Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

attack Signature detected but i can not find keyword inside request

Go to solution
Ahmed_Galal
Cirrostratus
Cirrostratus

‎13-Sep-2021 00:44

Hello everyone,

 

i found log for attack signature detection with the below image but i cannot find detected keyword within the request, how is that possible???!

 

0691T00000DzeIsQAJ.jpg

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
samstep
Cirrostratus
Cirrostratus

‎13-Sep-2021 04:07

ASM truncates requests when logging them, so it is possible that the attack signature was found in the part of the payload which was not logged.

 

 

https://support.f5.com/csp/article/K11048172

 

 

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
samstep
Cirrostratus
Cirrostratus

‎13-Sep-2021 04:07

ASM truncates requests when logging them, so it is possible that the attack signature was found in the part of the payload which was not logged.

 

 

https://support.f5.com/csp/article/K11048172

 

 

0 Kudos

Go to solution
Ahmed_Galal
Cirrostratus
Cirrostratus
In response to samstep

‎14-Sep-2021 00:25

Good Morning Sam,

hope that you are doing well.

 

thank you for your assistance, i am now in middle of increase max log size and face memory issue that might happen or convince developer with this part of request 😂 😂

0 Kudos

Go to solution
samstep
Cirrostratus
Cirrostratus
In response to Ahmed_Galal

‎14-Sep-2021 15:26

if they payload is really big (is the developer uploading a file?) this might be a false positive. You could also intercept the request using intercepting proxy such as Fiddler, OWASP ZAP or Burp Suite.

In your screenshot the signature 200000107 is detecting symbols &{

0 Kudos
Copyright © 2023 Khoros, LLC