WAF 340069

From Atomicorp Wiki
Jump to: navigation, search
Rule 340069
Status Active
Alert Message Atomicorp.com WAF Rules: Web vulnerability scanner

Contents

Description

This rule is triggered when known vulnerability scanner actions are detected. This looks for events that vulnerability scanners do on purpose to identify themselves to the system they are testing.

Troubleshooting

False Positives

There are no known false positives with this rule. The rule looks for the known actions that vulnerability scanners take to specifically identify that they are testing the system, and that do this on purpose so that the operators of the system know that they are being scanned. This is a bit akin to asking the police to check your home for security issues, and upon arriving the police ring your doorbell and tell you they will be starting the assessment. Some vulnerability scanners "announce" themselves, and that is what this rule looks for.

False positives with this rule are essentially unheard of. But if you believe you have one, please follow the process documented in the Reporting_False_Positives procedure.

Tuning Guidance

Please see the Tuning the Atomicorp WAF Rules page for more information.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Personal tools