[Request] Tips investigating Imunify360 detected incidents
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Leon Harbour
  2. 20.07.2017
  3.  Subscribe via email
Hey there,

First, I love the product.

I've seen a lot of incidents detected by Sensor and I'd like to think that it is doing a good work.

But it is very difficult to investigate on the reported incidents and I'd like to know if you guys have any tips to make that specific task effective.

Lately, I've got a lot of ( i360-wallarm - web-shell access ) incidents reported but very few detail about the events.

Should I increase the verbosity of the log details? Is it worthy or another false positive?

Talking about false positive, it is becoming a time consuming overhead to manage and the overall effort don't seem to be worthy. Any tips to make it better?

Rate this post:
  1. 31.07.2017 16:07:09
  2. # 1
Posts: 186
Joined: 31.01.2017
Thank you for your feedback.

Actually, decreasing false positive rate is our number one goal in Imunify360 development. We have added ruleset feed from wallarm (pls see this blog post) to make sure we protect from both well-known and newer threats. All the new rules are working in non-blocking mode to make sure they work well before we turn them into active mode.

If you encounter excessive false positive rate with any WAF/ossec rule that prevents your customers from accessing their sites, please let us know by submitting a ticket with our helpdesk system.
  1. 16.08.2017 18:08:42
  2. # 2
Posts: 186
Joined: 31.01.2017
Update: we have created a task DEF-2714 for a similar request posted at https://www.cloudlinux.com/forum/imunify360-imunifysensor/features-i-d-like-to-see
  • Page :
  • 1

There are no replies made for this post yet.
Be one of the first to reply to this post!
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.