cancel
Showing results for 
Search instead for 
Did you mean: 

Interaction between "Buffer overflow detected and not blocked" and threat_handled: yes

Hello,

I want to know why SIEM categorizes an ePO Exploit event like a "not blocked" Buffer Overflow attempt even if the custom type threat_handled comes is "yes".


What should I conclude about a "not blocked" BO attempt and a "threat_handled: yes", because I can't see the logic applied here.


Example:

I'll be grateful for any answers regarding this.

0 Kudos
2 Replies

Re: Interaction between "Buffer overflow detected and not blocked" and threat_handled: yes

Please I need to clarify this.

0 Kudos
acommons
Level 10

Re: Interaction between "Buffer overflow detected and not blocked" and threat_handled: yes

From (poor) memory you have your Agent configured in non-blocking mode for the buffer overflow event. So the threat is handled in accordance with your configuration.