Announcement

Collapse
No announcement yet.

[Request] Tips investigating Imunify360 detected incidents

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Request] Tips investigating Imunify360 detected incidents

    Hey there,

    First, I love the product.

    Ive seen a lot of incidents detected by Sensor and Id like to think that it is doing a good work.

    But it is very difficult to investigate on the reported incidents and Id like to know if you guys have any tips to make that specific task effective.

    Lately, Ive got a lot of ( i360-wallarm - web-shell access ) incidents reported but very few detail about the events.

    Should I increase the verbosity of the log details? Is it worthy or another false positive?

    Talking about false positive, it is becoming a time consuming overhead to manage and the overall effort dont seem to be worthy. Any tips to make it better?

    Regards,

  • #2
    Thank you for your feedback.

    Actually, decreasing false positive rate is our number one goal in Imunify360 development. We have added ruleset feed from wallarm (pls see this blog post) to make sure we protect from both well-known and newer threats. All the new rules are working in non-blocking mode to make sure they work well before we turn them into active mode.

    If you encounter excessive false positive rate with any WAF/ossec rule that prevents your customers from accessing their sites, please let us know by submitting a ticket with our helpdesk system.

    Comment


    • #3
      Update: we have created a task DEF-2714 for a similar request posted at https://www.cloudlinux.com/forum/imu...-d-like-to-see

      Comment

      Working...
      X