Forum Discussion
abdul_gafoor_31
Nimbostratus
NimbostratusHow to manage command execution violations on Parameters where free text is allowed.
I would like to know the best practice to deal with ‘command execution’ violations on Parameters where free text is allowed. I understand we can disable those attack signature on specific parameters....
Hi Abdul,
There isn't much you can do. I've seen it a lot exactly as you're describing, and the best you can do is disable signatures for those parameters. If you know the systems involved, and for example its windows, you could disable a lot of the UNIX ones such as cat, etc. but it's not a great solution and would be pretty tedious. You end up adding that parameter and then disabling attack signatures since it will get hit pretty often. If you're in blocking, you could put the parameter in staging so at least you won't get a ton of blocks while you clean it up.
Dave_McCauley_3
Cirrostratus
CirrostratusHi Abdul,
There isn't much you can do. I've seen it a lot exactly as you're describing, and the best you can do is disable signatures for those parameters. If you know the systems involved, and for example its windows, you could disable a lot of the UNIX ones such as cat, etc. but it's not a great solution and would be pretty tedious. You end up adding that parameter and then disabling attack signatures since it will get hit pretty often. If you're in blocking, you could put the parameter in staging so at least you won't get a ton of blocks while you clean it up.