Snort - Network Intrusion Detection & Prevention System

Talos Rules 2015-12-21

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-flash, file-identify, file-office, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2962

2015-12-21 23:56:14 UTC

Snort Subscriber Rules Update

Date: 2015-12-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)
 * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37119 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37121 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37120 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37118 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37127 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37122 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37123 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37146 <-> ENABLED <-> SERVER-OTHER Juniper ScreenOS unauthorized backdoor access attempt (server-other.rules)
 * 1:37128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)

Modified Rules:


 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:37113 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules)
 * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules)
 * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules)
 * 1:37111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)

2975

2015-12-21 23:56:14 UTC

Snort Subscriber Rules Update

Date: 2015-12-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)
 * 1:37122 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37118 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37120 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37121 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37119 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37123 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37127 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37146 <-> ENABLED <-> SERVER-OTHER Juniper ScreenOS unauthorized backdoor access attempt (server-other.rules)
 * 1:37128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)

Modified Rules:


 * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:37113 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules)
 * 1:37111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules)

2976

2015-12-21 23:56:14 UTC

Snort Subscriber Rules Update

Date: 2015-12-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)
 * 1:37127 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37118 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37119 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37120 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37121 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37122 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37123 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37146 <-> ENABLED <-> SERVER-OTHER Juniper ScreenOS unauthorized backdoor access attempt (server-other.rules)
 * 1:37145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)

Modified Rules:


 * 1:37111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:37113 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules)
 * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules)
 * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)

2980

2015-12-21 23:56:14 UTC

Snort Subscriber Rules Update

Date: 2015-12-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37146 <-> ENABLED <-> SERVER-OTHER Juniper ScreenOS unauthorized backdoor access attempt (server-other.rules)
 * 1:37145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)
 * 1:37128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)
 * 1:37127 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37123 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37122 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37121 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37120 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37119 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37118 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules)
 * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules)
 * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:37111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:37113 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)