2 Replies Latest reply on Mar 2, 2017 5:49 AM by acommons

    Interaction between "Buffer overflow detected and not blocked" and threat_handled: yes

    mcv99 cv



      I want to know why SIEM categorizes an ePO Exploit event like a "not blocked" Buffer Overflow attempt even if the custom type threat_handled comes is "yes".

      What should I conclude about a "not blocked" BO attempt and a "threat_handled: yes", because I can't see the logic applied here.



      I'll be grateful for any answers regarding this.