PRISMA vulnerability false postives

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PRISMA vulnerability false postives

L1 Bithead

We seem to get alot of false positives triggered in PRISMA , using the default Security profiles . 

Example, "Brute force attacks"  from Microsoft outlook clients accessing exchange online , im not even sure who the victim is, and who the threat actor is in that situation .   Seems like Microsoft attacking itself , so not sure why PRISMA is blocking it ,  if we werent using PRISMA, Microsoft seems fine with the traffic .

Another public site , has a bunch of pictures but PRISMA is flagging them as  'HTTP Directory Traversal Request Attempt'  , and blocks them ,  Again not sure if its blocking them on basis that we are attacking that site , or blocking them as they think those pictures are a threat to us .  Whats weird is those same pictures are available else where on that site , where they dont trigger ! .   

I dont want to submit the site/pictures to have them bypassed , its someone elses content .  What i would like is an easy way to exempt false positives directly in the console for sites / content we know are not risks .  Hopefully without having to create a new rule for each site.

0 REPLIES 0
  • 51 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!