12-15-2024 06:59 PM
We seem to get alot of false positives triggered in PRISMA , using the default Security profiles .
Example, "Brute force attacks" from Microsoft outlook clients accessing exchange online , im not even sure who the victim is, and who the threat actor is in that situation . Seems like Microsoft attacking itself , so not sure why PRISMA is blocking it , if we werent using PRISMA, Microsoft seems fine with the traffic .
Another public site , has a bunch of pictures but PRISMA is flagging them as 'HTTP Directory Traversal Request Attempt' , and blocks them , Again not sure if its blocking them on basis that we are attacking that site , or blocking them as they think those pictures are a threat to us . Whats weird is those same pictures are available else where on that site , where they dont trigger ! .
I dont want to submit the site/pictures to have them bypassed , its someone elses content . What i would like is an easy way to exempt false positives directly in the console for sites / content we know are not risks . Hopefully without having to create a new rule for each site.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
