LoFP
/
web application
Title
Tags
false positives may vary based on cisco ai defense configuration; monitor and filter out the alerts that are not relevant to your environment.
web application
splunk
false positives should be limited, however tune or filter as needed.
t1190
web application
splunk
legitimate new account creation by authorized administrators will generate similar log entries. however, those should include proper authentication details. verify any detected events against expected administrative activities and authorized user lists.
t1190
web application
splunk
no known false positives for this detection. if the alerts are noisy, consider tuning this detection by using the _filter macro in this search, and/or updating the tool this alert originates from.
web application
splunk
LoFP
/
web application