New Alert 5432
Seeing a large amount of false positive alerts on the new signature 5432, Script Embedded in HTTP Header. It seems to be alerting on the word script in any URL, instead of the existance of "</script>" or even the existance of /scripts/w3who.dll. That is if this script in in response to the w3who.dll vulnerabilites.
Anyone else experiencing this or attempted to tune this signature? I've attempted to tune several other existing signatures, with limited success.
The following IP packet has triggered an event for "Script Embeded in HTTP Header". Can anyone from this list perhaps explain this packet with regards to its intention?
Judging by the packet details, I would have to retract my previous/earlier statement and say that the signature has detected correctly but I am now unsure if the intent in this packet is malicious or not.
Frame 1 (1518 bytes on wire, 1518 bytes captured)
Ethernet II, Src: mac_a, Dst: mac_b
Internet Protocol, Src Addr: my.host (my.host), Dst Addr: my.proxy (my.proxy)
Transmission Control Protocol, Src Port: 4303 (4303), Dst Port: my.proxy_port (my.proxy_port), Seq: 0, Ack: 0, Len: 1460
Hypertext Transfer Protocol
GET http://s0b.bluestreak.com/ix.e?fl&s=340734&w=200&h=200&u=http%3A//ad.uk.doubleclick.net/adi/rte_news.ie/%3Bsz%3D200x200%3Bkey%3Dnews%3Bord%3D%3Cscript%3Edocument.write%28Math.round%28Math.random%28%29*10000000%29%29%3C/script%3E%3F&clt
Request Method: GET
Accept: */*\r\n
Referer: http://ad.uk.doubleclick.net/adi/rte_news.ie/;sz=200x200;key=news;ord=document.write(Math.round(Math.random()*10000000))?\r\n
Accept-Language: fr-be\r\n
Proxy-Connection: Keep-Alive\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; IE6CFG32a)\r\n
Host: s0b.bluestreak.com\r\n
Cookie: id=xx21300xx210652xx bb=w1oQw1tK"K"Q4to|1o1owwtwo"AR1to|wKo_4AtKAK44"to|K_4RAAtKo"4owto|K_4RAAtKo"4o4to|w_R1R1twKwww_to|w1oQw1twoRKo1to|1K1wo4twKwwR"to|1K1wootwKww"Qto|14Ao1Rtw4AK"Kto|1oR_oKtw4o4K1to|w_R1R1tw4K4Awto|1ooAK_twoww4wto
Similar Messages
-
Set JArray values with invalid key value: "LastUpdatedTime" on new alert rule creation
Hey all!
I'm trying to create a new alert rule using version 0.9.11 of the Monitoring Library and am getting this error on alertsClient.rules.CreateOrUpdate:
"Set JArray values with invalid key value: "LastUpdatedTime". Array position index expected."
That's interesting because LastUpdatedTime is a DateTime object, and whether I set it or I don't, if I set a breakpoint, it does set itself correctly, but the API appears to be expecting a JSON hash?
I've tested alertsClient and I'm able to get existing alerts (also metrics with metrics client), so I don't believe it's an access issue.
Any ideas?
The full code I'm using for the test (borrowed virtually verbatim from the Cloud Cover video
here):
Rule newRule = new Rule
Name = "CPU Over 90%",
Id = Guid.NewGuid().ToString(),
Description = "CPU Has been over 90% for 5 minutes",
IsEnabled = true,
LastUpdatedTime = DateTime.Now,
Condition = new ThresholdRuleCondition
Operator = Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.ConditionOperator.GreaterThan,
Threshold = 90,
WindowSize = TimeSpan.FromMinutes(5),
DataSource = new RuleMetricDataSource
MetricName = "Percentage CPU",
ResourceId = "",
MetricNamespace = ResourceIdBuilder.BuildCloudServiceResourceId(<cloudservicename>, <deploymentname>)
RuleAction action = new RuleEmailAction
SendToServiceOwners = true,
newRule.Actions.Add(action);
OperationResponse alertResponse = alertsClient.Rules.CreateOrUpdate(new
RuleCreateOrUpdateParameters { Rule = newRule });
Console.WriteLine("Create alert rule response: " + alertResponse.StatusCode);Hi Greg,
Thanks for your post!
Error "JArray" has been fixed in the latest nugget package.
Refer to:
http://www.nuget.org/packages/Microsoft.WindowsAzure.Management.Monitoring/
Hope this helps!
Regards,
Sadiqh -
Regarding creation of new Alert category
Hi All
When I am creating a new alert category using Tcode ALRTCATDEF and trying to save it .A prompt-message is displayed as prompt for customizing request what should i do to create the new Alert category . and see it in the select Alert category box
Regards,
AzizHi Aneez,
I have given u all the configuration steps with links also the different ways by which u can raise alert.
I think u have not gone through my threads. Also u did not replied me whether u resolved the problem which is raised in thread.
1) how can i send an email alert through RWB?
RWB is used for raising Integration and Adapter engine related errors.
Its depends upto u what kind of errors u want to send.
2)what are the steps i need to configure using Tcode ALRTCATDEF.
Already provided u in one of ur thread.
3) is this possible using CCMS Alerts .
U can use this is another way of raising errros.
4)do i need SMTP to be configured to send an Email Alert ?
GO to SU01 transaction and maintained email address where u need to send alert message. IN ALRTCATDEF u need to mentioned the use in the fixed receiver tab.
Hope it clears to you.
Thnx,
Chirag -
I am concerned if it is safe to use Adobe Flash and plug in in Firefox after yesterdays news alert :
Considering that the vulnerability is in Internet Exploder... I'd have to say "yes".
-
How do I get rid of "Breaking News Alert"?
Breaking News Alert keeps appearing on Firefox - how do I get rid of it?
You can check for recently installed suspicious or unknown extensions.
*https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes
Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware.
All these programs have free versions.
Make sure that you update each program to get the latest version of their databases before doing a scan.
*Malwarebytes' Anti-Malware:<br>http://www.malwarebytes.org/mbam.php
*AdwCleaner:<br>http://www.bleepingcomputer.com/download/adwcleaner/<br>http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml
*SuperAntispyware:<br>http://www.superantispyware.com/
*Microsoft Safety Scanner:<br>http://www.microsoft.com/security/scanner/en-us/default.aspx
*Windows Defender:<br>http://windows.microsoft.com/en-us/windows/using-defender
*Spybot Search & Destroy:<br>http://www.safer-networking.org/en/index.html
*Kasperky Free Security Scan:<br>http://www.kaspersky.com/security-scan
You can also do a check for a rootkit infection with TDSSKiller.
*Anti-rootkit utility TDSSKiller:<br>http://support.kaspersky.com/5350?el=88446
See also:
*"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
*https://support.mozilla.org/kb/troubleshoot-firefox-issues-caused-malware -
Para retirar o virus: breaking news alert
Para retirar o virus breaking news alert , usei um soft que eu tinha: adware e foi perfeito. O que me passaram da isafe, quando fui instalar, ia em 99% e não instalava.
mmt22, tudo bem?
Você já começou um tópico sobre o "breaking news alert", mantenha a conversa nesse tópico não crie um novo.
[https://support.mozilla.org/pt-BR/questions/1052596] -
Hi there,
I am trying to create a new alert category(alrtcatdef)
I get the following error
Entry CCMS ALERTS does not exist in SALRTCATC (check entry)
ANy hint?
SabbirHi sabbir,
1) Transaction RZ20 is used for creating monitors in CCMS, select Extras --> Activate maintenance functions.
2)Go to monitor (set) --> create, you will get to the following screen:in transaction RZ20 select extras --> activate maintenance functions.
3)Go to monitor (set)--> create, you will get to the screen:
4)click <<< new monitor>>> and select create nodes (F5) button from the toolbox icon.
5)select rule node and hit the continue button.
6)in the next dialog select CCMS_DEFINE_R_SYSTEMS as the rule definition and hit the continue button.
7)Now select <CURRENT> from the match code for the R3 system parameter value and hit the continue button.
Note: pls remember that we are creating a rule Based monitor: we need to make sure NO object checked from the selectable MTE tree.
8) The next step is to create the virtual node to group all the MTEs that we should select from the MTE classes shown in point a. TO do this ,
click on CCMS_DEFINE_R3_SYSTEMS if it is not already selected and hit create nodes (F5) button from the toolbox. now select
virtual node and hit the continue button.
9)in the name field write something like: test rule based monitors and hit the continue button.
10) now click under test rule based monitors to select them and then hit on create nodes (F5)
choose Rule based and hit continue button.
11) On the next screen select CCMS_GET_MTE_BY_CLASS as the rule name and the hit the hit the continue button.
12)Now we need to add each MTE class from point a. to tje following screen on the MTE class
paramater value. select all of them and hit continue button.
13) the next step is to include all MTE classes already defined in point a. you will need to repeat these steps for each
additional class you want to add to the monitor set.
14) After all classes has been included into the monitoring set hit the save button from the toolbox.
15) you will be prompted for a monitor name , write something meaningful.
The new Monitor set should be display
Find the links
http://help.sap.com/saphelp_nw04/helpdata/en/d4/cc823bd26a5c42e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/e5/5d1741b393f26fe10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/f6/d60b374e4e7c64e10000009b38f839/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/90/4e313f8815d036e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/e8/e7f0fb1a2511d294d200a0c930df15/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/43/9e9031c28d47b6e10000000a11466f/frameset.ht
regards
srinivas -
We want to configure the new alert in case when the Forecast received from the customer deviates +/- 10%. in NSC5.1.
Can we configure our own alerts in this case.
What is the procedure for configuration of new alerts.
thxHi Vaibhav
This guide can come handy
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/80b31362-7806-2d10-84a0-d2886880c282?quicklink=index&overridelayout=true
Best Regards
Vinod -
IOS 5 - New Alert Tones not playing
After updating to iOS 5, I purchased some new Alert Tones to customize my notifications (text, calendar, etc..), BUT the new tones will not play when my notifications pop up. I switched back to the default tones and it worked fine and I get the sound, but anytime I switch to any of my purchased tones I don't get any sound.
Anyone else experience this?After messing with it for a while, I finally rebooted the phone and the sounds now work.
-
Is there a way to create a ringtone or new alert sound for SMS?
I know i get tired of hearing my alert sound when I receive a text message. On top of that it seems as if everyone uses the same alert. Is there a way to create a new sound/ringtone for the SMS Alerts?
You can choose one of the 5 or 6 choices provided in settings.
http://support.apple.com/manuals/iphone/ -
Add new Alerts to system monitoring
Hi,
My Name is Tomas Piqueres and I'm working with Solution Manager. I'm monitoring one of my systems and I'm setting up some alerts.
The problem is when I'm trying to add some alerts that are outside the last node (the corresponding with the server name).
For example, I want to activate an alert to see the free disk space in database, at satellite system I select the alert and set properties. Here I found the full name of the properties:
<SID>\Microsoft SQL Server\Space management\DB:PRO\N:/MSSQL/PRODATA1/PRODATA1.mdf\PRODATA1 Free Disk Space
With the full path, I go to my Solution Manager> transaction DSWP>Select my solution>Operation setup>Setup System Monitoring
Here I only can add new User Defined Alerts for my server and my SAP System. If I select User Defined Alerts for my database I get the error No properties can be maintained for the selected node (MTE).
If I try to add an alert for the server, the path for all of the alerts possible is <SID>\<server name>\.....
So I can't add the alert I've got from satellite system.
Is there any way to add more alerts?
Please, could you help me?
Thanks and regards,
Tomas.
Edited by: Tomas Piqueres on Mar 27, 2009 2:01 PMHi Nesimi,
That was exactly what I did but it didn't work.
I've solved it changing the CCMS context.
Thanks,
Tomas. -
Jabber server New alert message
I have been using a jabber server to access my MSN account and it has worked pretty good for several months. only issues, is sometimes it shuts off with no warning or once a got an alert message in another language. when i replied in english, there was no return message, and then the server kicked me off and went off line for a while.
This morning i logged in to my iChat and started getting a message from the server (msn.netlab.cz). the messages read: "Your MSN account has been logged in elsewhere. Please logout at the other location and then reactivate the MSN transport." This message keeps coming up every 3 or 5 minutes.
no i know i am not logged in anywhere else, but i shut it off on iChat and logged into MSN messenger anyways. i could log in with no problems, so i assume i am not logged in.
Has anyone heard of this message coming up as a false error or is it possible someone is logged in under my msn account? I do not give out passwords so i don't see how.Hi GIlbert,
I haven't heard of that message before, but you're right, that would be annoying happening so often! It is possible that someone hacked into your MSN account by guessing the password (which it never hurts to change a password every so often just in case). I'm not saying that's exactly what happened though.
The other situation could be that you logged on via another IP address somehow (through an open wireless connection?) and never properly closed out the connection. So the server would still see you online, even though you're really not.
There are a few Google results on the subject though. Maybe this thread will help you out or shed some light on the issue?
Good luck!
-Ryan -
How do I create a new alert sound?
In OS 9 it was obvious how to create a custom alert sound, but I don't see how to do it in Tiger or Snow Leopard. Any suggestions?
spudnuty- this works on my MBP Snow Leopard but not on my G5 iMac. In the Library folder_Alerts it will play in iTunes as an audio file when I click on it. But in my Alerts window, it is silent, unless I play another sound. Then when hit my custom sound it plays the previous installed sound.
-
<blockquote>Locking duplicate thread.<br>
Please continue here: [/questions/811301]</blockquote><br>
Whenever a website or javascript pops up an alert message, Firefox4 now completely greys out the site. How do I turn this retarded feature off? Also how do I get my status bar at the bottom of the window back? Another retarded design decision.You can look at the pref <b> prompts.tab_modal.enabled</b> to false on the <b>about:config</b> page.
To open the <i>about:config</i> page, type <b>about:config</b> in the location (address) bar and press the "<i>Enter</i>" key, just like you type the url of a website to open a website.<br />
If you see a warning then you can confirm that you want to access that page.<br /> -
How to add new alert sounds to Sound Effects in Sys. Prefs
I'd like to add a sound (it's in MP3) to the Sound Effects in System Preferences. How do I do this?
Hi Craig, if it isn't playing in the actual folder then something went wrong in your conversion. Exactly how did you do the conversion? And how did you get it out of iTunes (if that is what you used for the conversion) to use it as a sound effect?
I have a one second piano chord in mp3 stashed away in a sound collection folder. I double click it and it opens in iTunes. I then go to iTunes Preferences, click on Advanced, then click the Importing tab, and change "Import Using" to "AIFF Encoder" (my default is MP3 Encoder) and click the OK button. Go back to the regular iTunes window and select your mp3 file, then go up to the Advanced menu and select "Convert Selection to AIFF"--it should convert it very quickly. Grab the new aif file and drag out of iTunes window onto the Desktop. Do GetInfo on it and change the extension to .aiff (iTunes exports it plain name.aif). While you are in GetInfo verify that it plays in the Preview section. Now add it to the /System/Library/Sounds folder. Oh, and remove the one that doesn't work. You'll have to authenticate to do that too.
Francine
Francine
Schwieder
Maybe you are looking for
-
Release strategy for Purchase order
Hi Friends, My client was using Release strategy for purchase order. Now we want to know the T-code for showing list of Rejected Purchase orders, T-code for for showing list of approved purchase orders, T-code for showing list of blocked purchase or
-
I have loved safari 4 and have used it dedicatedly on leopard with ad block for the last 1 year. However, since I upgraded to snow leopard, and not having ad block, I feel safari is extremely slow. Is anyone else experiencing such a speed drop?
-
Post Author: dura13 CA Forum: Formula HI I'm having trouble figuring out the formula to compare the month/year of 1 field versus the month/year of another. Here's what I have sofar. dateadd("m",-6,currentdate) this will take me back 6 months to tod
-
Trace file out put line shows 18726 but wc -l lists only 165
Friends, the output of the trace file show "18726 lines in trace file" when i run the linux command to count the number of lines $ wc -l filename.txt it shows only 165 lines. Also, the manual count shows 165 lines. so where are the remaining lines? t
-
Failure to update PS-CS6 error code u44m1p7
Hi: Repetaed failure to update my PS CS6. Getting error U44M1P7. Other modules of Craetive suite CS6 (eg: bridge, illustrator) update properly. Have PS-CC also and is running properly. Just installed Adobe application manager update thinking it wil