Tanner "Detection Type" shows only index, unknown and xss

[djoker77]

Hello everyone, I recently reported an issue on the t-pot page about Tanner not identifying any other attack types than XSS. Maybe you know why this is the case. Snare and Tanner are running normally, but I tried a couple attacks like SQLi, RFI/LFI or XXE, but neither of those were detected. Instead, they were classified as index or unknown. Can you help me with this issue, or do you know the reason for this behavior? (Speculation would also help)

Issue at t-pot: https://github.com/telekom-security/tpotce/issues/1560

[afeena]

Hi,

please make sure you have other emulators "enabled" on the Tanner side

[djoker77]

Hi, thanks for the reply, I see that the emulators are enabled, I just enabled another emulator in the Tanner emulator configuration of the Tpot installation. The rest were left on enabled.

[djoker77]

Hi, sorry for the annoyance, but have you got any other explanation for this problem?