Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

modified domain cookies

THE_BLUE
Cirrostratus
Cirrostratus

i got many block with a violation of modified domain cookies with reasen " new cookie" . I noticed that if the cookies in enforced list and been changed i will face modified domain cookies. 

so do i have to move this cookies to allowd list? or remove the block from settings? is there is any risk? or there is another violation will catch if sth illegal happen? 

how to know if it is false positive or not? note that, i'm not the owner of the secured application 

1 ACCEPTED SOLUTION


how to know if it is false positive or not? note that, i'm not the owner of the secured application 


Thats the worst condition to maintain an security policy. But I feel you. Since we have the same situation at our DC. Without having a clue whats going on at the application you should not enforce the cookies or other settings like parameter. Cause u dont know what cookie/parameter is correct, how often there will be a change and so on. 

You have two choices.

A) Get in touch with the application devs and set up all together (parameter, cookies, urls, etc) then u have a good secured policy

B) Go with wildcard for parameter, url and cookies, etc. dont learn them just accept them and only do attack signatures of them. 

View solution in original post

1 REPLY 1


how to know if it is false positive or not? note that, i'm not the owner of the secured application 


Thats the worst condition to maintain an security policy. But I feel you. Since we have the same situation at our DC. Without having a clue whats going on at the application you should not enforce the cookies or other settings like parameter. Cause u dont know what cookie/parameter is correct, how often there will be a change and so on. 

You have two choices.

A) Get in touch with the application devs and set up all together (parameter, cookies, urls, etc) then u have a good secured policy

B) Go with wildcard for parameter, url and cookies, etc. dont learn them just accept them and only do attack signatures of them.