Talos Rules 2017-07-25
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, file-executable, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-other, os-linux, os-windows, server-oracle, server-other and SQL rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2017-07-25 13:02:11 UTC

Snort Subscriber Rules Update

Date: 2017-07-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43688 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43689 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43687 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .top dns query (indicator-compromise.rules)
 * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (malware-other.rules)
 * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (malware-other.rules)
 * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (malware-other.rules)
 * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules)
 * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules)
 * 1:43680 <-> DISABLED <-> SERVER-WEBAPP phpSecurePages secure.php remote file include attempt (server-webapp.rules)
 * 1:43681 <-> DISABLED <-> SERVER-WEBAPP phpSecurePages secure.php remote file include attempt (server-webapp.rules)
 * 1:43679 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:43678 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules)
 * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules)
 * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules)
 * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:43671 <-> DISABLED <-> SQL Oracle MySQL Pluggable Auth denial of service attempt (sql.rules)
 * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules)
 * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules)
 * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:43666 <-> DISABLED <-> SERVER-WEBAPP VirtualSystem VS-News-System  remote file include attempt (server-webapp.rules)
 * 1:43667 <-> DISABLED <-> SERVER-WEBAPP VirtualSystem VS-News-System  remote file include attempt (server-webapp.rules)
 * 1:43665 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (server-other.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules)
 * 1:43650 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules)
 * 1:43654 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43656 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43657 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43648 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:43649 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43658 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43646 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)
 * 1:43647 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)
 * 1:43645 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)
 * 1:43659 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules)
 * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules)
 * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules)
 * 1:43690 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43691 <-> DISABLED <-> SERVER-WEBAPP Ultimate Fun Book function.php remote file include attempt (server-webapp.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules)
 * 1:43694 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules)
 * 1:43695 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)
 * 1:43653 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43708 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated vbscript detected (indicator-obfuscation.rules)
 * 1:43707 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated vbscript detected (indicator-obfuscation.rules)
 * 1:43706 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules)
 * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (server-other.rules)
 * 1:43704 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43703 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43702 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43701 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (server-other.rules)
 * 1:43699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:43698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:43655 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43697 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)
 * 1:43696 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules)
 * 1:42117 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:42118 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:41502 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41503 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40648 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:40759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS GSS-API DER decoding null pointer dereference attempt (os-windows.rules)
 * 1:40256 <-> DISABLED <-> SERVER-WEBAPP Idera Up.Time Monitoring Station post2file.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:40647 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules)
 * 1:32158 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules)
 * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (server-other.rules)
 * 1:32157 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:26890 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules)
 * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (browser-firefox.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:17260 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules)
 * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (browser-firefox.rules)

2017-07-25 13:02:10 UTC

Snort Subscriber Rules Update

Date: 2017-07-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43708 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated vbscript detected (indicator-obfuscation.rules)
 * 1:43707 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated vbscript detected (indicator-obfuscation.rules)
 * 1:43706 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules)
 * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (server-other.rules)
 * 1:43704 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43703 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43702 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43701 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (server-other.rules)
 * 1:43699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:43698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:43697 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)
 * 1:43696 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)
 * 1:43695 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)
 * 1:43694 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules)
 * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:43691 <-> DISABLED <-> SERVER-WEBAPP Ultimate Fun Book function.php remote file include attempt (server-webapp.rules)
 * 1:43690 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43689 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43688 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43687 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .top dns query (indicator-compromise.rules)
 * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (malware-other.rules)
 * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (malware-other.rules)
 * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (malware-other.rules)
 * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules)
 * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules)
 * 1:43681 <-> DISABLED <-> SERVER-WEBAPP phpSecurePages secure.php remote file include attempt (server-webapp.rules)
 * 1:43680 <-> DISABLED <-> SERVER-WEBAPP phpSecurePages secure.php remote file include attempt (server-webapp.rules)
 * 1:43679 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:43678 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules)
 * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules)
 * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules)
 * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules)
 * 1:43671 <-> DISABLED <-> SQL Oracle MySQL Pluggable Auth denial of service attempt (sql.rules)
 * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules)
 * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:43667 <-> DISABLED <-> SERVER-WEBAPP VirtualSystem VS-News-System  remote file include attempt (server-webapp.rules)
 * 1:43666 <-> DISABLED <-> SERVER-WEBAPP VirtualSystem VS-News-System  remote file include attempt (server-webapp.rules)
 * 1:43665 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (server-other.rules)
 * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules)
 * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules)
 * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules)
 * 1:43659 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43658 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43657 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43656 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43655 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43654 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43653 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules)
 * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules)
 * 1:43650 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43649 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43648 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:43647 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)
 * 1:43646 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)
 * 1:43645 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:42118 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules)
 * 1:41503 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42117 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:40759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS GSS-API DER decoding null pointer dereference attempt (os-windows.rules)
 * 1:41502 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40647 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:40648 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules)
 * 1:40256 <-> DISABLED <-> SERVER-WEBAPP Idera Up.Time Monitoring Station post2file.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules)
 * 1:32158 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:32157 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules)
 * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (server-other.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:26890 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (browser-firefox.rules)
 * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (browser-firefox.rules)
 * 1:17260 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules)