HIDS 60128

From Atomicorp Wiki
Revision as of 11:53, 17 October 2014 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 60128
Status Active
Alert Message Denied an untrusted non system library binary from hooking an application

Contents

[edit] Description

This event is not caused by ASL. ASL is just reporting when apache has rejected a request with a "Forbidden" 403 error message.

This rule is triggered when apache blocks a request as forbidden, and sends a 403 error. This is not caused by ASL, or any other rule. This rule just reports when apache has blocked a request.

You should investigate this event as it may be part of a broader attack.

[edit] Troubleshooting

[edit] False Positives

None. This rule just reports when apache has blocked a request. This block is not caused by this rule, any other rule, or ASL. Disabling this rule will not prevent apache from blocking these requests, it will just prevent ASL from reporting that this has happened.

[edit] Additional Information

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_60128&oldid=5229"
Personal tools