Hi Guys I need more info around the rule 31106 and what it does. There is nothing on the wiki on ossec.net. I recieve the following alert:
Rule: 31106 fired (level 12) -> "A web attack returned code 200 (success)." Portion of the log(s): 18/Mar/2010:12:39:43 +0200] "GET /URL?mu=74bffe75- b11b-4f6a-9bf4-4434d906b98a&mp=&token=3150ce37- a8bb-4c31-8ada-8b313a7ec055&mn=TEXT&ttuText=Hi+there%0D%0A%0D%0AIs+it +possible+to+text+%22text%22+text%27text.+text%3F%0D%0A%0D%0AThanks%0D %0 HTTP/1.0" 200 18 "-" "-" The alerts has been modified a bit but the message is still the same. Why did it get set off? Was it the %22text%22 section of the message? Thanks Robert To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
