Talos Rules 2017-05-18
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-executable, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, os-windows, protocol-other, protocol-scada, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2017-05-18 04:21:26 UTC

Snort Subscriber Rules Update

Date: 2017-05-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42925 <-> ENABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection attempt (malware-cnc.rules)
 * 1:42926 <-> ENABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection attempt (malware-cnc.rules)
 * 1:42927 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt  (indicator-compromise.rules)
 * 1:42928 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt  (indicator-compromise.rules)
 * 1:42929 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection attempt (malware-cnc.rules)
 * 1:42930 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineBitsJPEG2 invalid length memory corruption attempt (file-flash.rules)
 * 1:42931 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineBitsJPEG2 invalid length memory corruption attempt (file-flash.rules)
 * 1:42932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules)
 * 1:42933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules)
 * 1:42934 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Historian buffer overflow attempt (protocol-scada.rules)
 * 1:42935 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules)
 * 1:42936 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules)
 * 1:42937 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42938 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42942 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules)
 * 1:42943 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules)
 * 1:42944 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB remote code execution attempt (os-windows.rules)
 * 3:42941 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2017-0337 attack attempt (protocol-other.rules)

Modified Rules:


 * 1:33590 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules)
 * 1:33589 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules)
 * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1  (file-image.rules)
 * 1:38835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules)
 * 1:38836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules)
 * 1:39273 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:39274 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:41978 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB remote code execution attempt (os-windows.rules)
 * 1:42233 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection attempt (malware-cnc.rules)
 * 1:42386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection attempt (malware-cnc.rules)
 * 3:41306 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2016-0256 attack attempt (file-executable.rules)
 * 3:41225 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0243 attack attempt (file-pdf.rules)
 * 3:41224 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0243 attack attempt (file-pdf.rules)
 * 3:32207 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:41223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0230 attack attempt (server-webapp.rules)
 * 3:41197 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0226 TALOS-2017-0289 attack attempt (file-pdf.rules)
 * 3:41222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0240 attack attempt (server-webapp.rules)
 * 3:41097 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0238 attack attempt (server-other.rules)
 * 3:41196 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0226 TALOS-2017-0289 attack attempt (file-pdf.rules)
 * 3:35730 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0009 attack attempt (os-windows.rules)
 * 3:35729 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0009 attack attempt (os-windows.rules)
 * 3:35728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2015-0011 attack attempt (file-other.rules)
 * 3:35722 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0008 attack attempt (os-windows.rules)
 * 3:35727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2015-0011 attack attempt (file-other.rules)
 * 3:35721 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0008 attack attempt (os-windows.rules)
 * 3:33871 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Video Communication Server authentication bypass attempt (server-webapp.rules)
 * 3:32216 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32215 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:35834 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0043 attack attempt (file-multimedia.rules)
 * 3:35835 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0043 attack attempt (file-multimedia.rules)
 * 3:36214 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0053 attack attempt (file-other.rules)
 * 3:36215 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0053 attack attempt (file-other.rules)
 * 3:36218 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules)
 * 3:36219 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules)
 * 3:36220 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules)
 * 3:36221 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules)
 * 3:38544 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0121 attack attempt (server-other.rules)
 * 3:39082 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
 * 3:39083 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
 * 3:39937 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0194 attack attempt (file-pdf.rules)
 * 3:39938 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0194 attack attempt (file-pdf.rules)
 * 3:40820 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0239 attack attempt (server-webapp.rules)
 * 3:40821 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules)
 * 3:40822 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules)
 * 3:40880 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0237 attack attempt (server-webapp.rules)
 * 3:40909 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0245 attack attempt (server-other.rules)
 * 3:41309 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0247 attack attempt (file-other.rules)
 * 3:40908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0245 attack attempt (server-other.rules)
 * 3:41363 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules)
 * 3:41312 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2016-0246 attack attempt (file-executable.rules)
 * 3:41369 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules)
 * 3:41360 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules)
 * 3:41471 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0242 attack attempt (file-pdf.rules)
 * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:41345 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules)
 * 3:41352 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0232 attack attempt (server-webapp.rules)
 * 3:41313 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2016-0246 attack attempt (file-executable.rules)
 * 3:41344 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules)
 * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:41307 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2016-0256 attack attempt (file-executable.rules)
 * 3:41308 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0247 attack attempt (file-other.rules)
 * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:41361 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules)
 * 3:32208 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32209 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:41470 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0242 attack attempt (file-pdf.rules)
 * 3:41362 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules)
 * 3:32211 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32212 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32210 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32213 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32214 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:41368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules)

2017-05-18 04:21:26 UTC

Snort Subscriber Rules Update

Date: 2017-05-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42944 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB remote code execution attempt (os-windows.rules)
 * 1:42943 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules)
 * 1:42942 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules)
 * 1:42940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42938 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42937 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42936 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules)
 * 1:42935 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules)
 * 1:42934 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Historian buffer overflow attempt (protocol-scada.rules)
 * 1:42933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules)
 * 1:42932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules)
 * 1:42931 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineBitsJPEG2 invalid length memory corruption attempt (file-flash.rules)
 * 1:42930 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineBitsJPEG2 invalid length memory corruption attempt (file-flash.rules)
 * 1:42929 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection attempt (malware-cnc.rules)
 * 1:42928 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt  (indicator-compromise.rules)
 * 1:42927 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt  (indicator-compromise.rules)
 * 1:42926 <-> ENABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection attempt (malware-cnc.rules)
 * 1:42925 <-> ENABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection attempt (malware-cnc.rules)
 * 3:42941 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2017-0337 attack attempt (protocol-other.rules)

Modified Rules:


 * 1:42386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection attempt (malware-cnc.rules)
 * 1:41978 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB remote code execution attempt (os-windows.rules)
 * 1:42233 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection attempt (malware-cnc.rules)
 * 1:39273 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:39274 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:38835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules)
 * 1:38836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules)
 * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1  (file-image.rules)
 * 1:33589 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules)
 * 1:33590 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules)
 * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:41471 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0242 attack attempt (file-pdf.rules)
 * 3:41470 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0242 attack attempt (file-pdf.rules)
 * 3:41369 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules)
 * 3:41368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules)
 * 3:41363 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules)
 * 3:41362 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules)
 * 3:41361 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules)
 * 3:41360 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules)
 * 3:41352 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0232 attack attempt (server-webapp.rules)
 * 3:41345 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules)
 * 3:41344 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules)
 * 3:41313 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2016-0246 attack attempt (file-executable.rules)
 * 3:41312 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2016-0246 attack attempt (file-executable.rules)
 * 3:41309 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0247 attack attempt (file-other.rules)
 * 3:41308 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0247 attack attempt (file-other.rules)
 * 3:41307 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2016-0256 attack attempt (file-executable.rules)
 * 3:41306 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2016-0256 attack attempt (file-executable.rules)
 * 3:41225 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0243 attack attempt (file-pdf.rules)
 * 3:41224 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0243 attack attempt (file-pdf.rules)
 * 3:41223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0230 attack attempt (server-webapp.rules)
 * 3:41222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0240 attack attempt (server-webapp.rules)
 * 3:41197 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0226 TALOS-2017-0289 attack attempt (file-pdf.rules)
 * 3:41196 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0226 TALOS-2017-0289 attack attempt (file-pdf.rules)
 * 3:41097 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0238 attack attempt (server-other.rules)
 * 3:40909 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0245 attack attempt (server-other.rules)
 * 3:40908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0245 attack attempt (server-other.rules)
 * 3:40880 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0237 attack attempt (server-webapp.rules)
 * 3:40822 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules)
 * 3:40821 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules)
 * 3:40820 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0239 attack attempt (server-webapp.rules)
 * 3:39938 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0194 attack attempt (file-pdf.rules)
 * 3:39937 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0194 attack attempt (file-pdf.rules)
 * 3:39083 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
 * 3:39082 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
 * 3:38544 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0121 attack attempt (server-other.rules)
 * 3:36221 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules)
 * 3:36220 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules)
 * 3:36219 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules)
 * 3:36218 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules)
 * 3:36215 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0053 attack attempt (file-other.rules)
 * 3:36214 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0053 attack attempt (file-other.rules)
 * 3:35835 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0043 attack attempt (file-multimedia.rules)
 * 3:35834 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0043 attack attempt (file-multimedia.rules)
 * 3:35730 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0009 attack attempt (os-windows.rules)
 * 3:35722 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0008 attack attempt (os-windows.rules)
 * 3:35729 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0009 attack attempt (os-windows.rules)
 * 3:35728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2015-0011 attack attempt (file-other.rules)
 * 3:35727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2015-0011 attack attempt (file-other.rules)
 * 3:35721 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0008 attack attempt (os-windows.rules)
 * 3:33871 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Video Communication Server authentication bypass attempt (server-webapp.rules)
 * 3:32216 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32207 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32208 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32215 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32209 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32214 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32213 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32212 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32211 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
 * 3:32210 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)