Showing results for 
Search instead for 
Did you mean: 
Level 7

False positive alerts while deploying Custom Attacks (UDS)?

Have you ever seen this?

I go and download two UDS sets from the support portal, UDS-121214 and UDS-121114_updated, import and save them, and as it is being deployed on the NSM, sensor throws a bunch of alerts I don't normally or would expect to see

Deployment is confirmed with timestamp of 2014-Dec-18 13:23:23


And this "bunch" of alerts is all within one second of eachother right around the time of UDS being deployed.

Looking closer at the alerts, I realize that none of the packet captures for those alerts contain the byte sequences that they are supposedly triggering on.

And my environment is nice and "quiet" before and after that "blip".

Is this common? To be expected? Safe to ignore?

Thank you.

0 Kudos