LoFP LoFP / t1595

t1595

TitleTags
internal development or testing scripts. consider filtering by source ip if this is expected from certain systems.
legitimate network monitoring or vulnerability scanning tools that may use this generic user agent.
some administrator activity can be potentially triggered, please add those users to the filter macro.
there is a potential for false positives if the container is used for legitimate tasks that require the use of network utilities, such as network troubleshooting, testing or system monitoring. it is important to investigate any alerts generated by this rule to determine if they are indicative of malicious activity or part of legitimate container activity.
unknown