How to eliminate false-positive alerts for the Possible TNS Poisoning rule
Last Modified: 2022-10-14 04:32:39 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
How to eliminate false-positive alerts for the Possible TNS Poisoning rule
Technical Articles ID:
KB76655
Last Modified: 2022-10-14 04:32:39 Etc/GMT EnvironmentDatabase Activity Monitoring (DAM) 4.x
SummaryThe rule, Possible TNS Poisoning, is intended to detect the TNS Poison Attacks against Oracle databases (CVE-2012-1675). Sometimes, the rule might generate false-positive alerts when a remote listener registration takes place. This article helps eliminate such false-positive alerts.
ProblemFalse-positive alerts for the rule Possible TNS Poisoning are incorrectly generated.
CauseThe Possible TNS Poisoning rule often generates false-positive alerts during remote listener registrations, especially in Real Application Cluster environments.
SolutionWe recommend that you create a
To add an exception to the Possible TNS Poisoning rule:
Affected ProductsLanguages:This article is available in the following languages: |
|