cancel
Showing results for 
Search instead for 
Did you mean: 

attack Signature detected but i can not find keyword inside request

Ahmed_Galal
Cirrostratus
Cirrostratus

Hello everyone,

 

i found log for attack signature detection with the below image but i cannot find detected keyword within the request, how is that possible???!

 

0691T00000DzeIsQAJ.jpg

1 ACCEPTED SOLUTION

samstep
MVP
MVP

ASM truncates requests when logging them, so it is possible that the attack signature was found in the part of the payload which was not logged.

 

 

https://support.f5.com/csp/article/K11048172

 

 

View solution in original post

3 REPLIES 3

samstep
MVP
MVP

ASM truncates requests when logging them, so it is possible that the attack signature was found in the part of the payload which was not logged.

 

 

https://support.f5.com/csp/article/K11048172

 

 

Good Morning Sam,

hope that you are doing well.

 

thank you for your assistance, i am now in middle of increase max log size and face memory issue that might happen or convince developer with this part of request 😂 😂

if they payload is really big (is the developer uploading a file?) this might be a false positive. You could also intercept the request using intercepting proxy such as Fiddler, OWASP ZAP or Burp Suite.

In your screenshot the signature 200000107 is detecting symbols &{