Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

I started eXpert-BSM and launched an attack that it should detect, but no alert was produced. Why?

Alert Attack detect expert-bsm produced STARTED
0
Posted

I started eXpert-BSM and launched an attack that it should detect, but no alert was produced. Why?

0 CommentsAdd a Comment

1 Answer

0

The most likely reason is that the process where you launched your attack has the same session ID (a common ancestor login process) as the process from which eXpert-BSM was started. eXpert-BSM turns off auditing for the session it is running in, to avoid recursive effects. Exit the login session where you started eXpert-BSM or login remotely from another host to get a new login session, and try again. If that does not work, make sure that you have configured eXpert-BSM properly, for example that you listed the administrative accounts in the file resource-object/config/eXpert-Config.inc Also, remember that many of the heuristics base their reasoning on the audit id, that is the identity used when logging in, regardless of subsequent identity changes through su.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123