2 Replies Latest reply on Mar 2, 2017 5:49 AM by acommons

    Interaction between "Buffer overflow detected and not blocked" and threat_handled: yes

    mcv99 cv

      Hello,

       

      I want to know why SIEM categorizes an ePO Exploit event like a "not blocked" Buffer Overflow attempt even if the custom type threat_handled comes is "yes".


      What should I conclude about a "not blocked" BO attempt and a "threat_handled: yes", because I can't see the logic applied here.


      Example:

       

      I'll be grateful for any answers regarding this.