danieldoe
May 28, 2019Nimbostratus
Bare Byte decoding false positive
Hello, I'm tuning an ASM policy and I'm getting requests that are hitting this learning suggestion:
Action: Set Learn to disabled. Set Enabled to off.
Matched Evasion Technique: Bare byte decoding
I know requests are false positives (I can see from my log manager that are always the same ten requests to hit this alert), I want to create an exception in order not to block them, but I don't want to globally disable the "Bare Byte decoding" detection as suggested in "Action".
What options do I have?
Thank you!