Talos Rules 2018-01-04
This release adds and modifies rules in several categories.

Spectre and Meltdown CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754: A design flaw exists in modern CPUs that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 45357 through 45368.

Change logs

2018-01-04 21:35:26 UTC

Snort Subscriber Rules Update

Date: 2018-01-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45368 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45367 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45366 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45365 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45364 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45363 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45362 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45361 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45360 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45359 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45358 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45357 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)

Modified Rules:



2018-01-04 21:35:26 UTC

Snort Subscriber Rules Update

Date: 2018-01-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45357 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45358 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45359 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45360 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45361 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45362 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45363 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45368 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45364 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45366 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45365 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45367 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)

Modified Rules:



2018-01-04 21:35:26 UTC

Snort Subscriber Rules Update

Date: 2018-01-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45363 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45357 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45358 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45359 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45362 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45360 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45361 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45368 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45367 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45364 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45366 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45365 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)

Modified Rules:



2018-01-04 21:35:26 UTC

Snort Subscriber Rules Update

Date: 2018-01-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45366 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45359 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45358 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45360 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45357 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45362 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45361 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45368 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45365 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45363 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45364 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules)
 * 1:45367 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)

Modified Rules: