• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

XSS with no alarm


New Life Form
I tried to make a simple XSS but OSSIM do not trigger any alarm.
My deployment is a master with two agent.

This is my XSS

I tried to capture traffic in real time tab dashboard but without success. 

The 2 agents seem to work fine. Traffic is captured correctly and  also the simple XSS test is captured...

Share post:


  • There is a rule for this.  You might need to enable it on your system.  It's in emerging_pro-scan.rules.  I was going to paste it in here, but the cross site scripting protection on this forum won't let me do it :)
    It's snort sid 2008627.

    In order to make this fire, the attack needs to come from your EXTERNAL_NET to your HTTP_SERVERS group.  You could always copy that rule, and change the variables to HOME_NET and HOME_NET.

    For this kind of thing, it's sometimes easier to look right at snort documentation rather than Alienvault's.

    Good luck.

  • \\";alert('XSS');//
  • Thanks! It's work fine!
Sign In or Register to comment.