LoFP LoFP / t1499

t1499

TitleTags
legitimate administrative activity modifying sysrq for debugging or recovery. please update the filter macros to remove false positives.
legitimate high-volume production workloads processing multiple concurrent requests, users loading large language models (7b+ parameters) that naturally require substantial memory allocation, simultaneous multi-model deployments during system scaling, batch processing operations, or initial system startup sequences may generate similar memory allocation patterns during normal operations.
limited false positives in most environments, however tune as needed.
network scanning or testing tools that probe cisco smart install endpoints may trigger similar signatures. validate against maintenance windows or approved security assessments.
serious issues with a configuration or plugin
unknown