HIDS 60128

From Atomicorp Wiki
Jump to: navigation, search
Rule 60128
Status Active
Alert Message Denied an untrusted non system library binary from hooking an application

Contents

Description

This event is not caused by ASL. ASL is just reporting when apache has rejected a request with a "Forbidden" 403 error message.

This rule is triggered when apache blocks a request as forbidden, and sends a 403 error. This is not caused by ASL, or any other rule. This rule just reports when apache has blocked a request.

You should investigate this event as it may be part of a broader attack.

Troubleshooting

False Positives

None. This rule just reports when apache has blocked a request. This block is not caused by this rule, any other rule, or ASL. Disabling this rule will not prevent apache from blocking these requests, it will just prevent ASL from reporting that this has happened.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Personal tools