LoFP
/
web application
Title
Tags
false positives may be present with legitimate applications. attempt to filter by dest ip or use asset groups to restrict to confluence servers.
t1190
web application
web server
splunk
false positives should be limited, however tune or filter as needed.
t1190
web application
splunk
legitimate new account creation by authorized administrators will generate similar log entries. however, those should include proper authentication details. verify any detected events against expected administrative activities and authorized user lists.
t1190
web application
splunk
LoFP
/
web application