, or a very misconfigured application.
Troubleshooting
False Positives
There are no false positives with this rule.
Tuning Guidance
There is no guidance for tuning this rule, this is a generic error and the rule should not be disabled.
Additional Information
Support
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.
