Experimental Detection "Remote Desktop Network Traffic" False Positives

Question

Experimental Detection "Remote Desktop Network Traffic" False Positives

ccl0utier opened this issue 2 years ago · comments

Christian Cloutier commented 2 years ago

Rule Remote Desktop Network Traffic should be updated to disregard "blocked" traffic (e.g.: add ... AND All_Traffic.action = "allowed") to prevent false positives.

Lou Stella · Answer 1 · Tue Oct 04 2022 02:39:35 GMT+0800 (China Standard Time)

Merged a fix in #2403