I have created new attack signature.
I have set type as request, added system technologies, attack type.
Under rule Matched Element is Request Content, Contains String, under Keyword.... valuecontent:"Invalid JSON. Value null of type org.json.JSONObject$1 cannot be converted to JSONObject"; jsononly;
Match case is checked and Accuracy and Risk is set to Low,
This attack signature is added to signature set which is bind to policy. Policy changes are applied.
Yet it does not seem to drop the request, in SIEM tool we can see request:
request_status="passed",response_code="200"