Dears, As per my understanding any parameter in " " is not parsed, and
cannot be fine-tuned. I am working on multiple App rules to reduce the
false positive but majority of the app rules are based on either
"param.dst" or "param.dst" but we I tried t...
App rule 'remote directory Traversal' generating high number of alerts
on EPLH, and I tried to fine tune this app rule but whenever i tried to
filter based on "param.src" all Mata keys disapper. This app rule is
very generic and it need a lot of fine...
we are facing an issue with Agent Installation on Windows Server 2019
only when latest Service pack is installed. Agent installation is
working fine on the Same OS without Service Pack. did any one face same
issue ? or have some quick workaround for ...
Hi, after upgrade from 18.104.22.168 to 22.214.171.124 now facing major problem to
upgrade the NWEdpoint agent to get the latest feature. As per my
knowledge only way to upgrade is to uninstall the 126.96.36.199 and install
188.8.131.52 again which is very time consumin...
I am looking for a guidance to edit/ update APP rules in EndPoint log
hybrid in which we have multiple param.dst which contains same parameter
with only one or two words change. so instead of adding multiple queries
i want to add only one same like w...
I have tried but not successful. but we found the solution . you need to
follow below steps. 1- Insert one additional column Suppose "H" 2- user
the formula (=G2/86400000+DATE(1970,1,1) Note: G is the column for agent
install time 3- Now format the n...
I have gone through same problem, what I did File which is unsigned ,
marked it as whitelisted then I updated the APP rule and add one mode
condition as below context.src != 'file.whitelisted' && ......