Talos Rules 2018-08-28
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2018-08-28 17:09:45 UTC

Snort Subscriber Rules Update

Date: 2018-08-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47646 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47645 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47644 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47643 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47642 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47641 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47640 <-> DISABLED <-> SERVER-WEBAPP SSL certificate with null issuer rdnSequence fields detected (server-webapp.rules)
 * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules)
 * 1:47638 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47637 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47636 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47635 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47664 <-> ENABLED <-> SERVER-WEBAPP Dicoogle directory traversal attempt (server-webapp.rules)
 * 1:47662 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub ASP script injection attempt (server-webapp.rules)
 * 1:47661 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47660 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage edit.php command injection attempt (server-webapp.rules)
 * 1:47659 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47658 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47657 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47656 <-> DISABLED <-> SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt (server-webapp.rules)
 * 1:47655 <-> DISABLED <-> SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt (server-webapp.rules)
 * 1:47654 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47653 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47652 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47651 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Marap outbound beacon detected (malware-cnc.rules)
 * 1:47649 <-> ENABLED <-> SERVER-WEBAPP Apache Struts remote code execution attempt (server-webapp.rules)
 * 1:47648 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (file-pdf.rules)
 * 1:47647 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (file-pdf.rules)
 * 3:47663 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0653 attack attempt (server-other.rules)
 * 3:47665 <-> ENABLED <-> SERVER-WEBAPP ASUS RP-AC52 SetAVTransportURI SOAP action command injection attempt (server-webapp.rules)

Modified Rules:



2018-08-28 17:09:45 UTC

Snort Subscriber Rules Update

Date: 2018-08-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47658 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47635 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47637 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47638 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules)
 * 1:47640 <-> DISABLED <-> SERVER-WEBAPP SSL certificate with null issuer rdnSequence fields detected (server-webapp.rules)
 * 1:47641 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47642 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47660 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage edit.php command injection attempt (server-webapp.rules)
 * 1:47659 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47643 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47644 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47645 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47646 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47647 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (file-pdf.rules)
 * 1:47648 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (file-pdf.rules)
 * 1:47649 <-> ENABLED <-> SERVER-WEBAPP Apache Struts remote code execution attempt (server-webapp.rules)
 * 1:47650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Marap outbound beacon detected (malware-cnc.rules)
 * 1:47651 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47652 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47653 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47654 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47655 <-> DISABLED <-> SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt (server-webapp.rules)
 * 1:47656 <-> DISABLED <-> SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt (server-webapp.rules)
 * 1:47657 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47664 <-> ENABLED <-> SERVER-WEBAPP Dicoogle directory traversal attempt (server-webapp.rules)
 * 1:47661 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47662 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub ASP script injection attempt (server-webapp.rules)
 * 1:47636 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 3:47665 <-> ENABLED <-> SERVER-WEBAPP ASUS RP-AC52 SetAVTransportURI SOAP action command injection attempt (server-webapp.rules)
 * 3:47663 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0653 attack attempt (server-other.rules)

Modified Rules:



2018-08-28 17:09:45 UTC

Snort Subscriber Rules Update

Date: 2018-08-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47658 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (snort3-server-webapp.rules)
 * 1:47635 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (snort3-browser-ie.rules)
 * 1:47660 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage edit.php command injection attempt (snort3-server-webapp.rules)
 * 1:47636 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (snort3-browser-ie.rules)
 * 1:47637 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (snort3-browser-ie.rules)
 * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (snort3-indicator-obfuscation.rules)
 * 1:47662 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub ASP script injection attempt (snort3-server-webapp.rules)
 * 1:47664 <-> ENABLED <-> SERVER-WEBAPP Dicoogle directory traversal attempt (snort3-server-webapp.rules)
 * 1:47661 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (snort3-server-webapp.rules)
 * 1:47642 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (snort3-server-webapp.rules)
 * 1:47640 <-> DISABLED <-> SERVER-WEBAPP SSL certificate with null issuer rdnSequence fields detected (snort3-server-webapp.rules)
 * 1:47643 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (snort3-server-webapp.rules)
 * 1:47644 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (snort3-server-webapp.rules)
 * 1:47645 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (snort3-server-webapp.rules)
 * 1:47646 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (snort3-server-webapp.rules)
 * 1:47647 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47648 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47649 <-> ENABLED <-> SERVER-WEBAPP Apache Struts remote code execution attempt (snort3-server-webapp.rules)
 * 1:47650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Marap outbound beacon detected (snort3-malware-cnc.rules)
 * 1:47651 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (snort3-indicator-compromise.rules)
 * 1:47652 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (snort3-indicator-compromise.rules)
 * 1:47653 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (snort3-indicator-compromise.rules)
 * 1:47654 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (snort3-indicator-compromise.rules)
 * 1:47655 <-> DISABLED <-> SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt (snort3-server-webapp.rules)
 * 1:47656 <-> DISABLED <-> SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt (snort3-server-webapp.rules)
 * 1:47659 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (snort3-server-webapp.rules)
 * 1:47641 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (snort3-server-webapp.rules)
 * 1:47638 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (snort3-browser-ie.rules)
 * 1:47657 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (snort3-server-webapp.rules)

Modified Rules:



2018-08-28 17:09:45 UTC

Snort Subscriber Rules Update

Date: 2018-08-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47660 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage edit.php command injection attempt (server-webapp.rules)
 * 1:47662 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub ASP script injection attempt (server-webapp.rules)
 * 1:47658 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47659 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47635 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47636 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47637 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47638 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules)
 * 1:47640 <-> DISABLED <-> SERVER-WEBAPP SSL certificate with null issuer rdnSequence fields detected (server-webapp.rules)
 * 1:47641 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47642 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47643 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47644 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47645 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47646 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47647 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (file-pdf.rules)
 * 1:47648 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (file-pdf.rules)
 * 1:47649 <-> ENABLED <-> SERVER-WEBAPP Apache Struts remote code execution attempt (server-webapp.rules)
 * 1:47650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Marap outbound beacon detected (malware-cnc.rules)
 * 1:47651 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47652 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47653 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47654 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47661 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47655 <-> DISABLED <-> SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt (server-webapp.rules)
 * 1:47656 <-> DISABLED <-> SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt (server-webapp.rules)
 * 1:47657 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47664 <-> ENABLED <-> SERVER-WEBAPP Dicoogle directory traversal attempt (server-webapp.rules)
 * 3:47665 <-> ENABLED <-> SERVER-WEBAPP ASUS RP-AC52 SetAVTransportURI SOAP action command injection attempt (server-webapp.rules)
 * 3:47663 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0653 attack attempt (server-other.rules)

Modified Rules:



2018-08-28 17:09:45 UTC

Snort Subscriber Rules Update

Date: 2018-08-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47637 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47661 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47659 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47664 <-> ENABLED <-> SERVER-WEBAPP Dicoogle directory traversal attempt (server-webapp.rules)
 * 1:47662 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub ASP script injection attempt (server-webapp.rules)
 * 1:47638 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules)
 * 1:47640 <-> DISABLED <-> SERVER-WEBAPP SSL certificate with null issuer rdnSequence fields detected (server-webapp.rules)
 * 1:47641 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47642 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47643 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47644 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47645 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47646 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules)
 * 1:47647 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (file-pdf.rules)
 * 1:47648 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (file-pdf.rules)
 * 1:47649 <-> ENABLED <-> SERVER-WEBAPP Apache Struts remote code execution attempt (server-webapp.rules)
 * 1:47650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Marap outbound beacon detected (malware-cnc.rules)
 * 1:47651 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47652 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47653 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47654 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47655 <-> DISABLED <-> SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt (server-webapp.rules)
 * 1:47656 <-> DISABLED <-> SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt (server-webapp.rules)
 * 1:47657 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47658 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules)
 * 1:47635 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47636 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules)
 * 1:47660 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage edit.php command injection attempt (server-webapp.rules)
 * 3:47665 <-> ENABLED <-> SERVER-WEBAPP ASUS RP-AC52 SetAVTransportURI SOAP action command injection attempt (server-webapp.rules)
 * 3:47663 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0653 attack attempt (server-other.rules)

Modified Rules: