flowbit noalert blocked?

derhelge · March 06, 2023, 01:00:23 PM

Hi,

using os-etpro-telemetry there a lot blocked entries in /ui/ids#alerts:

Alert ETPRO EXPLOIT Microsoft Protected Extensible Authentication Protocol RCE xbits set, noalert (CVE-2023-21690)
Alert sid 2853519

From my understanding, these packages should not be blocked? But the table says "blocked"?

featheredfifth · April 20, 2023, 05:16:32 AM

Hi,
I don't understand ETPRO EXPLOIT well yet. Can someone explain in more detail.

funny shooter 2

flowbit noalert blocked?

derhelge

March 06, 2023, 01:00:23 PM

featheredfifth

April 20, 2023, 05:16:32 AM #1