Talos Rules 2019-04-26
This release adds and modifies rules in several categories.

Today Talos is making the first of a number of additions to the max-detect policy to make it a heavily detection focused policy. As such, performance will be impacted if this policy is enabled and it is highly recommended that users test this policy's performance before deploying it in production environments.

Talos has added and modified multiple rules in the app-detect, browser-chrome, browser-firefox, browser-ie, browser-other, browser-webkit, content-replace, exploit-kit, file-executable, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-scan, indicator-shellcode, malware-backdoor, malware-cnc, malware-other, malware-tools, netbios, os-linux, os-mobile, os-other, os-solaris, os-windows, policy-multimedia, policy-other, policy-social, policy-spam, protocol-dns, protocol-ftp, protocol-icmp, protocol-imap, protocol-nntp, protocol-other, protocol-pop, protocol-rpc, protocol-scada, protocol-services, protocol-snmp, protocol-telnet, protocol-tftp, protocol-voip, pua-adware, pua-other, pua-p2p, pua-toolbars, server-apache, server-iis, server-mail, server-mssql, server-mysql, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-04-26 22:47:56 UTC

Snort Subscriber Rules Update

Date: 2019-04-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49940 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:49943 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules)
 * 1:49942 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules)
 * 1:49941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection attempt (malware-cnc.rules)
 * 3:49939 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed RecolorInfoAtom out of bounds read attempt (file-office.rules)

Modified Rules:


 * 1:16260 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - installation (pua-adware.rules)
 * 1:16261 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - runtime (pua-adware.rules)
 * 1:16262 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection (pua-adware.rules)
 * 1:16263 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection - installation (pua-adware.rules)
 * 1:16264 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - update (pua-adware.rules)
 * 1:16265 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - register (pua-adware.rules)
 * 1:16266 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - buy (pua-adware.rules)
 * 1:16267 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - files (pua-adware.rules)
 * 1:16276 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection (pua-adware.rules)
 * 1:16277 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection - downloads malicious files (pua-adware.rules)
 * 1:16278 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl installime detection - updates remote server (pua-adware.rules)
 * 1:16279 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - pre-sale page (pua-adware.rules)
 * 1:16280 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - registration and payment page (pua-adware.rules)
 * 1:16281 <-> DISABLED <-> PUA-P2P BitTorrent scrape request (pua-p2p.rules)
 * 1:16282 <-> DISABLED <-> PUA-P2P Bittorrent uTP peer request (pua-p2p.rules)
 * 1:16285 <-> DISABLED <-> PROTOCOL-RPC AIX ttdbserv function 15 buffer overflow attempt (protocol-rpc.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules)
 * 1:16290 <-> DISABLED <-> SERVER-ORACLE Oracle database server CREATE_TABLES SQL injection attempt (server-oracle.rules)
 * 1:16293 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash memory corruption attempt (file-other.rules)
 * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules)
 * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules)
 * 1:16312 <-> DISABLED <-> SERVER-IIS ADFS custom header arbitrary code execution attempt  (server-iis.rules)
 * 1:16313 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules)
 * 1:16314 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules)
 * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules)
 * 1:16316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed getPropertyLate actioncode attempt (file-flash.rules)
 * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt  (file-image.rules)
 * 1:16321 <-> DISABLED <-> FILE-IMAGE Adobe tiff oversized image length attempt (file-image.rules)
 * 1:16322 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader oversized object width attempt (file-pdf.rules)
 * 1:16323 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules)
 * 1:16324 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader doc.export arbitrary file write attempt (file-pdf.rules)
 * 1:16325 <-> DISABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules)
 * 1:16327 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt (os-windows.rules)
 * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16335 <-> DISABLED <-> FILE-PDF XPDF ObjectStream integer overflow (file-pdf.rules)
 * 1:16336 <-> DISABLED <-> FILE-PDF Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (file-pdf.rules)
 * 1:16337 <-> DISABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules)
 * 1:16345 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules)
 * 1:16346 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:16348 <-> DISABLED <-> SERVER-MYSQL database PROCEDURE ANALYSE denial of service attempt - 1 (server-mysql.rules)
 * 1:16349 <-> DISABLED <-> SERVER-MYSQL database Procedure Analyse denial of service attempt - 2 (server-mysql.rules)
 * 1:16350 <-> DISABLED <-> SERVER-OTHER ntp mode 7 denial of service attempt (server-other.rules)
 * 1:16354 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader start-of-file alternate header obfuscation (file-pdf.rules)
 * 1:16355 <-> DISABLED <-> FILE-PDF Xpdf Splash DrawImage integer overflow attempt (file-pdf.rules)
 * 1:16356 <-> DISABLED <-> SERVER-IIS multiple extension code execution attempt (server-iis.rules)
 * 1:16357 <-> DISABLED <-> PROTOCOL-FTP multiple extension code execution attempt (protocol-ftp.rules)
 * 1:16361 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules)
 * 1:16363 <-> DISABLED <-> FILE-EXECUTABLE potentially executable file upload via FTP (file-executable.rules)
 * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (pua-adware.rules)
 * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules)
 * 1:16374 <-> DISABLED <-> SERVER-OTHER Oracle Internet Directory heap corruption attempt (server-other.rules)
 * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules)
 * 1:16385 <-> DISABLED <-> SERVER-MYSQL yaSSL library cert parsing stack overflow attempt (server-mysql.rules)
 * 1:16390 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader alternate file magic obfuscation (file-pdf.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16410 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (file-office.rules)
 * 1:16434 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules)
 * 1:16436 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules)
 * 1:16437 <-> DISABLED <-> SERVER-OTHER CVS Entry line flag remote heap overflow attempt (server-other.rules)
 * 1:16443 <-> DISABLED <-> POLICY-SOCIAL deny Gmail chat DNS request (policy-social.rules)
 * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules)
 * 1:16455 <-> DISABLED <-> MALWARE-OTHER Keylogger egyspy keylogger 1.13 runtime detection (malware-other.rules)
 * 1:16456 <-> DISABLED <-> PUA-ADWARE Rogue-Software ang antivirus 09 runtime detection (pua-adware.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16479 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt - public shell code (server-apache.rules)
 * 1:16480 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules)
 * 1:16486 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - command execution attempt (malware-backdoor.rules)
 * 1:16487 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - yes command attempt (malware-backdoor.rules)
 * 1:16488 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - write file attempt (malware-backdoor.rules)
 * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules)
 * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules)
 * 1:16513 <-> DISABLED <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (sql.rules)
 * 1:16525 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web login attempt (policy-social.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio improper attribute code execution attempt (file-office.rules)
 * 1:16536 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio off-by-one in array index code execution attempt (file-office.rules)
 * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules)
 * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules)
 * 1:16546 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader/Acrobat Pro CFF font parsing heap overflow attempt (file-pdf.rules)
 * 1:16550 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (file-other.rules)
 * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules)
 * 1:16553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ptg index parsing code execution attempt (file-office.rules)
 * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules)
 * 1:16557 <-> DISABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm inbound communication attempt (file-other.rules)
 * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2  (file-image.rules)
 * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3  (file-image.rules)
 * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4  (file-image.rules)
 * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules)
 * 1:16579 <-> DISABLED <-> PUA-OTHER mIRC IRC URL buffer overflow attempt (pua-other.rules)
 * 1:16582 <-> DISABLED <-> FILE-OTHER Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-other.rules)
 * 1:16586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:16592 <-> DISABLED <-> BROWSER-OTHER Opera asynchronous document modifications attempted memory corruption (browser-other.rules)
 * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules)
 * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16611 <-> DISABLED <-> SERVER-APACHE Apache 413 error HTTP request method cross-site scripting attack (server-apache.rules)
 * 1:16612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt (browser-firefox.rules)
 * 1:16613 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules)
 * 1:16614 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules)
 * 1:16615 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules)
 * 1:16616 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules)
 * 1:16617 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules)
 * 1:16618 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules)
 * 1:16619 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules)
 * 1:16620 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules)
 * 1:16621 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules)
 * 1:16622 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules)
 * 1:16623 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules)
 * 1:16624 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules)
 * 1:16625 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules)
 * 1:16626 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules)
 * 1:16627 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules)
 * 1:16628 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules)
 * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:16655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lbl record stack overflow attempt (file-office.rules)
 * 1:16680 <-> DISABLED <-> APP-DETECT Tandberg VCS SSH default key (app-detect.rules)
 * 1:16686 <-> DISABLED <-> SERVER-OTHER IBM WebSphere application server cross site scripting attempt (server-other.rules)
 * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules)
 * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules)
 * 1:16697 <-> DISABLED <-> PROTOCOL-FTP httpdx USER null byte denial of service (protocol-ftp.rules)
 * 1:16698 <-> DISABLED <-> PROTOCOL-FTP httpdx PASS null byte denial of service (protocol-ftp.rules)
 * 1:16707 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_CREATE_DB format string vulnerability exploit attempt (server-mysql.rules)
 * 1:16708 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_DROP_DB format string vulnerability exploit attempt (server-mysql.rules)
 * 1:16718 <-> DISABLED <-> PUA-OTHER Skype URI handler input validation exploit attempt (pua-other.rules)
 * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules)
 * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules)
 * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules)
 * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules)
 * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules)
 * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules)
 * 1:16734 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules)
 * 1:16735 <-> DISABLED <-> FILE-OTHER URSoft W32Dasm Import/Export function buffer overflow attempt (file-other.rules)
 * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules)
 * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules)
 * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules)
 * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:16743 <-> DISABLED <-> FILE-OTHER Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (file-other.rules)
 * 1:16744 <-> DISABLED <-> FILE-MULTIMEDIA Worldweaver DX Studio Player plug-in command injection attempt (file-multimedia.rules)
 * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules)
 * 1:16795 <-> DISABLED <-> BROWSER-CHROME Google Chrome FTP handling out-of-bounds array index denial of service attempt (browser-chrome.rules)
 * 1:16799 <-> DISABLED <-> SERVER-MAIL Eureka Mail 2.2q server error response overflow attempt (server-mail.rules)
 * 1:16801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll remote memory corruption denial of service attempt (file-pdf.rules)
 * 1:16934 <-> DISABLED <-> POLICY-SPAM pku-edp.cn known spam email attempt (policy-spam.rules)
 * 1:16935 <-> DISABLED <-> POLICY-SPAM sjtu-edp.cn known spam email attempt (policy-spam.rules)
 * 1:16936 <-> DISABLED <-> POLICY-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (policy-spam.rules)
 * 1:16937 <-> DISABLED <-> POLICY-SPAM bestdrug-store.com known spam email attempt (policy-spam.rules)
 * 1:16938 <-> DISABLED <-> POLICY-SPAM pharmrik66y.ru known spam email attempt (policy-spam.rules)
 * 1:16939 <-> DISABLED <-> POLICY-SPAM refillleonardo59y.ru known spam email attempt (policy-spam.rules)
 * 1:16940 <-> DISABLED <-> POLICY-SPAM medfreddie55a.ru known spam email attempt (policy-spam.rules)
 * 1:16941 <-> DISABLED <-> POLICY-SPAM drugshershel38w.ru known spam email attempt (policy-spam.rules)
 * 1:16942 <-> DISABLED <-> POLICY-SPAM drugshayyim77n.ru known spam email attempt (policy-spam.rules)
 * 1:16943 <-> DISABLED <-> POLICY-SPAM erectguthry99c.ru known spam email attempt (policy-spam.rules)
 * 1:16944 <-> DISABLED <-> POLICY-SPAM pilldory92n.ru known spam email attempt (policy-spam.rules)
 * 1:16945 <-> DISABLED <-> POLICY-SPAM tabwinn77t.ru known spam email attempt (policy-spam.rules)
 * 1:16946 <-> DISABLED <-> POLICY-SPAM pillrenault15j.ru known spam email attempt (policy-spam.rules)
 * 1:16947 <-> DISABLED <-> POLICY-SPAM pharmrolland95h.ru known spam email attempt (policy-spam.rules)
 * 1:16948 <-> DISABLED <-> POLICY-SPAM onlineheindrick60i.ru known spam email attempt (policy-spam.rules)
 * 1:16949 <-> DISABLED <-> POLICY-SPAM erectnormie71a.ru known spam email attempt (policy-spam.rules)
 * 1:16950 <-> DISABLED <-> POLICY-SPAM tabscotti71i.ru known spam email attempt (policy-spam.rules)
 * 1:16951 <-> DISABLED <-> POLICY-SPAM drugsjudd45f.ru known spam email attempt (policy-spam.rules)
 * 1:16952 <-> DISABLED <-> POLICY-SPAM pharmharman55y.ru known spam email attempt (policy-spam.rules)
 * 1:16953 <-> DISABLED <-> POLICY-SPAM medgaultiero11e.ru known spam email attempt (policy-spam.rules)
 * 1:16954 <-> DISABLED <-> POLICY-SPAM pillgaylor21n.ru known spam email attempt (policy-spam.rules)
 * 1:16955 <-> DISABLED <-> POLICY-SPAM drugspenn84f.ru known spam email attempt (policy-spam.rules)
 * 1:16956 <-> DISABLED <-> POLICY-SPAM medebeneser68c.ru known spam email attempt (policy-spam.rules)
 * 1:16957 <-> DISABLED <-> POLICY-SPAM tabmario94r.ru known spam email attempt (policy-spam.rules)
 * 1:16958 <-> DISABLED <-> POLICY-SPAM tablennard88q.ru known spam email attempt (policy-spam.rules)
 * 1:16959 <-> DISABLED <-> POLICY-SPAM medforster79j.ru known spam email attempt (policy-spam.rules)
 * 1:16960 <-> DISABLED <-> POLICY-SPAM erectvincent21v.ru known spam email attempt (policy-spam.rules)
 * 1:16961 <-> DISABLED <-> POLICY-SPAM drugsdemott21o.ru known spam email attempt (policy-spam.rules)
 * 1:16962 <-> DISABLED <-> POLICY-SPAM onlinelovell30p.ru known spam email attempt (policy-spam.rules)
 * 1:16963 <-> DISABLED <-> POLICY-SPAM erecttaylor49i.ru known spam email attempt (policy-spam.rules)
 * 1:16964 <-> DISABLED <-> POLICY-SPAM smellexact.ru known spam email attempt (policy-spam.rules)
 * 1:16965 <-> DISABLED <-> POLICY-SPAM givehome.ru known spam email attempt (policy-spam.rules)
 * 1:16966 <-> DISABLED <-> POLICY-SPAM thingpath.ru known spam email attempt (policy-spam.rules)
 * 1:16967 <-> DISABLED <-> POLICY-SPAM wereif.ru known spam email attempt (policy-spam.rules)
 * 1:16968 <-> DISABLED <-> POLICY-SPAM bassmax.ru known spam email attempt (policy-spam.rules)
 * 1:16969 <-> DISABLED <-> POLICY-SPAM steadfig.ru known spam email attempt (policy-spam.rules)
 * 1:16970 <-> DISABLED <-> POLICY-SPAM drugsmayne5a.ru known spam email attempt (policy-spam.rules)
 * 1:16971 <-> DISABLED <-> POLICY-SPAM mystick.ru known spam email attempt (policy-spam.rules)
 * 1:16972 <-> DISABLED <-> POLICY-SPAM drugsrey95a.ru known spam email attempt (policy-spam.rules)
 * 1:16973 <-> DISABLED <-> POLICY-SPAM milklowly.ru known spam email attempt (policy-spam.rules)
 * 1:16974 <-> DISABLED <-> POLICY-SPAM numberenough.ru known spam email attempt (policy-spam.rules)
 * 1:16975 <-> DISABLED <-> POLICY-SPAM oldsheer.ru known spam email attempt (policy-spam.rules)
 * 1:16976 <-> DISABLED <-> POLICY-SPAM logzest.ru known spam email attempt (policy-spam.rules)
 * 1:16977 <-> DISABLED <-> POLICY-SPAM energypotent.ru known spam email attempt (policy-spam.rules)
 * 1:16978 <-> DISABLED <-> POLICY-SPAM outhave.ru known spam email attempt (policy-spam.rules)
 * 1:16979 <-> DISABLED <-> POLICY-SPAM solvecalm.ru known spam email attempt (policy-spam.rules)
 * 1:16980 <-> DISABLED <-> POLICY-SPAM stillvisit.ru known spam email attempt (policy-spam.rules)
 * 1:16981 <-> DISABLED <-> POLICY-SPAM livelycall.ru known spam email attempt (policy-spam.rules)
 * 1:16982 <-> DISABLED <-> POLICY-SPAM 64.com1.ru known spam email attempt (policy-spam.rules)
 * 1:16983 <-> DISABLED <-> POLICY-SPAM heatsettle.ru known spam email attempt (policy-spam.rules)
 * 1:16984 <-> DISABLED <-> POLICY-SPAM freshmuch.ru known spam email attempt (policy-spam.rules)
 * 1:16985 <-> DISABLED <-> POLICY-SPAM extoleye.ru known spam email attempt (policy-spam.rules)
 * 1:16987 <-> DISABLED <-> POLICY-SPAM tabemmerich86b.ru known spam email attempt (policy-spam.rules)
 * 1:16988 <-> DISABLED <-> POLICY-SPAM moderneight.ru known spam email attempt (policy-spam.rules)
 * 1:16989 <-> DISABLED <-> POLICY-SPAM tabferd49a.ru known spam email attempt (policy-spam.rules)
 * 1:16990 <-> DISABLED <-> POLICY-SPAM nextmail.ru known spam email attempt (policy-spam.rules)
 * 1:16991 <-> DISABLED <-> POLICY-SPAM fruitone.ru known spam email attempt (policy-spam.rules)
 * 1:16992 <-> DISABLED <-> POLICY-SPAM liquideat.ru known spam email attempt (policy-spam.rules)
 * 1:16993 <-> DISABLED <-> POLICY-SPAM tabwinn2a.ru known spam email attempt (policy-spam.rules)
 * 1:16994 <-> DISABLED <-> POLICY-SPAM abletool.ru known spam email attempt (policy-spam.rules)
 * 1:16995 <-> DISABLED <-> POLICY-SPAM miltyrefil.ru known spam email attempt (policy-spam.rules)
 * 1:16996 <-> DISABLED <-> POLICY-SPAM quincytab.ru known spam email attempt (policy-spam.rules)
 * 1:16997 <-> DISABLED <-> POLICY-SPAM giacoporx.ru known spam email attempt (policy-spam.rules)
 * 1:16998 <-> DISABLED <-> POLICY-SPAM drugsnevile.ru known spam email attempt (policy-spam.rules)
 * 1:16999 <-> DISABLED <-> POLICY-SPAM jasemed.ru known spam email attempt (policy-spam.rules)
 * 1:17000 <-> DISABLED <-> POLICY-SPAM ximenezdrug.ru known spam email attempt (policy-spam.rules)
 * 1:17001 <-> DISABLED <-> POLICY-SPAM dillonline.ru known spam email attempt (policy-spam.rules)
 * 1:17002 <-> DISABLED <-> POLICY-SPAM swellliquid.ru known spam email attempt (policy-spam.rules)
 * 1:17003 <-> DISABLED <-> POLICY-SPAM younglaugh.ru known spam email attempt (policy-spam.rules)
 * 1:17004 <-> DISABLED <-> POLICY-SPAM 2047757.kaskad-travel.ru known spam email attempt (policy-spam.rules)
 * 1:17005 <-> DISABLED <-> POLICY-SPAM paintwater.ru known spam email attempt (policy-spam.rules)
 * 1:17006 <-> DISABLED <-> POLICY-SPAM lovingover.ru known spam email attempt (policy-spam.rules)
 * 1:17007 <-> DISABLED <-> POLICY-SPAM pharmerastus.ru known spam email attempt (policy-spam.rules)
 * 1:17008 <-> DISABLED <-> POLICY-SPAM hisoffer.ru known spam email attempt (policy-spam.rules)
 * 1:17009 <-> DISABLED <-> POLICY-SPAM butleft.ru known spam email attempt (policy-spam.rules)
 * 1:17010 <-> DISABLED <-> POLICY-SPAM starknow.ru known spam email attempt (policy-spam.rules)
 * 1:17011 <-> DISABLED <-> POLICY-SPAM beginwisdom.ru known spam email attempt (policy-spam.rules)
 * 1:17012 <-> DISABLED <-> POLICY-SPAM oneus.ru known spam email attempt (policy-spam.rules)
 * 1:17013 <-> DISABLED <-> POLICY-SPAM reapcomfy.ru known spam email attempt (policy-spam.rules)
 * 1:17014 <-> DISABLED <-> POLICY-SPAM rowsay.ru known spam email attempt (policy-spam.rules)
 * 1:17015 <-> DISABLED <-> POLICY-SPAM pamperletter.ru known spam email attempt (policy-spam.rules)
 * 1:17016 <-> DISABLED <-> POLICY-SPAM boxdouble.ru known spam email attempt (policy-spam.rules)
 * 1:17017 <-> DISABLED <-> POLICY-SPAM beatmoon.ru known spam email attempt (policy-spam.rules)
 * 1:17018 <-> DISABLED <-> POLICY-SPAM ensureequate.ru known spam email attempt (policy-spam.rules)
 * 1:17020 <-> DISABLED <-> POLICY-SPAM sheerwheel.ru known spam email attempt (policy-spam.rules)
 * 1:17021 <-> DISABLED <-> POLICY-SPAM nearpass.ru known spam email attempt (policy-spam.rules)
 * 1:17022 <-> DISABLED <-> POLICY-SPAM thatmile.ru known spam email attempt (policy-spam.rules)
 * 1:17023 <-> DISABLED <-> POLICY-SPAM hillfoot.ru known spam email attempt (policy-spam.rules)
 * 1:17024 <-> DISABLED <-> POLICY-SPAM writeobject.ru known spam email attempt (policy-spam.rules)
 * 1:17025 <-> DISABLED <-> POLICY-SPAM thoughthese.ru known spam email attempt (policy-spam.rules)
 * 1:17026 <-> DISABLED <-> POLICY-SPAM redlead.ru known spam email attempt (policy-spam.rules)
 * 1:17027 <-> DISABLED <-> POLICY-SPAM scoreenjoy.ru known spam email attempt (policy-spam.rules)
 * 1:17029 <-> DISABLED <-> POLICY-SPAM tenderpower.ru known spam email attempt (policy-spam.rules)
 * 1:17030 <-> DISABLED <-> POLICY-SPAM fewvalley.ru known spam email attempt (policy-spam.rules)
 * 1:17031 <-> DISABLED <-> POLICY-SPAM burnshy.ru known spam email attempt (policy-spam.rules)
 * 1:17032 <-> DISABLED <-> POLICY-SPAM centtry.ru known spam email attempt (policy-spam.rules)
 * 1:17033 <-> DISABLED <-> POLICY-SPAM signpearl.ru known spam email attempt (policy-spam.rules)
 * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt  (server-other.rules)
 * 1:17044 <-> ENABLED <-> SQL WinCC DB default password security bypass attempt (sql.rules)
 * 1:17059 <-> DISABLED <-> PROTOCOL-FTP Vermillion 1.31 vftpd port command memory corruption (protocol-ftp.rules)
 * 1:17104 <-> DISABLED <-> FILE-OTHER FeedDemon OPML file handling buffer overflow attempt (file-other.rules)
 * 1:17105 <-> DISABLED <-> FILE-OTHER FeedDemon unicode OPML file handling buffer overflow attempt (file-other.rules)
 * 1:17109 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Console logging functionality format string exploit attempt (server-oracle.rules)
 * 1:17110 <-> DISABLED <-> APP-DETECT VxWorks remote debugging agent login attempt (app-detect.rules)
 * 1:17112 <-> DISABLED <-> OS-WINDOWS DCERPC rpcss2 _RemoteGetClassObject attempt (os-windows.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:17118 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt  (file-executable.rules)
 * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules)
 * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet  (os-windows.rules)
 * 1:17141 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid data precision arbitrary code execution exploit attempt (file-flash.rules)
 * 1:17142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules)
 * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules)
 * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules)
 * 1:17181 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules)
 * 1:17182 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules)
 * 1:17183 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules)
 * 1:17184 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules)
 * 1:17185 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules)
 * 1:17186 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules)
 * 1:17187 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules)
 * 1:17188 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules)
 * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules)
 * 1:17190 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules)
 * 1:17192 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules)
 * 1:17193 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules)
 * 1:17196 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules)
 * 1:17197 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules)
 * 1:17198 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules)
 * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules)
 * 1:17200 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM overflow attempt (file-other.rules)
 * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules)
 * 1:17203 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules)
 * 1:17204 <-> DISABLED <-> FILE-OTHER Adobe Director file mmap overflow attempt (file-other.rules)
 * 1:17216 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (browser-webkit.rules)
 * 1:17217 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari invalid FRAME tag remote code execution attempt (browser-webkit.rules)
 * 1:17218 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari LI tag with large VALUE attribute exploit attempt (browser-webkit.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17240 <-> DISABLED <-> SERVER-MAIL Multiple IMAP server literal CREATE command buffer overflow attempt (server-mail.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer overflow attempt (os-windows.rules)
 * 1:17257 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and Reader remote code execution attempt (file-flash.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17267 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:10064 <-> DISABLED <-> SERVER-OTHER Peercast URL Parameter overflow attempt (server-other.rules)
 * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules)
 * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules)
 * 1:10090 <-> DISABLED <-> PUA-ADWARE Trickler zango easymessenger outbound connection (pua-adware.rules)
 * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules)
 * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules)
 * 1:10093 <-> DISABLED <-> PUA-TOOLBARS Hijacker kuaiso toolbar runtime detection (pua-toolbars.rules)
 * 1:10094 <-> DISABLED <-> PUA-ADWARE Adware borlan runtime detection (pua-adware.rules)
 * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules)
 * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules)
 * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules)
 * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules)
 * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules)
 * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules)
 * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules)
 * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules)
 * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules)
 * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules)
 * 1:10111 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10115 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules)
 * 1:10123 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone default password attempt (protocol-voip.rules)
 * 1:10124 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone authentication bypass (protocol-voip.rules)
 * 1:10125 <-> DISABLED <-> SERVER-OTHER bomberclone buffer overflow attempt (server-other.rules)
 * 1:10131 <-> DISABLED <-> BROWSER-FIREFOX Mozilla compareTo arbitrary code execution attempt (browser-firefox.rules)
 * 1:10134 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service buffer overflow attempt (server-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10164 <-> DISABLED <-> PUA-ADWARE Adware adclicker-ej runtime detection (pua-adware.rules)
 * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules)
 * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules)
 * 1:10167 <-> DISABLED <-> MALWARE-OTHER Keylogger radar spy 1.0 runtime detection - send html log (malware-other.rules)
 * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules)
 * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules)
 * 1:10180 <-> DISABLED <-> PUA-TOOLBARS Adware eqiso runtime detection (pua-toolbars.rules)
 * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules)
 * 1:10182 <-> DISABLED <-> PUA-ADWARE Adware newweb runtime detection (pua-adware.rules)
 * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules)
 * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules)
 * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules)
 * 1:10186 <-> DISABLED <-> SERVER-MAIL ClamAV mime parsing directory traversal (server-mail.rules)
 * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules)
 * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules)
 * 1:10285 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (netbios.rules)
 * 1:10408 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules)
 * 1:10409 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules)
 * 1:10410 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules)
 * 1:10411 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules)
 * 1:10418 <-> DISABLED <-> OS-SOLARIS Oracle Solaris lpd unlink file attempt (os-solaris.rules)
 * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules)
 * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules)
 * 1:10437 <-> DISABLED <-> PUA-ADWARE Hijacker bazookabar outbound connection (pua-adware.rules)
 * 1:10439 <-> DISABLED <-> PUA-ADWARE Adware mokead runtime detection (pua-adware.rules)
 * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules)
 * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules)
 * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules)
 * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules)
 * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules)
 * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules)
 * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules)
 * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules)
 * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules)
 * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules)
 * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules)
 * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules)
 * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:10464 <-> DISABLED <-> PROTOCOL-TELNET kerberos login environment variable authentication bypass attempt (protocol-telnet.rules)
 * 1:11001 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules)
 * 1:11002 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules)
 * 1:11003 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:11073 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (os-windows.rules)
 * 1:11074 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (os-windows.rules)
 * 1:11175 <-> DISABLED <-> SERVER-ORACLE dbms_cdc_ipublish.chgtab_cache buffer overflow attempt (server-oracle.rules)
 * 1:11191 <-> DISABLED <-> SERVER-IIS Microsoft Content Management Server memory corruption (server-iis.rules)
 * 1:11203 <-> DISABLED <-> SERVER-ORACLE sys.dbms_apply_user_agent.set_registration_handler access attempt (server-oracle.rules)
 * 1:11205 <-> DISABLED <-> SERVER-ORACLE sys.dbms_upgrade_internal access attempt (server-oracle.rules)
 * 1:11263 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (server-apache.rules)
 * 1:11264 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (server-mssql.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11266 <-> DISABLED <-> SERVER-OTHER Kerio Personal Firewall authentication buffer overflow attempt (server-other.rules)
 * 1:11272 <-> DISABLED <-> SERVER-APACHE Apache newline exploit attempt (server-apache.rules)
 * 1:11273 <-> DISABLED <-> SERVER-APACHE Apache header parsing space saturation denial of service attempt (server-apache.rules)
 * 1:11305 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - send log through smtp (pua-adware.rules)
 * 1:11306 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - udp broadcast (pua-adware.rules)
 * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules)
 * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules)
 * 1:11310 <-> DISABLED <-> PUA-ADWARE Trickler iowa webdownloader - icq notification (pua-adware.rules)
 * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules)
 * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules)
 * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules)
 * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules)
 * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules)
 * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules)
 * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules)
 * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:11681 <-> DISABLED <-> SERVER-OTHER Openview Omni II command bypass attempt (server-other.rules)
 * 1:11682 <-> DISABLED <-> SERVER-OTHER niprint_lpd module attack attempt (server-other.rules)
 * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules)
 * 1:11816 <-> DISABLED <-> NETBIOS Session Service NetDDE attack (netbios.rules)
 * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:11843 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (os-windows.rules)
 * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11946 <-> DISABLED <-> NETBIOS Datagram Service NetDDE attack (netbios.rules)
 * 1:11948 <-> DISABLED <-> PUA-TOOLBARS Hijacker snap toolbar runtime detection - cookie (pua-toolbars.rules)
 * 1:11949 <-> DISABLED <-> MALWARE-BACKDOOR lame rat v1.0 runtime detection (malware-backdoor.rules)
 * 1:11951 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - init connection request (malware-backdoor.rules)
 * 1:11952 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - udp response (malware-backdoor.rules)
 * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules)
 * 1:11954 <-> DISABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules)
 * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:11968 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules)
 * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:12009 <-> DISABLED <-> SQL Firebird SQL Fbserver buffer overflow attempt (sql.rules)
 * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules)
 * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules)
 * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules)
 * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules)
 * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules)
 * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules)
 * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules)
 * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules)
 * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules)
 * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules)
 * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules)
 * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules)
 * 1:12043 <-> DISABLED <-> SERVER-IIS Microsoft XML parser IIS WebDAV attack attempt (server-iis.rules)
 * 1:12044 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules)
 * 1:12045 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules)
 * 1:12047 <-> DISABLED <-> PUA-ADWARE Adware yayad runtime detection (pua-adware.rules)
 * 1:12048 <-> DISABLED <-> MALWARE-OTHER Keylogger computer Keylogger runtime detection (malware-other.rules)
 * 1:12049 <-> DISABLED <-> MALWARE-OTHER Keylogger apophis spy 1.0 runtime detection (malware-other.rules)
 * 1:12050 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-greets toolbar runtime detection (pua-toolbars.rules)
 * 1:12051 <-> DISABLED <-> MALWARE-BACKDOOR ultimate rat 2.1 runtime detection (malware-backdoor.rules)
 * 1:12052 <-> DISABLED <-> MALWARE-BACKDOOR the[x] 1.2 runtime detection - execute command (malware-backdoor.rules)
 * 1:12053 <-> DISABLED <-> MALWARE-BACKDOOR trail of destruction 2.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules)
 * 1:12055 <-> DISABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection (malware-backdoor.rules)
 * 1:12058 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:12080 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd arbitrary file deletion vulnerability (os-solaris.rules)
 * 1:12082 <-> DISABLED <-> SERVER-ORACLE Oracle 9i TNS denial of service attempt (server-oracle.rules)
 * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12120 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - version check (pua-adware.rules)
 * 1:12121 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - udp info sent out (pua-adware.rules)
 * 1:12122 <-> DISABLED <-> PUA-TOOLBARS Trackware spynova runtime detection (pua-toolbars.rules)
 * 1:12123 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - hijack ie (pua-adware.rules)
 * 1:12124 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - monitor and collect user info (pua-adware.rules)
 * 1:12125 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - hijack ie search assistant (pua-toolbars.rules)
 * 1:12126 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - collect user information (pua-toolbars.rules)
 * 1:12127 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - ads (pua-toolbars.rules)
 * 1:12128 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - init connection (malware-other.rules)
 * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules)
 * 1:12130 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules)
 * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules)
 * 1:12132 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules)
 * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules)
 * 1:12134 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules)
 * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules)
 * 1:12136 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules)
 * 1:12137 <-> DISABLED <-> MALWARE-OTHER Keylogger Keylogger king home 2.3 runtime detection (malware-other.rules)
 * 1:12138 <-> DISABLED <-> PUA-ADWARE Adware zamingo runtime detection (pua-adware.rules)
 * 1:12139 <-> DISABLED <-> MALWARE-OTHER Trackware stealth website logger 3.4 runtime detection (malware-other.rules)
 * 1:12140 <-> DISABLED <-> PUA-ADWARE Hijacker cnnic update outbound connection (pua-adware.rules)
 * 1:12141 <-> DISABLED <-> MALWARE-OTHER Keylogger logit v1.0 runtime detection (malware-other.rules)
 * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules)
 * 1:12143 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules)
 * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules)
 * 1:12145 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules)
 * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules)
 * 1:12147 <-> DISABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules)
 * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules)
 * 1:12149 <-> DISABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules)
 * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12151 <-> DISABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection (malware-backdoor.rules)
 * 1:12152 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - init connection (malware-backdoor.rules)
 * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12155 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12158 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12159 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - keylogging (malware-backdoor.rules)
 * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12162 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:12164 <-> DISABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:12209 <-> ENABLED <-> PUA-P2P P2PTv TVAnt udp traffic detected (pua-p2p.rules)
 * 1:12210 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP tracker connect traffic detected (pua-p2p.rules)
 * 1:12211 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP connection traffic detected (pua-p2p.rules)
 * 1:12220 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server long username buffer overflow attempt (server-other.rules)
 * 1:12224 <-> DISABLED <-> PUA-ADWARE Adware enbrowser snackman runtime detection (pua-adware.rules)
 * 1:12225 <-> DISABLED <-> PUA-TOOLBARS Adware zango2007 toolbar runtime detection (pua-toolbars.rules)
 * 1:12226 <-> DISABLED <-> MALWARE-OTHER Keylogger overspy runtime detection (malware-other.rules)
 * 1:12227 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - search (pua-toolbars.rules)
 * 1:12228 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (pua-toolbars.rules)
 * 1:12229 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules)
 * 1:12230 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool hippynotify 2.0 runtime detection (malware-tools.rules)
 * 1:12231 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules)
 * 1:12232 <-> DISABLED <-> PUA-ADWARE Adware errorsafe runtime detection (pua-adware.rules)
 * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules)
 * 1:12234 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules)
 * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules)
 * 1:12236 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules)
 * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules)
 * 1:12238 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules)
 * 1:12239 <-> DISABLED <-> MALWARE-BACKDOOR webcenter v1.0 Backdoor - init connection (malware-backdoor.rules)
 * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:12241 <-> DISABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12243 <-> DISABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12244 <-> DISABLED <-> MALWARE-BACKDOOR itadem trojan 3.0 runtime detection (malware-backdoor.rules)
 * 1:12245 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b3 runtime detection (malware-backdoor.rules)
 * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:12287 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - ebrss request (pua-toolbars.rules)
 * 1:12288 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - hijack ie searches (pua-toolbars.rules)
 * 1:12289 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - get updates (pua-toolbars.rules)
 * 1:12290 <-> DISABLED <-> PUA-ADWARE Hijacker newdotnet quick! search outbound connection (pua-adware.rules)
 * 1:12291 <-> DISABLED <-> PUA-TOOLBARS Trackware vmn toolbar runtime detection (pua-toolbars.rules)
 * 1:12292 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - hijack/search (pua-toolbars.rules)
 * 1:12293 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - get cfg info (pua-toolbars.rules)
 * 1:12294 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - counter (pua-toolbars.rules)
 * 1:12295 <-> DISABLED <-> PUA-ADWARE Hijacker 3search outbound connection - hijacking (pua-adware.rules)
 * 1:12296 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - update (pua-toolbars.rules)
 * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules)
 * 1:12298 <-> DISABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules)
 * 1:12299 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules)
 * 1:12300 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules)
 * 1:12303 <-> DISABLED <-> POLICY-SOCIAL Google Chat web client connection (policy-social.rules)
 * 1:12304 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger web client connection (policy-social.rules)
 * 1:12305 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client connection (policy-social.rules)
 * 1:12306 <-> DISABLED <-> POLICY-SOCIAL Microsoft Messenger web client connection (policy-social.rules)
 * 1:12357 <-> DISABLED <-> SERVER-OTHER Apple mDNSresponder excessive HTTP headers (server-other.rules)
 * 1:12359 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules)
 * 1:12361 <-> DISABLED <-> PUA-ADWARE Infostealer.Monstres outbound connection (pua-adware.rules)
 * 1:12363 <-> DISABLED <-> PUA-ADWARE Other-Technologies malware-stopper outbound connection (pua-adware.rules)
 * 1:12364 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - get cfg information (pua-toolbars.rules)
 * 1:12365 <-> DISABLED <-> PUA-ADWARE Hijacker proventactics 3.5 outbound connection - redirect searches (pua-adware.rules)
 * 1:12366 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - toolbar search function (pua-toolbars.rules)
 * 1:12367 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie searches (pua-adware.rules)
 * 1:12368 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie side search (pua-adware.rules)
 * 1:12369 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - collect user information (pua-adware.rules)
 * 1:12370 <-> DISABLED <-> PUA-TOOLBARS Hijacker imesh mediabar runtime detection - auto update (pua-toolbars.rules)
 * 1:12372 <-> DISABLED <-> MALWARE-OTHER Keylogger mg-shadow 2.0 runtime detection (malware-other.rules)
 * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:12374 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules)
 * 1:12376 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules)
 * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules)
 * 1:12378 <-> DISABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules)
 * 1:12379 <-> DISABLED <-> MALWARE-OTHER Keylogger PaqKeylogger 5.1 runtime detection - ftp (malware-other.rules)
 * 1:12390 <-> DISABLED <-> POLICY-SOCIAL Yahoo Webmail client chat applet (policy-social.rules)
 * 1:12391 <-> DISABLED <-> POLICY-SOCIAL Google Webmail client chat applet (policy-social.rules)
 * 1:12421 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long transport header (server-other.rules)
 * 1:12422 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long describe request exploit attempt (server-other.rules)
 * 1:12425 <-> DISABLED <-> PUA-P2P Ruckus P2P client activity (pua-p2p.rules)
 * 1:12426 <-> DISABLED <-> PUA-P2P Ruckus P2P broadcast domain probe (pua-p2p.rules)
 * 1:12427 <-> DISABLED <-> PUA-P2P Ruckus P2P encrypted authentication connection (pua-p2p.rules)
 * 1:12436 <-> DISABLED <-> POLICY-MULTIMEDIA Youtube video player file request (policy-multimedia.rules)
 * 1:12437 <-> DISABLED <-> POLICY-MULTIMEDIA Google video player request (policy-multimedia.rules)
 * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules)
 * 1:12457 <-> DISABLED <-> POLICY-SOCIAL Microsoft Live chat video feed initiation (policy-social.rules)
 * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules)
 * 1:12464 <-> DISABLED <-> PROTOCOL-NNTP cancel overflow attempt (protocol-nntp.rules)
 * 1:12465 <-> DISABLED <-> SERVER-APACHE Apache APR memory corruption attempt (server-apache.rules)
 * 1:12480 <-> ENABLED <-> MALWARE-OTHER Keylogger inside website logger 2.4 runtime detection (malware-other.rules)
 * 1:12481 <-> DISABLED <-> PUA-TOOLBARS Hijacker 411web toolbar runtime detection (pua-toolbars.rules)
 * 1:12483 <-> DISABLED <-> PUA-ADWARE Other-Technologies virusprotectpro 3.7 outbound connection (pua-adware.rules)
 * 1:12484 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - ads for members (pua-adware.rules)
 * 1:12485 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - random text ads (pua-adware.rules)
 * 1:12486 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - get weather information (pua-toolbars.rules)
 * 1:12487 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (pua-toolbars.rules)
 * 1:12593 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Apple Quicktime chrome exploit (browser-firefox.rules)
 * 1:12594 <-> DISABLED <-> SERVER-OTHER Oracle TNS Service_CurLoad command (server-other.rules)
 * 1:12597 <-> DISABLED <-> SERVER-OTHER utf8 filename transfer attempt (server-other.rules)
 * 1:12608 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp request (protocol-rpc.rules)
 * 1:12609 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp format string attack attempt (protocol-rpc.rules)
 * 1:12611 <-> DISABLED <-> POLICY-SOCIAL ebuddy.com login attempt (policy-social.rules)
 * 1:12619 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange ical/vcal malformed property (server-mail.rules)
 * 1:12620 <-> DISABLED <-> PUA-ADWARE Adware drive cleaner 1.0.111 runtime detection (pua-adware.rules)
 * 1:12621 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection (pua-toolbars.rules)
 * 1:12622 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection - file download (pua-toolbars.rules)
 * 1:12623 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection (pua-adware.rules)
 * 1:12624 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection - upgrade (pua-adware.rules)
 * 1:12625 <-> DISABLED <-> MALWARE-OTHER Keylogger windows family safety 2.0 runtime detection (malware-other.rules)
 * 1:12626 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12652 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - hijack browser (pua-adware.rules)
 * 1:12653 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - download code (pua-adware.rules)
 * 1:12654 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - hijack browser (pua-adware.rules)
 * 1:12655 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - download updates (pua-adware.rules)
 * 1:12656 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 1 (pua-adware.rules)
 * 1:12657 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 2 (pua-adware.rules)
 * 1:12658 <-> DISABLED <-> PUA-ADWARE Adware winantivirus pro 2007 runtime detection (pua-adware.rules)
 * 1:12659 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - automatic updates (pua-adware.rules)
 * 1:12660 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - download redirect domains (pua-adware.rules)
 * 1:12672 <-> DISABLED <-> PUA-TOOLBARS Trackware searchmiracle elitebar runtime detection - get ads (pua-toolbars.rules)
 * 1:12675 <-> DISABLED <-> MALWARE-BACKDOOR Versi TheTheef Detection (malware-backdoor.rules)
 * 1:12676 <-> DISABLED <-> PUA-ADWARE Conspy Update Checking Detected (pua-adware.rules)
 * 1:12677 <-> DISABLED <-> PUA-ADWARE Adware ISTBar runtime detection - softwares (pua-adware.rules)
 * 1:12678 <-> DISABLED <-> PUA-ADWARE SpyTech Realtime Spy Detection (pua-adware.rules)
 * 1:12679 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar user-agent detection (pua-toolbars.rules)
 * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules)
 * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules)
 * 1:12684 <-> DISABLED <-> MALWARE-BACKDOOR Sygate Remote Administration Engine (malware-backdoor.rules)
 * 1:12686 <-> DISABLED <-> POLICY-SOCIAL AIM Express usage (policy-social.rules)
 * 1:12691 <-> DISABLED <-> PUA-P2P Outbound Joltid PeerEnabler traffic detected (pua-p2p.rules)
 * 1:12693 <-> DISABLED <-> PUA-ADWARE Hijacker personalweb outbound connection (pua-adware.rules)
 * 1:12694 <-> DISABLED <-> PUA-ADWARE Adware avsystemcare runtime detection (pua-adware.rules)
 * 1:12695 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - initial connection (pua-adware.rules)
 * 1:12696 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - automatic upgrade (pua-adware.rules)
 * 1:12697 <-> DISABLED <-> MALWARE-OTHER Trackware browser accelerator runtime detection - pass user information to server (malware-other.rules)
 * 1:12698 <-> DISABLED <-> MALWARE-OTHER Keylogger net vizo 5.2 runtime detection (malware-other.rules)
 * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12700 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12704 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer MIFFILE comment overflow (server-mail.rules)
 * 1:12705 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement overflow (server-mail.rules)
 * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules)
 * 1:12711 <-> DISABLED <-> SERVER-APACHE Apache Tomcat WebDAV system tag remote file disclosure attempt (server-apache.rules)
 * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules)
 * 1:12718 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - initial connection (pua-adware.rules)
 * 1:12719 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - hijacks search engine (pua-adware.rules)
 * 1:12720 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - update (pua-adware.rules)
 * 1:12721 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - purchase (pua-adware.rules)
 * 1:12722 <-> DISABLED <-> PUA-ADWARE Hijacker sexyvideoscreensaver outbound connection (pua-adware.rules)
 * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules)
 * 1:12725 <-> DISABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules)
 * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules)
 * 1:12727 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules)
 * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules)
 * 1:12759 <-> DISABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules)
 * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules)
 * 1:12761 <-> DISABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules)
 * 1:12789 <-> DISABLED <-> PUA-ADWARE Adware sunshine spy 1.0 runtime detection - check update (pua-adware.rules)
 * 1:12790 <-> DISABLED <-> MALWARE-OTHER Trackware partypoker runtime detection (malware-other.rules)
 * 1:12791 <-> DISABLED <-> PUA-TOOLBARS Adware gophoria toolbar runtime detection (pua-toolbars.rules)
 * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules)
 * 1:12793 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules)
 * 1:12794 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - search frauddb process (pua-adware.rules)
 * 1:12795 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - display frauddb information (pua-adware.rules)
 * 1:12796 <-> DISABLED <-> PUA-TOOLBARS Trackware happytofind toolbar runtime detection (pua-toolbars.rules)
 * 1:12797 <-> DISABLED <-> PUA-ADWARE Adware x-con spyware destroyer eh 3.2.8 runtime detection (pua-adware.rules)
 * 1:12801 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules)
 * 1:12808 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt (netbios.rules)
 * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules)
 * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules)
 * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules)
 * 1:13237 <-> DISABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules)
 * 1:13238 <-> DISABLED <-> PUA-ADWARE Adware adult p2p 1.5 runtime detection (pua-adware.rules)
 * 1:13239 <-> DISABLED <-> PUA-TOOLBARS Hijacker blue wave adult links toolbar runtime detection (pua-toolbars.rules)
 * 1:13240 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - redirects to purchase page (pua-adware.rules)
 * 1:13241 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - application updates (pua-adware.rules)
 * 1:13242 <-> DISABLED <-> PUA-ADWARE Adware netpumper 1.26 runtime detection (pua-adware.rules)
 * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules)
 * 1:13244 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules)
 * 1:13246 <-> DISABLED <-> MALWARE-BACKDOOR troya 1.4 inbound connection (malware-backdoor.rules)
 * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13277 <-> DISABLED <-> PUA-ADWARE Adware netword agent runtime detection (pua-adware.rules)
 * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules)
 * 1:13279 <-> DISABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules)
 * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules)
 * 1:13281 <-> DISABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules)
 * 1:13282 <-> DISABLED <-> PUA-TOOLBARS Adware jily ie toolbar runtime detection (pua-toolbars.rules)
 * 1:13283 <-> DISABLED <-> PUA-ADWARE Hijacker dreambar outbound connection (pua-adware.rules)
 * 1:13284 <-> DISABLED <-> PUA-ADWARE Adware netguarder web cleaner runtime detection (pua-adware.rules)
 * 1:13285 <-> DISABLED <-> PUA-ADWARE Hijacker phazebar outbound connection (pua-adware.rules)
 * 1:13286 <-> DISABLED <-> PUA-ADWARE Adware 3wplayer 1.7 runtime detection (pua-adware.rules)
 * 1:13339 <-> DISABLED <-> PUA-TOOLBARS Hijacker direct toolbar runtime detection (pua-toolbars.rules)
 * 1:13340 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - hijack ie searches and error pages (pua-adware.rules)
 * 1:13341 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - popup ads (pua-adware.rules)
 * 1:13342 <-> DISABLED <-> PUA-TOOLBARS Hijacker ditto toolbar runtime detection (pua-toolbars.rules)
 * 1:13343 <-> DISABLED <-> PUA-ADWARE Adware 2005-search loader runtime detection (pua-adware.rules)
 * 1:13344 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - presale request (pua-adware.rules)
 * 1:13345 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - update (pua-adware.rules)
 * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules)
 * 1:13347 <-> DISABLED <-> PUA-ADWARE Snoopware remote desktop inspector runtime detection - init connection (pua-adware.rules)
 * 1:13357 <-> DISABLED <-> SERVER-MYSQL failed Oracle Mysql login attempt (server-mysql.rules)
 * 1:13358 <-> DISABLED <-> SERVER-MYSQL Oracle Mysql login attempt from unauthorized location (server-mysql.rules)
 * 1:13359 <-> DISABLED <-> APP-DETECT failed IMAP login attempt - invalid username/password (app-detect.rules)
 * 1:13360 <-> DISABLED <-> APP-DETECT failed FTP login attempt (app-detect.rules)
 * 1:13367 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss GetPrinterData attempt (netbios.rules)
 * 1:13415 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules)
 * 1:13477 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt - compressed (file-pdf.rules)
 * 1:13478 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules)
 * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules)
 * 1:13480 <-> DISABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules)
 * 1:13481 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - hijacks search engine (pua-toolbars.rules)
 * 1:13482 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - discloses information (pua-toolbars.rules)
 * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:13484 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:13485 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - hijacks search engine (pua-toolbars.rules)
 * 1:13486 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - records search information (pua-toolbars.rules)
 * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (pua-adware.rules)
 * 1:13488 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - automatic upgrade (pua-toolbars.rules)
 * 1:13489 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - traffic for searching (pua-toolbars.rules)
 * 1:13490 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - presale request (pua-adware.rules)
 * 1:13491 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - update (pua-adware.rules)
 * 1:13492 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - redirects search engine (pua-toolbars.rules)
 * 1:13493 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - automatic update (pua-toolbars.rules)
 * 1:13494 <-> DISABLED <-> MALWARE-OTHER Keylogger smart pc Keylogger runtime detection (malware-other.rules)
 * 1:13495 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (pua-toolbars.rules)
 * 1:13496 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (pua-toolbars.rules)
 * 1:13497 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - tracking traffic (pua-toolbars.rules)
 * 1:13498 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 1 (pua-adware.rules)
 * 1:13499 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 2 (pua-adware.rules)
 * 1:13500 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - log information (pua-adware.rules)
 * 1:13501 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - presale request (pua-adware.rules)
 * 1:13502 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - update (pua-adware.rules)
 * 1:13503 <-> DISABLED <-> PUA-TOOLBARS Hijacker dealio toolbar runtime detection user-agent detected (pua-toolbars.rules)
 * 1:13504 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - presale request (pua-adware.rules)
 * 1:13505 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - update (pua-adware.rules)
 * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules)
 * 1:13556 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 1 (pua-adware.rules)
 * 1:13557 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 2 (pua-adware.rules)
 * 1:13558 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - log user info (pua-adware.rules)
 * 1:13559 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - initial connection (pua-toolbars.rules)
 * 1:13560 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - search traffic (pua-toolbars.rules)
 * 1:13561 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - presale request (pua-adware.rules)
 * 1:13562 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - update request (pua-adware.rules)
 * 1:13563 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - presale request (pua-adware.rules)
 * 1:13564 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - update status (pua-adware.rules)
 * 1:13565 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - initial traffic (pua-adware.rules)
 * 1:13566 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - message dialog (pua-adware.rules)
 * 1:13567 <-> DISABLED <-> MALWARE-OTHER Keylogger msn spy monitor runtime detection (malware-other.rules)
 * 1:13568 <-> DISABLED <-> MALWARE-OTHER Keylogger sys keylog 1.3 advanced runtime detection (malware-other.rules)
 * 1:13586 <-> DISABLED <-> APP-DETECT SSH server detected on non-standard port (app-detect.rules)
 * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:13594 <-> DISABLED <-> OS-WINDOWS Microsoft Windows print spooler little endian DoS attempt (os-windows.rules)
 * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules)
 * 1:13614 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules)
 * 1:13615 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules)
 * 1:13616 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow (server-other.rules)
 * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules)
 * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules)
 * 1:13620 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service alternate buffer overflow attempt (server-other.rules)
 * 1:13632 <-> DISABLED <-> SERVER-OTHER Zango adware installation request (server-other.rules)
 * 1:13635 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - get malicious link (pua-adware.rules)
 * 1:13636 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - download malicious link (pua-adware.rules)
 * 1:13637 <-> DISABLED <-> PUA-ADWARE Adware virus heat runtime detection - presale request (pua-adware.rules)
 * 1:13639 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - connection to toolbar (pua-toolbars.rules)
 * 1:13640 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - hijacks address bar (pua-toolbars.rules)
 * 1:13641 <-> DISABLED <-> PUA-TOOLBARS Hijacker eclickz toolbar runtime detection - search traffic (pua-toolbars.rules)
 * 1:13642 <-> DISABLED <-> MALWARE-OTHER Keylogger easy Keylogger runtime detection (malware-other.rules)
 * 1:13643 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - toolbar traffic (pua-toolbars.rules)
 * 1:13644 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - search traffic (pua-toolbars.rules)
 * 1:13645 <-> DISABLED <-> PUA-TOOLBARS Hijacker mxs toolbar runtime detection (pua-toolbars.rules)
 * 1:13646 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - presale request (pua-adware.rules)
 * 1:13647 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - error report request (pua-adware.rules)
 * 1:13648 <-> DISABLED <-> PUA-ADWARE Hijacker mysearch bar 2.0.2.28 runtime detection (pua-adware.rules)
 * 1:13649 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - presale request (pua-adware.rules)
 * 1:13650 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - auto updates (pua-adware.rules)
 * 1:13651 <-> DISABLED <-> MALWARE-OTHER Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (malware-other.rules)
 * 1:13652 <-> DISABLED <-> PUA-ADWARE Keylogger all in one Keylogger runtime detection (pua-adware.rules)
 * 1:13653 <-> DISABLED <-> PUA-ADWARE Adware cashfiesta adbar runtime detection - updates traffic (pua-adware.rules)
 * 1:13694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long get request exploit attempt (server-other.rules)
 * 1:13695 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long setup request exploit attempt (server-other.rules)
 * 1:13697 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - alternate port (policy-other.rules)
 * 1:13698 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - second alternate port (policy-other.rules)
 * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules)
 * 1:13762 <-> DISABLED <-> PUA-ADWARE Adware system defender runtime detection (pua-adware.rules)
 * 1:13764 <-> DISABLED <-> PUA-ADWARE Snoopware xpress remote outbound connection - init connection (pua-adware.rules)
 * 1:13765 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - presale request (pua-adware.rules)
 * 1:13766 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - auto update (pua-adware.rules)
 * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules)
 * 1:13768 <-> DISABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules)
 * 1:13769 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - hijacks address bar (pua-toolbars.rules)
 * 1:13770 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - redirects search function (pua-toolbars.rules)
 * 1:13771 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (pua-toolbars.rules)
 * 1:13772 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (pua-toolbars.rules)
 * 1:13774 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #1 (pua-adware.rules)
 * 1:13775 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #2 (pua-adware.rules)
 * 1:13776 <-> DISABLED <-> MALWARE-OTHER Trackware syscleaner runtime detection - presale traffic (malware-other.rules)
 * 1:13778 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb employee monitor runtime detection (malware-other.rules)
 * 1:13779 <-> DISABLED <-> PUA-TOOLBARS Trackware proofile toolbar runtime detection (pua-toolbars.rules)
 * 1:13780 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - automatic updates (pua-toolbars.rules)
 * 1:13781 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - hijacks address bar (pua-toolbars.rules)
 * 1:13791 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13808 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - presale request (pua-adware.rules)
 * 1:13809 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - update request (pua-adware.rules)
 * 1:13810 <-> DISABLED <-> PUA-ADWARE Trickler Adware.Win32.Ejik runtime detection - udp payload (pua-adware.rules)
 * 1:13811 <-> DISABLED <-> PUA-ADWARE Adware xp antivirus runtime detection (pua-adware.rules)
 * 1:13812 <-> DISABLED <-> MALWARE-OTHER Keylogger refog Keylogger runtime detection (malware-other.rules)
 * 1:13813 <-> DISABLED <-> PUA-ADWARE Trickler mm.exe outbound connection (pua-adware.rules)
 * 1:13840 <-> DISABLED <-> SERVER-OTHER Borland Interbase service attach operation buffer overflow (server-other.rules)
 * 1:13841 <-> DISABLED <-> SERVER-OTHER Borland Interbase create operation buffer overflow (server-other.rules)
 * 1:13842 <-> DISABLED <-> SERVER-OTHER Borland Interbase operation buffer overflow (server-other.rules)
 * 1:13844 <-> DISABLED <-> SERVER-MAIL BDAT size longer than contents exploit attempt (server-mail.rules)
 * 1:13845 <-> DISABLED <-> SERVER-MAIL BDAT size public exploit attempt (server-mail.rules)
 * 1:13847 <-> DISABLED <-> PUA-ADWARE Adware phoenician casino runtime detection (pua-adware.rules)
 * 1:13848 <-> DISABLED <-> PUA-ADWARE Trickler zwinky runtime detection (pua-adware.rules)
 * 1:13849 <-> DISABLED <-> PUA-ADWARE Hijacker rcse 4.4 outbound connection - hijack ie browser (pua-adware.rules)
 * 1:13850 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - popup ads (pua-adware.rules)
 * 1:13851 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - upgrade (pua-adware.rules)
 * 1:13852 <-> DISABLED <-> PUA-ADWARE Hijacker bitroll 5.0 outbound connection (pua-adware.rules)
 * 1:13853 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - weather request (pua-toolbars.rules)
 * 1:13854 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - auto update (pua-toolbars.rules)
 * 1:13861 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client avatar control (policy-social.rules)
 * 1:13862 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client item information download (policy-social.rules)
 * 1:13863 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client successful login (policy-social.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules)
 * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules)
 * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules)
 * 1:13868 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - start fake scanning (pua-adware.rules)
 * 1:13869 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - sale/register request (pua-adware.rules)
 * 1:13870 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - init conn (pua-adware.rules)
 * 1:13871 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - ads (pua-adware.rules)
 * 1:13872 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - notice (pua-adware.rules)
 * 1:13873 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - underground traffic (pua-adware.rules)
 * 1:13874 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - order request (pua-adware.rules)
 * 1:13875 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - auto update (pua-adware.rules)
 * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules)
 * 1:13899 <-> DISABLED <-> APP-DETECT Apple iTunes client login attempt (app-detect.rules)
 * 1:13900 <-> DISABLED <-> APP-DETECT Apple iTunes server multicast DNS response (app-detect.rules)
 * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:13923 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP HELO command denial of service attempt (server-mail.rules)
 * 1:13930 <-> DISABLED <-> PUA-ADWARE Trickler pc privacy cleaner outbound connection - order/register request (pua-adware.rules)
 * 1:13933 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules)
 * 1:13937 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - call home (pua-adware.rules)
 * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules)
 * 1:13939 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - auto update (pua-adware.rules)
 * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules)
 * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules)
 * 1:13970 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules)
 * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:13987 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:13988 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:13989 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:13991 <-> DISABLED <-> SQL xp_regaddmultistring attempt (sql.rules)
 * 1:13992 <-> DISABLED <-> SQL xp_regdeletevalue attempt (sql.rules)
 * 1:13993 <-> DISABLED <-> SQL xp_regenumkeys attempt (sql.rules)
 * 1:13994 <-> DISABLED <-> SQL xp_regenumvalues attempt (sql.rules)
 * 1:13995 <-> DISABLED <-> SQL xp_regremovemultistring attempt (sql.rules)
 * 1:13996 <-> DISABLED <-> SQL xp_servicecontrol attempt (sql.rules)
 * 1:13997 <-> DISABLED <-> SQL xp_loginconfig attempt (sql.rules)
 * 1:13998 <-> DISABLED <-> SQL xp_terminate_process attempt (sql.rules)
 * 1:14008 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:14019 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules)
 * 1:14020 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules)
 * 1:14054 <-> DISABLED <-> PUA-ADWARE Adware AdwareALERT runtime detection - auto update (pua-adware.rules)
 * 1:14055 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - hijack ie auto search (pua-toolbars.rules)
 * 1:14056 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - get news info (pua-toolbars.rules)
 * 1:14058 <-> DISABLED <-> PUA-ADWARE Hijacker cpush 2 outbound connection - pass info to controlling server (pua-adware.rules)
 * 1:14061 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - order/register request (pua-adware.rules)
 * 1:14062 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - auto update (pua-adware.rules)
 * 1:14063 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - hijack ie searches (pua-adware.rules)
 * 1:14064 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - auto update (pua-adware.rules)
 * 1:14065 <-> DISABLED <-> MALWARE-OTHER Keylogger emptybase j runtime detection (malware-other.rules)
 * 1:14066 <-> DISABLED <-> PUA-ADWARE Adware winsecuredisc runtime detection (pua-adware.rules)
 * 1:14067 <-> DISABLED <-> PUA-ADWARE Adware swizzor runtime detection (pua-adware.rules)
 * 1:14068 <-> DISABLED <-> PUA-ADWARE Adware rond runtime detection (pua-adware.rules)
 * 1:14069 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - order request (pua-adware.rules)
 * 1:14070 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - self update (pua-adware.rules)
 * 1:14071 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #1 (pua-adware.rules)
 * 1:14072 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #2 (pua-adware.rules)
 * 1:14073 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - prompt download page (pua-adware.rules)
 * 1:14074 <-> DISABLED <-> MALWARE-OTHER Keylogger spybosspro 4.2 runtime detection (malware-other.rules)
 * 1:14075 <-> DISABLED <-> MALWARE-OTHER Keylogger ultimate Keylogger pro runtime detection (malware-other.rules)
 * 1:14076 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - hijack search (pua-adware.rules)
 * 1:14077 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - redirect search results (pua-adware.rules)
 * 1:14078 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - download malicous code (pua-adware.rules)
 * 1:14079 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious sites (pua-adware.rules)
 * 1:14080 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious server (pua-adware.rules)
 * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules)
 * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (protocol-scada.rules)
 * 1:14600 <-> DISABLED <-> SERVER-OTHER SAP Message Server Heap buffer overflow attempt (server-other.rules)
 * 1:14602 <-> DISABLED <-> SERVER-OTHER Borland Interbase open_marker_file overflow attempt (server-other.rules)
 * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules)
 * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules)
 * 1:14615 <-> DISABLED <-> SERVER-OTHER Oracle Java web console format string attempt (server-other.rules)
 * 1:14741 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Foundation Service NULL service authentication attempt (server-other.rules)
 * 1:14777 <-> DISABLED <-> PROTOCOL-DNS single byte encoded name response (protocol-dns.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:15071 <-> DISABLED <-> PROTOCOL-SCADA Modbus exception returned (protocol-scada.rules)
 * 1:15074 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 65 to 72 (protocol-scada.rules)
 * 1:15075 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 100 to 110 (protocol-scada.rules)
 * 1:15076 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils - too many outputs (protocol-scada.rules)
 * 1:15077 <-> DISABLED <-> PROTOCOL-SCADA Modbus read multiple coils - too many inputs (protocol-scada.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules)
 * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules)
 * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules)
 * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules)
 * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules)
 * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules)
 * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules)
 * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules)
 * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules)
 * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules)
 * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules)
 * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules)
 * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules)
 * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules)
 * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules)
 * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules)
 * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules)
 * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules)
 * 1:15144 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin vulnerable function attempt (server-mssql.rules)
 * 1:15150 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server login Authentication bypass attempt (pua-other.rules)
 * 1:15151 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server logout Authentication bypass attempt (pua-other.rules)
 * 1:15152 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup-index Authentication bypass attempt (pua-other.rules)
 * 1:15154 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server gif Authentication bypass attempt (pua-other.rules)
 * 1:15155 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server png Authentication bypass attempt (pua-other.rules)
 * 1:15156 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server serverdown Authentication bypass attempt (pua-other.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:15167 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cn dns query (indicator-compromise.rules)
 * 1:15168 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ru dns query (indicator-compromise.rules)
 * 1:15169 <-> DISABLED <-> POLICY-SOCIAL XBOX Live Kerberos authentication request (policy-social.rules)
 * 1:15170 <-> DISABLED <-> POLICY-SOCIAL XBOX Netflix client activity (policy-social.rules)
 * 1:15171 <-> DISABLED <-> POLICY-SOCIAL XBOX Marketplace http request (policy-social.rules)
 * 1:15172 <-> DISABLED <-> POLICY-SOCIAL XBOX avatar retrieval request (policy-social.rules)
 * 1:15183 <-> DISABLED <-> POLICY-SOCIAL Yahoo messenger http link transmission attempt (policy-social.rules)
 * 1:15184 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN messenger http link transmission attempt (policy-social.rules)
 * 1:15185 <-> DISABLED <-> APP-DETECT Nintendo Wii SSL Server Hello (app-detect.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15259 <-> DISABLED <-> PROTOCOL-DNS DNS root query traffic amplification attempt (protocol-dns.rules)
 * 1:15260 <-> DISABLED <-> PROTOCOL-DNS DNS root query response traffic amplification attempt (protocol-dns.rules)
 * 1:15292 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2006 (policy-social.rules)
 * 1:15293 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2008 (policy-social.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules)
 * 1:15363 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential obfuscated javascript eval unescape attack attempt (indicator-obfuscation.rules)
 * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15389 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write attempt (protocol-scada.rules)
 * 1:15390 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill attempt (protocol-scada.rules)
 * 1:15391 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area transfer attempt (protocol-scada.rules)
 * 1:15392 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area write attempt (protocol-scada.rules)
 * 1:15393 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area clear attempt (protocol-scada.rules)
 * 1:15394 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect attempt (protocol-scada.rules)
 * 1:15395 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear attempt (protocol-scada.rules)
 * 1:15396 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area write attempt (protocol-scada.rules)
 * 1:15397 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area clear attempt (protocol-scada.rules)
 * 1:15398 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RUN attempt (protocol-scada.rules)
 * 1:15399 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS STOP attempt (protocol-scada.rules)
 * 1:15400 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS clock write attempt (protocol-scada.rules)
 * 1:15401 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right acquire attempt (protocol-scada.rules)
 * 1:15402 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right forced acquire attempt (protocol-scada.rules)
 * 1:15403 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS single file write attempt (protocol-scada.rules)
 * 1:15404 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file delete attempt (protocol-scada.rules)
 * 1:15405 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset attempt (protocol-scada.rules)
 * 1:15406 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset cancel attempt (protocol-scada.rules)
 * 1:15407 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file memory write attempt (protocol-scada.rules)
 * 1:15408 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS data link table write attempt (protocol-scada.rules)
 * 1:15409 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RESET attempt (protocol-scada.rules)
 * 1:15410 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS name delete attempt (protocol-scada.rules)
 * 1:15411 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory card format attempt (protocol-scada.rules)
 * 1:15412 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write overflow attempt (protocol-scada.rules)
 * 1:15413 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill overflow attempt (protocol-scada.rules)
 * 1:15414 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt (protocol-scada.rules)
 * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules)
 * 1:15416 <-> DISABLED <-> CONTENT-REPLACE ICQ deny http proxy login (content-replace.rules)
 * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules)
 * 1:15418 <-> DISABLED <-> POLICY-SOCIAL AIM server certificate for encrypted login (policy-social.rules)
 * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules)
 * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules)
 * 1:15435 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server consumer name handling denial of service attempt (server-other.rules)
 * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules)
 * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules)
 * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules)
 * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules)
 * 1:15442 <-> DISABLED <-> SERVER-MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt (server-mysql.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15448 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules)
 * 1:15456 <-> DISABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt  (server-other.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15470 <-> DISABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt  (file-executable.rules)
 * 1:15475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ISA Server cross-site scripting attempt (os-windows.rules)
 * 1:15476 <-> DISABLED <-> PUA-ADWARE Waledac spam bot HTTP POST request (pua-adware.rules)
 * 1:15480 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie record invalid version number exploit attempt (file-multimedia.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15487 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (file-multimedia.rules)
 * 1:15501 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (file-office.rules)
 * 1:15502 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (file-office.rules)
 * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules)
 * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15522 <-> DISABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt  (server-other.rules)
 * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules)
 * 1:15560 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client activity (policy-social.rules)
 * 1:15561 <-> DISABLED <-> POLICY-SOCIAL AOL Aimexpress web client login (policy-social.rules)
 * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules)
 * 1:15566 <-> DISABLED <-> PUA-ADWARE Gumblar HTTP GET request attempt (pua-adware.rules)
 * 1:15567 <-> DISABLED <-> PUA-ADWARE Martuz HTTP GET request attempt (pua-adware.rules)
 * 1:15568 <-> DISABLED <-> POLICY-SOCIAL AIM encrypted login attempt (policy-social.rules)
 * 1:15569 <-> DISABLED <-> POLICY-SOCIAL Yahoo encrypted login attempt (policy-social.rules)
 * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules)
 * 1:15572 <-> DISABLED <-> SERVER-OTHER Curse of Silence Nokia SMS DoS attempt (server-other.rules)
 * 1:15574 <-> DISABLED <-> SERVER-MAIL MAIL FROM command overflow attempt (server-mail.rules)
 * 1:15576 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client login (policy-social.rules)
 * 1:15577 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client activity (policy-social.rules)
 * 1:15578 <-> DISABLED <-> MALWARE-TOOLS Slowloris http DoS tool (malware-tools.rules)
 * 1:15579 <-> DISABLED <-> SERVER-OTHER Squid NTLM fakeauth_auth Helper denial of service attempt (server-other.rules)
 * 1:15581 <-> DISABLED <-> SERVER-SAMBA Samba wildcard filename matching denial of service attempt (server-samba.rules)
 * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15583 <-> DISABLED <-> FILE-OTHER F-Secure AntiVirus library heap overflow attempt (file-other.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15680 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (os-windows.rules)
 * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt  (server-other.rules)
 * 1:15699 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15713 <-> DISABLED <-> PROTOCOL-SCADA DNP3 device trouble (protocol-scada.rules)
 * 1:15714 <-> DISABLED <-> PROTOCOL-SCADA DNP3 corrupt configuration (protocol-scada.rules)
 * 1:15715 <-> DISABLED <-> PROTOCOL-SCADA DNP3 event buffer overflow error (protocol-scada.rules)
 * 1:15716 <-> DISABLED <-> PROTOCOL-SCADA DNP3 parameter error (protocol-scada.rules)
 * 1:15717 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unknown object error (protocol-scada.rules)
 * 1:15718 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unsupported function code error (protocol-scada.rules)
 * 1:15719 <-> DISABLED <-> PROTOCOL-SCADA DNP3 link service not supported (protocol-scada.rules)
 * 1:15728 <-> DISABLED <-> FILE-PDF Possible Adobe Acrobat Reader ActionScript byte_array heap spray attempt (file-pdf.rules)
 * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15873 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location spoofing attempt via invalid window.open characters (browser-firefox.rules)
 * 1:15882 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules)
 * 1:15883 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x01 command buffer overflow attempt (server-other.rules)
 * 1:15884 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x02 command buffer overflow attempt (server-other.rules)
 * 1:15885 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x03 command buffer overflow attempt (server-other.rules)
 * 1:15886 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x04 command buffer overflow attempt (server-other.rules)
 * 1:15887 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x05 command buffer overflow attempt (server-other.rules)
 * 1:15888 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x31 command buffer overflow attempt (server-other.rules)
 * 1:15889 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x32 command buffer overflow attempt (server-other.rules)
 * 1:15890 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x33 command buffer overflow attempt (server-other.rules)
 * 1:15891 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x34 command buffer overflow attempt (server-other.rules)
 * 1:15892 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x53 command denial of service attempt (server-other.rules)
 * 1:15893 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15903 <-> DISABLED <-> INDICATOR-SHELLCODE x86 PoC CVE-2003-0605 (indicator-shellcode.rules)
 * 1:15913 <-> DISABLED <-> OS-WINDOWS Microsoft Windows javascript arguments keyword override rce attempt (os-windows.rules)
 * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15932 <-> DISABLED <-> PROTOCOL-FTP LIST globbing denial of service attack (protocol-ftp.rules)
 * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules)
 * 1:15935 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 192.168/16 address detected (protocol-dns.rules)
 * 1:15936 <-> DISABLED <-> SERVER-MAIL Sendmail identd command parsing vulnerability (server-mail.rules)
 * 1:15937 <-> DISABLED <-> SERVER-OTHER protos h323 buffer overflow (server-other.rules)
 * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules)
 * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:15963 <-> DISABLED <-> OS-LINUX Red Hat Enterprise Linux DNS resolver buffer overflow attempt (os-linux.rules)
 * 1:15964 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange OWA XSS and spoofing attempt (server-mail.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:15967 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt (server-other.rules)
 * 1:15969 <-> DISABLED <-> SERVER-OTHER Symantec Multiple Products ISAKMPd denial of service attempt (server-other.rules)
 * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:15979 <-> DISABLED <-> SERVER-OTHER Check Point VPN-1 ASN.1 Decoding heap overflow attempt (server-other.rules)
 * 1:15980 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl hook functions format string attempt (server-apache.rules)
 * 1:15981 <-> DISABLED <-> FILE-OTHER zlib Denial of Service (file-other.rules)
 * 1:15983 <-> DISABLED <-> SERVER-SAMBA Samba arbitrary file access exploit attempt (server-samba.rules)
 * 1:15984 <-> DISABLED <-> SERVER-SAMBA Samba Printer Change Notification Request DoS attempt (server-samba.rules)
 * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules)
 * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules)
 * 1:15988 <-> DISABLED <-> OS-WINDOWS Microsoft ISA Server DNS spoofing attempt (os-windows.rules)
 * 1:15989 <-> DISABLED <-> SERVER-OTHER Squid ASN.1 header parsing denial of service attempt (server-other.rules)
 * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16025 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP service SPF lookup buffer overflow attempt (server-mail.rules)
 * 1:16038 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (browser-firefox.rules)
 * 1:16040 <-> DISABLED <-> SERVER-OTHER SpamAssassin spamd vpopmail and paranoid options code execution attempt (server-other.rules)
 * 1:16044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox CSS Letter-Spacing overflow attempt (browser-firefox.rules)
 * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules)
 * 1:16053 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules)
 * 1:16057 <-> DISABLED <-> SERVER-MAIL Sendmail smtp timeout buffer overflow attempt (server-mail.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:16062 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XPM values section buffer overflow attempt (file-other.rules)
 * 1:16076 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability nfs exploit attempt (server-other.rules)
 * 1:16077 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability ftp exploit attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16092 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.delf.jwh runtime detection (malware-backdoor.rules)
 * 1:16114 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - hijack (pua-toolbars.rules)
 * 1:16115 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - search (pua-toolbars.rules)
 * 1:16116 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (malware-other.rules)
 * 1:16117 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules)
 * 1:16118 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - register request (pua-adware.rules)
 * 1:16119 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - daily update (pua-adware.rules)
 * 1:16120 <-> DISABLED <-> PUA-TOOLBARS Trackware 6sq toolbar runtime detection (pua-toolbars.rules)
 * 1:16121 <-> DISABLED <-> PUA-ADWARE Hijacker weatherstudio outbound connection (pua-adware.rules)
 * 1:16122 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - buy (pua-adware.rules)
 * 1:16123 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - update (pua-adware.rules)
 * 1:16125 <-> DISABLED <-> MALWARE-OTHER Keylogger spyyahoo v2.2 runtime detection (malware-other.rules)
 * 1:16126 <-> DISABLED <-> PUA-ADWARE Trickler virusremover 2008 outbound connection (pua-adware.rules)
 * 1:16127 <-> DISABLED <-> PUA-ADWARE Adware superiorads runtime detection (pua-adware.rules)
 * 1:16129 <-> DISABLED <-> MALWARE-OTHER Keylogger kamyab Keylogger v.3 runtime detection (malware-other.rules)
 * 1:16130 <-> DISABLED <-> MALWARE-OTHER Keylogger lord spy pro 1.4 runtime detection (malware-other.rules)
 * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules)
 * 1:16132 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #1 (malware-other.rules)
 * 1:16133 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #2 (malware-other.rules)
 * 1:16134 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - contacts remote server (pua-adware.rules)
 * 1:16135 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - purchase page (pua-adware.rules)
 * 1:16136 <-> DISABLED <-> PUA-ADWARE Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (pua-adware.rules)
 * 1:16137 <-> DISABLED <-> MALWARE-OTHER Keylogger cheat monitor runtime detection (malware-other.rules)
 * 1:16138 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (malware-tools.rules)
 * 1:16141 <-> DISABLED <-> SERVER-OTHER Kaspersky Online Scanner trojaned Dll download attempt (server-other.rules)
 * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:16153 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules)
 * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption  (file-executable.rules)
 * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt  (file-multimedia.rules)
 * 1:16157 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed ASF voice codec memory corruption attempt (os-windows.rules)
 * 1:16158 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules)
 * 1:16167 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer wrap denial of service attempt (os-windows.rules)
 * 1:16168 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 integer overflow denial of service attempt (os-windows.rules)
 * 1:16173 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt (file-pdf.rules)
 * 1:16174 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt (file-pdf.rules)
 * 1:16175 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.removeStateModel denial of service attempt (file-pdf.rules)
 * 1:16176 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.addStateModel remote corruption attempt (file-pdf.rules)
 * 1:16177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules)
 * 1:16178 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules)
 * 1:16179 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt  (file-executable.rules)
 * 1:16181 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI ASN.1 integer overflow attempt (os-windows.rules)
 * 1:16182 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt  (file-executable.rules)
 * 1:16183 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET MSIL CombineImpl suspicious usage attempt (file-executable.rules)
 * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:16185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ compressed TIFF file parsing remote code execution attempt (os-windows.rules)
 * 1:16186 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (file-image.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16220 <-> DISABLED <-> FILE-OTHER Adobe Shockwave director file malformed lcsr block memory corruption attempt (file-other.rules)
 * 1:16223 <-> DISABLED <-> FILE-OTHER Adobe Shockwave tSAC pointer overwrite attempt (file-other.rules)
 * 1:16224 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes invalid tref box exploit attempt (file-multimedia.rules)
 * 1:16225 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash arbitrary memory access attempt (file-other.rules)
 * 1:16226 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules)
 * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt  (server-other.rules)
 * 1:16228 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules)
 * 1:16229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ib memory corruption attempt (file-office.rules)
 * 1:16233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (file-office.rules)
 * 1:16234 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:16235 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SXDB record exploit attempt (file-office.rules)
 * 1:16236 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules)
 * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt  (server-other.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file Window/Pane record exploit attempt (file-office.rules)
 * 1:16241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (file-office.rules)
 * 1:16244 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus runtime detection - purchase (pua-adware.rules)
 * 1:16245 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus install-timedetection (pua-adware.rules)
 * 1:16246 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - purchase request (pua-adware.rules)
 * 1:16247 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - block (pua-adware.rules)
 * 1:16248 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - start (pua-adware.rules)
 * 1:16249 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - pay (pua-adware.rules)
 * 1:16250 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules)
 * 1:16251 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules)
 * 1:16252 <-> DISABLED <-> PUA-ADWARE rogue software pro antispyware 2009 runtime detection - purchase (pua-adware.rules)
 * 1:16253 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16255 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16256 <-> DISABLED <-> PUA-ADWARE rogue software coreguard antivirus 2009 runtime detection (pua-adware.rules)
 * 1:16257 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - update (pua-adware.rules)
 * 1:16258 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - purchase (pua-adware.rules)
 * 1:16259 <-> DISABLED <-> PUA-ADWARE rogue software antivirusdoktor2009 runtime detection (pua-adware.rules)
 * 1:23090 <-> DISABLED <-> SERVER-OTHER known malicious SSL certificate derived from Microsoft CA detected (server-other.rules)
 * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules)
 * 1:23106 <-> ENABLED <-> EXPLOIT-KIT SET java applet load attempt (exploit-kit.rules)
 * 1:23107 <-> DISABLED <-> INDICATOR-COMPROMISE BeEF javascript hook.js download attempt (indicator-compromise.rules)
 * 1:23110 <-> DISABLED <-> FILE-IMAGE Microsoft Windows graphics rendering engine buffer overflow attempt (file-image.rules)
 * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules)
 * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules)
 * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules)
 * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules)
 * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules)
 * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules)
 * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules)
 * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules)
 * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules)
 * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
 * 1:23140 <-> DISABLED <-> FILE-PDF Unknown Malicious PDF - CreationDate (file-pdf.rules)
 * 1:23141 <-> ENABLED <-> EXPLOIT-KIT Fake transaction redirect page to exploit kit (exploit-kit.rules)
 * 1:23147 <-> ENABLED <-> EXPLOIT-KIT Suspicious taskkill script - StrReverse (exploit-kit.rules)
 * 1:23148 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Shell (exploit-kit.rules)
 * 1:23149 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Scripting.FileSystemObject (exploit-kit.rules)
 * 1:23160 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:23161 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - eval (indicator-obfuscation.rules)
 * 1:23166 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules)
 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23171 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory (indicator-compromise.rules)
 * 1:23173 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan command and control channel traffic (os-mobile.rules)
 * 1:23178 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (protocol-icmp.rules)
 * 1:23179 <-> DISABLED <-> INDICATOR-COMPROMISE script before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules)
 * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules)
 * 1:23217 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower javascript encoder (indicator-shellcode.rules)
 * 1:23226 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript error suppression routine (indicator-obfuscation.rules)
 * 1:23230 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules)
 * 1:23231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23239 <-> DISABLED <-> SERVER-OTHER Wireshark console.lua file load exploit attempt (server-other.rules)
 * 1:23246 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer url outbound connection - post install (pua-adware.rules)
 * 1:23247 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer outbound connection - post install (pua-adware.rules)
 * 1:23309 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules)
 * 1:23310 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules)
 * 1:23311 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules)
 * 1:23312 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules)
 * 1:23313 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules)
 * 1:23315 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for imeshare.dll over SMB attempt (file-office.rules)
 * 1:23316 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word imeshare.dll dll-load exploit attempt (file-office.rules)
 * 1:23318 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules)
 * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23323 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:23324 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:23325 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:23326 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:23327 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:23328 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:23329 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules)
 * 1:23338 <-> DISABLED <-> MALWARE-BACKDOOR Spindest.A runtime detection - initial connection (malware-backdoor.rules)
 * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules)
 * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23350 <-> DISABLED <-> MALWARE-OTHER potential clickjacking via css pointer-events attempt (malware-other.rules)
 * 1:23351 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:23356 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules)
 * 1:23357 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules)
 * 1:23358 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules)
 * 1:23359 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array parameter DoS attempt (server-other.rules)
 * 1:23360 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules)
 * 1:23361 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules)
 * 1:23362 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules)
 * 1:23369 <-> DISABLED <-> PUA-ADWARE Adware.Phono post infection download attempt (pua-adware.rules)
 * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules)
 * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules)
 * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules)
 * 1:23404 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper date header overflow attempt (server-mail.rules)
 * 1:23408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows large image resize denial of service attempt (os-windows.rules)
 * 1:23435 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon file attachment directory traversal attempt (server-mail.rules)
 * 1:23436 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules)
 * 1:23437 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules)
 * 1:23438 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell initialization attempt (indicator-compromise.rules)
 * 1:23439 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules)
 * 1:23440 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules)
 * 1:23441 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules)
 * 1:23442 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command injection attempt (indicator-compromise.rules)
 * 1:23443 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell failed remote command injection attempt (indicator-compromise.rules)
 * 1:23445 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox use-after free remote code execution attempt (browser-firefox.rules)
 * 1:23471 <-> DISABLED <-> BROWSER-CHROME Google Chrome net-internals uri fragment identifier XSS attempt (browser-chrome.rules)
 * 1:23472 <-> DISABLED <-> PUA-ADWARE FakeAV landing page request (pua-adware.rules)
 * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules)
 * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23478 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules)
 * 1:23479 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules)
 * 1:23481 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in setTimeout call (indicator-obfuscation.rules)
 * 1:23482 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in addEventListener call (indicator-obfuscation.rules)
 * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules)
 * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (indicator-compromise.rules)
 * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules)
 * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:23490 <-> DISABLED <-> FILE-MULTIMEDIA Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt (file-multimedia.rules)
 * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules)
 * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23513 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:23514 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:23515 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:23516 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:23525 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules)
 * 1:23531 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules)
 * 1:23532 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules)
 * 1:23533 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules)
 * 1:23540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules)
 * 1:23541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules)
 * 1:23542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules)
 * 1:23543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules)
 * 1:23557 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules)
 * 1:23564 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules)
 * 1:23578 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed ASF voice codec memory corruption attempt (file-other.rules)
 * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:23596 <-> DISABLED <-> INDICATOR-COMPROMISE iframe before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules)
 * 1:23601 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan default agent string (indicator-scan.rules)
 * 1:23602 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan Firefox agent string (indicator-scan.rules)
 * 1:23603 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan MSIE agent string (indicator-scan.rules)
 * 1:23604 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan iPhone agent string (indicator-scan.rules)
 * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules)
 * 1:23617 <-> DISABLED <-> APP-DETECT Amazon Kindle chrome-scriptable-plugin attempt (app-detect.rules)
 * 1:23618 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules)
 * 1:23620 <-> ENABLED <-> MALWARE-OTHER Malvertising network attempted redirect (malware-other.rules)
 * 1:23621 <-> DISABLED <-> INDICATOR-OBFUSCATION known packer routine with secondary obfuscation (indicator-obfuscation.rules)
 * 1:23624 <-> DISABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (server-other.rules)
 * 1:23625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox resource URL handling directory traversal attempt (browser-firefox.rules)
 * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules)
 * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:23702 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:23704 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules)
 * 1:23705 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules)
 * 1:23706 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules)
 * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:23713 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules)
 * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:23722 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detected (file-identify.rules)
 * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules)
 * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:23756 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules)
 * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:23768 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules)
 * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23779 <-> DISABLED <-> SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt (server-apache.rules)
 * 1:23798 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection page (malware-other.rules)
 * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23829 <-> DISABLED <-> INDICATOR-COMPROMISE Loaderz Web Shell (indicator-compromise.rules)
 * 1:23830 <-> DISABLED <-> INDICATOR-COMPROMISE Alsa3ek Web Shell (indicator-compromise.rules)
 * 1:23831 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules)
 * 1:23832 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules)
 * 1:23833 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection campaign - blackmuscat (malware-other.rules)
 * 1:23846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP freed memory write attempt (os-windows.rules)
 * 1:23851 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules)
 * 1:23852 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules)
 * 1:23863 <-> DISABLED <-> PUA-ADWARE LiveSecurityPlatinum.A outbound connection - initial connection (pua-adware.rules)
 * 1:23864 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules)
 * 1:23865 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules)
 * 1:23866 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:23867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:23868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:23869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:23870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:23871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:23874 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules)
 * 1:23875 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules)
 * 1:23881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23882 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23883 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules)
 * 1:23884 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules)
 * 1:23891 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23892 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23898 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules)
 * 1:23899 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules)
 * 1:23900 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules)
 * 1:23901 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules)
 * 1:23902 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules)
 * 1:23905 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23906 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23907 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23908 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23909 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23910 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23911 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23912 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23913 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23914 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23915 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23916 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23917 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23918 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23919 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23920 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23921 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23922 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23923 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23924 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23925 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23926 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23927 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23928 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23929 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23930 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23931 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23932 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23933 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23947 <-> DISABLED <-> SQL IBM System Storage DS storage manager profiler sql injection attempt (sql.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules)
 * 1:23954 <-> DISABLED <-> OS-MOBILE Android SMSZombie APK file download attempt (os-mobile.rules)
 * 1:23964 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules)
 * 1:23965 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules)
 * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules)
 * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules)
 * 1:23979 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:23980 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:23981 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:23982 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:23983 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:23990 <-> DISABLED <-> POLICY-SOCIAL Apple Messages client side certificate request attempt (policy-social.rules)
 * 1:23991 <-> DISABLED <-> POLICY-SOCIAL Apple Messages service server request attempt (policy-social.rules)
 * 1:23998 <-> DISABLED <-> SERVER-OTHER DHCP discover broadcast flood attempt (server-other.rules)
 * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:17277 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules)
 * 1:17278 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules)
 * 1:17319 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules)
 * 1:17320 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules)
 * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules)
 * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules)
 * 1:17417 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules)
 * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules)
 * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules)
 * 1:17503 <-> DISABLED <-> SERVER-MAIL MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN (server-mail.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17537 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules)
 * 1:17539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules)
 * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17754 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bookmark bound check remote code execution attempt (file-office.rules)
 * 1:17755 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules)
 * 1:17763 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GhostRw record exploit attempt (file-office.rules)
 * 1:17773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player Firefox plugin memory corruption attempt (file-multimedia.rules)
 * 1:17776 <-> DISABLED <-> FILE-JAVA Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (file-java.rules)
 * 1:17782 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers from external source (protocol-scada.rules)
 * 1:17783 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single register from external source (protocol-scada.rules)
 * 1:17784 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil from external source (protocol-scada.rules)
 * 1:17785 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils from external source (protocol-scada.rules)
 * 1:17786 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record from external source (protocol-scada.rules)
 * 1:17787 <-> DISABLED <-> PROTOCOL-SCADA Modbus read discrete inputs from external source (protocol-scada.rules)
 * 1:17788 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coils from external source (protocol-scada.rules)
 * 1:17789 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register from external source (protocol-scada.rules)
 * 1:17790 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers from external source (protocol-scada.rules)
 * 1:17791 <-> DISABLED <-> PROTOCOL-SCADA Modbus read/write multiple registers from external source (protocol-scada.rules)
 * 1:17792 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo queue from external source (protocol-scada.rules)
 * 1:17793 <-> DISABLED <-> PROTOCOL-SCADA Modbus read file record from external source (protocol-scada.rules)
 * 1:17794 <-> DISABLED <-> PROTOCOL-SCADA Modbus read exception status from external source (protocol-scada.rules)
 * 1:17795 <-> DISABLED <-> PROTOCOL-SCADA Modbus initiate diagnostic from external source (protocol-scada.rules)
 * 1:17796 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event counter from external source (protocol-scada.rules)
 * 1:17797 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event log from external source (protocol-scada.rules)
 * 1:17798 <-> DISABLED <-> PROTOCOL-SCADA Modbus report slave id from external source (protocol-scada.rules)
 * 1:17799 <-> DISABLED <-> PROTOCOL-SCADA Modbus read device identification from external source (protocol-scada.rules)
 * 1:17800 <-> DISABLED <-> PROTOCOL-SCADA Modbus mask write register from external source (protocol-scada.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules)
 * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules)
 * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules)
 * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules)
 * 1:17817 <-> DISABLED <-> SERVER-OTHER Thinkpoint fake antivirus binary download (server-other.rules)
 * 1:17918 <-> DISABLED <-> POLICY-SPAM aaof.onlinelewiss22r.ru known spam email attempt (policy-spam.rules)
 * 1:17919 <-> DISABLED <-> POLICY-SPAM akiq.onlinetommie54y.ru known spam email attempt (policy-spam.rules)
 * 1:17920 <-> DISABLED <-> POLICY-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (policy-spam.rules)
 * 1:17921 <-> DISABLED <-> POLICY-SPAM argue.medrayner44c.ru known spam email attempt (policy-spam.rules)
 * 1:17922 <-> DISABLED <-> POLICY-SPAM ava.refilleldredge89r.ru known spam email attempt (policy-spam.rules)
 * 1:17923 <-> DISABLED <-> POLICY-SPAM axoseb.medicdrugsxck.ru known spam email attempt (policy-spam.rules)
 * 1:17924 <-> DISABLED <-> POLICY-SPAM azo.onlinetommie54y.ru known spam email attempt (policy-spam.rules)
 * 1:17925 <-> DISABLED <-> POLICY-SPAM back.pharmroyce83b.ru known spam email attempt (policy-spam.rules)
 * 1:17926 <-> DISABLED <-> POLICY-SPAM by.pharmroyce83b.ru known spam email attempt (policy-spam.rules)
 * 1:17927 <-> DISABLED <-> POLICY-SPAM cardinals.refilldud86o.ru known spam email attempt (policy-spam.rules)
 * 1:17928 <-> DISABLED <-> POLICY-SPAM chemist.onlineruggiero33q.ru known spam email attempt (policy-spam.rules)
 * 1:17929 <-> DISABLED <-> POLICY-SPAM chula.pharmroyce83b.ru known spam email attempt (policy-spam.rules)
 * 1:17930 <-> DISABLED <-> POLICY-SPAM classification.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:17931 <-> DISABLED <-> POLICY-SPAM compensate.refilldud86o.ru known spam email attempt (policy-spam.rules)
 * 1:17932 <-> DISABLED <-> POLICY-SPAM cswjlxey.ru known spam email attempt (policy-spam.rules)
 * 1:17933 <-> DISABLED <-> POLICY-SPAM current.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:17934 <-> DISABLED <-> POLICY-SPAM cyacaz.pilltodd73p.ru known spam email attempt (policy-spam.rules)
 * 1:17935 <-> DISABLED <-> POLICY-SPAM deepcenter.ru known spam email attempt (policy-spam.rules)
 * 1:17936 <-> DISABLED <-> POLICY-SPAM delegate.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:17937 <-> DISABLED <-> POLICY-SPAM diet.medrayner44c.ru known spam email attempt (policy-spam.rules)
 * 1:17938 <-> DISABLED <-> POLICY-SPAM direct.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:17939 <-> DISABLED <-> POLICY-SPAM divyo.pillking74s.ru known spam email attempt (policy-spam.rules)
 * 1:17940 <-> DISABLED <-> POLICY-SPAM drugsgeorge65g.ru known spam email attempt (policy-spam.rules)
 * 1:17941 <-> DISABLED <-> POLICY-SPAM dux.erectnoll24k.ru known spam email attempt (policy-spam.rules)
 * 1:17942 <-> DISABLED <-> POLICY-SPAM dypoh.erectjefferey85n.ru known spam email attempt (policy-spam.rules)
 * 1:17943 <-> DISABLED <-> POLICY-SPAM eaihar.refilleldredge89r.ru known spam email attempt (policy-spam.rules)
 * 1:17944 <-> DISABLED <-> POLICY-SPAM eeez.onlinehamel83i.ru known spam email attempt (policy-spam.rules)
 * 1:17945 <-> DISABLED <-> POLICY-SPAM egi.refilleldredge89r.ru known spam email attempt (policy-spam.rules)
 * 1:17946 <-> DISABLED <-> POLICY-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (policy-spam.rules)
 * 1:17947 <-> DISABLED <-> POLICY-SPAM eka.onlinehamel83i.ru known spam email attempt (policy-spam.rules)
 * 1:17948 <-> DISABLED <-> POLICY-SPAM election.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:17949 <-> DISABLED <-> POLICY-SPAM elik.drugslevy46b.ru known spam email attempt (policy-spam.rules)
 * 1:17950 <-> DISABLED <-> POLICY-SPAM epeno.onlinelewiss22r.ru known spam email attempt (policy-spam.rules)
 * 1:17951 <-> DISABLED <-> POLICY-SPAM erectgodart30s.ru known spam email attempt (policy-spam.rules)
 * 1:17952 <-> DISABLED <-> POLICY-SPAM erol.camedicdrugsx.ru known spam email attempt (policy-spam.rules)
 * 1:17953 <-> DISABLED <-> POLICY-SPAM exa.drugslevy46b.ru known spam email attempt (policy-spam.rules)
 * 1:17954 <-> DISABLED <-> POLICY-SPAM eyu.onlinehamel83i.ru known spam email attempt (policy-spam.rules)
 * 1:17955 <-> DISABLED <-> POLICY-SPAM fashionchannel.ru known spam email attempt (policy-spam.rules)
 * 1:17956 <-> DISABLED <-> POLICY-SPAM fauxy.pillking74s.ru known spam email attempt (policy-spam.rules)
 * 1:17957 <-> DISABLED <-> POLICY-SPAM food.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:17958 <-> DISABLED <-> POLICY-SPAM generality.onlinehill21q.ru known spam email attempt (policy-spam.rules)
 * 1:17959 <-> DISABLED <-> POLICY-SPAM goyry.ramedicdrugsx.ru known spam email attempt (policy-spam.rules)
 * 1:17960 <-> DISABLED <-> POLICY-SPAM gueepa.erectnoll24k.ru known spam email attempt (policy-spam.rules)
 * 1:17961 <-> DISABLED <-> POLICY-SPAM has.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:17962 <-> DISABLED <-> POLICY-SPAM have.medrayner44c.ru known spam email attempt (policy-spam.rules)
 * 1:17963 <-> DISABLED <-> POLICY-SPAM headtest.ru known spam email attempt (policy-spam.rules)
 * 1:17964 <-> DISABLED <-> POLICY-SPAM huhuh.pilltodd73p.ru known spam email attempt (policy-spam.rules)
 * 1:17965 <-> DISABLED <-> POLICY-SPAM hyem.pilltodd73p.ru known spam email attempt (policy-spam.rules)
 * 1:17966 <-> DISABLED <-> POLICY-SPAM icysa.refilleldredge89r.ru known spam email attempt (policy-spam.rules)
 * 1:17967 <-> DISABLED <-> POLICY-SPAM iiy.refilleldredge89r.ru known spam email attempt (policy-spam.rules)
 * 1:17968 <-> DISABLED <-> POLICY-SPAM iki.onlinetommie54y.ru known spam email attempt (policy-spam.rules)
 * 1:17969 <-> DISABLED <-> POLICY-SPAM iner.medicdrugsxdl.ru known spam email attempt (policy-spam.rules)
 * 1:17970 <-> DISABLED <-> POLICY-SPAM in.onlinehill21q.ru known spam email attempt (policy-spam.rules)
 * 1:17971 <-> DISABLED <-> POLICY-SPAM intelpost.ru known spam email attempt (policy-spam.rules)
 * 1:17972 <-> DISABLED <-> POLICY-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (policy-spam.rules)
 * 1:17973 <-> DISABLED <-> POLICY-SPAM ipiig.drugslevy46b.ru known spam email attempt (policy-spam.rules)
 * 1:17974 <-> DISABLED <-> POLICY-SPAM iqor.pilltodd73p.ru known spam email attempt (policy-spam.rules)
 * 1:17975 <-> DISABLED <-> POLICY-SPAM is.medrayner44c.ru known spam email attempt (policy-spam.rules)
 * 1:17976 <-> DISABLED <-> POLICY-SPAM itaca.erectnoll24k.ru known spam email attempt (policy-spam.rules)
 * 1:17977 <-> DISABLED <-> POLICY-SPAM ive.pilltodd73p.ru known spam email attempt (policy-spam.rules)
 * 1:17978 <-> DISABLED <-> POLICY-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (policy-spam.rules)
 * 1:17979 <-> DISABLED <-> POLICY-SPAM iycyde.medicdrugsxco.ru known spam email attempt (policy-spam.rules)
 * 1:17980 <-> DISABLED <-> POLICY-SPAM iyw.refilleldredge89r.ru known spam email attempt (policy-spam.rules)
 * 1:17981 <-> DISABLED <-> POLICY-SPAM jaecoh.erectnoll24k.ru known spam email attempt (policy-spam.rules)
 * 1:17982 <-> DISABLED <-> POLICY-SPAM jael.pillking74s.ru known spam email attempt (policy-spam.rules)
 * 1:17983 <-> DISABLED <-> POLICY-SPAM jex.remedicdrugsx.ru known spam email attempt (policy-spam.rules)
 * 1:17984 <-> DISABLED <-> POLICY-SPAM john.onlinehill21q.ru known spam email attempt (policy-spam.rules)
 * 1:17985 <-> DISABLED <-> POLICY-SPAM joseph.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:17986 <-> DISABLED <-> POLICY-SPAM jyn.medicdrugsxdl.ru known spam email attempt (policy-spam.rules)
 * 1:17987 <-> DISABLED <-> POLICY-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (policy-spam.rules)
 * 1:17988 <-> DISABLED <-> POLICY-SPAM koosaf.erectnoll24k.ru known spam email attempt (policy-spam.rules)
 * 1:17989 <-> DISABLED <-> POLICY-SPAM lybah.pilltodd73p.ru known spam email attempt (policy-spam.rules)
 * 1:17990 <-> DISABLED <-> POLICY-SPAM manila.onlinephilbert42f.ru known spam email attempt (policy-spam.rules)
 * 1:17991 <-> DISABLED <-> POLICY-SPAM masa.erectjefferey85n.ru known spam email attempt (policy-spam.rules)
 * 1:17992 <-> DISABLED <-> POLICY-SPAM medpenny17j.ru known spam email attempt (policy-spam.rules)
 * 1:17993 <-> DISABLED <-> POLICY-SPAM minionspre.ru known spam email attempt (policy-spam.rules)
 * 1:17994 <-> DISABLED <-> POLICY-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (policy-spam.rules)
 * 1:17995 <-> DISABLED <-> POLICY-SPAM negotiations.refilldud86o.ru known spam email attempt (policy-spam.rules)
 * 1:17996 <-> DISABLED <-> POLICY-SPAM niqiv.erectjefferey85n.ru known spam email attempt (policy-spam.rules)
 * 1:17997 <-> DISABLED <-> POLICY-SPAM odimys.medicdrugsxlb.ru known spam email attempt (policy-spam.rules)
 * 1:17998 <-> DISABLED <-> POLICY-SPAM odoog.onlinelewiss22r.ru known spam email attempt (policy-spam.rules)
 * 1:17999 <-> DISABLED <-> POLICY-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (policy-spam.rules)
 * 1:18000 <-> DISABLED <-> POLICY-SPAM oeqio.erectnoll24k.ru known spam email attempt (policy-spam.rules)
 * 1:18001 <-> DISABLED <-> POLICY-SPAM of.onlinephilbert42f.ru known spam email attempt (policy-spam.rules)
 * 1:18002 <-> DISABLED <-> POLICY-SPAM of.refilldud86o.ru known spam email attempt (policy-spam.rules)
 * 1:18003 <-> DISABLED <-> POLICY-SPAM of.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:18004 <-> DISABLED <-> POLICY-SPAM oipek.onlinehamel83i.ru known spam email attempt (policy-spam.rules)
 * 1:18005 <-> DISABLED <-> POLICY-SPAM oji.medicdrugsxto.ru known spam email attempt (policy-spam.rules)
 * 1:18006 <-> DISABLED <-> POLICY-SPAM onotye.onlinelewiss22r.ru known spam email attempt (policy-spam.rules)
 * 1:18007 <-> DISABLED <-> POLICY-SPAM opy.erectjefferey85n.ru known spam email attempt (policy-spam.rules)
 * 1:18008 <-> DISABLED <-> POLICY-SPAM orderbuzz.ru known spam email attempt (policy-spam.rules)
 * 1:18009 <-> DISABLED <-> POLICY-SPAM ouu.almedicdrugsx.ru known spam email attempt (policy-spam.rules)
 * 1:18010 <-> DISABLED <-> POLICY-SPAM oxuc.pillking74s.ru known spam email attempt (policy-spam.rules)
 * 1:18011 <-> DISABLED <-> POLICY-SPAM pillrolfe64l.ru known spam email attempt (policy-spam.rules)
 * 1:18012 <-> DISABLED <-> POLICY-SPAM recently.refilldud86o.ru known spam email attempt (policy-spam.rules)
 * 1:18013 <-> DISABLED <-> POLICY-SPAM records.onlinephilbert42f.ru known spam email attempt (policy-spam.rules)
 * 1:18014 <-> DISABLED <-> POLICY-SPAM reobaj.onlinehamel83i.ru known spam email attempt (policy-spam.rules)
 * 1:18015 <-> DISABLED <-> POLICY-SPAM research.onlinehill21q.ru known spam email attempt (policy-spam.rules)
 * 1:18016 <-> DISABLED <-> POLICY-SPAM returning.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:18017 <-> DISABLED <-> POLICY-SPAM right.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:18018 <-> DISABLED <-> POLICY-SPAM riwaro.erectjefferey85n.ru known spam email attempt (policy-spam.rules)
 * 1:18019 <-> DISABLED <-> POLICY-SPAM ruuav.erectnoll24k.ru known spam email attempt (policy-spam.rules)
 * 1:18020 <-> DISABLED <-> POLICY-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (policy-spam.rules)
 * 1:18021 <-> DISABLED <-> POLICY-SPAM software-buyshop-7.ru known spam email attempt (policy-spam.rules)
 * 1:18022 <-> DISABLED <-> POLICY-SPAM specialyou.ru known spam email attempt (policy-spam.rules)
 * 1:18023 <-> DISABLED <-> POLICY-SPAM starring.pharmroyce83b.ru known spam email attempt (policy-spam.rules)
 * 1:18024 <-> DISABLED <-> POLICY-SPAM store-softwarebuy-7.ru known spam email attempt (policy-spam.rules)
 * 1:18025 <-> DISABLED <-> POLICY-SPAM sya.onlinehamel83i.ru known spam email attempt (policy-spam.rules)
 * 1:18026 <-> DISABLED <-> POLICY-SPAM tabdarin80s.ru known spam email attempt (policy-spam.rules)
 * 1:18027 <-> DISABLED <-> POLICY-SPAM tabgordan13n.ru known spam email attempt (policy-spam.rules)
 * 1:18028 <-> DISABLED <-> POLICY-SPAM tablangston19a.ru known spam email attempt (policy-spam.rules)
 * 1:18029 <-> DISABLED <-> POLICY-SPAM tabwebster77c.ru known spam email attempt (policy-spam.rules)
 * 1:18030 <-> DISABLED <-> POLICY-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (policy-spam.rules)
 * 1:18031 <-> DISABLED <-> POLICY-SPAM the.onlinehill21q.ru known spam email attempt (policy-spam.rules)
 * 1:18032 <-> DISABLED <-> POLICY-SPAM the.onlineruggiero33q.ru known spam email attempt (policy-spam.rules)
 * 1:18033 <-> DISABLED <-> POLICY-SPAM to.medrayner44c.ru known spam email attempt (policy-spam.rules)
 * 1:18034 <-> DISABLED <-> POLICY-SPAM trails.pharmroyce83b.ru known spam email attempt (policy-spam.rules)
 * 1:18035 <-> DISABLED <-> POLICY-SPAM trusting-me.ru known spam email attempt (policy-spam.rules)
 * 1:18036 <-> DISABLED <-> POLICY-SPAM twodays.ru known spam email attempt (policy-spam.rules)
 * 1:18037 <-> DISABLED <-> POLICY-SPAM tyqaja.pilltodd73p.ru known spam email attempt (policy-spam.rules)
 * 1:18038 <-> DISABLED <-> POLICY-SPAM uboi.onlinehamel83i.ru known spam email attempt (policy-spam.rules)
 * 1:18039 <-> DISABLED <-> POLICY-SPAM uf.drugslevy46b.ru known spam email attempt (policy-spam.rules)
 * 1:18040 <-> DISABLED <-> POLICY-SPAM uielij.pillking74s.ru known spam email attempt (policy-spam.rules)
 * 1:18041 <-> DISABLED <-> POLICY-SPAM unasu.medicdrugsxto.ru known spam email attempt (policy-spam.rules)
 * 1:18042 <-> DISABLED <-> POLICY-SPAM upazo.pilltodd73p.ru known spam email attempt (policy-spam.rules)
 * 1:18043 <-> DISABLED <-> POLICY-SPAM utuqaj.pillking74s.ru known spam email attempt (policy-spam.rules)
 * 1:18044 <-> DISABLED <-> POLICY-SPAM uuji.refilleldredge89r.ru known spam email attempt (policy-spam.rules)
 * 1:18045 <-> DISABLED <-> POLICY-SPAM variation.refilldud86o.ru known spam email attempt (policy-spam.rules)
 * 1:18046 <-> DISABLED <-> POLICY-SPAM via.refillreade47j.ru known spam email attempt (policy-spam.rules)
 * 1:18047 <-> DISABLED <-> POLICY-SPAM voiceless.pharmroyce83b.ru known spam email attempt (policy-spam.rules)
 * 1:18048 <-> DISABLED <-> POLICY-SPAM was.medrayner44c.ru known spam email attempt (policy-spam.rules)
 * 1:18049 <-> DISABLED <-> POLICY-SPAM word.onlinephilbert42f.ru known spam email attempt (policy-spam.rules)
 * 1:18050 <-> DISABLED <-> POLICY-SPAM world.onlinehill21q.ru known spam email attempt (policy-spam.rules)
 * 1:18051 <-> DISABLED <-> POLICY-SPAM www.buhni.ru known spam email attempt (policy-spam.rules)
 * 1:18052 <-> DISABLED <-> POLICY-SPAM www.visitcover.ru known spam email attempt (policy-spam.rules)
 * 1:18053 <-> DISABLED <-> POLICY-SPAM xob.erectnoll24k.ru known spam email attempt (policy-spam.rules)
 * 1:18054 <-> DISABLED <-> POLICY-SPAM ygy.onlinetommie54y.ru known spam email attempt (policy-spam.rules)
 * 1:18055 <-> DISABLED <-> POLICY-SPAM yit.medicdrugsxor.ru known spam email attempt (policy-spam.rules)
 * 1:18056 <-> DISABLED <-> POLICY-SPAM ylum.onlinelewiss22r.ru known spam email attempt (policy-spam.rules)
 * 1:18057 <-> DISABLED <-> POLICY-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (policy-spam.rules)
 * 1:18058 <-> DISABLED <-> POLICY-SPAM yomy.pillking74s.ru known spam email attempt (policy-spam.rules)
 * 1:18059 <-> DISABLED <-> POLICY-SPAM yzugez.pillking74s.ru known spam email attempt (policy-spam.rules)
 * 1:18060 <-> DISABLED <-> POLICY-SPAM zeroprices.ru known spam email attempt (policy-spam.rules)
 * 1:18061 <-> DISABLED <-> POLICY-SPAM zueuz.onlinehamel83i.ru known spam email attempt (policy-spam.rules)
 * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules)
 * 1:18071 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules)
 * 1:18072 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG external redirect attempt (os-windows.rules)
 * 1:18073 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG arbitrary embedded scripting attempt (os-windows.rules)
 * 1:18074 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG URL XSS attempt (os-windows.rules)
 * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:18078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:18096 <-> DISABLED <-> SERVER-APACHE Apache Tomcat username enumeration attempt (server-apache.rules)
 * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules)
 * 1:18170 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox and SeaMonkey onUnload event handler memory corruption attempt (browser-firefox.rules)
 * 1:18176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules)
 * 1:18177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules)
 * 1:18178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules)
 * 1:18179 <-> DISABLED <-> INDICATOR-SCAN Proxyfire.net anonymous proxy scan (indicator-scan.rules)
 * 1:18180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules)
 * 1:18181 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor activity (protocol-ftp.rules)
 * 1:18182 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor help access attempt (protocol-ftp.rules)
 * 1:18186 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt (browser-firefox.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:18188 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser marquee tag denial of service attempt (browser-firefox.rules)
 * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules)
 * 1:18202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules)
 * 1:18203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules)
 * 1:18208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules)
 * 1:18209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules)
 * 1:18210 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules)
 * 1:18211 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules)
 * 1:18213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules)
 * 1:18214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 97 conversion remote code execution attempt (file-office.rules)
 * 1:18215 <-> DISABLED <-> OS-WINDOWS NETAPI RPC interface reboot attempt (os-windows.rules)
 * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules)
 * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules)
 * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules)
 * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules)
 * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules)
 * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules)
 * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules)
 * 1:18229 <-> DISABLED <-> FILE-IMAGE Microsoft FlashPix tile length overflow attempt (file-image.rules)
 * 1:18230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:18231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher oversized oti length attempt (file-office.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:18236 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFFIM32.FLT filter memory corruption attempt (file-office.rules)
 * 1:18246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Fax Services Cover Page Editor overflow attempt (os-windows.rules)
 * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:18261 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine String.toSource memory corruption attempt (browser-firefox.rules)
 * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules)
 * 1:18263 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules)
 * 1:18264 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules)
 * 1:18266 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules)
 * 1:18267 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules)
 * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18276 <-> DISABLED <-> FILE-OTHER Microsoft Data Access Components library attempt (file-other.rules)
 * 1:18286 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules)
 * 1:18298 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules)
 * 1:18301 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox GeckoActiveXObject memory corruption attempt (browser-firefox.rules)
 * 1:18302 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox new function garbage collection remote code execution attempt (browser-firefox.rules)
 * 1:18312 <-> DISABLED <-> SERVER-OTHER Subversion 1.0.2 get-dated-rev buffer overflow attempt (server-other.rules)
 * 1:18315 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (os-windows.rules)
 * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules)
 * 1:18326 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_site_misc module directory traversal attempt (protocol-ftp.rules)
 * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules)
 * 1:18332 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JS Web Worker arbitrary code execution attempt (browser-firefox.rules)
 * 1:18396 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hypervisor OS-WINDOWS vfd download attempt (os-windows.rules)
 * 1:18397 <-> DISABLED <-> SERVER-OTHER HP DDMI Agent spoofing - command execution (server-other.rules)
 * 1:18400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules)
 * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules)
 * 1:18406 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos executable attempt (file-other.rules)
 * 1:18407 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos attempt (file-other.rules)
 * 1:18408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules)
 * 1:18409 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules)
 * 1:18410 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules)
 * 1:18411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules)
 * 1:18412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules)
 * 1:18413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules)
 * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules)
 * 1:18415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio deserialization double free attempt (file-office.rules)
 * 1:18418 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript apply function memory corruption attempt (file-flash.rules)
 * 1:18419 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules)
 * 1:18420 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ASnative function remote code execution attempt (file-flash.rules)
 * 1:18421 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules)
 * 1:18426 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-other.rules)
 * 1:18431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-pdf.rules)
 * 1:18432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-pdf.rules)
 * 1:18433 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-other.rules)
 * 1:18434 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-other.rules)
 * 1:18435 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-other.rules)
 * 1:18436 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-other.rules)
 * 1:18437 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-other.rules)
 * 1:18438 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-other.rules)
 * 1:18439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-pdf.rules)
 * 1:18440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-pdf.rules)
 * 1:18441 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-pdf.rules)
 * 1:18442 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-pdf.rules)
 * 1:18443 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-pdf.rules)
 * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules)
 * 1:18445 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules)
 * 1:18446 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules)
 * 1:18447 <-> DISABLED <-> FILE-FLASH Adobe OpenAction crafted URI action thru Firefox attempt (file-flash.rules)
 * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules)
 * 1:18452 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules)
 * 1:18455 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed jpeg2000 superbox attempt (file-pdf.rules)
 * 1:18456 <-> DISABLED <-> FILE-PDF Adobe Acrobat XML entity escape attempt (file-pdf.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18473 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Reply (protocol-icmp.rules)
 * 1:18474 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Request (protocol-icmp.rules)
 * 1:18477 <-> DISABLED <-> SERVER-MAIL Lotus Notes MIF viewer statement data overflow 2 (server-mail.rules)
 * 1:18485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules)
 * 1:18486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules)
 * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules)
 * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop request for wintab32.dll over SMB attempt (file-other.rules)
 * 1:18493 <-> DISABLED <-> INDICATOR-OBFUSCATION generic PHP code obfuscation attempt (indicator-obfuscation.rules)
 * 1:18501 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules)
 * 1:18502 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules)
 * 1:18503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (file-flash.rules)
 * 1:18504 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules)
 * 1:18505 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules)
 * 1:18508 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit ParentStyleSheet exploit attempt (browser-webkit.rules)
 * 1:18509 <-> DISABLED <-> SERVER-OTHER PeerCast format string exploit attempt (server-other.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (file-other.rules)
 * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules)
 * 1:18550 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules)
 * 1:18565 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for mail.google.com detected (indicator-compromise.rules)
 * 1:18566 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for www.google.com detected (indicator-compromise.rules)
 * 1:18567 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules)
 * 1:18568 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules)
 * 1:18569 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules)
 * 1:18570 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.skype.com detected (indicator-compromise.rules)
 * 1:18571 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for addons.mozilla.org detected (indicator-compromise.rules)
 * 1:18572 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.live.com detected (indicator-compromise.rules)
 * 1:18573 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for global trustee detected (indicator-compromise.rules)
 * 1:18576 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate from usertrust.com detected (indicator-compromise.rules)
 * 1:18580 <-> DISABLED <-> PROTOCOL-FTP ACCT overflow attempt (protocol-ftp.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18598 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP Processing Buffer Overflow (server-other.rules)
 * 1:18604 <-> DISABLED <-> MALWARE-OTHER lizamoon script injection (malware-other.rules)
 * 1:18605 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService path overflow attempt (protocol-scada.rules)
 * 1:18606 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file access attempt (protocol-scada.rules)
 * 1:18607 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file information access attempt (protocol-scada.rules)
 * 1:18608 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules)
 * 1:18609 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules)
 * 1:18610 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe opcode 9 or 10 string parsing overflow attempt (protocol-scada.rules)
 * 1:18614 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe file access attempt (protocol-scada.rules)
 * 1:18617 <-> DISABLED <-> SERVER-OTHER Tecnomatix FactoryLink CSService null pointer attempt (server-other.rules)
 * 1:18619 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (os-windows.rules)
 * 1:18620 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (os-windows.rules)
 * 1:18621 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (os-windows.rules)
 * 1:18622 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (os-windows.rules)
 * 1:18623 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (os-windows.rules)
 * 1:18624 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework optimizer escalation attempt (os-windows.rules)
 * 1:18625 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt (os-windows.rules)
 * 1:18626 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt (os-windows.rules)
 * 1:18627 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt (os-windows.rules)
 * 1:18628 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt (os-windows.rules)
 * 1:18629 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt (os-windows.rules)
 * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:18633 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules)
 * 1:18634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules)
 * 1:18636 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint SlideAtom record exploit attempt (file-office.rules)
 * 1:18637 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (file-office.rules)
 * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules)
 * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules)
 * 1:18644 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType Fonts CompactFontFormat FontMatrix tranform memory corruption attempt (file-other.rules)
 * 1:18645 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules)
 * 1:18652 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template operation overflow attempt (protocol-scada.rules)
 * 1:18658 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CONNECT_FCS_LOGIN overflow attempt (protocol-scada.rules)
 * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules)
 * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:18684 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules)
 * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:18691 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.SYS null write attempt (os-windows.rules)
 * 1:18721 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules)
 * 1:18722 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules)
 * 1:18725 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (protocol-scada.rules)
 * 1:18726 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (protocol-scada.rules)
 * 1:18727 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (protocol-scada.rules)
 * 1:18728 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (protocol-scada.rules)
 * 1:18729 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (protocol-scada.rules)
 * 1:18730 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (protocol-scada.rules)
 * 1:18731 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (protocol-scada.rules)
 * 1:18732 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18733 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18734 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18735 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18736 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18737 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18738 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (protocol-scada.rules)
 * 1:18744 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN vlc player subtitle buffer overflow attempt (file-multimedia.rules)
 * 1:18746 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules)
 * 1:18747 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (protocol-scada.rules)
 * 1:18748 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (protocol-scada.rules)
 * 1:18749 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules)
 * 1:18750 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (protocol-scada.rules)
 * 1:18752 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (protocol-scada.rules)
 * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules)
 * 1:18763 <-> DISABLED <-> SERVER-OTHER ActFax Server LPD/LPR Remote Buffer Overflow (server-other.rules)
 * 1:18765 <-> DISABLED <-> SERVER-MAIL Majordomo2 smtp directory traversal attempt (server-mail.rules)
 * 1:18778 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules)
 * 1:18779 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules)
 * 1:18780 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules)
 * 1:18781 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules)
 * 1:18783 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (protocol-scada.rules)
 * 1:18784 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (protocol-scada.rules)
 * 1:18785 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (protocol-scada.rules)
 * 1:18786 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (protocol-scada.rules)
 * 1:18787 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (protocol-scada.rules)
 * 1:18788 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (protocol-scada.rules)
 * 1:18789 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (protocol-scada.rules)
 * 1:18805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player undefined tag exploit attempt (file-flash.rules)
 * 1:18811 <-> DISABLED <-> FILE-IDENTIFY .ade attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18812 <-> DISABLED <-> FILE-IDENTIFY .adp attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18813 <-> DISABLED <-> FILE-IDENTIFY .app attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18814 <-> DISABLED <-> FILE-IDENTIFY .asp attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18815 <-> DISABLED <-> FILE-IDENTIFY .bas attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18816 <-> DISABLED <-> FILE-IDENTIFY .bat attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18817 <-> DISABLED <-> FILE-IDENTIFY .cer attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18818 <-> DISABLED <-> FILE-IDENTIFY .chm attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18819 <-> DISABLED <-> FILE-IDENTIFY .cmd attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18820 <-> DISABLED <-> FILE-IDENTIFY .cnt attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18821 <-> DISABLED <-> FILE-IDENTIFY .com attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18822 <-> DISABLED <-> FILE-IDENTIFY .cpl attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18823 <-> DISABLED <-> FILE-IDENTIFY .crt attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18824 <-> DISABLED <-> FILE-IDENTIFY .csh attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18825 <-> DISABLED <-> FILE-IDENTIFY .der attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18826 <-> DISABLED <-> FILE-IDENTIFY .exe attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18827 <-> DISABLED <-> FILE-IDENTIFY .fxp attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18828 <-> DISABLED <-> FILE-IDENTIFY .gadget attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18829 <-> DISABLED <-> FILE-IDENTIFY .hlp attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18830 <-> DISABLED <-> FILE-IDENTIFY .hpj attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18831 <-> DISABLED <-> FILE-IDENTIFY .hta attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18832 <-> DISABLED <-> FILE-IDENTIFY .inf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18833 <-> DISABLED <-> FILE-IDENTIFY .ins attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18834 <-> DISABLED <-> FILE-IDENTIFY .isp attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18835 <-> DISABLED <-> FILE-IDENTIFY .its attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18836 <-> DISABLED <-> FILE-IDENTIFY .js attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18837 <-> DISABLED <-> FILE-IDENTIFY .jse attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18838 <-> DISABLED <-> FILE-IDENTIFY .ksh attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18839 <-> DISABLED <-> FILE-IDENTIFY .lnk attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18840 <-> DISABLED <-> FILE-IDENTIFY .mad attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18841 <-> DISABLED <-> FILE-IDENTIFY .maf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18842 <-> DISABLED <-> FILE-IDENTIFY .mag attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18843 <-> DISABLED <-> FILE-IDENTIFY .mam attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18844 <-> DISABLED <-> FILE-IDENTIFY .maq attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18845 <-> DISABLED <-> FILE-IDENTIFY .mar attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18846 <-> DISABLED <-> FILE-IDENTIFY .mas attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18847 <-> DISABLED <-> FILE-IDENTIFY .mat attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18848 <-> DISABLED <-> FILE-IDENTIFY .mau attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18849 <-> DISABLED <-> FILE-IDENTIFY .mav attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18850 <-> DISABLED <-> FILE-IDENTIFY .maw attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18851 <-> DISABLED <-> FILE-IDENTIFY .mda attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18852 <-> DISABLED <-> FILE-IDENTIFY .mdb attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18853 <-> DISABLED <-> FILE-IDENTIFY .mde attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18854 <-> DISABLED <-> FILE-IDENTIFY .mdt attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18855 <-> DISABLED <-> FILE-IDENTIFY .mdw attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18856 <-> DISABLED <-> FILE-IDENTIFY .mdz attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18857 <-> DISABLED <-> FILE-IDENTIFY .msc attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18858 <-> DISABLED <-> FILE-IDENTIFY .msh attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18859 <-> DISABLED <-> FILE-IDENTIFY .msh1 attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18860 <-> DISABLED <-> FILE-IDENTIFY .msh2 attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18861 <-> DISABLED <-> FILE-IDENTIFY .mshxml attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18862 <-> DISABLED <-> FILE-IDENTIFY .msh1xml attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18863 <-> DISABLED <-> FILE-IDENTIFY .msh2xml attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18864 <-> DISABLED <-> FILE-IDENTIFY .msi attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18865 <-> DISABLED <-> FILE-IDENTIFY .msp attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18866 <-> DISABLED <-> FILE-IDENTIFY .mst attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18867 <-> DISABLED <-> FILE-IDENTIFY .ops attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18868 <-> DISABLED <-> FILE-IDENTIFY .osd attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18869 <-> DISABLED <-> FILE-IDENTIFY .pcd attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18870 <-> DISABLED <-> FILE-IDENTIFY .pif attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18871 <-> DISABLED <-> FILE-IDENTIFY .plg attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18872 <-> DISABLED <-> FILE-IDENTIFY .prf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18873 <-> DISABLED <-> FILE-IDENTIFY .prg attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18874 <-> DISABLED <-> FILE-IDENTIFY .pst attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18875 <-> DISABLED <-> FILE-IDENTIFY .reg attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18876 <-> DISABLED <-> FILE-IDENTIFY .scf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18877 <-> DISABLED <-> FILE-IDENTIFY .scr attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18878 <-> DISABLED <-> FILE-IDENTIFY .sct attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18879 <-> DISABLED <-> FILE-IDENTIFY .shb attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18880 <-> DISABLED <-> FILE-IDENTIFY .shs attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18881 <-> DISABLED <-> FILE-IDENTIFY .ps1 attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18882 <-> DISABLED <-> FILE-IDENTIFY .ps1xml attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18883 <-> DISABLED <-> FILE-IDENTIFY .ps2 attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18884 <-> DISABLED <-> FILE-IDENTIFY .ps2xml attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18885 <-> DISABLED <-> FILE-IDENTIFY .psc1 attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18886 <-> DISABLED <-> FILE-IDENTIFY .psc2 attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18887 <-> DISABLED <-> FILE-IDENTIFY .tmp attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18888 <-> DISABLED <-> FILE-IDENTIFY .url attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18889 <-> DISABLED <-> FILE-IDENTIFY .vb attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18890 <-> DISABLED <-> FILE-IDENTIFY .vbe attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18891 <-> DISABLED <-> FILE-IDENTIFY .vbp attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18892 <-> DISABLED <-> FILE-IDENTIFY .vbs attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18893 <-> DISABLED <-> FILE-IDENTIFY .vsmacros attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18894 <-> DISABLED <-> FILE-IDENTIFY .vsw attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18895 <-> DISABLED <-> FILE-IDENTIFY .ws attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18896 <-> DISABLED <-> FILE-IDENTIFY .wsc attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18897 <-> DISABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18898 <-> DISABLED <-> FILE-IDENTIFY .wsh attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18899 <-> DISABLED <-> FILE-IDENTIFY .xnk attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:18931 <-> DISABLED <-> SERVER-APACHE Apache Struts OGNL parameter interception bypass command execution attempt (server-apache.rules)
 * 1:18933 <-> DISABLED <-> SERVER-OTHER SolarWinds TFTP Server Read request denial of service attempt (server-other.rules)
 * 1:18950 <-> DISABLED <-> OS-WINDOWS Microsoft WINS service oversize payload exploit attempt (os-windows.rules)
 * 1:18963 <-> DISABLED <-> FILE-FLASH Adobe ActionScript 3 addEventListener exploit attempt (file-flash.rules)
 * 1:18964 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules)
 * 1:18965 <-> DISABLED <-> FILE-FLASH Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (file-flash.rules)
 * 1:18966 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules)
 * 1:18967 <-> DISABLED <-> FILE-FLASH Adobe ActionScript argumentCount download attempt (file-flash.rules)
 * 1:18968 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules)
 * 1:18969 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ActionIf integer overflow attempt (file-flash.rules)
 * 1:18970 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules)
 * 1:18971 <-> DISABLED <-> FILE-FLASH Adobe Flash beginGradientfill improper color validation attempt (file-flash.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19015 <-> DISABLED <-> POLICY-SPAM visiopharm-3d.eu known spam email attempt (policy-spam.rules)
 * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules)
 * 1:19026 <-> DISABLED <-> PUA-ADWARE Smart Protector outbound connection (pua-adware.rules)
 * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules)
 * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules)
 * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules)
 * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules)
 * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (pua-adware.rules)
 * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19075 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded eval statement (indicator-obfuscation.rules)
 * 1:19106 <-> DISABLED <-> MALWARE-OTHER Keylogger Ardamax keylogger runtime detection - http (malware-other.rules)
 * 1:19122 <-> DISABLED <-> POLICY-SPAM appledownload.com known spam email attempt (policy-spam.rules)
 * 1:19125 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules)
 * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:19178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules)
 * 1:19179 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules)
 * 1:19185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET ArraySegment escape exploit attempt (os-windows.rules)
 * 1:19188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules)
 * 1:19189 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules)
 * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules)
 * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules)
 * 1:19199 <-> DISABLED <-> OS-WINDOWS Smb2Create_Finalize malformed EndOfFile field exploit attempt (os-windows.rules)
 * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules)
 * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules)
 * 1:19230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules)
 * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules)
 * 1:19232 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel XF record exploit attempt (file-office.rules)
 * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules)
 * 1:19234 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio information disclosure attempt (os-windows.rules)
 * 1:19247 <-> DISABLED <-> FILE-IMAGE Adobe jpeg 2000 image exploit attempt (file-image.rules)
 * 1:19248 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D texture continuation integer overflow attempt (file-pdf.rules)
 * 1:19249 <-> DISABLED <-> FILE-FLASH Adobe Universal3D meshes.removeItem exploit attempt (file-flash.rules)
 * 1:19250 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D file include overflow attempt (file-pdf.rules)
 * 1:19251 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CIDFont dictionary glyph width corruption attempt (file-pdf.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:19253 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (file-pdf.rules)
 * 1:19254 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript in PDF go-to actions exploit attempt (file-pdf.rules)
 * 1:19255 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC ProfileDescriptionTag overflow attempt (file-pdf.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (file-office.rules)
 * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19297 <-> ENABLED <-> SERVER-OTHER sidename.js script injection (server-other.rules)
 * 1:19298 <-> ENABLED <-> SERVER-OTHER cssminibar.js script injection (server-other.rules)
 * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules)
 * 1:19300 <-> DISABLED <-> FILE-OTHER probable multi-mesh injection attack (file-other.rules)
 * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules)
 * 1:19311 <-> DISABLED <-> PUA-ADWARE Keylogger aspy v2.12 runtime detection (pua-adware.rules)
 * 1:19318 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC UDP default U dun goofed attack (malware-other.rules)
 * 1:19319 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules)
 * 1:19325 <-> DISABLED <-> MALWARE-OTHER Keylogger WL-Keylogger outbound connection (malware-other.rules)
 * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules)
 * 1:19327 <-> DISABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules)
 * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules)
 * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules)
 * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules)
 * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules)
 * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules)
 * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules)
 * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules)
 * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules)
 * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules)
 * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules)
 * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules)
 * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules)
 * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules)
 * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules)
 * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules)
 * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules)
 * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules)
 * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules)
 * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules)
 * 1:19416 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules)
 * 1:19417 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules)
 * 1:19418 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPhone download attempt (os-mobile.rules)
 * 1:19419 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPod download attempt (os-mobile.rules)
 * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules)
 * 1:19460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS multiple consoles on a single process attempt (os-windows.rules)
 * 1:19461 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules)
 * 1:19462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS negative array index code execution attempt (os-windows.rules)
 * 1:19463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS double free attempt (os-windows.rules)
 * 1:19464 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS integer overflow attempt (os-windows.rules)
 * 1:19465 <-> DISABLED <-> OS-WINDOWS Visio mfc71 dll-load attempt (os-windows.rules)
 * 1:19466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio mfc71 dll-load exploit attempt (file-office.rules)
 * 1:19467 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules)
 * 1:19468 <-> DISABLED <-> OS-WINDOWS Microsoft stale data code execution attempt (os-windows.rules)
 * 1:19469 <-> DISABLED <-> OS-WINDOWS Microsoft invalid message kernel-mode memory disclosure attempt (os-windows.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules)
 * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules)
 * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules)
 * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules)
 * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules)
 * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules)
 * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules)
 * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules)
 * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (malware-other.rules)
 * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules)
 * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules)
 * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules)
 * 1:19603 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspotrc file load exploit attempt (file-java.rules)
 * 1:19604 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (file-java.rules)
 * 1:19605 <-> DISABLED <-> SERVER-ORACLE Glass Fish Server malformed username cross site scripting attempt (server-oracle.rules)
 * 1:19606 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules)
 * 1:19607 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules)
 * 1:19609 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management upload directory traversal attempt (server-other.rules)
 * 1:19617 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules)
 * 1:19619 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules)
 * 1:19621 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules)
 * 1:19646 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:19647 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:19648 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:19661 <-> DISABLED <-> SERVER-OTHER Alucar php shell download attempt (server-other.rules)
 * 1:19665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - GET request (os-windows.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19673 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules)
 * 1:19674 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules)
 * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (file-office.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:19678 <-> DISABLED <-> SERVER-OTHER multiple products blacknurse ICMP denial of service attempt (server-other.rules)
 * 1:19679 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NDISTAPI Driver code execution attempt (file-executable.rules)
 * 1:19680 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (file-executable.rules)
 * 1:19681 <-> DISABLED <-> OS-WINDOWS Microsoft Report Viewer reflect XSS attempt (os-windows.rules)
 * 1:19683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 buffer overflow attempt (file-flash.rules)
 * 1:19684 <-> DISABLED <-> FILE-OTHER Adobe CFF font storage memory corruption attempt (file-other.rules)
 * 1:19685 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules)
 * 1:19686 <-> DISABLED <-> FILE-FLASH Adobe Flash uninitialized bitmap structure memory corruption attempt (file-flash.rules)
 * 1:19688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules)
 * 1:19689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules)
 * 1:19690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules)
 * 1:19691 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules)
 * 1:19692 <-> DISABLED <-> FILE-FLASH Adobe Flash cross-site request forgery attempt (file-flash.rules)
 * 1:19709 <-> DISABLED <-> SERVER-APACHE Apache APR apr_fn match infinite loop denial of service attempt (server-apache.rules)
 * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (pua-adware.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (malware-other.rules)
 * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (malware-backdoor.rules)
 * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (pua-adware.rules)
 * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (pua-adware.rules)
 * 1:19779 <-> DISABLED <-> INDICATOR-SCAN sqlmap SQL injection scan attempt (indicator-scan.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules)
 * 1:19806 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules)
 * 1:19807 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules)
 * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules)
 * 1:19817 <-> DISABLED <-> NETBIOS Juniper Odyssey Access Client DSSETUPSERVICE_CMD_UNINSTALL overflow attempt (netbios.rules)
 * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (pua-adware.rules)
 * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (pua-adware.rules)
 * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (pua-adware.rules)
 * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules)
 * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules)
 * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (pua-adware.rules)
 * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (pua-adware.rules)
 * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (pua-adware.rules)
 * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules)
 * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules)
 * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules)
 * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules)
 * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (pua-adware.rules)
 * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (pua-adware.rules)
 * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (pua-adware.rules)
 * 1:19868 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden 1x1 div tag - potential malware obfuscation (indicator-obfuscation.rules)
 * 1:19869 <-> DISABLED <-> MALWARE-TOOLS Anonymous PHP RefRef DoS tool (malware-tools.rules)
 * 1:19870 <-> DISABLED <-> MALWARE-TOOLS Anonymous Perl RefRef DoS tool (malware-tools.rules)
 * 1:19883 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player libdirectx_plugin.dll AMV parsing buffer overflow attempt (file-multimedia.rules)
 * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (pua-adware.rules)
 * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules)
 * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules)
 * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules)
 * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules)
 * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (pua-adware.rules)
 * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (pua-adware.rules)
 * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (pua-adware.rules)
 * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules)
 * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules)
 * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules)
 * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules)
 * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules)
 * 1:19933 <-> DISABLED <-> INDICATOR-SCAN DirBuster brute forcing tool detected (indicator-scan.rules)
 * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (pua-adware.rules)
 * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (pua-adware.rules)
 * 1:19985 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 runtime traffic detected (pua-adware.rules)
 * 1:19986 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 install-time traffic detected (pua-adware.rules)
 * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (pua-adware.rules)
 * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules)
 * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules)
 * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (pua-adware.rules)
 * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (pua-adware.rules)
 * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (pua-adware.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules)
 * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (pua-adware.rules)
 * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (pua-adware.rules)
 * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (pua-adware.rules)
 * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules)
 * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules)
 * 1:20047 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:20048 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager CasLogDirectInsertHandler.cs cross site request forgery attempt (server-other.rules)
 * 1:20049 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules)
 * 1:20050 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory consumption vulnerability (file-flash.rules)
 * 1:20051 <-> DISABLED <-> SERVER-OTHER SAP MaxDB malformed handshake request buffer overflow attempt (server-other.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20053 <-> DISABLED <-> SERVER-MYSQL Database SELECT subquery denial of service attempt (server-mysql.rules)
 * 1:20054 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager denial of service attempt (server-other.rules)
 * 1:20055 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JPEGImageReader overflow attempt (file-java.rules)
 * 1:20058 <-> DISABLED <-> SERVER-OTHER VMWare authorization service user credential parsing DoS attempt (server-other.rules)
 * 1:20059 <-> DISABLED <-> FILE-IMAGE Apple Quicktime PictureViewer GIF rendering vulnerability (file-image.rules)
 * 1:20060 <-> DISABLED <-> SERVER-OTHER CVS annotate command buffer overflow attempt (server-other.rules)
 * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (pua-adware.rules)
 * 1:20084 <-> DISABLED <-> SERVER-OTHER ALTAP Salamander PE Viewer PDB Filename Buffer Overflow (server-other.rules)
 * 1:20089 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules)
 * 1:20090 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC file transfer request on non-standard port (indicator-compromise.rules)
 * 1:20091 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC chat request on non-standard port (indicator-compromise.rules)
 * 1:20092 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel join on non-standard port (indicator-compromise.rules)
 * 1:20093 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel notice on non-standard port (indicator-compromise.rules)
 * 1:20094 <-> DISABLED <-> INDICATOR-COMPROMISE IRC message on non-standard port (indicator-compromise.rules)
 * 1:20095 <-> DISABLED <-> INDICATOR-COMPROMISE IRC dns request on non-standard port (indicator-compromise.rules)
 * 1:20100 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - installation/update (pua-adware.rules)
 * 1:20101 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - User-Agent (pua-adware.rules)
 * 1:20102 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - X-Arcadeweb header (pua-adware.rules)
 * 1:20103 <-> DISABLED <-> PUA-ADWARE Adware playsushi - User-Agent (pua-adware.rules)
 * 1:20118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules)
 * 1:20119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules)
 * 1:20120 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS internal communications on network exploit attempt (os-windows.rules)
 * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules)
 * 1:20125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules)
 * 1:20126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules)
 * 1:20129 <-> DISABLED <-> FILE-OFFICE Microsoft Office BpscBulletProof uninitialized pointer dereference attempt (file-office.rules)
 * 1:20132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista SMB2 zero length write attempt (os-windows.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20138 <-> DISABLED <-> SERVER-OTHER Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Attempt (server-other.rules)
 * 1:20142 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader app.openDoc path vulnerability (file-pdf.rules)
 * 1:20143 <-> DISABLED <-> PUA-ADWARE Adware mightymagoo/playpickle/livingplay - User-Agent (pua-adware.rules)
 * 1:20144 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (file-pdf.rules)
 * 1:20145 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules)
 * 1:20146 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PICT image (file-pdf.rules)
 * 1:20147 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules)
 * 1:20148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules)
 * 1:20149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded IFF file RGBA chunk memory corruption attempt (file-pdf.rules)
 * 1:20150 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PCX parsing corruption attempt (file-pdf.rules)
 * 1:20151 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PCX image (file-pdf.rules)
 * 1:20152 <-> DISABLED <-> FILE-PDF Adobe Acrobat GDI object leak memory corruption attempt (file-pdf.rules)
 * 1:20153 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (file-pdf.rules)
 * 1:20156 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getCosObj file overwrite attempt (file-pdf.rules)
 * 1:20157 <-> DISABLED <-> SERVER-ORACLE Oracle GlassFish Server war file upload attempt (server-oracle.rules)
 * 1:20162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader sandbox disable attempt (file-pdf.rules)
 * 1:20169 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules)
 * 1:20170 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules)
 * 1:20171 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules)
 * 1:20172 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules)
 * 1:20173 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules)
 * 1:20174 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20178 <-> DISABLED <-> PROTOCOL-SCADA RSLogix rna protocol denial of service attempt (protocol-scada.rules)
 * 1:20181 <-> DISABLED <-> FILE-FLASH Adobe Flash Speex-encoded audio buffer underflow attempt (file-flash.rules)
 * 1:20182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player viewSource blacklist exclusion attempt (file-flash.rules)
 * 1:20183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setInterval use attempt (file-flash.rules)
 * 1:20184 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit php meterpreter stub .php file upload (indicator-shellcode.rules)
 * 1:20185 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_fs_method request/response attempt (indicator-shellcode.rules)
 * 1:20186 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_process_method request/response attempt (indicator-shellcode.rules)
 * 1:20187 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_eventlog_method request/response attempt (indicator-shellcode.rules)
 * 1:20189 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_ui_method request/response attempt (indicator-shellcode.rules)
 * 1:20190 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_registry_method request/response attempt (indicator-shellcode.rules)
 * 1:20192 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter incognito_method request/response attempt (indicator-shellcode.rules)
 * 1:20193 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter webcam_method request/response attempt (indicator-shellcode.rules)
 * 1:20194 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter sniffer_method request/response attempt (indicator-shellcode.rules)
 * 1:20195 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter priv_method request/response attempt (indicator-shellcode.rules)
 * 1:20196 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter lanattacks_method request/response attempt (indicator-shellcode.rules)
 * 1:20197 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter espia_method request/response attempt (indicator-shellcode.rules)
 * 1:20198 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter networkpug_method request/response attempt (indicator-shellcode.rules)
 * 1:20199 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_railgun_method request/response attempt (indicator-shellcode.rules)
 * 1:20206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcre ActionScript under allocation (file-flash.rules)
 * 1:20207 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules)
 * 1:20208 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules)
 * 1:20209 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules)
 * 1:20211 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive stack overflow attempt (file-flash.rules)
 * 1:20212 <-> DISABLED <-> SERVER-OTHER SSL CBC encryption mode weakness brute force attempt (server-other.rules)
 * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (pua-adware.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules)
 * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules)
 * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (file-other.rules)
 * 1:20227 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules)
 * 1:20237 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:20238 <-> DISABLED <-> SERVER-OTHER Oracle Java calendar deserialize vulnerability (server-other.rules)
 * 1:20239 <-> DISABLED <-> FILE-JAVA Oracle Java GIF LZW minimum code size overflow attempt (file-java.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:20248 <-> DISABLED <-> PROTOCOL-RPC IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt (protocol-rpc.rules)
 * 1:20249 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start BasicService arbitrary command execution attempt (server-other.rules)
 * 1:20251 <-> DISABLED <-> SERVER-OTHER PointBase 4.6 database DoS (server-other.rules)
 * 1:20253 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules)
 * 1:20254 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules)
 * 1:20256 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG http response splitting attempt (os-windows.rules)
 * 1:20257 <-> DISABLED <-> OS-WINDOWS Microsoft ForeFront UAG ExcelTable.asp XSS attempt (os-windows.rules)
 * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20270 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows afd.sys kernel-mode memory corruption attempt (file-executable.rules)
 * 1:20271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Host Integration Server SNA length dos attempt (os-windows.rules)
 * 1:20272 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG NLSessionS cookie overflow attempt (os-windows.rules)
 * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules)
 * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules)
 * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules)
 * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules)
 * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules)
 * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules)
 * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules)
 * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules)
 * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules)
 * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules)
 * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules)
 * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers  (protocol-voip.rules)
 * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules)
 * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules)
 * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules)
 * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules)
 * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules)
 * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules)
 * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules)
 * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules)
 * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules)
 * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules)
 * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules)
 * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules)
 * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules)
 * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules)
 * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules)
 * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules)
 * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules)
 * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules)
 * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules)
 * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules)
 * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules)
 * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules)
 * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules)
 * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules)
 * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules)
 * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules)
 * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules)
 * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules)
 * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules)
 * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules)
 * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules)
 * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules)
 * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules)
 * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules)
 * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules)
 * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules)
 * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules)
 * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules)
 * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules)
 * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules)
 * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules)
 * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules)
 * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules)
 * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules)
 * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules)
 * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules)
 * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules)
 * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules)
 * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules)
 * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules)
 * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules)
 * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules)
 * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules)
 * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules)
 * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules)
 * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules)
 * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules)
 * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules)
 * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules)
 * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules)
 * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules)
 * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules)
 * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules)
 * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules)
 * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules)
 * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules)
 * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules)
 * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules)
 * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules)
 * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules)
 * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules)
 * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules)
 * 1:20430 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start BasicServiceImpl security policy bypass attempt (file-java.rules)
 * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules)
 * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (pua-adware.rules)
 * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (pua-adware.rules)
 * 1:20436 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules)
 * 1:20437 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules)
 * 1:20438 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules)
 * 1:20439 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules)
 * 1:20440 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules)
 * 1:20441 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules)
 * 1:20442 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules)
 * 1:20443 <-> DISABLED <-> APP-DETECT Apple OSX Remote Mouse usage (app-detect.rules)
 * 1:20445 <-> DISABLED <-> FILE-PDF Foxit Reader title overflow attempt (file-pdf.rules)
 * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules)
 * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:20529 <-> DISABLED <-> FILE-JAVA Oracle Java trusted method chaining attempt (file-java.rules)
 * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:20535 <-> DISABLED <-> BROWSER-OTHER Opera Config File script access attempt (browser-other.rules)
 * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (file-office.rules)
 * 1:20543 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IppRateLimitIcmp integer overflow exploit attempt (os-windows.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF embedded font null pointer attempt (file-flash.rules)
 * 1:20547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overlapping record overflow attempt (file-flash.rules)
 * 1:20548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive doaction stack exhaustion (file-flash.rules)
 * 1:20549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion attempt (file-flash.rules)
 * 1:20550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Mover3D clipping exploit (file-flash.rules)
 * 1:20551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Stage 3D texture format overflow attempt (file-flash.rules)
 * 1:20553 <-> DISABLED <-> FILE-MULTIMEDIA Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-multimedia.rules)
 * 1:20556 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PlaceObjectX null pointer dereference attempt (file-flash.rules)
 * 1:20557 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionDefineFunction2 length overflow attempt (file-flash.rules)
 * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules)
 * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (file-multimedia.rules)
 * 1:20560 <-> DISABLED <-> FILE-FLASH Adobe Flash Player salign null javascript access attempt (file-flash.rules)
 * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules)
 * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules)
 * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules)
 * 1:20567 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF AVM2 namespace lookup deref exploit (file-flash.rules)
 * 1:20568 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (file-flash.rules)
 * 1:20572 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules)
 * 1:20578 <-> DISABLED <-> SERVER-MAIL Qualcomm Eudora url buffer overflow attempt (server-mail.rules)
 * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:20582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:20583 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple location headers malicious redirect attempt (browser-firefox.rules)
 * 1:20584 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-type headers malicious redirect attempt (browser-firefox.rules)
 * 1:20585 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-length headers malicious redirect attempt (browser-firefox.rules)
 * 1:20586 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-disposition headers malicious redirect attempt (browser-firefox.rules)
 * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules)
 * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:20594 <-> DISABLED <-> SERVER-ORACLE Outside In CorelDRAW file parser integer overflow attempt (server-oracle.rules)
 * 1:20601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin nobody (protocol-services.rules)
 * 1:20602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin guest (protocol-services.rules)
 * 1:20603 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RSH daemon buffer overflow attempt (os-windows.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20609 <-> DISABLED <-> SERVER-OTHER Sunway ForceControl SNMP NetDBServer stack buffer overflow attempt (server-other.rules)
 * 1:20610 <-> DISABLED <-> FILE-FLASH Adobe Shockwave Flash Flex authoring tool XSS exploit attempt (file-flash.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20612 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Java AJP connector invalid header timeout DOS attempt (server-apache.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20616 <-> DISABLED <-> SERVER-OTHER Peercast Basic HTTP authentication buffer overflow attempt (server-other.rules)
 * 1:20618 <-> DISABLED <-> SERVER-OTHER Sage SalesLogix database credential disclosure attempt (server-other.rules)
 * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:20638 <-> DISABLED <-> PROTOCOL-SCADA Progea Movicon/PowerHMI EIDP over HTTP memory corruption attempt (protocol-scada.rules)
 * 1:20653 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player ASX file ref href buffer overflow attempt (file-multimedia.rules)
 * 1:20655 <-> DISABLED <-> PUA-OTHER Yahoo Messenger iframe injection status change attempt (pua-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules)
 * 1:20660 <-> DISABLED <-> SERVER-OTHER sl.php script injection (server-other.rules)
 * 1:20662 <-> DISABLED <-> SERVER-OTHER Dameware Mini Remote Control username buffer overflow (server-other.rules)
 * 1:20664 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules)
 * 1:20665 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules)
 * 1:20666 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules)
 * 1:20667 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules)
 * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (exploit-kit.rules)
 * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (exploit-kit.rules)
 * 1:20670 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules)
 * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules)
 * 1:20675 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services code execution attempt (server-iis.rules)
 * 1:20690 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules)
 * 1:20717 <-> DISABLED <-> FILE-OFFICE Microsoft Windows OLE versioned stream missing data stream (file-office.rules)
 * 1:20718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:20719 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules)
 * 1:20721 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher PLC object memory corruption attempt (file-office.rules)
 * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20727 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox user interface event dispatcher dos attempt (browser-firefox.rules)
 * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (browser-firefox.rules)
 * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (browser-firefox.rules)
 * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20735 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules)
 * 1:20736 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari x-man-page URI terminal escape attempt (browser-webkit.rules)
 * 1:20738 <-> DISABLED <-> SERVER-OTHER Check Point vpn-1 ISAKMP buffer overflow attempt (server-other.rules)
 * 1:20739 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Object.watch parent access attempt (browser-firefox.rules)
 * 1:20741 <-> DISABLED <-> SERVER-OTHER SpamAssassin GTube string denial of service attempt (server-other.rules)
 * 1:20742 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules)
 * 1:20743 <-> DISABLED <-> BROWSER-OTHER Multiple web browser window injection attempt (browser-other.rules)
 * 1:20745 <-> DISABLED <-> SERVER-OTHER Ethereal Netflow dissector buffer overflow attempt (server-other.rules)
 * 1:20746 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules)
 * 1:20747 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules)
 * 1:20748 <-> DISABLED <-> SERVER-OTHER Yahoo Messenger possible file transfer spoofing (server-other.rules)
 * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (pua-adware.rules)
 * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (pua-adware.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules)
 * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules)
 * 1:20768 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules)
 * 1:20769 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules)
 * 1:20770 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules)
 * 1:20771 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules)
 * 1:20772 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules)
 * 1:20773 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules)
 * 1:20774 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules)
 * 1:20775 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules)
 * 1:20776 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20802 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (file-pdf.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:20814 <-> DISABLED <-> BROWSER-FIREFOX Mozilla favicon href javascript execution attempt (browser-firefox.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:20821 <-> DISABLED <-> SERVER-APACHE Apache APR header memory corruption attempt (server-apache.rules)
 * 1:20831 <-> ENABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (file-java.rules)
 * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20853 <-> DISABLED <-> FILE-OTHER DAZ Studio dangerous scripting method attempt (file-other.rules)
 * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20858 <-> DISABLED <-> FILE-JAVA Oracle Java getSoundBank overflow Attempt malicious jar file (file-java.rules)
 * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20861 <-> DISABLED <-> FILE-OTHER Autodesk Maya dangerous scripting method attempt (file-other.rules)
 * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:20870 <-> DISABLED <-> FILE-OTHER Autodesk 3D Studio Maxscript dangerous scripting method attempt (file-other.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules)
 * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules)
 * 1:20876 <-> DISABLED <-> SERVER-OTHER IBM solidDB solid.exe authentication bypass attempt (server-other.rules)
 * 1:20880 <-> DISABLED <-> FILE-OFFICE Microsoft DirectShow Line 21 decoder exploit attempt (file-office.rules)
 * 1:20885 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules)
 * 1:20886 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules)
 * 1:20887 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules)
 * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules)
 * 1:20889 <-> DISABLED <-> FILE-OTHER Video Spirit visprj buffer overflow (file-other.rules)
 * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20902 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules)
 * 1:20904 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader BMP color unused corruption (file-pdf.rules)
 * 1:20920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DCT dequantizer memory corruption attempt (file-pdf.rules)
 * 1:20921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP colors used integer overflow attempt (file-pdf.rules)
 * 1:20922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules)
 * 1:20923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules)
 * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20989 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single_static_bit encoder (indicator-shellcode.rules)
 * 1:20990 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower encoder (indicator-shellcode.rules)
 * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20997 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit Display box rendering corruption attempt (browser-webkit.rules)
 * 1:20998 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript submitform memory corruption attempt (file-pdf.rules)
 * 1:21000 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX clsid access (protocol-scada.rules)
 * 1:21001 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX function call access (protocol-scada.rules)
 * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules)
 * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21040 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules)
 * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21056 <-> DISABLED <-> FILE-JAVA Oracle Java attempt to write in system32 (file-java.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21075 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor (server-apache.rules)
 * 1:21078 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (file-multimedia.rules)
 * 1:21079 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC HMI Administrator cookie detected (protocol-scada.rules)
 * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules)
 * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules)
 * 1:21088 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop denial of service attempt (os-windows.rules)
 * 1:21089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop oversized cookie attempt (os-windows.rules)
 * 1:21090 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules)
 * 1:21091 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules)
 * 1:21092 <-> ENABLED <-> MALWARE-TOOLS JavaScript LOIC attack (malware-tools.rules)
 * 1:21093 <-> DISABLED <-> FILE-MULTIMEDIA A-PDF Wav to mp3 converter buffer overfow (file-multimedia.rules)
 * 1:21095 <-> DISABLED <-> FILE-PDF Foxit Reader malicious pdf file write access (file-pdf.rules)
 * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:21104 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules)
 * 1:21105 <-> DISABLED <-> SERVER-OTHER Avaya WinPDM Unite host router buffer overflow attempt (server-other.rules)
 * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (file-multimedia.rules)
 * 1:21108 <-> DISABLED <-> EXPLOIT-KIT unknown exploit kit obfuscated landing page (exploit-kit.rules)
 * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:21117 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell (indicator-compromise.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31405 <-> DISABLED <-> SERVER-APACHE Apache Chunked-Encoding worm attempt (server-apache.rules)
 * 1:31411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules)
 * 1:31412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules)
 * 1:31413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules)
 * 1:31414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules)
 * 1:31415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules)
 * 1:31416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules)
 * 1:31435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules)
 * 1:31436 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules)
 * 1:31455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Outbound DGA Request (exploit-kit.rules)
 * 1:31477 <-> DISABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31478 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31479 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31480 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31487 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules)
 * 1:31488 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules)
 * 1:31489 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules)
 * 1:31490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules)
 * 1:31491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules)
 * 1:31492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules)
 * 1:31493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules)
 * 1:31494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules)
 * 1:31495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31510 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Injector outbound traffic (malware-other.rules)
 * 1:31511 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:31513 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules)
 * 1:31532 <-> DISABLED <-> APP-DETECT Xolominer outbound connection attempt (app-detect.rules)
 * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules)
 * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules)
 * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules)
 * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules)
 * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules)
 * 1:31558 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules)
 * 1:31559 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules)
 * 1:31570 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt (server-mysql.rules)
 * 1:31571 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules)
 * 1:31572 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules)
 * 1:31573 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules)
 * 1:31574 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules)
 * 1:31575 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules)
 * 1:31576 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules)
 * 1:31577 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules)
 * 1:31578 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules)
 * 1:31579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules)
 * 1:31587 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules)
 * 1:31589 <-> DISABLED <-> PROTOCOL-SERVICES  Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules)
 * 1:31590 <-> DISABLED <-> PROTOCOL-SERVICES  Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules)
 * 1:31594 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules)
 * 1:31595 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules)
 * 1:31596 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules)
 * 1:31597 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules)
 * 1:31598 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules)
 * 1:31599 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules)
 * 1:31612 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules)
 * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules)
 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules)
 * 1:31670 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules)
 * 1:31671 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules)
 * 1:31673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URL handling remote code execution attempt (file-flash.rules)
 * 1:31674 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:31677 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:31678 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules)
 * 1:31679 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules)
 * 1:31684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules)
 * 1:31685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules)
 * 1:31692 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page detected (exploit-kit.rules)
 * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31699 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:31704 <-> DISABLED <-> SERVER-OTHER FCKeditor textinputs cross site scripting attempt (server-other.rules)
 * 1:31708 <-> DISABLED <-> SERVER-OTHER Cougar-LG SSH key path access attempt (server-other.rules)
 * 1:31709 <-> DISABLED <-> SERVER-OTHER Cougar-LG configuration file access attempt (server-other.rules)
 * 1:31719 <-> DISABLED <-> FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt (file-image.rules)
 * 1:31723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules)
 * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules)
 * 1:31725 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules)
 * 1:31726 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules)
 * 1:31727 <-> DISABLED <-> SERVER-OTHER Cistron-LG configuration file access attempt (server-other.rules)
 * 1:31732 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules)
 * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules)
 * 1:31734 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detection (exploit-kit.rules)
 * 1:31739 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules)
 * 1:31740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules)
 * 1:31741 <-> ENABLED <-> SERVER-OTHER Multi-Router Looking Glass remote command injection attempt (server-other.rules)
 * 1:31746 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Perl.Shellbot outbound communication attempt (malware-backdoor.rules)
 * 1:31749 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules)
 * 1:31750 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules)
 * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules)
 * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules)
 * 1:31766 <-> DISABLED <-> SERVER-OTHER Cougar-LG addr parameter XSS attempt (server-other.rules)
 * 1:31767 <-> DISABLED <-> SERVER-OTHER MRLG fastping echo reply memory corruption attempt (server-other.rules)
 * 1:31769 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound connection on non-standard port (exploit-kit.rules)
 * 1:31770 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jquery_datepicker domain decode attempt (exploit-kit.rules)
 * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31817 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Graftor variant retrieval of a DLL hosted as a JPG (malware-other.rules)
 * 1:31821 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules)
 * 1:31822 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31839 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules)
 * 1:31840 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules)
 * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules)
 * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules)
 * 1:31847 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules)
 * 1:31848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules)
 * 1:31849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules)
 * 1:31850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules)
 * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (protocol-snmp.rules)
 * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (protocol-snmp.rules)
 * 1:21118 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell security information display (indicator-compromise.rules)
 * 1:21119 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive file system information display (indicator-compromise.rules)
 * 1:21120 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive console display (indicator-compromise.rules)
 * 1:21121 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive SQL display (indicator-compromise.rules)
 * 1:21129 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell (indicator-compromise.rules)
 * 1:21130 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell enumeration page (indicator-compromise.rules)
 * 1:21131 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell domain lookup page (indicator-compromise.rules)
 * 1:21132 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell sql interaction page (indicator-compromise.rules)
 * 1:21133 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell encoder page (indicator-compromise.rules)
 * 1:21134 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security information page (indicator-compromise.rules)
 * 1:21135 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell password cracking page (indicator-compromise.rules)
 * 1:21136 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security bypass page (indicator-compromise.rules)
 * 1:21137 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell tools page (indicator-compromise.rules)
 * 1:21138 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell database parsing page (indicator-compromise.rules)
 * 1:21139 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell spread shell page (indicator-compromise.rules)
 * 1:21140 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell kill shell page (indicator-compromise.rules)
 * 1:21146 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules)
 * 1:21147 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules)
 * 1:21148 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules)
 * 1:21149 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules)
 * 1:21150 <-> DISABLED <-> PROTOCOL-VOIP Grandstream networks denial of service (protocol-voip.rules)
 * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules)
 * 1:21155 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules)
 * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules)
 * 1:21164 <-> DISABLED <-> SERVER-SAMBA Samba username map script command injection attempt (server-samba.rules)
 * 1:21165 <-> DISABLED <-> FILE-OTHER multiple products GeckoActiveX COM object recon attempt (file-other.rules)
 * 1:21166 <-> DISABLED <-> BROWSER-CHROME Google Chrome https spoofing attempt (browser-chrome.rules)
 * 1:21168 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (pua-adware.rules)
 * 1:21171 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules)
 * 1:21172 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules)
 * 1:21173 <-> DISABLED <-> FILE-EXECUTABLE APP-CONTROL Thunder p2p application download detection (file-executable.rules)
 * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (pua-adware.rules)
 * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (pua-adware.rules)
 * 1:21189 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari innerHTML use after free exploit attempt (browser-webkit.rules)
 * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules)
 * 1:21244 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21254 <-> DISABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (file-pdf.rules)
 * 1:21255 <-> ENABLED <-> MALWARE-OTHER known malicious FTP login banner - 0wns j0 (malware-other.rules)
 * 1:21256 <-> ENABLED <-> MALWARE-OTHER known malicious FTP quit banner - Goodbye happy r00ting (malware-other.rules)
 * 1:21261 <-> DISABLED <-> SERVER-OTHER Xitami if-modified-since header buffer overflow attempt (server-other.rules)
 * 1:21262 <-> DISABLED <-> OS-WINDOWS DCERPC ISystemActivate flood attempt (os-windows.rules)
 * 1:21263 <-> DISABLED <-> SERVER-OTHER Embarcadero Interbase connect request buffer overflow attempt (server-other.rules)
 * 1:21265 <-> DISABLED <-> INDICATOR-SHELLCODE Piecemeal exploit and shellcode construction (indicator-shellcode.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:21281 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules)
 * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules)
 * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules)
 * 1:21291 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid row option attempt (file-office.rules)
 * 1:21293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio corrupted compressed data memory corruption attempt (file-office.rules)
 * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21315 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll DOS attempt (server-other.rules)
 * 1:21317 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules)
 * 1:21319 <-> DISABLED <-> FILE-OTHER Multiple products request for version.dll over SMB attempt (file-other.rules)
 * 1:21320 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for atl.dll over SMB attempt (file-flash.rules)
 * 1:21321 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for uxtheme.dll over SMB attempt (file-flash.rules)
 * 1:21322 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-other.rules)
 * 1:21323 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player atl.dll dll-load exploit attempt (file-flash.rules)
 * 1:21324 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player uxtheme.dll dll-load exploit attempt (file-flash.rules)
 * 1:21325 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross site request forgery attempt (file-flash.rules)
 * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules)
 * 1:21328 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules)
 * 1:21329 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules)
 * 1:21330 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules)
 * 1:21331 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules)
 * 1:21332 <-> ENABLED <-> APP-DETECT Synergy network kvm usage detected (app-detect.rules)
 * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules)
 * 1:21337 <-> DISABLED <-> SERVER-APACHE Apache XML HMAC truncation authentication bypass attempt (server-apache.rules)
 * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules)
 * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules)
 * 1:21356 <-> DISABLED <-> SERVER-APACHE Apache URI directory traversal attempt (server-apache.rules)
 * 1:21357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules)
 * 1:21370 <-> DISABLED <-> SERVER-SAMBA Samba name mangling buffer overflow attempt (server-samba.rules)
 * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (file-java.rules)
 * 1:21393 <-> DISABLED <-> FILE-MULTIMEDIA Magix Musik Maker 16 buffer overflow attempt (file-multimedia.rules)
 * 1:21394 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox null byte file remote code execution attempt (browser-firefox.rules)
 * 1:21395 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:21396 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:21397 <-> DISABLED <-> FILE-MULTIMEDIA MicroP mppl stack buffer overflow (file-multimedia.rules)
 * 1:21398 <-> ENABLED <-> FILE-IDENTIFY MPPL file download request (file-identify.rules)
 * 1:21399 <-> DISABLED <-> BROWSER-OTHER Opera Web Browser History Search Input validation vulnerability (browser-other.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules)
 * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (file-other.rules)
 * 1:21417 <-> DISABLED <-> FILE-PDF hostile PDF associated with Laik exploit kit (file-pdf.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21431 <-> DISABLED <-> FILE-PDF Possible malicious pdf - new pdf exploit (file-pdf.rules)
 * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21437 <-> DISABLED <-> FILE-OTHER WordPerfect WP3TablesGroup heap overflow attempt (file-other.rules)
 * 1:21439 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules)
 * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules)
 * 1:21446 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject clsid access (browser-chrome.rules)
 * 1:21459 <-> ENABLED <-> MALWARE-TOOLS Havij advanced SQL injection tool user-agent string (malware-tools.rules)
 * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21483 <-> DISABLED <-> PROTOCOL-SCADA Moxa Device Manager buffer overflow attempt (protocol-scada.rules)
 * 1:21485 <-> DISABLED <-> SERVER-OTHER EMC RepliStor denial of service attempt (server-other.rules)
 * 1:21488 <-> DISABLED <-> APP-DETECT User-Agent known user agent - GetRight (app-detect.rules)
 * 1:21489 <-> DISABLED <-> FILE-OTHER Microsoft Windows chm file malware related exploit (file-other.rules)
 * 1:21490 <-> DISABLED <-> PROTOCOL-SCADA General Electric d20me configuration retrieval attempt (protocol-scada.rules)
 * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (protocol-scada.rules)
 * 1:21494 <-> DISABLED <-> PROTOCOL-SCADA General Electric D20ME backdoor attempt (protocol-scada.rules)
 * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21501 <-> DISABLED <-> FILE-JAVA Oracle JavaScript file upload keystroke hijack attempt (file-java.rules)
 * 1:21503 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption (file-office.rules)
 * 1:21509 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit rhino jar request (exploit-kit.rules)
 * 1:21510 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit logo transfer (exploit-kit.rules)
 * 1:21512 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zegost.B runtime detection (malware-backdoor.rules)
 * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules)
 * 1:21515 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Web Application Manager access (server-apache.rules)
 * 1:21519 <-> DISABLED <-> INDICATOR-OBFUSCATION Dadongs obfuscated javascript (indicator-obfuscation.rules)
 * 1:21524 <-> DISABLED <-> FILE-OFFICE Microsoft Windows object packager dialogue code execution attempt (file-office.rules)
 * 1:21530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules)
 * 1:21531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules)
 * 1:21532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules)
 * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules)
 * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules)
 * 1:21550 <-> ENABLED <-> MALWARE-BACKDOOR ToolsPack PHP Backdoor access (malware-backdoor.rules)
 * 1:21555 <-> DISABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (malware-other.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (file-other.rules)
 * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules)
 * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21576 <-> DISABLED <-> FILE-OTHER Microsoft Windows Visual Studio .addin file access (file-other.rules)
 * 1:21577 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - charcode (indicator-obfuscation.rules)
 * 1:21578 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - eval (indicator-obfuscation.rules)
 * 1:21579 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:21580 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:21582 <-> DISABLED <-> FILE-PDF PDF obfuscation attempt (file-pdf.rules)
 * 1:21583 <-> DISABLED <-> FILE-PDF Possible malicious pdf detection - qwe123 (file-pdf.rules)
 * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules)
 * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21587 <-> DISABLED <-> FILE-OTHER VisiWave VWR file parsing code execution attempt (file-other.rules)
 * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (os-mobile.rules)
 * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (os-mobile.rules)
 * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (os-mobile.rules)
 * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (os-mobile.rules)
 * 1:21599 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules)
 * 1:21600 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules)
 * 1:21601 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules)
 * 1:21602 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules)
 * 1:21603 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules)
 * 1:21604 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules)
 * 1:21605 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules)
 * 1:21606 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules)
 * 1:21607 <-> DISABLED <-> FILE-OTHER IBM Installation Manager iim uri code execution attempt (file-other.rules)
 * 1:21608 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 call number denial of service (protocol-voip.rules)
 * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21629 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules)
 * 1:21630 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules)
 * 1:21637 <-> DISABLED <-> POLICY-SPAM local user attempted to fill out paypal phishing form (policy-spam.rules)
 * 1:21641 <-> DISABLED <-> MALWARE-OTHER Possible banking trojan with known banking strings (malware-other.rules)
 * 1:21642 <-> DISABLED <-> MALWARE-OTHER Possible malicious jar file download page (malware-other.rules)
 * 1:21644 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller inbound connection - destination ip infected (pua-adware.rules)
 * 1:21645 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller outbound connection - source ip infected (pua-adware.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules)
 * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules)
 * 1:21662 <-> DISABLED <-> SERVER-OTHER Blue Coat Systems WinProxy telnet denial of service attempt (server-other.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt (protocol-voip.rules)
 * 1:21672 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP capabilities response message capabilities count overflow attempt (protocol-voip.rules)
 * 1:21673 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP overly large mem copy attempt (protocol-voip.rules)
 * 1:21674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21677 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules)
 * 1:21678 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules)
 * 1:21679 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call attempt (exploit-kit.rules)
 * 1:21680 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules)
 * 1:21681 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules)
 * 1:21682 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules)
 * 1:21683 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules)
 * 1:21684 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules)
 * 1:21685 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules)
 * 1:21686 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules)
 * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules)
 * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules)
 * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules)
 * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules)
 * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules)
 * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules)
 * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules)
 * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:21759 <-> DISABLED <-> FILE-OTHER Ultra Shareware Office HttpUpload buffer overflow attempt (file-other.rules)
 * 1:21763 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve Backup denial of service attempt (server-other.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21765 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF subroutine pointer attempt (file-pdf.rules)
 * 1:21767 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules)
 * 1:21768 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules)
 * 1:21777 <-> DISABLED <-> SQL waitfor delay function in POST - possible SQL injection attempt (sql.rules)
 * 1:21779 <-> DISABLED <-> SQL parameter ending in encoded comment characters - possible sql injection attempt - POST (sql.rules)
 * 1:21780 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded waitfor delay function in POST - possible sql injection attempt (indicator-obfuscation.rules)
 * 1:21781 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded union select function in POST - possible sql injection attempt (indicator-obfuscation.rules)
 * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules)
 * 1:21783 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules)
 * 1:21784 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules)
 * 1:21785 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules)
 * 1:21786 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules)
 * 1:21787 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules)
 * 1:21788 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules)
 * 1:21789 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules)
 * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21805 <-> DISABLED <-> FILE-MULTIMEDIA HT-MP3Player file parsing boundary buffer overflow attempt (file-multimedia.rules)
 * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)
 * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21817 <-> DISABLED <-> PROTOCOL-DNS excessive queries of type ANY - potential DoS (protocol-dns.rules)
 * 1:21845 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules)
 * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules)
 * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules)
 * 1:21850 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - request hi.cgi (malware-other.rules)
 * 1:21851 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules)
 * 1:21853 <-> DISABLED <-> APP-DETECT ptunnel icmp proxy (app-detect.rules)
 * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules)
 * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules)
 * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21907 <-> DISABLED <-> FILE-OFFICE Microsoft Office rtf document generic exploit indicator (file-office.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21920 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules)
 * 1:21921 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules)
 * 1:21923 <-> DISABLED <-> SERVER-APACHE Apache Tomcat PUT request remote file deployment attempt (server-apache.rules)
 * 1:21924 <-> DISABLED <-> PUA-ADWARE Adware.Downware variant outbound connection attempt (pua-adware.rules)
 * 1:21929 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules)
 * 1:21930 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules)
 * 1:21934 <-> DISABLED <-> PUA-ADWARE 888Poker install outbound connection attempt (pua-adware.rules)
 * 1:21938 <-> DISABLED <-> PROTOCOL-TELNET RuggedCom default backdoor login attempt (protocol-telnet.rules)
 * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules)
 * 1:21941 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory (indicator-compromise.rules)
 * 1:21949 <-> ENABLED <-> MALWARE-OTHER nikjju script injection (malware-other.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:21967 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip.A runtime detection (malware-backdoor.rules)
 * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules)
 * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules)
 * 1:21970 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant outbound connection (malware-backdoor.rules)
 * 1:21971 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant inbound connection (malware-backdoor.rules)
 * 1:21972 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash variant outbound connection (malware-backdoor.rules)
 * 1:21973 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash runtime detection (malware-backdoor.rules)
 * 1:21977 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Pinit variant outbound connection (malware-backdoor.rules)
 * 1:21978 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules)
 * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules)
 * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules)
 * 1:22002 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules)
 * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules)
 * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules)
 * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules)
 * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules)
 * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:22029 <-> DISABLED <-> FILE-OTHER Visual Studio DBP file handling buffer overflow attempt (file-other.rules)
 * 1:22030 <-> DISABLED <-> FILE-OTHER Visual Studio PKP file handling buffer overflow attempt (file-other.rules)
 * 1:22031 <-> DISABLED <-> FILE-OTHER Visual Studio SLN file handling buffer overflow attempt (file-other.rules)
 * 1:22032 <-> DISABLED <-> FILE-OTHER Visual Studio VAP file handling buffer overflow attempt (file-other.rules)
 * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules)
 * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:22061 <-> ENABLED <-> MALWARE-OTHER Alureon - Malicious IFRAME load attempt (malware-other.rules)
 * 1:22071 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - eval (indicator-obfuscation.rules)
 * 1:22072 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:22073 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - unescape (indicator-obfuscation.rules)
 * 1:22074 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - charCode (indicator-obfuscation.rules)
 * 1:22079 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework EvidenceBase class remote code execution attempt (os-windows.rules)
 * 1:22085 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules)
 * 1:22086 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules)
 * 1:22087 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules)
 * 1:22090 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework malicious XBAP attempt (os-windows.rules)
 * 1:22095 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Agent variant outbound connection (malware-backdoor.rules)
 * 1:22098 <-> DISABLED <-> INDICATOR-COMPROMISE hex-encoded create_function detected (indicator-compromise.rules)
 * 1:22110 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules)
 * 1:22111 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules)
 * 1:22112 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules)
 * 1:22113 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules)
 * 1:22114 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules)
 * 1:22115 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules)
 * 1:22917 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules)
 * 1:22918 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules)
 * 1:22919 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules)
 * 1:22920 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules)
 * 1:22921 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules)
 * 1:22922 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules)
 * 1:22923 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules)
 * 1:22924 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules)
 * 1:22925 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules)
 * 1:22926 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules)
 * 1:22927 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules)
 * 1:22928 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules)
 * 1:22929 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules)
 * 1:22930 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules)
 * 1:22931 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules)
 * 1:22932 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules)
 * 1:22933 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - tools (indicator-compromise.rules)
 * 1:22940 <-> DISABLED <-> INDICATOR-COMPROMISE Win32.Virut web propagation detection (indicator-compromise.rules)
 * 1:22941 <-> DISABLED <-> FILE-PDF Possible malicious PDF detection - qweqwe= (file-pdf.rules)
 * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules)
 * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (protocol-voip.rules)
 * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules)
 * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules)
 * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules)
 * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23004 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:23005 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:23006 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:23007 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules)
 * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23016 <-> DISABLED <-> INDICATOR-COMPROMISE base64-encoded c99shell download (indicator-compromise.rules)
 * 1:23017 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell comment (indicator-compromise.rules)
 * 1:23043 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules)
 * 1:23044 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules)
 * 1:23045 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - Title (file-pdf.rules)
 * 1:23054 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nSSVGValue memory corruption attempt (browser-firefox.rules)
 * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Multiple Products FTP MKD buffer overflow attempt (protocol-ftp.rules)
 * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules)
 * 1:23085 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - join (indicator-obfuscation.rules)
 * 1:23086 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - push (indicator-obfuscation.rules)
 * 1:23087 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - xval (indicator-obfuscation.rules)
 * 1:23088 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - qweqwe (indicator-obfuscation.rules)
 * 1:23089 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript strings - obfuscation pattern (indicator-obfuscation.rules)
 * 1:29669 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules)
 * 1:29715 <-> DISABLED <-> SERVER-IIS Microsoft Windows ASP .NET denial of service attempt (server-iis.rules)
 * 1:29723 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules)
 * 1:29724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules)
 * 1:29725 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules)
 * 1:29726 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules)
 * 1:29745 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS variable (indicator-obfuscation.rules)
 * 1:29755 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules)
 * 1:29792 <-> DISABLED <-> SERVER-OTHER Novell iPrint Server remote code execution attempt (server-other.rules)
 * 1:29793 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras execution of commands from administration web interface (server-other.rules)
 * 1:29794 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access to the video stream via HTTP (server-other.rules)
 * 1:29795 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access the ASCII video stream via image luminance (server-other.rules)
 * 1:29800 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules)
 * 1:29807 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS array (indicator-obfuscation.rules)
 * 1:29809 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules)
 * 1:29810 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules)
 * 1:29811 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules)
 * 1:29812 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules)
 * 1:29823 <-> DISABLED <-> OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt (os-windows.rules)
 * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules)
 * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules)
 * 1:29864 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit payload request (exploit-kit.rules)
 * 1:29866 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules)
 * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules)
 * 1:29874 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Dremseko outbound username enumeration (malware-backdoor.rules)
 * 1:29888 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules)
 * 1:29889 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules)
 * 1:29896 <-> DISABLED <-> SERVER-APACHE Apache Tomcat infinite loop denial of service attempt (server-apache.rules)
 * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules)
 * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules)
 * 1:29904 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules)
 * 1:29905 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules)
 * 1:29918 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Vacky system information disclosure (malware-other.rules)
 * 1:29926 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules)
 * 1:29927 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules)
 * 1:29932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules)
 * 1:29933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules)
 * 1:29934 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules)
 * 1:29935 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules)
 * 1:29938 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio Remote Agent buffer overflow attempt (server-other.rules)
 * 1:29939 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules)
 * 1:29940 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules)
 * 1:29941 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules)
 * 1:29942 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules)
 * 1:29950 <-> DISABLED <-> SERVER-OTHER TP-Link TL-WR740N wireless router remote denial of service attempt (server-other.rules)
 * 1:29951 <-> DISABLED <-> SERVER-OTHER HylaFAX plus LDAP authentication username buffer overflow attempt (server-other.rules)
 * 1:29952 <-> DISABLED <-> SERVER-OTHER HP LoadRunner XDR handling heap buffer overflow (server-other.rules)
 * 1:29953 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules)
 * 1:29954 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server heap buffer overflow attempt (protocol-scada.rules)
 * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (server-other.rules)
 * 1:29959 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:29960 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules)
 * 1:29961 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules)
 * 1:29962 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules)
 * 1:29963 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules)
 * 1:29964 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime directory traversal attempt (protocol-scada.rules)
 * 1:29965 <-> DISABLED <-> PROTOCOL-SCADA Tri PLC Nano 10 PLC denial of service attempt (protocol-scada.rules)
 * 1:29966 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules)
 * 1:29967 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules)
 * 1:29968 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules)
 * 1:29969 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules)
 * 1:29970 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules)
 * 1:29971 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules)
 * 1:29972 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules)
 * 1:29991 <-> DISABLED <-> PUA-ADWARE The Best All Codecs App runtime detection (pua-adware.rules)
 * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules)
 * 1:30010 <-> DISABLED <-> SERVER-APACHE Apache Solr SolrResourceLoader directory traversal attempt (server-apache.rules)
 * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules)
 * 1:30032 <-> DISABLED <-> SERVER-OTHER Borland VisiBroker Smart Agent heap overflow attempt (server-other.rules)
 * 1:30038 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules)
 * 1:30070 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules)
 * 1:30071 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules)
 * 1:30072 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules)
 * 1:30133 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules)
 * 1:30134 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload delivery - specific string (exploit-kit.rules)
 * 1:30137 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie set (malware-other.rules)
 * 1:30138 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie (malware-other.rules)
 * 1:30146 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules)
 * 1:30147 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules)
 * 1:30148 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules)
 * 1:30149 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules)
 * 1:30150 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules)
 * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules)
 * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules)
 * 1:30195 <-> DISABLED <-> APP-DETECT Paros proxy outbound connection attempt (app-detect.rules)
 * 1:30202 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper uidl header overflow attempt (server-mail.rules)
 * 1:30205 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules)
 * 1:30206 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules)
 * 1:30207 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules)
 * 1:30212 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules)
 * 1:30213 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules)
 * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:30218 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:30221 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit linux/x86 reverse_tcp stager transfer attempt (indicator-shellcode.rules)
 * 1:30222 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/meterpreter stage transfer attempt (indicator-shellcode.rules)
 * 1:30223 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell stage transfer attempt (indicator-shellcode.rules)
 * 1:30224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell_reverse_tcp single stage transfer attempt (indicator-shellcode.rules)
 * 1:30225 <-> DISABLED <-> INDICATOR-SHELLCODE possible /bin/sh shellcode transfer attempt (indicator-shellcode.rules)
 * 1:30226 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/meterpreter stage transfer attempt (indicator-shellcode.rules)
 * 1:30227 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/reverse_tcp stager transfer attempt (indicator-shellcode.rules)
 * 1:30228 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules)
 * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules)
 * 1:30236 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules)
 * 1:30237 <-> DISABLED <-> PUA-ADWARE InstallMonster initial runtime outbound connection (pua-adware.rules)
 * 1:30238 <-> DISABLED <-> PUA-ADWARE InstallMonster follow-up outbound connection (pua-adware.rules)
 * 1:30240 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules)
 * 1:30241 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules)
 * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules)
 * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules)
 * 1:30244 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules)
 * 1:30245 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules)
 * 1:30246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules)
 * 1:30247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules)
 * 1:30248 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules)
 * 1:30252 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor filter security policy bypass attempt (browser-chrome.rules)
 * 1:30253 <-> DISABLED <-> APP-DETECT Anyplace proxy header detected (app-detect.rules)
 * 1:30254 <-> DISABLED <-> APP-DETECT Anyplace usage attempt (app-detect.rules)
 * 1:30260 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules)
 * 1:30261 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules)
 * 1:30272 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki redirected client DNS request (malware-other.rules)
 * 1:30273 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki DNS compromised server response (malware-other.rules)
 * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules)
 * 1:30306 <-> ENABLED <-> EXPLOIT-KIT SofosFO/Stamp exploit kit plugin detection page (exploit-kit.rules)
 * 1:30312 <-> ENABLED <-> EXPLOIT-KIT WhiteLotus exploit kit plugin outbound detection (exploit-kit.rules)
 * 1:30316 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules)
 * 1:30317 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules)
 * 1:30320 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules)
 * 1:30325 <-> ENABLED <-> MALWARE-OTHER malicious iframe injection redirect attempt (malware-other.rules)
 * 1:30326 <-> DISABLED <-> OS-LINUX Linux kernel SCTP duplicate cookie denial of service attempt (os-linux.rules)
 * 1:30329 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules)
 * 1:30330 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules)
 * 1:30337 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst SSH protocol mismatch denial of service attempt (server-other.rules)
 * 1:30338 <-> DISABLED <-> SERVER-OTHER Cisco 677-678 telnet buffer overflow attempt (server-other.rules)
 * 1:30339 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst telnet memory leak denial of service attempt (server-other.rules)
 * 1:30347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules)
 * 1:30348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules)
 * 1:30349 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules)
 * 1:30350 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30351 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_find_port (indicator-shellcode.rules)
 * 1:30352 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_interact (indicator-shellcode.rules)
 * 1:30353 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30354 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload android_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30355 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30356 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30357 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_exec (indicator-shellcode.rules)
 * 1:30358 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules)
 * 1:30359 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30360 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_find_port (indicator-shellcode.rules)
 * 1:30361 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_ipv6_tcp (indicator-shellcode.rules)
 * 1:30362 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30363 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsdi_x86_shell_find_port (indicator-shellcode.rules)
 * 1:30364 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_awk (indicator-shellcode.rules)
 * 1:30365 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_inetd (indicator-shellcode.rules)
 * 1:30366 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_lua (indicator-shellcode.rules)
 * 1:30367 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat (indicator-shellcode.rules)
 * 1:30368 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping (indicator-shellcode.rules)
 * 1:30369 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping_ipv6 (indicator-shellcode.rules)
 * 1:30370 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_nodejs (indicator-shellcode.rules)
 * 1:30371 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl (indicator-shellcode.rules)
 * 1:30372 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl_ipv6 (indicator-shellcode.rules)
 * 1:30373 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_ruby (indicator-shellcode.rules)
 * 1:30374 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_zsh (indicator-shellcode.rules)
 * 1:30375 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse (indicator-shellcode.rules)
 * 1:30376 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_awk (indicator-shellcode.rules)
 * 1:30377 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_lua (indicator-shellcode.rules)
 * 1:30378 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_openssl (indicator-shellcode.rules)
 * 1:30379 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules)
 * 1:30380 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl_ssl (indicator-shellcode.rules)
 * 1:30381 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_php_ssl (indicator-shellcode.rules)
 * 1:30382 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_python (indicator-shellcode.rules)
 * 1:30383 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby (indicator-shellcode.rules)
 * 1:30384 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby_ssl (indicator-shellcode.rules)
 * 1:30385 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_zsh (indicator-shellcode.rules)
 * 1:30386 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_adduser (indicator-shellcode.rules)
 * 1:30387 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl (indicator-shellcode.rules)
 * 1:30388 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl_ipv6 (indicator-shellcode.rules)
 * 1:30389 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_ruby (indicator-shellcode.rules)
 * 1:30390 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_download_exec_vbs (indicator-shellcode.rules)
 * 1:30391 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_perl (indicator-shellcode.rules)
 * 1:30392 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_powershell (indicator-shellcode.rules)
 * 1:30393 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_ruby (indicator-shellcode.rules)
 * 1:30394 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_exec (indicator-shellcode.rules)
 * 1:30395 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30396 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_jsp_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30397 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30398 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_adduser (indicator-shellcode.rules)
 * 1:30399 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_exec (indicator-shellcode.rules)
 * 1:30400 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30401 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30402 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30403 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30404 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_reboot (indicator-shellcode.rules)
 * 1:30405 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30406 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30407 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30408 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_find_port (indicator-shellcode.rules)
 * 1:30409 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30410 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_find_port (indicator-shellcode.rules)
 * 1:30411 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_exec (indicator-shellcode.rules)
 * 1:30412 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30413 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp_random_port (indicator-shellcode.rules)
 * 1:30414 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_find_port (indicator-shellcode.rules)
 * 1:30415 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30416 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_adduser (indicator-shellcode.rules)
 * 1:30417 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_chmod (indicator-shellcode.rules)
 * 1:30418 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_exec (indicator-shellcode.rules)
 * 1:30419 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_ipv6_tcp (indicator-shellcode.rules)
 * 1:30420 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_nonx_tcp (indicator-shellcode.rules)
 * 1:30421 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_tcp (indicator-shellcode.rules)
 * 1:30422 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_find_tag (indicator-shellcode.rules)
 * 1:30423 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_ipv6_tcp (indicator-shellcode.rules)
 * 1:30424 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_nonx_tcp (indicator-shellcode.rules)
 * 1:30425 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_tcp (indicator-shellcode.rules)
 * 1:30426 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules)
 * 1:30427 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30428 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp_random_port (indicator-shellcode.rules)
 * 1:30429 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_find_port (indicator-shellcode.rules)
 * 1:30430 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30431 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp2 (indicator-shellcode.rules)
 * 1:30432 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload netware_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30433 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload nodejs_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30434 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30435 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30436 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_vibrate (indicator-shellcode.rules)
 * 1:30437 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30438 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_find_tag (indicator-shellcode.rules)
 * 1:30439 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30440 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_bind_tcp (indicator-shellcode.rules)
 * 1:30441 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_reverse_tcp (indicator-shellcode.rules)
 * 1:30442 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_exec (indicator-shellcode.rules)
 * 1:30443 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_say (indicator-shellcode.rules)
 * 1:30444 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_find_tag (indicator-shellcode.rules)
 * 1:30445 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30446 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_exec (indicator-shellcode.rules)
 * 1:30447 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_bind_tcp (indicator-shellcode.rules)
 * 1:30448 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_reverse_tcp (indicator-shellcode.rules)
 * 1:30449 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_shell_find_port (indicator-shellcode.rules)
 * 1:30450 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_bind_tcp (indicator-shellcode.rules)
 * 1:30451 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_reverse_tcp (indicator-shellcode.rules)
 * 1:30452 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_bind_perl (indicator-shellcode.rules)
 * 1:30453 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_download_exec (indicator-shellcode.rules)
 * 1:30454 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_exec (indicator-shellcode.rules)
 * 1:30455 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_bind_tcp (indicator-shellcode.rules)
 * 1:30456 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_reverse_tcp (indicator-shellcode.rules)
 * 1:30457 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_perl (indicator-shellcode.rules)
 * 1:30458 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_php (indicator-shellcode.rules)
 * 1:30459 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_shell_findsock (indicator-shellcode.rules)
 * 1:30460 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_meterpreter_bind_tcp (indicator-shellcode.rules)
 * 1:30461 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_shell_reverse_tcp_ssl (indicator-shellcode.rules)
 * 1:30462 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30463 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30464 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp_ssl (indicator-shellcode.rules)
 * 1:30465 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30466 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_find_port (indicator-shellcode.rules)
 * 1:30467 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30468 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_bind_tcp (indicator-shellcode.rules)
 * 1:30469 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_find_port (indicator-shellcode.rules)
 * 1:30470 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_reverse_tcp (indicator-shellcode.rules)
 * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules)
 * 1:30472 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_messagebox (indicator-shellcode.rules)
 * 1:30473 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_nonx_tcp (indicator-shellcode.rules)
 * 1:30474 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_tcp (indicator-shellcode.rules)
 * 1:30475 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_find_tag (indicator-shellcode.rules)
 * 1:30476 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_reverse_ord_tcp (indicator-shellcode.rules)
 * 1:30477 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_shell_bind_tcp_xpfw (indicator-shellcode.rules)
 * 1:30478 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_speak_pwned (indicator-shellcode.rules)
 * 1:30479 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_exec (indicator-shellcode.rules)
 * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules)
 * 1:30485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:30486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:30487 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server heap overflow attempt (server-other.rules)
 * 1:30488 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server channel join heap overflow attempt (server-other.rules)
 * 1:30489 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server connection heap overflow attempt (server-other.rules)
 * 1:30492 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules)
 * 1:30493 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules)
 * 1:30496 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules)
 * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules)
 * 1:30510 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30511 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30512 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30513 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30520 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response (server-other.rules)
 * 1:30521 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response (server-other.rules)
 * 1:30522 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response (server-other.rules)
 * 1:30523 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response (server-other.rules)
 * 1:30524 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30525 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30530 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules)
 * 1:30531 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules)
 * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules)
 * 1:30535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:30536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:30539 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules)
 * 1:30540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules)
 * 1:30549 <-> ENABLED <-> SERVER-OTHER OpenSSL Heartbleed masscan access exploitation attempt (server-other.rules)
 * 1:30562 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 stack buffer overflow attempt (protocol-scada.rules)
 * 1:30564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules)
 * 1:30565 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules)
 * 1:30567 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules)
 * 1:30568 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules)
 * 1:30569 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent Funeral ceremony phishing attempt (malware-other.rules)
 * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30735 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30736 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30737 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30738 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30739 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30740 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30741 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30742 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules)
 * 1:30761 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules)
 * 1:30762 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules)
 * 1:30763 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules)
 * 1:30764 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules)
 * 1:30765 <-> DISABLED <-> PUA-TOOLBARS Inbox Public Transport Toolbar outbound connection (pua-toolbars.rules)
 * 1:30766 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit landing page (exploit-kit.rules)
 * 1:30770 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules)
 * 1:30771 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules)
 * 1:30777 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30778 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30779 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30780 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30781 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30782 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30783 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30784 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30785 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30786 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30787 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30788 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30790 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30791 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30792 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30793 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30797 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 RETR bkbcopyd buffer overflow attempt (protocol-scada.rules)
 * 1:30798 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 STOR bkbcopyd buffer overflow attempt (protocol-scada.rules)
 * 1:30799 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 ATTR bkbcopyd buffer overflow attempt (protocol-scada.rules)
 * 1:30800 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 XATR bkbcopyd buffer overflow attempt (protocol-scada.rules)
 * 1:30801 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 PMODE bkbcopyd buffer overflow attempt (protocol-scada.rules)
 * 1:30802 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt (protocol-scada.rules)
 * 1:30816 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules)
 * 1:30817 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules)
 * 1:30818 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules)
 * 1:30819 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules)
 * 1:30820 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules)
 * 1:30821 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules)
 * 1:30822 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules)
 * 1:30823 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules)
 * 1:30843 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules)
 * 1:30844 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules)
 * 1:30845 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules)
 * 1:30846 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules)
 * 1:30852 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page - base64 encoded xml/jnlp statement (exploit-kit.rules)
 * 1:30853 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain bitseed.xf2.org (app-detect.rules)
 * 1:30854 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.btcltcftc.com (app-detect.rules)
 * 1:30855 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.fc.altcointech.net (app-detect.rules)
 * 1:30856 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.feathercoin.com (app-detect.rules)
 * 1:30857 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.koin-project.com (app-detect.rules)
 * 1:30858 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecoinpool.org (app-detect.rules)
 * 1:30859 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecointools.com (app-detect.rules)
 * 1:30860 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ltc.xurious.com (app-detect.rules)
 * 1:30861 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ppc.altcointech.net (app-detect.rules)
 * 1:30862 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.xpm.altcointech.net (app-detect.rules)
 * 1:30863 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable01.dvcnode.org (app-detect.rules)
 * 1:30864 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable02.dvcnode.org (app-detect.rules)
 * 1:30865 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.bitcoinstats.com (app-detect.rules)
 * 1:30866 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dglibrary.org (app-detect.rules)
 * 1:30867 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogechain.info (app-detect.rules)
 * 1:30868 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogecoin.com (app-detect.rules)
 * 1:30869 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.mophides.com (app-detect.rules)
 * 1:30870 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.ppcoin.net (app-detect.rules)
 * 1:30871 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.metiscoininvest.info (app-detect.rules)
 * 1:30872 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.net.terracoin.org (app-detect.rules)
 * 1:30873 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.qrkcoin.org (app-detect.rules)
 * 1:30874 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed2.net.terracoin.org (app-detect.rules)
 * 1:30875 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain tnseed.ppcoin.net (app-detect.rules)
 * 1:30878 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit mp3 requested by Java (exploit-kit.rules)
 * 1:30898 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer underflow (file-other.rules)
 * 1:30904 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules)
 * 1:30907 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules)
 * 1:30920 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection gate (exploit-kit.rules)
 * 1:30927 <-> DISABLED <-> PUA-ADWARE Win.Adware.Linkular variant outbound connection (pua-adware.rules)
 * 1:30930 <-> DISABLED <-> PUA-ADWARE Win.Adware.FakeAV variant outbound connection (pua-adware.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules)
 * 1:24017 <-> ENABLED <-> MALWARE-OTHER Possible malicious redirect - rebots.php (malware-other.rules)
 * 1:24020 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24022 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24024 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24028 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24037 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules)
 * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules)
 * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24051 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules)
 * 1:24052 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules)
 * 1:24055 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24057 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24065 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24067 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules)
 * 1:24068 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 bufer over-read attempt (file-other.rules)
 * 1:24069 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules)
 * 1:24070 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules)
 * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24084 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24086 <-> DISABLED <-> PUA-ADWARE Adware.AdultAds outbound connection (pua-adware.rules)
 * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules)
 * 1:24094 <-> DISABLED <-> APP-DETECT Teamviewer control server ping (app-detect.rules)
 * 1:24095 <-> DISABLED <-> APP-DETECT Teamviewer installer download attempt (app-detect.rules)
 * 1:24096 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules)
 * 1:24097 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules)
 * 1:24098 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules)
 * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules)
 * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules)
 * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules)
 * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules)
 * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules)
 * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules)
 * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules)
 * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules)
 * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules)
 * 1:24114 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_underscore_tolower encoder (indicator-shellcode.rules)
 * 1:24115 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24116 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24117 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24118 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24119 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24120 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24121 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24122 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules)
 * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules)
 * 1:24125 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24127 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - QUERY_PATH_INFO csrss.exe (indicator-compromise.rules)
 * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (os-windows.rules)
 * 1:24129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules)
 * 1:24130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules)
 * 1:24131 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules)
 * 1:24132 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules)
 * 1:24133 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules)
 * 1:24134 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules)
 * 1:24135 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules)
 * 1:24136 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules)
 * 1:24137 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules)
 * 1:24143 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt query for machine name KASPERSKY (malware-other.rules)
 * 1:24144 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt download (malware-other.rules)
 * 1:24145 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt sent over email (malware-other.rules)
 * 1:24148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules)
 * 1:24149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules)
 * 1:24152 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules)
 * 1:24153 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules)
 * 1:24154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules)
 * 1:24155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules)
 * 1:24159 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24160 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24161 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24162 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24163 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24164 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24165 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24166 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules)
 * 1:24167 <-> DISABLED <-> INDICATOR-OBFUSCATION document write of unescaped value with remote script (indicator-obfuscation.rules)
 * 1:24168 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden iframe - potential include of malicious content (indicator-obfuscation.rules)
 * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules)
 * 1:24176 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules)
 * 1:24177 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules)
 * 1:24178 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules)
 * 1:24179 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules)
 * 1:24180 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules)
 * 1:24181 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules)
 * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules)
 * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules)
 * 1:24209 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules)
 * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules)
 * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules)
 * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules)
 * 1:24225 <-> ENABLED <-> MALWARE-OTHER malicious redirection attempt (malware-other.rules)
 * 1:24229 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules)
 * 1:24230 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules)
 * 1:24231 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules)
 * 1:24232 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules)
 * 1:24233 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules)
 * 1:24234 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules)
 * 1:24250 <-> DISABLED <-> SERVER-OTHER telephone URI to USSD code for factory reset (server-other.rules)
 * 1:24251 <-> DISABLED <-> OS-MOBILE Android/Fakelash.A!tr.spy trojan command and control channel traffic (os-mobile.rules)
 * 1:24253 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules)
 * 1:24254 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules)
 * 1:24256 <-> ENABLED <-> MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt (malware-backdoor.rules)
 * 1:24257 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules)
 * 1:24258 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules)
 * 1:24259 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules)
 * 1:24260 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules)
 * 1:24261 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules)
 * 1:24262 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules)
 * 1:24264 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules)
 * 1:24265 <-> ENABLED <-> MALWARE-OTHER Malicious UA detected on non-standard port (malware-other.rules)
 * 1:24266 <-> DISABLED <-> FILE-PDF xpdf ObjectStream integer overflow (file-pdf.rules)
 * 1:24270 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk RTP comfort noise denial of service attempt (protocol-voip.rules)
 * 1:24283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules)
 * 1:24290 <-> DISABLED <-> SERVER-OTHER Fortinet FortiOS appliedTags field cross site scripting attempt (server-other.rules)
 * 1:24294 <-> DISABLED <-> PROTOCOL-ICMP IPv6 neighbor advertisement flood attempt (protocol-icmp.rules)
 * 1:24295 <-> DISABLED <-> PROTOCOL-ICMP suspicious IPv6 router advertisement attempt (protocol-icmp.rules)
 * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (protocol-icmp.rules)
 * 1:24297 <-> DISABLED <-> PROTOCOL-ICMP IPv6 oversized ICMP ping attempt (protocol-icmp.rules)
 * 1:24298 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xdeadbeef ICMP ping attempt (protocol-icmp.rules)
 * 1:24299 <-> DISABLED <-> PROTOCOL-ICMP IPv6 invalid router advertisement attempt (protocol-icmp.rules)
 * 1:24301 <-> DISABLED <-> PROTOCOL-ICMP IPv6 MLD multicast listener query attempt (protocol-icmp.rules)
 * 1:24302 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor delete attempt (protocol-icmp.rules)
 * 1:24304 <-> DISABLED <-> PROTOCOL-DNS dead alive6 DNS attempt (protocol-dns.rules)
 * 1:24305 <-> DISABLED <-> PROTOCOL-ICMP invalid ICMPv6 header attempt (protocol-icmp.rules)
 * 1:24306 <-> DISABLED <-> SERVER-APACHE HP Operations Dashboard Apache Tomcat default admin account access attempt (server-apache.rules)
 * 1:24311 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader download (malware-other.rules)
 * 1:24312 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader inbound email (malware-other.rules)
 * 1:24344 <-> ENABLED <-> EXPLOIT-KIT Unknown exploit kit redirection page (exploit-kit.rules)
 * 1:24348 <-> DISABLED <-> SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt (server-apache.rules)
 * 1:24355 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules)
 * 1:24356 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules)
 * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (os-windows.rules)
 * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24370 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules)
 * 1:24371 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules)
 * 1:24372 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules)
 * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules)
 * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules)
 * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules)
 * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules)
 * 1:24386 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules)
 * 1:24387 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules)
 * 1:24388 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro file upload (indicator-compromise.rules)
 * 1:24389 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro status check (indicator-compromise.rules)
 * 1:24390 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start perl (indicator-compromise.rules)
 * 1:24391 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start php (indicator-compromise.rules)
 * 1:24392 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro write file (indicator-compromise.rules)
 * 1:24393 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro stop attack (indicator-compromise.rules)
 * 1:24394 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start attack (indicator-compromise.rules)
 * 1:24395 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro TCP flood (malware-other.rules)
 * 1:24396 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro UDP flood (malware-other.rules)
 * 1:24397 <-> DISABLED <-> APP-DETECT Steam game URI handler (app-detect.rules)
 * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules)
 * 1:24401 <-> DISABLED <-> OS-WINDOWS PCT Client_Hello overflow attempt (os-windows.rules)
 * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules)
 * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules)
 * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules)
 * 1:24408 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules)
 * 1:24409 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules)
 * 1:24410 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules)
 * 1:24411 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules)
 * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24421 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules)
 * 1:24422 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules)
 * 1:24423 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules)
 * 1:24424 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules)
 * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules)
 * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules)
 * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules)
 * 1:24432 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules)
 * 1:24433 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules)
 * 1:24434 <-> DISABLED <-> INDICATOR-COMPROMISE fx29shell.php connection attempt (indicator-compromise.rules)
 * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules)
 * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules)
 * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24474 <-> DISABLED <-> BROWSER-OTHER Puffin Browser usage detected (browser-other.rules)
 * 1:24476 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules)
 * 1:24477 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules)
 * 1:24478 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules)
 * 1:24479 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules)
 * 1:24481 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules)
 * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules)
 * 1:24489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules)
 * 1:24490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules)
 * 1:24498 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:24499 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:24506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader null pointer dereference attempt (file-pdf.rules)
 * 1:24510 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules)
 * 1:24511 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules)
 * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24515 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules)
 * 1:24516 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules)
 * 1:24522 <-> DISABLED <-> SERVER-OTHER VxWorks RPC request to MGCP service attempt (server-other.rules)
 * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (server-mail.rules)
 * 1:24530 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Ransomlock runtime detection (malware-backdoor.rules)
 * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules)
 * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules)
 * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules)
 * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules)
 * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules)
 * 1:24551 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:24552 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:24553 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24583 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24584 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:24585 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24589 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24590 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24591 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24592 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24594 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MiniFlame C&C command response attempt (malware-other.rules)
 * 1:24598 <-> DISABLED <-> POLICY-SPAM 1.usa.gov URL in email, possible spam redirect (policy-spam.rules)
 * 1:24600 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24601 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24602 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24603 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24604 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24605 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24606 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24607 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24609 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24610 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24611 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24612 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24613 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24614 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24615 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24616 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24617 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24618 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24619 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24620 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24621 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24622 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24625 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules)
 * 1:24626 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules)
 * 1:24627 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules)
 * 1:24648 <-> DISABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:24649 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules)
 * 1:24650 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules)
 * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules)
 * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules)
 * 1:24655 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules)
 * 1:24656 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules)
 * 1:24658 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules)
 * 1:24659 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules)
 * 1:24664 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules)
 * 1:24665 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules)
 * 1:24673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules)
 * 1:24674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules)
 * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules)
 * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules)
 * 1:24722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules)
 * 1:24727 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:24763 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules)
 * 1:24764 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules)
 * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24785 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible redirection attempt (exploit-kit.rules)
 * 1:24786 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules)
 * 1:24787 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit download (exploit-kit.rules)
 * 1:24788 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit request structure (exploit-kit.rules)
 * 1:24789 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit download attempt (exploit-kit.rules)
 * 1:24790 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable request (exploit-kit.rules)
 * 1:24791 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable download (exploit-kit.rules)
 * 1:24799 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules)
 * 1:24800 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules)
 * 1:24805 <-> DISABLED <-> SERVER-OTHER lighthttpd connection header denial of service attempt (server-other.rules)
 * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24814 <-> DISABLED <-> PROTOCOL-SNMP Samsung printer default community string (protocol-snmp.rules)
 * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules)
 * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules)
 * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24866 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules)
 * 1:24867 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules)
 * 1:24868 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24883 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules)
 * 1:24884 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules)
 * 1:24888 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules)
 * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (file-flash.rules)
 * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24897 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL grant file long database name stack overflow attempt (server-mysql.rules)
 * 1:24899 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules)
 * 1:24900 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules)
 * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24908 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL user enumeration attempt (server-mysql.rules)
 * 1:24909 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL select UpdateXML nested xml elements denial of service attempt (server-mysql.rules)
 * 1:24910 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL MDL free corrupted pointer heap overflow attempt (server-mysql.rules)
 * 1:24912 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules)
 * 1:24955 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules)
 * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules)
 * 1:24977 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection attempt (exploit-kit.rules)
 * 1:24978 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound payload request (exploit-kit.rules)
 * 1:24979 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection (exploit-kit.rules)
 * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24988 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro v2 UDP flood attempt (malware-other.rules)
 * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:25001 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant outbound connection (malware-other.rules)
 * 1:25002 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant inbound attachemtn (malware-other.rules)
 * 1:25012 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules)
 * 1:25013 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules)
 * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules)
 * 1:25015 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - NOP command attempt (malware-backdoor.rules)
 * 1:25018 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules)
 * 1:25020 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:25031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant outbound connection (malware-other.rules)
 * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules)
 * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25039 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules)
 * 1:25040 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules)
 * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules)
 * 1:25046 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V6 exploit download (exploit-kit.rules)
 * 1:25047 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V7 exploit download (exploit-kit.rules)
 * 1:25048 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Library exploit download (exploit-kit.rules)
 * 1:25057 <-> DISABLED <-> PROTOCOL-SCADA Tridium Niagara directory traversal config.bog access attempt (protocol-scada.rules)
 * 1:25058 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server alert indication request dll injection attempt (server-other.rules)
 * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules)
 * 1:25060 <-> DISABLED <-> INDICATOR-OBFUSCATION ActiveX multiple adjacent object tags (indicator-obfuscation.rules)
 * 1:25080 <-> DISABLED <-> APP-DETECT Apple Messages push.apple.com DNS TXT request attempt (app-detect.rules)
 * 1:25081 <-> DISABLED <-> APP-DETECT Apple Messages courier.push.apple.com DNS TXT request attempt (app-detect.rules)
 * 1:25082 <-> DISABLED <-> APP-DETECT Apple Messages client side certificate request attempt (app-detect.rules)
 * 1:25083 <-> DISABLED <-> APP-DETECT Apple Messages service server request attempt (app-detect.rules)
 * 1:25084 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25085 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25086 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25087 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25088 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25089 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25090 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25091 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25092 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool variant outbound connection (malware-other.rules)
 * 1:25094 <-> ENABLED <-> MALWARE-OTHER PERL.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:25095 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:25096 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:25097 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:25101 <-> DISABLED <-> SERVER-OTHER Cisco IOS syslog message flood denial of service attempt (server-other.rules)
 * 1:25102 <-> DISABLED <-> SERVER-OTHER Zabbix Agent net.tcp.listen command injection attempt (server-other.rules)
 * 1:25103 <-> DISABLED <-> SERVER-OTHER Zabbix Server arbitrary command execution attempt (server-other.rules)
 * 1:25106 <-> DISABLED <-> MALWARE-BACKDOOR UnrealIRCd backdoor command execution attempt (malware-backdoor.rules)
 * 1:25227 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules)
 * 1:25228 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules)
 * 1:25247 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules)
 * 1:25248 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules)
 * 1:25266 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules)
 * 1:25267 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules)
 * 1:25270 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules)
 * 1:25274 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules)
 * 1:25275 <-> ENABLED <-> FILE-OTHER MSXML dynamic pointer casting arbitrary code execution attempt (file-other.rules)
 * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules)
 * 1:25277 <-> ENABLED <-> MALWARE-OTHER Request for a non-legit postal receipt (malware-other.rules)
 * 1:25278 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules)
 * 1:25279 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules)
 * 1:25280 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules)
 * 1:25281 <-> DISABLED <-> MALWARE-BACKDOOR Htran banner (malware-backdoor.rules)
 * 1:25282 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules)
 * 1:25283 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules)
 * 1:25284 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules)
 * 1:25285 <-> DISABLED <-> SERVER-OTHER Ruby on Rails authlogic session cookie SQL injection attempt (server-other.rules)
 * 1:25289 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules)
 * 1:25290 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules)
 * 1:25291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules)
 * 1:25292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules)
 * 1:25294 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules)
 * 1:25295 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules)
 * 1:25296 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules)
 * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules)
 * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules)
 * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25358 <-> ENABLED <-> APP-DETECT Acunetix web vulnerability scan attempt (app-detect.rules)
 * 1:25359 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner probe attempt (app-detect.rules)
 * 1:25360 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner authentication attempt (app-detect.rules)
 * 1:25361 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner RFI attempt (app-detect.rules)
 * 1:25362 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt (app-detect.rules)
 * 1:25363 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner URI injection attempt (app-detect.rules)
 * 1:25364 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt (app-detect.rules)
 * 1:25365 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner XSS attempt (app-detect.rules)
 * 1:25369 <-> DISABLED <-> OS-WINDOWS NVIDIA graphics driver nvsr named pipe buffer overflow attempt (os-windows.rules)
 * 1:25370 <-> DISABLED <-> SERVER-OTHER CakePHP unserialize method vulnerability exploitation attempt (server-other.rules)
 * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules)
 * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25376 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules)
 * 1:25378 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:25449 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules)
 * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules)
 * 1:25451 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules)
 * 1:25452 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules)
 * 1:25453 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules)
 * 1:25454 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules)
 * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules)
 * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules)
 * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules)
 * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules)
 * 1:25461 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules)
 * 1:25462 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules)
 * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules)
 * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules)
 * 1:25466 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules)
 * 1:25467 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules)
 * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules)
 * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules)
 * 1:25474 <-> DISABLED <-> SERVER-OTHER Citrix Access Gateway legacy authentication attempt (server-other.rules)
 * 1:25478 <-> DISABLED <-> POLICY-SOCIAL IRC G-line active (policy-social.rules)
 * 1:25479 <-> DISABLED <-> POLICY-SOCIAL IRC K-line active (policy-social.rules)
 * 1:25512 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSsend variant outbound connection (os-mobile.rules)
 * 1:25518 <-> DISABLED <-> OS-MOBILE Apple iPod User-Agent detected (os-mobile.rules)
 * 1:25519 <-> DISABLED <-> OS-MOBILE Apple iPad User-Agent detected (os-mobile.rules)
 * 1:25520 <-> DISABLED <-> OS-MOBILE Apple iPhone User-Agent detected (os-mobile.rules)
 * 1:25521 <-> DISABLED <-> OS-MOBILE Android User-Agent detected (os-mobile.rules)
 * 1:25522 <-> DISABLED <-> OS-MOBILE Nokia User-Agent detected (os-mobile.rules)
 * 1:25523 <-> DISABLED <-> OS-MOBILE Samsung User-Agent detected (os-mobile.rules)
 * 1:25524 <-> DISABLED <-> OS-MOBILE Kindle User-Agent detected (os-mobile.rules)
 * 1:25525 <-> DISABLED <-> OS-OTHER Nintendo User-Agent detected (os-other.rules)
 * 1:25536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules)
 * 1:25537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules)
 * 1:25552 <-> DISABLED <-> SERVER-OTHER Rails JSON to YAML parsing deserialization attempt (server-other.rules)
 * 1:25556 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative user credential retrieval attempt (server-other.rules)
 * 1:25557 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative command injection attempt (server-other.rules)
 * 1:25558 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit redirection (exploit-kit.rules)
 * 1:25559 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25560 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules)
 * 1:25561 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules)
 * 1:25563 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules)
 * 1:25564 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules)
 * 1:25567 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - POST request (os-windows.rules)
 * 1:25578 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules)
 * 1:25579 <-> ENABLED <-> MALWARE-OTHER Fake bookinginfo HTTP Response phishing attack (malware-other.rules)
 * 1:25580 <-> ENABLED <-> MALWARE-OTHER Fake bookingdetails HTTP Response phishing attack (malware-other.rules)
 * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25601 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules)
 * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules)
 * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25607 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules)
 * 1:25608 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules)
 * 1:25612 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25615 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules)
 * 1:25616 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules)
 * 1:25617 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25618 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25619 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25620 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25621 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules)
 * 1:25622 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules)
 * 1:25630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:25631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules)
 * 1:25633 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules)
 * 1:25635 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25637 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25638 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25641 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25642 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25643 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25653 <-> DISABLED <-> BROWSER-OTHER Opera browser window null pointer dereference attempt (browser-other.rules)
 * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules)
 * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules)
 * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules)
 * 1:25657 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules)
 * 1:25658 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules)
 * 1:25664 <-> DISABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules)
 * 1:25683 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25767 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules)
 * 1:25768 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules)
 * 1:25780 <-> ENABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules)
 * 1:25782 <-> DISABLED <-> MALWARE-OTHER WIN.Trojan.Nap Malicious executable file download from webroot (malware-other.rules)
 * 1:25783 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:25795 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules)
 * 1:25796 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:25814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player nested SWF cross domain clickjacking attempt (file-flash.rules)
 * 1:25815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:25821 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible plugin detection attempt (exploit-kit.rules)
 * 1:25822 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious PDF retrieval (exploit-kit.rules)
 * 1:25823 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V5 exploit download (exploit-kit.rules)
 * 1:25824 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious payload retrieval (exploit-kit.rules)
 * 1:25825 <-> DISABLED <-> SERVER-OTHER TLSv1.0 plaintext recovery attempt (server-other.rules)
 * 1:25826 <-> DISABLED <-> SERVER-OTHER TLSv1.1 plaintext recovery attempt (server-other.rules)
 * 1:25827 <-> DISABLED <-> SERVER-OTHER TLSv1.2 plaintext recovery attempt (server-other.rules)
 * 1:25828 <-> DISABLED <-> SERVER-OTHER SSLv3 plaintext recovery attempt (server-other.rules)
 * 1:25836 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Virtuallythere (indicator-compromise.rules)
 * 1:25837 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 IBM (indicator-compromise.rules)
 * 1:25838 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Webmail (indicator-compromise.rules)
 * 1:25839 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Alpha (indicator-compromise.rules)
 * 1:25840 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Email (indicator-compromise.rules)
 * 1:25841 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Lame (indicator-compromise.rules)
 * 1:25842 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 NS (indicator-compromise.rules)
 * 1:25843 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Server (indicator-compromise.rules)
 * 1:25844 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Sur (indicator-compromise.rules)
 * 1:25845 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 AOL (indicator-compromise.rules)
 * 1:25846 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Yahoo (indicator-compromise.rules)
 * 1:25847 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Moon-Night (indicator-compromise.rules)
 * 1:25848 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 No-Name (indicator-compromise.rules)
 * 1:25864 <-> DISABLED <-> OS-MOBILE Android AngryBirdsRioUnlocker initial device info send (os-mobile.rules)
 * 1:25868 <-> DISABLED <-> OS-MOBILE Android.Trojan.Rus.SMS outbound communication attempt (os-mobile.rules)
 * 1:25869 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25870 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25871 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25872 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25873 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25874 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25875 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25876 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25877 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25878 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25879 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25880 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25881 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25882 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25883 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25884 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25885 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25886 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25887 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25888 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25889 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25890 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25891 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25892 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25893 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25894 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25895 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25896 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25897 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25898 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25899 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25900 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25901 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25902 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25903 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25904 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25905 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25906 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25908 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25909 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25910 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25911 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25912 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25913 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25914 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25915 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25916 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25917 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25918 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25919 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25920 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25921 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25922 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25923 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25924 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25925 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25926 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25927 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules)
 * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25947 <-> DISABLED <-> APP-DETECT Ammyy remote access tool (app-detect.rules)
 * 1:25948 <-> ENABLED <-> EXPLOIT-KIT redirection to driveby download (exploit-kit.rules)
 * 1:25975 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin interface access attempt (policy-other.rules)
 * 1:25976 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin API access attempt (policy-other.rules)
 * 1:25977 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion component browser access attempt (policy-other.rules)
 * 1:25981 <-> DISABLED <-> APP-DETECT Chocoplayer successful installation (app-detect.rules)
 * 1:25983 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules)
 * 1:25997 <-> DISABLED <-> OS-MOBILE Android jSMSHider initial encrypted device info send (os-mobile.rules)
 * 1:25998 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules)
 * 1:25999 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules)
 * 1:26000 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:26001 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:26002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:26003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:26004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:26005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:26006 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:26007 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules)
 * 1:26008 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules)
 * 1:26009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules)
 * 1:26015 <-> DISABLED <-> OS-MOBILE Android Lovetrap initial connection (os-mobile.rules)
 * 1:26016 <-> DISABLED <-> OS-MOBILE Android GGTracker server communication (os-mobile.rules)
 * 1:26017 <-> DISABLED <-> OS-MOBILE Android GGTracker leak of device phone number (os-mobile.rules)
 * 1:26018 <-> DISABLED <-> OS-MOBILE Android GGTracker installation call out (os-mobile.rules)
 * 1:26020 <-> ENABLED <-> EXPLOIT-KIT Sibhost exploit kit (exploit-kit.rules)
 * 1:26026 <-> DISABLED <-> OS-MOBILE Android Gmaster device information send (os-mobile.rules)
 * 1:26027 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules)
 * 1:26028 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules)
 * 1:26029 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules)
 * 1:26034 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats access (exploit-kit.rules)
 * 1:26035 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - java on (exploit-kit.rules)
 * 1:26036 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Java Exploit (exploit-kit.rules)
 * 1:26040 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules)
 * 1:26041 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules)
 * 1:26042 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats loaded (exploit-kit.rules)
 * 1:26043 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules)
 * 1:26044 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - redirection attempt (exploit-kit.rules)
 * 1:26045 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - setup (exploit-kit.rules)
 * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules)
 * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:26070 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules)
 * 1:26071 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules)
 * 1:26073 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules)
 * 1:26074 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules)
 * 1:26079 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules)
 * 1:26082 <-> DISABLED <-> FILE-PDF Nuance PDF reader launch overflow attempt (file-pdf.rules)
 * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:26087 <-> DISABLED <-> OS-MOBILE Android GoneIn60Seconds data upload (os-mobile.rules)
 * 1:26093 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules)
 * 1:26102 <-> DISABLED <-> OS-MOBILE Android GoldDream device registration (os-mobile.rules)
 * 1:26104 <-> DISABLED <-> OS-MOBILE Android KMin imei imsi leakage (os-mobile.rules)
 * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules)
 * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules)
 * 1:26114 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan intercepted sms upload (os-mobile.rules)
 * 1:26122 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules)
 * 1:26123 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules)
 * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules)
 * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26163 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules)
 * 1:26164 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules)
 * 1:26170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules)
 * 1:26171 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules)
 * 1:26172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules)
 * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules)
 * 1:26176 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules)
 * 1:26177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules)
 * 1:26180 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules)
 * 1:26188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules)
 * 1:26189 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules)
 * 1:26190 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules)
 * 1:26192 <-> DISABLED <-> OS-MOBILE Android CruseWind imei leakage (os-mobile.rules)
 * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules)
 * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules)
 * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules)
 * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules)
 * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules)
 * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules)
 * 1:26205 <-> DISABLED <-> OS-MOBILE Android Fakenetflix email password upload (os-mobile.rules)
 * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules)
 * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:26209 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules)
 * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules)
 * 1:26226 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules)
 * 1:26242 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules)
 * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules)
 * 1:26246 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules)
 * 1:26247 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules)
 * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:26257 <-> DISABLED <-> OS-MOBILE Android ANDR-WIN.MSIL variant PC-USB Malicious executable file download (os-mobile.rules)
 * 1:26258 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules)
 * 1:26259 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules)
 * 1:26261 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules)
 * 1:26262 <-> DISABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (server-other.rules)
 * 1:26272 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules)
 * 1:26273 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules)
 * 1:26286 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.dnssearch.org (app-detect.rules)
 * 1:26287 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.namequery.com (app-detect.rules)
 * 1:26290 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.RootSmart outbound communication attempt (os-mobile.rules)
 * 1:26291 <-> DISABLED <-> OS-MOBILE Android Ksapp device registration (os-mobile.rules)
 * 1:26292 <-> ENABLED <-> EXPLOIT-KIT Oracle Java Jar file downloaded when zip is defined (exploit-kit.rules)
 * 1:26293 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit request (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26302 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26303 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26304 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26305 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26306 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26307 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26308 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26309 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26311 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26312 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26313 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26314 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules)
 * 1:26315 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules)
 * 1:26316 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules)
 * 1:26317 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules)
 * 1:26318 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules)
 * 1:26321 <-> DISABLED <-> NETBIOS SMB named pipe bruteforce attempt (netbios.rules)
 * 1:26323 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit redirection page (exploit-kit.rules)
 * 1:26324 <-> DISABLED <-> PROTOCOL-DNS ISC BIND NAPTR record regular expression handling denial of service attempt (protocol-dns.rules)
 * 1:26326 <-> ENABLED <-> MALWARE-BACKDOOR DarkSeoul related wiper (malware-backdoor.rules)
 * 1:26328 <-> ENABLED <-> MALWARE-BACKDOOR Windows vernot download (malware-backdoor.rules)
 * 1:26332 <-> ENABLED <-> MALWARE-BACKDOOR Jokra dropper download (malware-backdoor.rules)
 * 1:26333 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules)
 * 1:26334 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules)
 * 1:26336 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra snmp request buffer overflow attempt (server-other.rules)
 * 1:26340 <-> DISABLED <-> FILE-OTHER Corel WordPerfect document parsing buffer overflow attempt (file-other.rules)
 * 1:26353 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to dyndns.org detected (indicator-compromise.rules)
 * 1:26366 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules)
 * 1:26367 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit outbound connection (exploit-kit.rules)
 * 1:26368 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules)
 * 1:26369 <-> ENABLED <-> MALWARE-OTHER Double HTTP Server declared (malware-other.rules)
 * 1:26379 <-> DISABLED <-> SERVER-OTHER Squid proxy Accept-Language denial of service attempt (server-other.rules)
 * 1:26380 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules)
 * 1:26381 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules)
 * 1:26382 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules)
 * 1:26385 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file save onto SMB share attempt (file-executable.rules)
 * 1:26386 <-> DISABLED <-> SERVER-OTHER Polycom HDX authorization bypass attempt (server-other.rules)
 * 1:26387 <-> DISABLED <-> OS-MOBILE Android Stels initial server contact (os-mobile.rules)
 * 1:26388 <-> DISABLED <-> OS-MOBILE Android Stels server response (os-mobile.rules)
 * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (protocol-pop.rules)
 * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules)
 * 1:26395 <-> DISABLED <-> APP-DETECT Ufasoft bitcoin miner possible data upload (app-detect.rules)
 * 1:26397 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to myip.dnsomatic.com detected (indicator-compromise.rules)
 * 1:26410 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to j.maxmind.com detected (indicator-compromise.rules)
 * 1:26411 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot folder snkb0ptz creation attempt SMB (malware-other.rules)
 * 1:26412 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot executable snkb0ptz.exe creation attempt SMB (malware-other.rules)
 * 1:26413 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot Desktop.ini snkb0ptz.exe creation attempt SMB (malware-other.rules)
 * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules)
 * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules)
 * 1:26427 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules)
 * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules)
 * 1:26430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules)
 * 1:26432 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:26433 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:26437 <-> DISABLED <-> PUA-OTHER Bitcoin inbound response attempt (pua-other.rules)
 * 1:26438 <-> DISABLED <-> PUA-OTHER Bitcoin outbound request attempt (pua-other.rules)
 * 1:26439 <-> DISABLED <-> FILE-JAVA Oracle Java known malicious jar file download - specific structure (file-java.rules)
 * 1:26440 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules)
 * 1:26442 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules)
 * 1:26443 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules)
 * 1:26451 <-> DISABLED <-> INDICATOR-OBFUSCATION g01pack Javascript substr function wrapper attempt (indicator-obfuscation.rules)
 * 1:26454 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules)
 * 1:26455 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules)
 * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules)
 * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules)
 * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules)
 * 1:26459 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules)
 * 1:26460 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules)
 * 1:26461 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules)
 * 1:26462 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules)
 * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26468 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules)
 * 1:26469 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules)
 * 1:26470 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download (malware-other.rules)
 * 1:26471 <-> DISABLED <-> PROTOCOL-FTP VanDyke AbsoluteFTP LIST command stack buffer overflow attempt (protocol-ftp.rules)
 * 1:26489 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules)
 * 1:26490 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules)
 * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules)
 * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules)
 * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules)
 * 1:26520 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules)
 * 1:26521 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules)
 * 1:26527 <-> ENABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules)
 * 1:26528 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirect attempt (indicator-compromise.rules)
 * 1:26529 <-> DISABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (malware-backdoor.rules)
 * 1:26530 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirected URI attempt (indicator-compromise.rules)
 * 1:26531 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules)
 * 1:26532 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules)
 * 1:26542 <-> DISABLED <-> SERVER-OTHER Autonomy Ultraseek cs.html url parameter with url - possible malicious redirection attempt (server-other.rules)
 * 1:26553 <-> DISABLED <-> PUA-ADWARE Win.Adware.BProtector browser hijacker dll list download attempt (pua-adware.rules)
 * 1:26559 <-> DISABLED <-> OS-OTHER DLink IP camera remote command execution vulnerability - access to vulnerable rtpd.cgi (os-other.rules)
 * 1:26562 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit Spoofed Host Header .com- requests (exploit-kit.rules)
 * 1:26565 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules)
 * 1:26567 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules)
 * 1:26585 <-> DISABLED <-> INDICATOR-COMPROMISE config.inc.php in iframe (indicator-compromise.rules)
 * 1:26586 <-> DISABLED <-> SERVER-OTHER PostgreSQL database name command line injection attempt (server-other.rules)
 * 1:26591 <-> ENABLED <-> EXPLOIT-KIT unknown exploit kit script injection attempt (exploit-kit.rules)
 * 1:26594 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules)
 * 1:26597 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules)
 * 1:26598 <-> DISABLED <-> FILE-OTHER .tar multiple antivirus evasion attempt (file-other.rules)
 * 1:26610 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules)
 * 1:26611 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules)
 * 1:26615 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript substr rename attempt (indicator-obfuscation.rules)
 * 1:26616 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript indexOf rename attempt (indicator-obfuscation.rules)
 * 1:26619 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules)
 * 1:26620 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules)
 * 1:26621 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion adminapi information disclosure attempt (server-other.rules)
 * 1:26626 <-> DISABLED <-> FILE-OFFICE XML parameter entity reference local file disclosure attempt (file-office.rules)
 * 1:26627 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules)
 * 1:26628 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules)
 * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules)
 * 1:26645 <-> DISABLED <-> SERVER-OTHER SSL TLS deflate compression weakness brute force attempt (server-other.rules)
 * 1:26650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules)
 * 1:26655 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.PCRat data upload (malware-backdoor.rules)
 * 1:26658 <-> DISABLED <-> BROWSER-WEBKIT Possible Google Chrome Plugin install from non-trusted source (browser-webkit.rules)
 * 1:26659 <-> DISABLED <-> BROWSER-FIREFOX Possible Mozilla Firefox Plugin install from non-Mozilla source (browser-firefox.rules)
 * 1:26660 <-> ENABLED <-> MALWARE-OTHER Fake delivery information phishing attack (malware-other.rules)
 * 1:26662 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules)
 * 1:26670 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules)
 * 1:26671 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules)
 * 1:26687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:26689 <-> DISABLED <-> OS-MOBILE Android Denofow phone information exfiltration (os-mobile.rules)
 * 1:26693 <-> DISABLED <-> OS-MOBILE Android Antammi device information exfiltration (os-mobile.rules)
 * 1:26694 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules)
 * 1:26698 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules)
 * 1:26699 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:26700 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:26701 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:26705 <-> DISABLED <-> OS-MOBILE Android Ewalls device information exfiltration (os-mobile.rules)
 * 1:26716 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:26755 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules)
 * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (server-other.rules)
 * 1:26760 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules)
 * 1:26768 <-> DISABLED <-> OS-MOBILE Android Fakedoc device information leakage (os-mobile.rules)
 * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (server-other.rules)
 * 1:26772 <-> ENABLED <-> SERVER-OTHER Apache Struts2 skillName remote code execution attempt (server-other.rules)
 * 1:26773 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Midwgif.A runtime detection (malware-backdoor.rules)
 * 1:26778 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules)
 * 1:26783 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake APK file download (os-mobile.rules)
 * 1:26788 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:26789 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:26795 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.ZertSecurity apk download (os-mobile.rules)
 * 1:26796 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.ZertSecurity encrypted information leak (malware-other.rules)
 * 1:26802 <-> DISABLED <-> MALWARE-OTHER WIN.Worm.Beagle.AZ SMTP propagation detection (malware-other.rules)
 * 1:26803 <-> ENABLED <-> MALWARE-OTHER DNS data exfiltration attempt (malware-other.rules)
 * 1:26814 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from Linked-In Mailing Campaign (exploit-kit.rules)
 * 1:26817 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules)
 * 1:26823 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Neshgai.A runtime detection (malware-backdoor.rules)
 * 1:26826 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake credential theft attempt (os-mobile.rules)
 * 1:26827 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake device information disclosure attempt (os-mobile.rules)
 * 1:26833 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules)
 * 1:26838 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from NatPay Mailing Campaign (exploit-kit.rules)
 * 1:26842 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Boda Malware Checkin (malware-backdoor.rules)
 * 1:26881 <-> DISABLED <-> MALWARE-OTHER HTML.Dropper.Agent uri scheme detected (malware-other.rules)
 * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules)
 * 1:26892 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download (exploit-kit.rules)
 * 1:26893 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit landing page (exploit-kit.rules)
 * 1:26894 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V6 exploit download (exploit-kit.rules)
 * 1:26895 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V7 exploit download (exploit-kit.rules)
 * 1:26896 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Plugin detection response (exploit-kit.rules)
 * 1:26897 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit malware download (exploit-kit.rules)
 * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules)
 * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:26906 <-> DISABLED <-> SERVER-OTHER Foswiki/Twiki MAKETEXT command execution attempt (server-other.rules)
 * 1:26909 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules)
 * 1:26921 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules)
 * 1:26922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules)
 * 1:26926 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules)
 * 1:26933 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules)
 * 1:26934 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules)
 * 1:26938 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage (os-mobile.rules)
 * 1:26939 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage variant (os-mobile.rules)
 * 1:26949 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit landing page (exploit-kit.rules)
 * 1:26951 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Malvertising Campaign URI request (exploit-kit.rules)
 * 1:26956 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 1 (exploit-kit.rules)
 * 1:26957 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 2 (exploit-kit.rules)
 * 1:26958 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 3 (exploit-kit.rules)
 * 1:26959 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 4 (exploit-kit.rules)
 * 1:26960 <-> ENABLED <-> EXPLOIT-KIT Zuponcic exploit kit landing page (exploit-kit.rules)
 * 1:26961 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit landing page (exploit-kit.rules)
 * 1:26962 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit portable executable download (exploit-kit.rules)
 * 1:26963 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jar request (exploit-kit.rules)
 * 1:26964 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jnlp request (exploit-kit.rules)
 * 1:26982 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules)
 * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules)
 * 1:26985 <-> ENABLED <-> EXPLOIT-KIT Rawin exploit kit outbound java retrieval (exploit-kit.rules)
 * 1:26989 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules)
 * 1:27005 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Portable Executable downloaded when mp3 is declared (exploit-kit.rules)
 * 1:27016 <-> DISABLED <-> OS-MOBILE Android AnserverBot initial contact (os-mobile.rules)
 * 1:27024 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Netweird.A file download attempt (malware-other.rules)
 * 1:27025 <-> DISABLED <-> MALWARE-OTHER UNIX.Trojan.Netweird.A file download attempt (malware-other.rules)
 * 1:27026 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules)
 * 1:27031 <-> DISABLED <-> OS-MOBILE Android Satfi device information leakage (os-mobile.rules)
 * 1:27032 <-> DISABLED <-> OS-MOBILE Android Walkinwat / Wandt information leakage generic (os-mobile.rules)
 * 1:27034 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules)
 * 1:27035 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules)
 * 1:27037 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips sms send instructions (os-mobile.rules)
 * 1:27038 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips device information leakage (os-mobile.rules)
 * 1:27046 <-> DISABLED <-> APP-DETECT iodine dns tunneling handshake server ACK (app-detect.rules)
 * 1:27047 <-> DISABLED <-> INDICATOR-COMPROMISE Unknown ?1 redirect (indicator-compromise.rules)
 * 1:27050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules)
 * 1:27051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules)
 * 1:27052 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules)
 * 1:27053 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules)
 * 1:27055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules)
 * 1:27056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules)
 * 1:27059 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file download attempt (malware-other.rules)
 * 1:27060 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file upload attempt (malware-other.rules)
 * 1:27064 <-> DISABLED <-> OS-MOBILE Android Spy2Mobile device information leakage (os-mobile.rules)
 * 1:27068 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar file download (exploit-kit.rules)
 * 1:27069 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious portable executable download (exploit-kit.rules)
 * 1:27078 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:27079 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page stage 2 (exploit-kit.rules)
 * 1:27080 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Firefox exploit download - autopwn (exploit-kit.rules)
 * 1:27084 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit rhino remote code execution exploit download - autopwn (exploit-kit.rules)
 * 1:27085 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit Hostile Jar pipe.class (exploit-kit.rules)
 * 1:27086 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit stage-1 redirect (exploit-kit.rules)
 * 1:27089 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules)
 * 1:27090 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules)
 * 1:27094 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken information disclosure attempt (os-mobile.rules)
 * 1:27095 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken APK file download attempt (os-mobile.rules)
 * 1:27096 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules)
 * 1:27097 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence APK file download attempt (os-mobile.rules)
 * 1:27098 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence unsolicited sms attempt (os-mobile.rules)
 * 1:27099 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence device information disclosure attempt (os-mobile.rules)
 * 1:27102 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:27103 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:27106 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules)
 * 1:27107 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules)
 * 1:27108 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit malicious jar file downloaded when exe is declared (exploit-kit.rules)
 * 1:27109 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit malicious jar download (exploit-kit.rules)
 * 1:27115 <-> ENABLED <-> MALWARE-OTHER DirtJumper denial of service attack traffic (malware-other.rules)
 * 1:27116 <-> DISABLED <-> OS-MOBILE Android Androrat device information leakage (os-mobile.rules)
 * 1:27117 <-> DISABLED <-> OS-MOBILE Android Androrat sms message leakage (os-mobile.rules)
 * 1:27118 <-> DISABLED <-> OS-MOBILE Android Androrat contact list leakage (os-mobile.rules)
 * 1:27119 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple plugin version detection attempt (indicator-obfuscation.rules)
 * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:27136 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules)
 * 1:27139 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules)
 * 1:27193 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules)
 * 1:27194 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules)
 * 1:27195 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules)
 * 1:27197 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules)
 * 1:27198 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules)
 * 1:27203 <-> DISABLED <-> INDICATOR-COMPROMISE Apache auto_prepend_file a.control.bin C2 traffic (indicator-compromise.rules)
 * 1:27210 <-> ENABLED <-> SERVER-OTHER IPMI RAKP cipher zero remote authentication bypass attempt (server-other.rules)
 * 1:27224 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion websocket invoke method access (server-other.rules)
 * 1:27225 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JRun error page getWriter denial of service attempt (server-other.rules)
 * 1:27228 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Janicab file download attempt (malware-other.rules)
 * 1:27229 <-> ENABLED <-> MALWARE-OTHER IFRAMEr Tool code injection attack (malware-other.rules)
 * 1:27231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules)
 * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules)
 * 1:27236 <-> DISABLED <-> SERVER-OTHER Citrix XenApp password buffer overflow attempt (server-other.rules)
 * 1:27237 <-> DISABLED <-> SERVER-OTHER IPMI default username - root (server-other.rules)
 * 1:27238 <-> DISABLED <-> SERVER-OTHER IPMI default username - admin (server-other.rules)
 * 1:27239 <-> DISABLED <-> SERVER-OTHER IPMI default username - USERID (server-other.rules)
 * 1:27240 <-> DISABLED <-> SERVER-OTHER multiple vendors IPMI RAKP username brute force attempt (server-other.rules)
 * 1:27241 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page detected (exploit-kit.rules)
 * 1:27242 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules)
 * 1:27246 <-> ENABLED <-> MALWARE-OTHER Mac OSX FBI ransomware (malware-other.rules)
 * 1:27249 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:27255 <-> DISABLED <-> INDICATOR-COMPROMISE All Numbers .EXE file name from abnormally ordered HTTP headers - Potential Yakes Trojan Download (indicator-compromise.rules)
 * 1:27258 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules)
 * 1:27259 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules)
 * 1:27265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules)
 * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules)
 * 1:27267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules)
 * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules)
 * 1:27269 <-> DISABLED <-> SERVER-OTHER GuildFTPd CWD command heap overflow attempt (server-other.rules)
 * 1:27270 <-> DISABLED <-> SERVER-OTHER GuildFTPd LIST command heap overflow attempt (server-other.rules)
 * 1:27273 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit iframe redirection (exploit-kit.rules)
 * 1:27274 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules)
 * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules)
 * 1:27278 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules)
 * 1:27279 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules)
 * 1:27280 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules)
 * 1:27281 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules)
 * 1:27525 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:27526 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:27527 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:27528 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules)
 * 1:27529 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:27530 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules)
 * 1:27532 <-> DISABLED <-> SERVER-MAIL Exim and Dovecot mail from remote command execution attempt (server-mail.rules)
 * 1:27536 <-> DISABLED <-> APP-DETECT TCP over DNS response attempt (app-detect.rules)
 * 1:27538 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name (malware-other.rules)
 * 1:27540 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling up attempt (app-detect.rules)
 * 1:27541 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling down attempt (app-detect.rules)
 * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:27550 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules)
 * 1:27552 <-> DISABLED <-> OS-MOBILE Android Exploit Extra_Field APK file download attempt (os-mobile.rules)
 * 1:27565 <-> ENABLED <-> MALWARE-OTHER HideMeBetter spam injection variant (malware-other.rules)
 * 1:27569 <-> DISABLED <-> FILE-IMAGE JPEG parser multipacket heap overflow attempt (file-image.rules)
 * 1:27572 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:27573 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:27574 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (server-apache.rules)
 * 1:27575 <-> ENABLED <-> SERVER-APACHE Apache Struts arbitrary OGNL remote code execution attempt (server-apache.rules)
 * 1:27576 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules)
 * 1:27578 <-> DISABLED <-> SERVER-OTHER OpenX POST to known backdoored file (server-other.rules)
 * 1:27579 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules)
 * 1:27593 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split (indicator-obfuscation.rules)
 * 1:27594 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player update warning enticing clicks to malware payload (malware-other.rules)
 * 1:27595 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player malware binary requested (malware-other.rules)
 * 1:27602 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:27603 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:27604 <-> DISABLED <-> POLICY-SPAM FedEX spam campaign outbound connection (policy-spam.rules)
 * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules)
 * 1:27610 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules)
 * 1:27611 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules)
 * 1:27623 <-> DISABLED <-> SERVER-OTHER Joomla media.php arbitrary file upload attempt (server-other.rules)
 * 1:27624 <-> DISABLED <-> OS-WINDOWS Microsoft ICMPv6 mismatched prefix length and length field denial of service attempt (os-windows.rules)
 * 1:27668 <-> DISABLED <-> APP-DETECT Heyoka initial outbound connection attempt (app-detect.rules)
 * 1:27669 <-> DISABLED <-> APP-DETECT Heyoka outbound communication attempt (app-detect.rules)
 * 1:27689 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules)
 * 1:27690 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules)
 * 1:27693 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules)
 * 1:27694 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules)
 * 1:27700 <-> DISABLED <-> APP-DETECT NSTX DNS tunnel outbound connection attempt (app-detect.rules)
 * 1:27712 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules)
 * 1:27713 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules)
 * 1:27715 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page (exploit-kit.rules)
 * 1:27721 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .su dns query (indicator-compromise.rules)
 * 1:27723 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules)
 * 1:27724 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules)
 * 1:27725 <-> DISABLED <-> OS-MOBILE Android SMSAgent.C outbound SMTP communication (os-mobile.rules)
 * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (indicator-compromise.rules)
 * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (indicator-compromise.rules)
 * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (indicator-compromise.rules)
 * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (indicator-compromise.rules)
 * 1:27733 <-> DISABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - generic structure (exploit-kit.rules)
 * 1:27734 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - specific structure (exploit-kit.rules)
 * 1:27738 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page (exploit-kit.rules)
 * 1:27739 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection page (exploit-kit.rules)
 * 1:27754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:27764 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:27765 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:27783 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit plugin detection page (exploit-kit.rules)
 * 1:27786 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:27787 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:27810 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit redirection (exploit-kit.rules)
 * 1:27818 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules)
 * 1:27819 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules)
 * 1:27820 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules)
 * 1:27821 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules)
 * 1:27824 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules)
 * 1:27825 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules)
 * 1:27850 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules)
 * 1:27851 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules)
 * 1:27852 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules)
 * 1:27853 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules)
 * 1:27854 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules)
 * 1:27855 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules)
 * 1:27856 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules)
 * 1:27857 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules)
 * 1:27858 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules)
 * 1:27859 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules)
 * 1:27860 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules)
 * 1:27861 <-> DISABLED <-> SERVER-ORACLE Oracle Enterprise Manager Database Control directory traversal attempt (server-oracle.rules)
 * 1:27879 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 8 (exploit-kit.rules)
 * 1:27880 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 9 (exploit-kit.rules)
 * 1:27882 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules)
 * 1:27887 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules)
 * 1:27888 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules)
 * 1:27889 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules)
 * 1:27890 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules)
 * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules)
 * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules)
 * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules)
 * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules)
 * 1:27902 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules)
 * 1:27903 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules)
 * 1:27904 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules)
 * 1:27907 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules)
 * 1:27911 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules)
 * 1:27912 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules)
 * 1:27913 <-> DISABLED <-> PUA-ADWARE Vittalia adware - get ads (pua-adware.rules)
 * 1:27914 <-> DISABLED <-> PUA-ADWARE Vittalia adware - post install (pua-adware.rules)
 * 1:27915 <-> DISABLED <-> PUA-ADWARE Vittalia adware outbound connection - pre install (pua-adware.rules)
 * 1:27916 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - Eazel toolbar install (pua-toolbars.rules)
 * 1:27917 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - offers (pua-toolbars.rules)
 * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules)
 * 1:27923 <-> DISABLED <-> APP-DETECT Splashtop connection negotiation attempt (app-detect.rules)
 * 1:27924 <-> DISABLED <-> APP-DETECT Splashtop Streamer download attempt (app-detect.rules)
 * 1:27925 <-> DISABLED <-> APP-DETECT Splashtop Personal download attempt (app-detect.rules)
 * 1:27926 <-> DISABLED <-> APP-DETECT Splashtop Streamer certificate server connect attempt (app-detect.rules)
 * 1:27927 <-> DISABLED <-> APP-DETECT Splashtop inbound connection negotiation attempt (app-detect.rules)
 * 1:27928 <-> DISABLED <-> APP-DETECT Splashtop connection attempt (app-detect.rules)
 * 1:27929 <-> DISABLED <-> APP-DETECT Splashtop communication attempt (app-detect.rules)
 * 1:27930 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.com (app-detect.rules)
 * 1:27931 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.net (app-detect.rules)
 * 1:27932 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain devicevm.com (app-detect.rules)
 * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules)
 * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules)
 * 1:27935 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules)
 * 1:27936 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit portable executable download (exploit-kit.rules)
 * 1:27938 <-> DISABLED <-> PROTOCOL-DNS IPv6 host name enumeration (protocol-dns.rules)
 * 1:27956 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules)
 * 1:27957 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules)
 * 1:27958 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules)
 * 1:27959 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules)
 * 1:27960 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules)
 * 1:27961 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules)
 * 1:27982 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules)
 * 1:27983 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules)
 * 1:27984 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dfgvx.com (app-detect.rules)
 * 1:27985 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain hjuyv.com (app-detect.rules)
 * 1:27986 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain rfvcd.com (app-detect.rules)
 * 1:27987 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain vfrtg.com (app-detect.rules)
 * 1:27988 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.com (app-detect.rules)
 * 1:27989 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain mjuyh.com (app-detect.rules)
 * 1:27990 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain umikl.com (app-detect.rules)
 * 1:27991 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules)
 * 1:27992 <-> DISABLED <-> APP-DETECT DNS response for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules)
 * 1:27993 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain xcder.com (app-detect.rules)
 * 1:27994 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dit-inc.us (app-detect.rules)
 * 1:27995 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ewsxz.com (app-detect.rules)
 * 1:27996 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain nbgtr.com (app-detect.rules)
 * 1:27997 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.net (app-detect.rules)
 * 1:27998 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain washingtonchinareview.org (app-detect.rules)
 * 1:27999 <-> DISABLED <-> APP-DETECT Possible Dynamic Internet Technology Frontgate application PING (app-detect.rules)
 * 1:28000 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules)
 * 1:28001 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules)
 * 1:28002 <-> DISABLED <-> INDICATOR-SCAN UPnP WANPPPConnection (indicator-scan.rules)
 * 1:28003 <-> DISABLED <-> INDICATOR-SCAN UPnP WANIPConnection (indicator-scan.rules)
 * 1:28006 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kuluoz outbound download request (malware-other.rules)
 * 1:28015 <-> ENABLED <-> EXPLOIT-KIT g01pack exploit kit redirection attempt (exploit-kit.rules)
 * 1:28016 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules)
 * 1:28017 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules)
 * 1:28018 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules)
 * 1:28019 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules)
 * 1:28020 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules)
 * 1:28021 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules)
 * 1:28022 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - IFRAMEr injection tool (exploit-kit.rules)
 * 1:28026 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:28028 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules)
 * 1:28038 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit successful redirection (exploit-kit.rules)
 * 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules)
 * 1:28046 <-> DISABLED <-> OS-MOBILE Android fake iMessage app download (os-mobile.rules)
 * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules)
 * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules)
 * 1:28056 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules)
 * 1:28057 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules)
 * 1:28068 <-> DISABLED <-> APP-DETECT 360.cn Safeguard runtime outbound communication (app-detect.rules)
 * 1:28069 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360.cn (app-detect.rules)
 * 1:28070 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360safe.com (app-detect.rules)
 * 1:28071 <-> DISABLED <-> APP-DETECT 360.cn SafeGuard local HTTP management console access attempt (app-detect.rules)
 * 1:28081 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules)
 * 1:28082 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules)
 * 1:28086 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules)
 * 1:28087 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules)
 * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules)
 * 1:28089 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules)
 * 1:28090 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules)
 * 1:28098 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules)
 * 1:28099 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules)
 * 1:28100 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportFilter SQL injection attempt (server-other.rules)
 * 1:28101 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules)
 * 1:28102 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS ReportFilterID/reportTemplateID SQL injection attempt (server-other.rules)
 * 1:28103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules)
 * 1:28137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules)
 * 1:28138 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana exploit kit redirection attempt (exploit-kit.rules)
 * 1:28140 <-> DISABLED <-> PUA-ADWARE Win.Adware.Schmidti outbound communication attempt (pua-adware.rules)
 * 1:28149 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file deletion (server-other.rules)
 * 1:28150 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file upload  (server-other.rules)
 * 1:28156 <-> DISABLED <-> PUA-ADWARE Linkury outbound time check (pua-adware.rules)
 * 1:28161 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules)
 * 1:28162 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules)
 * 1:28165 <-> DISABLED <-> PROTOCOL-VOIP attempted DOS detected (protocol-voip.rules)
 * 1:28190 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules)
 * 1:28194 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules)
 * 1:28195 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit post java exploit download attempt (exploit-kit.rules)
 * 1:28201 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint XSS attempt (server-other.rules)
 * 1:28202 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules)
 * 1:28203 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules)
 * 1:28205 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules)
 * 1:28206 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules)
 * 1:28213 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit redirection received (exploit-kit.rules)
 * 1:28233 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules)
 * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules)
 * 1:28245 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application outbound connection attempt (app-detect.rules)
 * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules)
 * 1:28264 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit java compromise successful (exploit-kit.rules)
 * 1:28265 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page attempt (exploit-kit.rules)
 * 1:28279 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules)
 * 1:28280 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules)
 * 1:28286 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules)
 * 1:28291 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules)
 * 1:28292 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xfacebabe ICMP ping attempt (protocol-icmp.rules)
 * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (indicator-scan.rules)
 * 1:28308 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Adobe Reader compromise (exploit-kit.rules)
 * 1:28310 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules)
 * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (pua-adware.rules)
 * 1:28344 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to chr function - possible sql injection obfuscation (indicator-obfuscation.rules)
 * 1:28347 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - page redirecting to a SimpleTDS (malware-other.rules)
 * 1:28348 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - request to go.php (malware-other.rules)
 * 1:28365 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Stoberox outbound communication attempt (malware-other.rules)
 * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules)
 * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules)
 * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules)
 * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:28386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules)
 * 1:28387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules)
 * 1:28390 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:28391 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules)
 * 1:28392 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28423 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit single digit exe detection (exploit-kit.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:28450 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retrieve attempt (exploit-kit.rules)
 * 1:28483 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Magitart outbound communication attempt (malware-other.rules)
 * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:28498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
 * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
 * 1:28500 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules)
 * 1:28501 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules)
 * 1:28502 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
 * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
 * 1:28521 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules)
 * 1:28530 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules)
 * 1:28531 <-> DISABLED <-> PUA-ADWARE FreePDS installer outbound connection (pua-adware.rules)
 * 1:28532 <-> DISABLED <-> MALWARE-TOOLS PyLoris http DoS tool (malware-tools.rules)
 * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28544 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules)
 * 1:28545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules)
 * 1:28546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules)
 * 1:28549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:28550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:28552 <-> DISABLED <-> INDICATOR-SCAN inbound probing for IPTUX messenger port  (indicator-scan.rules)
 * 1:28555 <-> DISABLED <-> MALWARE-OTHER SQL Slammer worm propagation attempt inbound (malware-other.rules)
 * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (file-flash.rules)
 * 1:28568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules)
 * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules)
 * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules)
 * 1:28575 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules)
 * 1:28576 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules)
 * 1:28577 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules)
 * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules)
 * 1:28587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules)
 * 1:28588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules)
 * 1:28589 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:28590 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:28591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules)
 * 1:28592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules)
 * 1:28593 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download (exploit-kit.rules)
 * 1:28594 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Microsoft Internet Explorer vulnerability request (exploit-kit.rules)
 * 1:28597 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules)
 * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules)
 * 1:28600 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules)
 * 1:28601 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules)
 * 1:28602 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules)
 * 1:28603 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules)
 * 1:28608 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit Atomic exploit download - specific-structure (exploit-kit.rules)
 * 1:28609 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit obfuscated exploit payload download (exploit-kit.rules)
 * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules)
 * 1:28617 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules)
 * 1:28618 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28796 <-> ENABLED <-> EXPLOIT-KIT iFRAMEr successful cnt.php redirection (exploit-kit.rules)
 * 1:28797 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit binkey xored binary download attempt (exploit-kit.rules)
 * 1:28798 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit possibly malicious iframe embedded into a webpage (exploit-kit.rules)
 * 1:28818 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules)
 * 1:28819 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules)
 * 1:28821 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules)
 * 1:28822 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules)
 * 1:28823 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules)
 * 1:28824 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules)
 * 1:28825 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules)
 * 1:28826 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules)
 * 1:28827 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules)
 * 1:28831 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules)
 * 1:28833 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules)
 * 1:28834 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules)
 * 1:28835 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules)
 * 1:28836 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules)
 * 1:28837 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules)
 * 1:28839 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules)
 * 1:28840 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules)
 * 1:28841 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules)
 * 1:28842 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules)
 * 1:28847 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules)
 * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules)
 * 1:28867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules)
 * 1:28868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules)
 * 1:28869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules)
 * 1:28870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules)
 * 1:28871 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules)
 * 1:28872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules)
 * 1:28883 <-> ENABLED <-> PUA-ADWARE Apponic CIS file retrieval attempt (pua-adware.rules)
 * 1:28884 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules)
 * 1:28885 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules)
 * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules)
 * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28908 <-> DISABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules)
 * 1:28913 <-> DISABLED <-> MALWARE-BACKDOOR Zollard variant outbound connection attempt (malware-backdoor.rules)
 * 1:28917 <-> DISABLED <-> PROTOCOL-SCADA Microsys Promotic directory traversal attempt (protocol-scada.rules)
 * 1:28926 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:28929 <-> ENABLED <-> PUA-ADWARE Amonetize installer outbound connection attempt (pua-adware.rules)
 * 1:28934 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules)
 * 1:28935 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules)
 * 1:28945 <-> DISABLED <-> INDICATOR-COMPROMISE exe.exe download (indicator-compromise.rules)
 * 1:28963 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit Flash Exploit landing page (exploit-kit.rules)
 * 1:28966 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound POST connection (exploit-kit.rules)
 * 1:28968 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound flash exploit retrieval attempt (exploit-kit.rules)
 * 1:28978 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules)
 * 1:28979 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules)
 * 1:28993 <-> DISABLED <-> PROTOCOL-VOIP Sipvicious User-Agent detected (protocol-voip.rules)
 * 1:28998 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules)
 * 1:28999 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules)
 * 1:29001 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit landing page detection (exploit-kit.rules)
 * 1:29002 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit Silverlight plugin outbound connection attempt (exploit-kit.rules)
 * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules)
 * 1:29009 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules)
 * 1:29010 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules)
 * 1:29012 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules)
 * 1:29013 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules)
 * 1:29014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules)
 * 1:29023 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules)
 * 1:29024 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules)
 * 1:29025 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules)
 * 1:29028 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules)
 * 1:29029 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules)
 * 1:29047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:29048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:29049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:29050 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:29051 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:29052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:29053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:29054 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:29055 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Descrantol variant data exfiltration attempt (malware-backdoor.rules)
 * 1:29061 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules)
 * 1:29062 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules)
 * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules)
 * 1:29094 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Shatekrat variant initial outbound connection (malware-backdoor.rules)
 * 1:29096 <-> ENABLED <-> MALWARE-TOOLS Browser Password Decryptor - Password List sent via FTP (malware-tools.rules)
 * 1:29124 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.InstallMonster variant outbound connection (malware-other.rules)
 * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules)
 * 1:29164 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit outbound flash request (exploit-kit.rules)
 * 1:29182 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules)
 * 1:29183 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules)
 * 1:29184 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules)
 * 1:29185 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules)
 * 1:29186 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound connection (exploit-kit.rules)
 * 1:29188 <-> DISABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded open type font file request (exploit-kit.rules)
 * 1:29194 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers - too many inputs (protocol-scada.rules)
 * 1:29195 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register - too many inputs (protocol-scada.rules)
 * 1:29196 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input status - too many inputs (protocol-scada.rules)
 * 1:29197 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules)
 * 1:29198 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules)
 * 1:29199 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers - too many registers (protocol-scada.rules)
 * 1:29200 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil - invalid state (protocol-scada.rules)
 * 1:29201 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules)
 * 1:29202 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules)
 * 1:29203 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo response invalid byte count (protocol-scada.rules)
 * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (protocol-scada.rules)
 * 1:29205 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input registers response invalid byte count (protocol-scada.rules)
 * 1:29206 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write register response - invalid byte count (protocol-scada.rules)
 * 1:29207 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29208 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29209 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29210 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29211 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29212 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29214 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules)
 * 1:29215 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules)
 * 1:29218 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules)
 * 1:29219 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules)
 * 1:29266 <-> DISABLED <-> SERVER-OTHER Cisco Prime Data Center Network Manager arbitrary file read attempt (server-other.rules)
 * 1:29268 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules)
 * 1:29269 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules)
 * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules)
 * 1:29282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29314 <-> DISABLED <-> PROTOCOL-SCADA Modbus function scan (protocol-scada.rules)
 * 1:29315 <-> DISABLED <-> PROTOCOL-SCADA Modbus list scan (protocol-scada.rules)
 * 1:29316 <-> DISABLED <-> PROTOCOL-SCADA Modbus value scan (protocol-scada.rules)
 * 1:29317 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid exception message (protocol-scada.rules)
 * 1:29318 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface response (protocol-scada.rules)
 * 1:29319 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface request (protocol-scada.rules)
 * 1:29320 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules)
 * 1:29321 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules)
 * 1:29322 <-> DISABLED <-> APP-DETECT Baidu IME runtime detection - remote sync (app-detect.rules)
 * 1:29354 <-> DISABLED <-> APP-DETECT Foca file scanning attempt (app-detect.rules)
 * 1:29357 <-> DISABLED <-> PUA-P2P Vuze BitTorrent client outbound connection (pua-p2p.rules)
 * 1:29360 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit encrypted binary download (exploit-kit.rules)
 * 1:29361 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules)
 * 1:29362 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules)
 * 1:29364 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Esjey outbound communication attempt (malware-other.rules)
 * 1:29381 <-> DISABLED <-> APP-DETECT VPN Over DNS outbound traffic attempt (app-detect.rules)
 * 1:29382 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules)
 * 1:29383 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules)
 * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules)
 * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:29393 <-> DISABLED <-> SERVER-OTHER ntp monlist denial of service attempt (server-other.rules)
 * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules)
 * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules)
 * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules)
 * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules)
 * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules)
 * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules)
 * 1:29412 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Java download attempt (exploit-kit.rules)
 * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:29418 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules)
 * 1:29419 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules)
 * 1:29433 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:29437 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules)
 * 1:29438 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules)
 * 1:29444 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit flashplayer11 payload download (exploit-kit.rules)
 * 1:29447 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download - scandsk.exe (exploit-kit.rules)
 * 1:29454 <-> DISABLED <-> PROTOCOL-ICMP Unusual L3retriever Ping detected (protocol-icmp.rules)
 * 1:29455 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows Ping detected (protocol-icmp.rules)
 * 1:29456 <-> DISABLED <-> PROTOCOL-ICMP Unusual PING detected (protocol-icmp.rules)
 * 1:29457 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows 7 Ping detected (protocol-icmp.rules)
 * 1:29490 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules)
 * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules)
 * 1:29500 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader outbound connection attempt (pua-adware.rules)
 * 1:29501 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader executable file download attempt (pua-adware.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules)
 * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules)
 * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:29539 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules)
 * 1:29540 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules)
 * 1:29541 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules)
 * 1:29542 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules)
 * 1:29543 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules)
 * 1:29544 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules)
 * 1:29545 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules)
 * 1:29546 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules)
 * 1:29551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules)
 * 1:29552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules)
 * 1:29553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules)
 * 1:29554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:29582 <-> DISABLED <-> SERVER-OTHER Mediawiki DjVu and PDF handling code execution attempt (server-other.rules)
 * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules)
 * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules)
 * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules)
 * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules)
 * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules)
 * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules)
 * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules)
 * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules)
 * 1:29604 <-> DISABLED <-> OS-OTHER CoDeSys Gateway Server Denial of Service attempt detected (os-other.rules)
 * 1:29605 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules)
 * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules)
 * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29640 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules)
 * 1:29641 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules)
 * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules)
 * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules)
 * 1:29660 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules)
 * 1:29661 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules)
 * 1:38279 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules)
 * 1:38280 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules)
 * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules)
 * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules)
 * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:38319 <-> DISABLED <-> NETBIOS SMB winreg named pipe creation attempt (netbios.rules)
 * 1:38320 <-> DISABLED <-> NETBIOS SMB srvsvc named pipe creation attempt (netbios.rules)
 * 1:38321 <-> DISABLED <-> NETBIOS SMB svcctl named pipe creation attempt (netbios.rules)
 * 1:38322 <-> DISABLED <-> NETBIOS SMB samr named pipe creation attempt (netbios.rules)
 * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules)
 * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules)
 * 1:38327 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules)
 * 1:38328 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy connection attempt (malware-backdoor.rules)
 * 1:38329 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy initial connection attempt (malware-backdoor.rules)
 * 1:38338 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules)
 * 1:38339 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules)
 * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules)
 * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules)
 * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules)
 * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules)
 * 1:38360 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules)
 * 1:38361 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules)
 * 1:38365 <-> DISABLED <-> SERVER-OTHER TCPDUMP ISAKMP payload handling denial of service attempt (server-other.rules)
 * 1:38372 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules)
 * 1:38373 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules)
 * 1:38374 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules)
 * 1:38375 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules)
 * 1:38376 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules)
 * 1:38377 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules)
 * 1:38390 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules)
 * 1:38391 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules)
 * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38446 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38447 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38452 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules)
 * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules)
 * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules)
 * 1:38497 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules)
 * 1:38498 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules)
 * 1:38499 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules)
 * 1:38500 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules)
 * 1:38501 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules)
 * 1:38502 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules)
 * 1:38525 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules)
 * 1:38526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules)
 * 1:38529 <-> DISABLED <-> MALWARE-OTHER XBot CC Social Engineering (malware-other.rules)
 * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules)
 * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules)
 * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules)
 * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules)
 * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules)
 * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules)
 * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules)
 * 1:38569 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules)
 * 1:38570 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules)
 * 1:38571 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules)
 * 1:38572 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules)
 * 1:38575 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS change cipher spec protocol denial of service attempt (server-other.rules)
 * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules)
 * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules)
 * 1:38594 <-> DISABLED <-> APP-DETECT Bloomberg web crawler outbound connection (app-detect.rules)
 * 1:38641 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid header line evasion attempt (indicator-obfuscation.rules)
 * 1:38650 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38651 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38652 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38653 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38654 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38655 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38656 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38657 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38658 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38659 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38660 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38661 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38662 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38663 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38664 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38665 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules)
 * 1:38666 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules)
 * 1:38682 <-> ENABLED <-> EXPLOIT-KIT Angler Exploit Kit email gate (exploit-kit.rules)
 * 1:38683 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38684 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38685 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38686 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38687 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38688 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38689 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38690 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38691 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38692 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38693 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38694 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38695 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38696 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38697 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38698 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38699 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38700 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38701 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38702 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38703 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38704 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38705 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38706 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38707 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38708 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38709 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38710 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38711 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38712 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38713 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38714 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38715 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38716 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38717 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38718 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38719 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:38731 <-> DISABLED <-> SERVER-OTHER Squid Proxy range header denial of service attempt (server-other.rules)
 * 1:38767 <-> DISABLED <-> INDICATOR-COMPROMISE potential abuse of originating page privileges by new tab (indicator-compromise.rules)
 * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules)
 * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules)
 * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules)
 * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules)
 * 1:38892 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules)
 * 1:38893 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules)
 * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 request for aires.dll over SMB attempt (file-other.rules)
 * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules)
 * 1:38922 <-> DISABLED <-> INDICATOR-OBFUSCATION Brotli encoding evasion attempt (indicator-obfuscation.rules)
 * 1:38933 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules)
 * 1:38951 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules)
 * 1:38952 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules)
 * 1:38953 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules)
 * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules)
 * 1:38989 <-> DISABLED <-> MALWARE-TOOLS TorStresser http DoS tool (malware-tools.rules)
 * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules)
 * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules)
 * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules)
 * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules)
 * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules)
 * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules)
 * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules)
 * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules)
 * 1:39058 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:39059 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (server-other.rules)
 * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules)
 * 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules)
 * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules)
 * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules)
 * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules)
 * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules)
 * 1:39189 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules)
 * 1:39262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules)
 * 1:39263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules)
 * 1:39264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules)
 * 1:39265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules)
 * 1:39356 <-> ENABLED <-> MALWARE-OTHER Lamer outbound communication attempt (malware-other.rules)
 * 1:39357 <-> ENABLED <-> MALWARE-OTHER Flopex outbound communication attempt (malware-other.rules)
 * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules)
 * 1:39378 <-> DISABLED <-> PROTOCOL-FTP PUT overflow attempt (protocol-ftp.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39416 <-> DISABLED <-> PUA-OTHER RMS rmansys remote management tool cnc communication (pua-other.rules)
 * 1:39443 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallFaster variant outbound connection attempt (pua-adware.rules)
 * 1:39444 <-> DISABLED <-> INDICATOR-COMPROMISE Netgear D6000 or D3600 password recovery page access attempt (indicator-compromise.rules)
 * 1:39449 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server sp_addsrvrolemember privilege escalation attempt (server-mssql.rules)
 * 1:39450 <-> DISABLED <-> PROTOCOL-TFTP Firmware upgrade request (protocol-tftp.rules)
 * 1:39451 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx switch reboot request (protocol-tftp.rules)
 * 1:39452 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx factory reset request (protocol-tftp.rules)
 * 1:39463 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules)
 * 1:39464 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules)
 * 1:39472 <-> DISABLED <-> SERVER-OTHER Jenkins server auto-discovery attempt (server-other.rules)
 * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules)
 * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules)
 * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules)
 * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules)
 * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules)
 * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules)
 * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules)
 * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules)
 * 1:39637 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ranscam initial download attempt (malware-other.rules)
 * 1:39638 <-> DISABLED <-> MALWARE-TOOLS Win.Packer.ConfuserEx packed .NET executable attempt (malware-tools.rules)
 * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules)
 * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules)
 * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules)
 * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules)
 * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39669 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules)
 * 1:39670 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules)
 * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39682 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound ad download attempt (pua-adware.rules)
 * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules)
 * 1:39707 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules)
 * 1:39708 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules)
 * 1:39709 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules)
 * 1:39713 <-> ENABLED <-> MALWARE-OTHER MKVIS outbound communication attempt (malware-other.rules)
 * 1:39729 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type image containing Portable Executable data (indicator-compromise.rules)
 * 1:39734 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Xtrat outbound connection detected (malware-other.rules)
 * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules)
 * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules)
 * 1:39741 <-> DISABLED <-> PUA-ADWARE Win.Adware.StartPage variant outbound connection (pua-adware.rules)
 * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules)
 * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules)
 * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules)
 * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules)
 * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules)
 * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules)
 * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules)
 * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules)
 * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules)
 * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules)
 * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules)
 * 1:39779 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules)
 * 1:39780 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules)
 * 1:39781 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules)
 * 1:39786 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules)
 * 1:39787 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules)
 * 1:39798 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:39799 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39807 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lethic outbound connection detected (malware-other.rules)
 * 1:39830 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrypMIC outbound connection detected (malware-other.rules)
 * 1:39863 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules)
 * 1:39888 <-> DISABLED <-> PUA-ADWARE Dorv Adware variant outbound connection (pua-adware.rules)
 * 1:39899 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules)
 * 1:39900 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules)
 * 1:39901 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules)
 * 1:39902 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules)
 * 1:39904 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules)
 * 1:39905 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules)
 * 1:39906 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules)
 * 1:39907 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules)
 * 1:39908 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt (server-apache.rules)
 * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules)
 * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules)
 * 1:39922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:39923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:39926 <-> ENABLED <-> MALWARE-OTHER pisloader DNS drive command response attempt (malware-other.rules)
 * 1:39927 <-> ENABLED <-> MALWARE-OTHER pisloader DNS list command response attempt (malware-other.rules)
 * 1:39928 <-> ENABLED <-> MALWARE-OTHER pisloader DNS open command response attempt (malware-other.rules)
 * 1:39929 <-> ENABLED <-> MALWARE-OTHER pisloader DNS sinfo command response attempt (malware-other.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules)
 * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules)
 * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules)
 * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules)
 * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules)
 * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules)
 * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules)
 * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules)
 * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:40037 <-> DISABLED <-> PUA-ADWARE Google Chrome Google Contacts extension adware (pua-adware.rules)
 * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules)
 * 1:40050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40052 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40053 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40054 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40057 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (os-linux.rules)
 * 1:40064 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules)
 * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules)
 * 1:40084 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules)
 * 1:40085 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules)
 * 1:40086 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules)
 * 1:40087 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules)
 * 1:40088 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules)
 * 1:40089 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules)
 * 1:40090 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules)
 * 1:40091 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules)
 * 1:40092 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules)
 * 1:40093 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules)
 * 1:40094 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules)
 * 1:40095 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules)
 * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules)
 * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules)
 * 1:40161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules)
 * 1:40162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules)
 * 1:40163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules)
 * 1:40164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules)
 * 1:40165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules)
 * 1:40170 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules)
 * 1:40171 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules)
 * 1:40172 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:40173 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:40174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:40175 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules)
 * 1:40184 <-> DISABLED <-> EXPLOIT-KIT Phoenix Exploit Kit inbound geoip.php bdr exploit attempt (exploit-kit.rules)
 * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules)
 * 1:40191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40192 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40193 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40196 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40197 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40198 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40199 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40200 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40201 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40202 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules)
 * 1:40211 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound connection (pua-adware.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:40294 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules)
 * 1:40295 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules)
 * 1:40296 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules)
 * 1:40297 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules)
 * 1:40301 <-> DISABLED <-> SERVER-OTHER Redis CONFIG SET array index out of bounds attempt (server-other.rules)
 * 1:40305 <-> DISABLED <-> PUA-ADWARE Win.Adware.SupTab external connection attempt (pua-adware.rules)
 * 1:40313 <-> DISABLED <-> SQL PostgreSQL potential remote code execution attempt (sql.rules)
 * 1:40316 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules)
 * 1:40317 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules)
 * 1:40318 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules)
 * 1:40319 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules)
 * 1:40320 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules)
 * 1:40321 <-> DISABLED <-> SERVER-APACHE Apache Tomcat credential disclosure attempt (server-apache.rules)
 * 1:40323 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion RDS admin bypass attempt (server-other.rules)
 * 1:40324 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules)
 * 1:40325 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules)
 * 1:40326 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules)
 * 1:40327 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion fckeditor arbitrary file upload (server-other.rules)
 * 1:40328 <-> DISABLED <-> SERVER-OTHER Railo directory traversal attempt (server-other.rules)
 * 1:40329 <-> DISABLED <-> SERVER-OTHER Axis2 directory traversal attempt (server-other.rules)
 * 1:40330 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules)
 * 1:40333 <-> DISABLED <-> PROTOCOL-SCADA Rockwell firmware upload attempt (protocol-scada.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:40353 <-> DISABLED <-> SERVER-OTHER Linknat Vos Manager potential directory traversal attempt (server-other.rules)
 * 1:40354 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules)
 * 1:40355 <-> DISABLED <-> PROTOCOL-FTP z/OS FTP Job Entry Subsystem JCL execution attempt (protocol-ftp.rules)
 * 1:40356 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules)
 * 1:40357 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules)
 * 1:40361 <-> DISABLED <-> BROWSER-OTHER Android Browser potential denial of service attempt (browser-other.rules)
 * 1:40376 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules)
 * 1:40377 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules)
 * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules)
 * 1:40457 <-> DISABLED <-> PUA-ADWARE Win.Downloader.OpenCandy variant outbound connection (pua-adware.rules)
 * 1:40458 <-> DISABLED <-> BROWSER-OTHER Android browser file exfiltration attempt (browser-other.rules)
 * 1:40459 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules)
 * 1:40460 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules)
 * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40492 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadManager outbound connection (pua-adware.rules)
 * 1:40517 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Network Policy Change attempt (protocol-scada.rules)
 * 1:40518 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Stop CPU attempt (protocol-scada.rules)
 * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules)
 * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules)
 * 1:40529 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules)
 * 1:40530 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules)
 * 1:40531 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules)
 * 1:40532 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules)
 * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40562 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules)
 * 1:40564 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules)
 * 1:40593 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules)
 * 1:40594 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules)
 * 1:40595 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules)
 * 1:40597 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with wget from external source (indicator-compromise.rules)
 * 1:40598 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with curl from external source (indicator-compromise.rules)
 * 1:40610 <-> DISABLED <-> INDICATOR-COMPROMISE DNS response points to sinkholed domain (indicator-compromise.rules)
 * 1:40760 <-> DISABLED <-> SERVER-OTHER OpenLDAP deref control denial of service attempt (server-other.rules)
 * 1:40772 <-> DISABLED <-> PUA-ADWARE Win.Trojan.Miuref variant outbound connection (pua-adware.rules)
 * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:40811 <-> DISABLED <-> SERVER-OTHER NTP origin timestamp denial of service attempt (server-other.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:40827 <-> DISABLED <-> PUA-ADWARE MindSpark framework installer attempt (pua-adware.rules)
 * 1:40839 <-> DISABLED <-> PUA-ADWARE Sokuxuan outbound connection attempt (pua-adware.rules)
 * 1:40840 <-> DISABLED <-> PUA-OTHER Bitcoin Mining subscribe Stratum protocol client request attempt (pua-other.rules)
 * 1:40841 <-> DISABLED <-> PUA-OTHER Bitcoin Mining authorize Stratum protocol client request attempt (pua-other.rules)
 * 1:40842 <-> DISABLED <-> PUA-OTHER Bitcoin Mining extranonce Stratum protocol subscribe client request attempt (pua-other.rules)
 * 1:40844 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules)
 * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules)
 * 1:40871 <-> DISABLED <-> MALWARE-OTHER Virut CnC command reply (malware-other.rules)
 * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules)
 * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules)
 * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules)
 * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules)
 * 1:40876 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT file transfer length memory disclosure attempt (server-other.rules)
 * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules)
 * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules)
 * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules)
 * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:40912 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules)
 * 1:40913 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules)
 * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules)
 * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules)
 * 1:40961 <-> DISABLED <-> FILE-OTHER Microsoft Office OLE DLL side load attempt (file-other.rules)
 * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules)
 * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:40990 <-> DISABLED <-> OS-WINDOWS empty PostScript Type 1 font pfb file null dereference attempt (os-windows.rules)
 * 1:41027 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules)
 * 1:41028 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules)
 * 1:41042 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Dump Boot Code attempt (protocol-scada.rules)
 * 1:41043 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Ethernet Reset attempt (protocol-scada.rules)
 * 1:41044 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash CPU attempt (protocol-scada.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:41047 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT ACT (protocol-scada.rules)
 * 1:41048 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT CON (protocol-scada.rules)
 * 1:41049 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT ACT (protocol-scada.rules)
 * 1:41050 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT CON (protocol-scada.rules)
 * 1:41051 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR ACT (protocol-scada.rules)
 * 1:41052 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR CON (protocol-scada.rules)
 * 1:41053 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Ack file (protocol-scada.rules)
 * 1:41054 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Double point information (protocol-scada.rules)
 * 1:41055 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 End of initialization (protocol-scada.rules)
 * 1:41056 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 File ready (protocol-scada.rules)
 * 1:41057 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Integrated totals (protocol-scada.rules)
 * 1:41058 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Interrogation command (protocol-scada.rules)
 * 1:41059 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Last section (protocol-scada.rules)
 * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules)
 * 1:41061 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Measured value (protocol-scada.rules)
 * 1:41062 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Packed start events (protocol-scada.rules)
 * 1:41063 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Parameter value (protocol-scada.rules)
 * 1:30934 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit encrypted binary download (exploit-kit.rules)
 * 1:30935 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:30939 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules)
 * 1:30940 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules)
 * 1:30946 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Wysotot variant download attempt (malware-other.rules)
 * 1:30948 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Hikit outbound banner response (malware-backdoor.rules)
 * 1:30950 <-> DISABLED <-> SERVER-MAIL BitDefender Antivirus logging function format string remote code execution attempt (server-mail.rules)
 * 1:30960 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound jnlp request (exploit-kit.rules)
 * 1:30965 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules)
 * 1:30966 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Microsoft Internet Explorer exploit (exploit-kit.rules)
 * 1:30967 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules)
 * 1:30968 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to font exploit (exploit-kit.rules)
 * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules)
 * 1:30970 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Adobe Flash landing page (exploit-kit.rules)
 * 1:30971 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Oracle Java landing page (exploit-kit.rules)
 * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules)
 * 1:30975 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules)
 * 1:30976 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules)
 * 1:30992 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules)
 * 1:30993 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules)
 * 1:30994 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules)
 * 1:30995 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules)
 * 1:31008 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules)
 * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules)
 * 1:31011 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules)
 * 1:31012 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules)
 * 1:31013 <-> DISABLED <-> SERVER-OTHER UNIX platform forwardslash directory traversal (server-other.rules)
 * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules)
 * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules)
 * 1:31019 <-> DISABLED <-> PUA-ADWARE Win.Adware.OptimumInstaller variant outbound connection (pua-adware.rules)
 * 1:31021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules)
 * 1:31022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules)
 * 1:31023 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:31024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:31025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:31026 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:31037 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKESimmgr.exe buffer overflow attempt (protocol-scada.rules)
 * 1:31038 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules)
 * 1:31039 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules)
 * 1:31040 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules)
 * 1:31041 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules)
 * 1:31042 <-> DISABLED <-> PUA-ADWARE Win.Adware.Outbrowse installation attempt (pua-adware.rules)
 * 1:31045 <-> DISABLED <-> SERVER-OTHER Oracle Demantra arbitrary file retrieval with authentication bypass attempt (server-other.rules)
 * 1:31048 <-> DISABLED <-> PUA-ADWARE Win.Adware.PCSpeedUp variant outbound connection (pua-adware.rules)
 * 1:31052 <-> DISABLED <-> PUA-ADWARE Win.Adware.Kdupd variant outbound connection (pua-adware.rules)
 * 1:31056 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WEP key enumeration attempt (protocol-snmp.rules)
 * 1:31057 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WPA key enumeration attempt (protocol-snmp.rules)
 * 1:31058 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntName enumeration attempt (protocol-snmp.rules)
 * 1:31059 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntPassword enumeration attempt (protocol-snmp.rules)
 * 1:31074 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - download-toolbar.avg.com (pua-toolbars.rules)
 * 1:31075 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - mmi.explabs.net (pua-toolbars.rules)
 * 1:31076 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar download attempt - stat.info-stream.net (pua-toolbars.rules)
 * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules)
 * 1:31085 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules)
 * 1:31086 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules)
 * 1:31087 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules)
 * 1:31088 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules)
 * 1:31089 <-> ENABLED <-> PUA-ADWARE Win.Adware.CloseApp variant outbound connection (pua-adware.rules)
 * 1:31091 <-> ENABLED <-> PUA-ADWARE Win.Adware.Inbox/PCFixSpeed/RebateInformer variant outbound connection (pua-adware.rules)
 * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules)
 * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules)
 * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP CableHome Devices cabhPsDevUIPassword enumeration attempt (protocol-snmp.rules)
 * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules)
 * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules)
 * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules)
 * 1:31101 <-> DISABLED <-> SERVER-OTHER Sharetronix cross site request forgery attempt (server-other.rules)
 * 1:31102 <-> DISABLED <-> SERVER-OTHER TrendMicro InterScan Viruswall directory traversal attempt (server-other.rules)
 * 1:31125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31127 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules)
 * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31146 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules)
 * 1:31162 <-> DISABLED <-> SERVER-OTHER Beetel 450TC2 CSRF attempt (server-other.rules)
 * 1:31166 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules)
 * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules)
 * 1:31176 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules)
 * 1:31177 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules)
 * 1:31178 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules)
 * 1:31179 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules)
 * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:31184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules)
 * 1:31185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules)
 * 1:31212 <-> DISABLED <-> INDICATOR-COMPROMISE http GET request smuggling attempt (indicator-compromise.rules)
 * 1:31213 <-> DISABLED <-> INDICATOR-COMPROMISE http POST request smuggling attempt (indicator-compromise.rules)
 * 1:31217 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Server meeting URL XSS attempt (os-windows.rules)
 * 1:31229 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:31230 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules)
 * 1:31231 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules)
 * 1:31237 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound swf request (exploit-kit.rules)
 * 1:31245 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:31246 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:31274 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31275 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit landing page (exploit-kit.rules)
 * 1:31281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules)
 * 1:31282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules)
 * 1:31283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31291 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules)
 * 1:31292 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules)
 * 1:31298 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules)
 * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules)
 * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules)
 * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules)
 * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules)
 * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31370 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirection page (exploit-kit.rules)
 * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules)
 * 1:31378 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules)
 * 1:31379 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules)
 * 1:31392 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules)
 * 1:31393 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules)
 * 1:31394 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules)
 * 1:31395 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules)
 * 1:31396 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules)
 * 1:31397 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (protocol-snmp.rules)
 * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules)
 * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules)
 * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules)
 * 1:31857 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules)
 * 1:31858 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules)
 * 1:31859 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules)
 * 1:31860 <-> DISABLED <-> SERVER-OTHER Apple CUPS web interface cross site scripting attempt (server-other.rules)
 * 1:31861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules)
 * 1:31862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules)
 * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:31898 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules)
 * 1:31899 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash encoded shellcode detected (exploit-kit.rules)
 * 1:31900 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Internet Explorer encoded shellcode detected (exploit-kit.rules)
 * 1:31902 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules)
 * 1:31903 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules)
 * 1:31966 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31967 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31972 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules)
 * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules)
 * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules)
 * 1:31988 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules)
 * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules)
 * 1:32006 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules)
 * 1:32008 <-> ENABLED <-> MALWARE-OTHER Fake Delta Ticket HTTP Response phishing attack (malware-other.rules)
 * 1:32021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules)
 * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules)
 * 1:32024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules)
 * 1:32025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules)
 * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules)
 * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules)
 * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules)
 * 1:32045 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules)
 * 1:32046 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules)
 * 1:32047 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules)
 * 1:32049 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules)
 * 1:32055 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Blohi variant outbound connection (malware-backdoor.rules)
 * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (protocol-scada.rules)
 * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules)
 * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules)
 * 1:32077 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP ping abort message double free attempt (file-flash.rules)
 * 1:32080 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules)
 * 1:32081 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules)
 * 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules)
 * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules)
 * 1:32087 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules)
 * 1:32088 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules)
 * 1:32089 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules)
 * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules)
 * 1:32099 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules)
 * 1:32100 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules)
 * 1:32117 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising browser hijacker (pua-adware.rules)
 * 1:32118 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising connectivity check (pua-adware.rules)
 * 1:32119 <-> DISABLED <-> PUA-ADWARE Vsearch installer User-Agent (pua-adware.rules)
 * 1:32120 <-> DISABLED <-> PUA-ADWARE Vsearch installer request (pua-adware.rules)
 * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:32141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules)
 * 1:32142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules)
 * 1:32143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules)
 * 1:32144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules)
 * 1:32145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules)
 * 1:32146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules)
 * 1:32147 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules)
 * 1:32148 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules)
 * 1:32166 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules)
 * 1:32167 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules)
 * 1:32170 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules)
 * 1:32171 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules)
 * 1:32190 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules)
 * 1:32191 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules)
 * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (server-other.rules)
 * 1:32204 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules)
 * 1:32205 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules)
 * 1:32236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules)
 * 1:32237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules)
 * 1:32238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules)
 * 1:32239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules)
 * 1:32240 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules)
 * 1:32244 <-> DISABLED <-> BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt (browser-firefox.rules)
 * 1:32247 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot command execution attempt (malware-backdoor.rules)
 * 1:32248 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot file edit attempt (malware-backdoor.rules)
 * 1:32249 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot port bind attempt (malware-backdoor.rules)
 * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules)
 * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (malware-other.rules)
 * 1:32274 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules)
 * 1:32275 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules)
 * 1:32277 <-> DISABLED <-> SERVER-OTHER Novell ZENworks PreBoot directory traversal attempt (server-other.rules)
 * 1:32301 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules)
 * 1:32302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules)
 * 1:32303 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules)
 * 1:32304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules)
 * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules)
 * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules)
 * 1:32307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules)
 * 1:32308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules)
 * 1:32319 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules)
 * 1:32320 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules)
 * 1:32321 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules)
 * 1:32322 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules)
 * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules)
 * 1:32339 <-> DISABLED <-> PUA-ADWARE Nosibay Bubble Dock freeware auto update outbound connection (pua-adware.rules)
 * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules)
 * 1:32358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules)
 * 1:32361 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer overflow (file-other.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules)
 * 1:32376 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler stack buffer overflow attempt (server-other.rules)
 * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules)
 * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules)
 * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules)
 * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules)
 * 1:32387 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit jar file download (exploit-kit.rules)
 * 1:32388 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules)
 * 1:32390 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules)
 * 1:32399 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Oracle Java request (exploit-kit.rules)
 * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules)
 * 1:32404 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules)
 * 1:32405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules)
 * 1:32406 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules)
 * 1:32407 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules)
 * 1:32408 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules)
 * 1:32409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules)
 * 1:32410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules)
 * 1:32411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules)
 * 1:32412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules)
 * 1:32413 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules)
 * 1:32414 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules)
 * 1:32415 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules)
 * 1:32416 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules)
 * 1:32417 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules)
 * 1:32419 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules)
 * 1:32420 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules)
 * 1:32421 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules)
 * 1:32422 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 handshake cookie buffer overflow attempt (os-windows.rules)
 * 1:32423 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 hello verify request out of bounds read attempt (os-windows.rules)
 * 1:32428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules)
 * 1:32429 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules)
 * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules)
 * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules)
 * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules)
 * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules)
 * 1:32465 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules)
 * 1:32466 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules)
 * 1:32467 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules)
 * 1:32468 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules)
 * 1:32474 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules)
 * 1:32475 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules)
 * 1:32476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules)
 * 1:32477 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules)
 * 1:32489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules)
 * 1:32490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules)
 * 1:32499 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules)
 * 1:32500 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules)
 * 1:32501 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules)
 * 1:32502 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules)
 * 1:32514 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules)
 * 1:32515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules)
 * 1:32516 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules)
 * 1:32517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules)
 * 1:32518 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules)
 * 1:32519 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules)
 * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules)
 * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules)
 * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules)
 * 1:32533 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL Server XPath memory Corruption attempt (server-mysql.rules)
 * 1:32534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules)
 * 1:32541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules)
 * 1:32542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules)
 * 1:32543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules)
 * 1:32544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules)
 * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules)
 * 1:32552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules)
 * 1:32553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules)
 * 1:32554 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit landing page detected (exploit-kit.rules)
 * 1:32558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules)
 * 1:32559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules)
 * 1:32560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules)
 * 1:32561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules)
 * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules)
 * 1:32567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules)
 * 1:32568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules)
 * 1:32569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules)
 * 1:32570 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules)
 * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32573 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32578 <-> ENABLED <-> PUA-OTHER Request for known malware domain pierrejb.agora.eu.org (pua-other.rules)
 * 1:32587 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules)
 * 1:32588 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules)
 * 1:32589 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules)
 * 1:32592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules)
 * 1:32593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules)
 * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (server-other.rules)
 * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules)
 * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules)
 * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules)
 * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules)
 * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules)
 * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules)
 * 1:32636 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules)
 * 1:32637 <-> DISABLED <-> PROTOCOL-TFTP UDP large packet use after free attempt (protocol-tftp.rules)
 * 1:32638 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Adobe Flash exploit on defined port (exploit-kit.rules)
 * 1:32640 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound payload detection (exploit-kit.rules)
 * 1:32641 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Oracle Java jnlp file requested on defined port (exploit-kit.rules)
 * 1:32647 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules)
 * 1:32648 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules)
 * 1:32649 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules)
 * 1:32650 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules)
 * 1:32651 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules)
 * 1:32668 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules)
 * 1:32669 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules)
 * 1:32671 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules)
 * 1:32672 <-> DISABLED <-> SERVER-OTHER Cisco ios ftp proxy overflow attempt (server-other.rules)
 * 1:32673 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules)
 * 1:32683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules)
 * 1:32684 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules)
 * 1:32687 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules)
 * 1:32688 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules)
 * 1:32705 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA meeting invite XSS attempt (server-mail.rules)
 * 1:32707 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules)
 * 1:32708 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules)
 * 1:32711 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules)
 * 1:32712 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules)
 * 1:32713 <-> DISABLED <-> BROWSER-OTHER Microsoft Internet Explorer cross site scripting filter bypass attempt (browser-other.rules)
 * 1:32718 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules)
 * 1:32719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules)
 * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules)
 * 1:32731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules)
 * 1:32732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules)
 * 1:32737 <-> DISABLED <-> SERVER-OTHER Lianja SQL Server db_netserver Buffer Overflow attempt (server-other.rules)
 * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32748 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor HMI /res buffer overflow attempt (server-other.rules)
 * 1:32749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules)
 * 1:32750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules)
 * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules)
 * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules)
 * 1:32755 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules)
 * 1:32756 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules)
 * 1:32757 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules)
 * 1:32758 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules)
 * 1:32759 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules)
 * 1:32760 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules)
 * 1:32764 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules)
 * 1:32765 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules)
 * 1:32766 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules)
 * 1:32767 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules)
 * 1:32768 <-> DISABLED <-> SQL PK-CMS SQL injection attempt (sql.rules)
 * 1:32771 <-> DISABLED <-> MALWARE-OTHER Adobe Invoice email scam phishing attempt (malware-other.rules)
 * 1:32772 <-> DISABLED <-> MALWARE-OTHER Adobe License Key email scam phishing attempt (malware-other.rules)
 * 1:32787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules)
 * 1:32788 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules)
 * 1:32789 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules)
 * 1:32790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules)
 * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules)
 * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules)
 * 1:32795 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules)
 * 1:32796 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules)
 * 1:32797 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules)
 * 1:32798 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules)
 * 1:32799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules)
 * 1:32800 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules)
 * 1:32801 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules)
 * 1:32802 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules)
 * 1:32805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules)
 * 1:32806 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules)
 * 1:32807 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules)
 * 1:32808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules)
 * 1:32809 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules)
 * 1:32810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules)
 * 1:32811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules)
 * 1:32812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules)
 * 1:32813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules)
 * 1:32814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules)
 * 1:32815 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32816 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:32819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules)
 * 1:32820 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules)
 * 1:32821 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules)
 * 1:32822 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules)
 * 1:32828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:32829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:32830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:32831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:32832 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:32833 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:32834 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules)
 * 1:32835 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules)
 * 1:32836 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules)
 * 1:32837 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules)
 * 1:32838 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules)
 * 1:32839 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules)
 * 1:32845 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - 209.53.113.223 (app-detect.rules)
 * 1:32846 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - absolute.com (app-detect.rules)
 * 1:32847 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - bh.namequery.com (app-detect.rules)
 * 1:32848 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - namequery.nettrace.co.za (app-detect.rules)
 * 1:32849 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.us.namequery.com (app-detect.rules)
 * 1:32850 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search2.namequery.com (app-detect.rules)
 * 1:32851 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search64.namequery.com (app-detect.rules)
 * 1:32864 <-> DISABLED <-> APP-DETECT I2P NetBIOS name resolution request attempt (app-detect.rules)
 * 1:32865 <-> DISABLED <-> APP-DETECT I2P DNS request attempt (app-detect.rules)
 * 1:32866 <-> DISABLED <-> APP-DETECT I2P UPNP query attempt (app-detect.rules)
 * 1:32867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules)
 * 1:32868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules)
 * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules)
 * 1:32873 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules)
 * 1:32874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules)
 * 1:32875 <-> DISABLED <-> MALWARE-TOOLS BlackSpider Tool ali.txt file upload attempt (malware-tools.rules)
 * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:32879 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit payload delivery (exploit-kit.rules)
 * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules)
 * 1:32883 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules)
 * 1:32884 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules)
 * 1:32889 <-> DISABLED <-> FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt (file-image.rules)
 * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd configure buffer overflow attempt (server-other.rules)
 * 1:32898 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules)
 * 1:32899 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules)
 * 1:32900 <-> DISABLED <-> FILE-FLASH Adobe Flash pepper player 307 redirect custom header cross domain policy evasion attempt (file-flash.rules)
 * 1:32903 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules)
 * 1:32904 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules)
 * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules)
 * 1:32911 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules)
 * 1:32912 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules)
 * 1:32913 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules)
 * 1:32914 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules)
 * 1:32915 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules)
 * 1:32916 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules)
 * 1:32917 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules)
 * 1:32918 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules)
 * 1:32919 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules)
 * 1:32920 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules)
 * 1:32921 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules)
 * 1:32922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32924 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32925 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32926 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32927 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32928 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32929 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32931 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32932 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32933 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules)
 * 1:32934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules)
 * 1:32935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules)
 * 1:32936 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tools download attempt (malware-tools.rules)
 * 1:32937 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy communication attempt (malware-tools.rules)
 * 1:32938 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tool download attempt (malware-tools.rules)
 * 1:32940 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules)
 * 1:32941 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules)
 * 1:32942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules)
 * 1:32943 <-> DISABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules)
 * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules)
 * 1:32948 <-> DISABLED <-> INDICATOR-COMPROMISE Download of executable screensaver file (indicator-compromise.rules)
 * 1:32949 <-> DISABLED <-> MALWARE-OTHER Download of executable screensaver file (malware-other.rules)
 * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules)
 * 1:32953 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules)
 * 1:32954 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules)
 * 1:32955 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
 * 1:32960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules)
 * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules)
 * 1:32965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules)
 * 1:32966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules)
 * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules)
 * 1:32995 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Adobe Flash download (exploit-kit.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules)
 * 1:33048 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules)
 * 1:33049 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules)
 * 1:33062 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules)
 * 1:33063 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules)
 * 1:33155 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules)
 * 1:33156 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules)
 * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules)
 * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules)
 * 1:33162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:33163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:33164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RTMP out-of-bounds read attempt (file-flash.rules)
 * 1:33176 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules)
 * 1:33177 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules)
 * 1:33183 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules)
 * 1:33185 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:33186 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules)
 * 1:33187 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules)
 * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (server-other.rules)
 * 1:33205 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules)
 * 1:33206 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules)
 * 1:33208 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bladbindi obfuscated with Yano Obfuscator download attempt (malware-other.rules)
 * 1:33212 <-> ENABLED <-> PUA-ADWARE SoftPulse variant HTTP response attempt (pua-adware.rules)
 * 1:33213 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules)
 * 1:33214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules)
 * 1:33215 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (indicator-compromise.rules)
 * 1:33216 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain tor2web.org (indicator-compromise.rules)
 * 1:33224 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.Blocker variant outbound connection attempt (indicator-compromise.rules)
 * 1:33280 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules)
 * 1:33286 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules)
 * 1:33292 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules)
 * 1:33295 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules)
 * 1:33296 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules)
 * 1:33297 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules)
 * 1:33298 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules)
 * 1:33304 <-> ENABLED <-> PUA-ADWARE Win.Adware.Gamevance variant outbound connection (pua-adware.rules)
 * 1:33306 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules)
 * 1:33307 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules)
 * 1:33308 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules)
 * 1:33309 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules)
 * 1:33310 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules)
 * 1:33311 <-> ENABLED <-> PUA-ADWARE Win.Adware.OptimizerPro variant outbound connection (pua-adware.rules)
 * 1:33343 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules)
 * 1:33344 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules)
 * 1:33355 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use-after-free attempt (os-windows.rules)
 * 1:33363 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:33364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:33430 <-> DISABLED <-> APP-DETECT I2P traffic transmission attempt (app-detect.rules)
 * 1:33436 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules)
 * 1:33437 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules)
 * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules)
 * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules)
 * 1:33445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP channel driver denial of service attempt (protocol-voip.rules)
 * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules)
 * 1:33454 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules)
 * 1:33455 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules)
 * 1:33475 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules)
 * 1:33476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules)
 * 1:33477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules)
 * 1:33478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules)
 * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules)
 * 1:33483 <-> ENABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (pua-adware.rules)
 * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules)
 * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules)
 * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules)
 * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules)
 * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33553 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules)
 * 1:33561 <-> DISABLED <-> SERVER-OTHER OpenSSL fragmented protocol downgrade attempt (server-other.rules)
 * 1:33562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules)
 * 1:33563 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules)
 * 1:33564 <-> DISABLED <-> SERVER-MAIL GNU Mailman date field buffer overflow attempt (server-mail.rules)
 * 1:33565 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33580 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules)
 * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules)
 * 1:33588 <-> DISABLED <-> FILE-OTHER Oracle Java WebStart JNLP stack buffer overflow attempt (file-other.rules)
 * 1:33592 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules)
 * 1:33593 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules)
 * 1:33595 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules)
 * 1:33596 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules)
 * 1:33603 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules)
 * 1:33604 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules)
 * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules)
 * 1:33618 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules)
 * 1:33619 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules)
 * 1:33622 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33624 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33625 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33626 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33627 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33628 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33629 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33630 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules)
 * 1:33635 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules)
 * 1:33636 <-> DISABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (server-other.rules)
 * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules)
 * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules)
 * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:33643 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules)
 * 1:33644 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules)
 * 1:33645 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules)
 * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold connection exhaustion denial of service attempt (server-other.rules)
 * 1:33661 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules)
 * 1:33662 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules)
 * 1:33663 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound uri structure (exploit-kit.rules)
 * 1:33664 <-> DISABLED <-> BROWSER-OTHER Network Security Services NSS library RSA signature forgery attempt (browser-other.rules)
 * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules)
 * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:33669 <-> DISABLED <-> FILE-OTHER Executable disguised as PIF file (file-other.rules)
 * 1:33679 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules)
 * 1:33680 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules)
 * 1:33682 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules)
 * 1:33683 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules)
 * 1:33685 <-> DISABLED <-> SERVER-OTHER PHPMoAdmin remote code execution attempt (server-other.rules)
 * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:33717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler access control bypass attempt (os-windows.rules)
 * 1:33728 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules)
 * 1:33729 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules)
 * 1:33732 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules)
 * 1:33733 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules)
 * 1:33734 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules)
 * 1:33735 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules)
 * 1:33758 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules)
 * 1:33759 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules)
 * 1:33760 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules)
 * 1:33761 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules)
 * 1:33765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules)
 * 1:33766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules)
 * 1:33767 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules)
 * 1:33768 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules)
 * 1:33769 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules)
 * 1:33770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules)
 * 1:33771 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules)
 * 1:33772 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules)
 * 1:33773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules)
 * 1:33774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules)
 * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade cipher suite attempt (server-other.rules)
 * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33807 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA X-OWA-CANARY command injection attempt (server-mail.rules)
 * 1:33808 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint Server Newsfeed XSS attempt (server-other.rules)
 * 1:33809 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint user display name XSS attempt (server-other.rules)
 * 1:33810 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server custom DLP policy name cross-site scripting attempt (server-other.rules)
 * 1:33811 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange UM Management user stored XSS attempt (server-mail.rules)
 * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:33815 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules)
 * 1:33816 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules)
 * 1:33823 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Speccom variant outbound connection (malware-backdoor.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules)
 * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules)
 * 1:33874 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Latekonsul Runtime Detection (malware-other.rules)
 * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules)
 * 1:33908 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules)
 * 1:33909 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules)
 * 1:33910 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules)
 * 1:33911 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules)
 * 1:33939 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules)
 * 1:33940 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules)
 * 1:33941 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules)
 * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules)
 * 1:33943 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules)
 * 1:33944 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33945 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33946 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33947 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33948 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33949 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33950 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33951 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33952 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33953 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33954 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33955 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33956 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33957 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33958 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33959 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules)
 * 1:33960 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules)
 * 1:33961 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules)
 * 1:33962 <-> DISABLED <-> BROWSER-CHROME Google Chrome Pepper Flash same-origin-policy bypass attempt (browser-chrome.rules)
 * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33971 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules)
 * 1:33972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules)
 * 1:33973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules)
 * 1:33974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34027 <-> DISABLED <-> SERVER-OTHER PHP 4 unserialize ZVAL Reference Counter Overflow attempt (server-other.rules)
 * 1:34053 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules)
 * 1:34054 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules)
 * 1:34057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules)
 * 1:34058 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules)
 * 1:34078 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34079 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34080 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34081 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34088 <-> DISABLED <-> SERVER-IIS Web.config information disclosure attempt (server-iis.rules)
 * 1:34091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules)
 * 1:34092 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules)
 * 1:34095 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules)
 * 1:34096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules)
 * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules)
 * 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules)
 * 1:34099 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt (server-other.rules)
 * 1:34112 <-> DISABLED <-> SERVER-OTHER NTP mode 6 REQ_NONCE denial of service attempt (server-other.rules)
 * 1:34114 <-> DISABLED <-> SERVER-OTHER NTP mode 6 UNSETTRAP denial of service attempt (server-other.rules)
 * 1:34118 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious javascript packer detected (indicator-obfuscation.rules)
 * 1:34119 <-> DISABLED <-> PUA-ADWARE InstallMetrix precheck stage outbound connection (pua-adware.rules)
 * 1:34120 <-> DISABLED <-> PUA-ADWARE InstallMetrix fetch offers stage outbound connection (pua-adware.rules)
 * 1:34121 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting binary installation stage status (pua-adware.rules)
 * 1:34122 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting fetch offers stage status (pua-adware.rules)
 * 1:34125 <-> DISABLED <-> PUA-ADWARE User-Agent Vitruvian (pua-adware.rules)
 * 1:34126 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules)
 * 1:34127 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules)
 * 1:34131 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:34137 <-> DISABLED <-> PUA-ADWARE SearchProtect user-agent detection (pua-adware.rules)
 * 1:34141 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules)
 * 1:34142 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules)
 * 1:34144 <-> DISABLED <-> PUA-ADWARE SuperOptimizer installation status (pua-adware.rules)
 * 1:34145 <-> DISABLED <-> PUA-ADWARE SuperOptimizer encrypted data transmission (pua-adware.rules)
 * 1:34146 <-> DISABLED <-> PUA-ADWARE SuperOptimizer geolocation request (pua-adware.rules)
 * 1:34147 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules)
 * 1:34148 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules)
 * 1:34149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules)
 * 1:34150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules)
 * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (server-other.rules)
 * 1:34170 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules)
 * 1:34171 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules)
 * 1:34176 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules)
 * 1:34177 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules)
 * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules)
 * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules)
 * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules)
 * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules)
 * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules)
 * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules)
 * 1:34295 <-> DISABLED <-> SQL Lblog possible sql injection attempt - GET parameter (sql.rules)
 * 1:34301 <-> DISABLED <-> SERVER-OTHER GNU Mailman listname directory traversal attempt (server-other.rules)
 * 1:34336 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Crea outbound connection attempt (malware-other.rules)
 * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules)
 * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules)
 * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules)
 * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules)
 * 1:34348 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download (exploit-kit.rules)
 * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules)
 * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules)
 * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules)
 * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules)
 * 1:34377 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules)
 * 1:34378 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules)
 * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules)
 * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules)
 * 1:34413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules)
 * 1:34414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules)
 * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules)
 * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules)
 * 1:34434 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules)
 * 1:34435 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules)
 * 1:34438 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules)
 * 1:34439 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules)
 * 1:34442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules)
 * 1:34443 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules)
 * 1:34463 <-> DISABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules)
 * 1:34464 <-> DISABLED <-> SERVER-OTHER AsusWRT infosvr remote command execution attempt (server-other.rules)
 * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (indicator-compromise.rules)
 * 1:34479 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules)
 * 1:34480 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules)
 * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules)
 * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (app-detect.rules)
 * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (app-detect.rules)
 * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (malware-backdoor.rules)
 * 1:34528 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules)
 * 1:34529 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules)
 * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules)
 * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules)
 * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules)
 * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules)
 * 1:34534 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules)
 * 1:34535 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules)
 * 1:34536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules)
 * 1:34573 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules)
 * 1:34574 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules)
 * 1:34575 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules)
 * 1:34576 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules)
 * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules)
 * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules)
 * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules)
 * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules)
 * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:34585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules)
 * 1:34586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules)
 * 1:34587 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules)
 * 1:34588 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules)
 * 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (server-other.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (server-other.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (server-other.rules)
 * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules)
 * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules)
 * 1:34769 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (server-iis.rules)
 * 1:34770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules)
 * 1:34771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules)
 * 1:34774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules)
 * 1:34775 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules)
 * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules)
 * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules)
 * 1:34780 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules)
 * 1:34781 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules)
 * 1:34782 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules)
 * 1:34783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules)
 * 1:34784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules)
 * 1:34785 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules)
 * 1:34786 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules)
 * 1:34787 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules)
 * 1:34788 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34789 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34792 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:34793 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules)
 * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules)
 * 1:34812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34858 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules)
 * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules)
 * 1:34927 <-> DISABLED <-> PUA-ADWARE PullUpdate installer outbound connection (pua-adware.rules)
 * 1:34930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy outbound traffic attempt (malware-other.rules)
 * 1:34933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HSC DVD driver upgrade code execution attempt (os-windows.rules)
 * 1:34945 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Dridex dropper message (malware-tools.rules)
 * 1:34946 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules)
 * 1:34947 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules)
 * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTimeZone object timezone unserialize type confusion attempt (server-other.rules)
 * 1:34952 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules)
 * 1:34953 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules)
 * 1:34954 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules)
 * 1:34955 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules)
 * 1:34956 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules)
 * 1:34964 <-> DISABLED <-> PUA-ADWARE Win.Adware.Sendori user-agent detection (pua-adware.rules)
 * 1:34969 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules)
 * 1:34970 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules)
 * 1:34973 <-> DISABLED <-> SERVER-OTHER Apache mod_include buffer overflow attempt (server-other.rules)
 * 1:34974 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules)
 * 1:34975 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules)
 * 1:34984 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules)
 * 1:34985 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules)
 * 1:34986 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules)
 * 1:34987 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules)
 * 1:35003 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules)
 * 1:35004 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules)
 * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35022 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules)
 * 1:35023 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules)
 * 1:35038 <-> DISABLED <-> SERVER-OTHER Trustwave ModSecurity chunked transfer encoding policy bypass attempt  (server-other.rules)
 * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules)
 * 1:35044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules)
 * 1:35045 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules)
 * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules)
 * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules)
 * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules)
 * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules)
 * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules)
 * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules)
 * 1:35084 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit binary download request (exploit-kit.rules)
 * 1:35085 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit malicious swf request (exploit-kit.rules)
 * 1:35092 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules)
 * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules)
 * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules)
 * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35105 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules)
 * 1:35106 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules)
 * 1:35107 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules)
 * 1:35108 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules)
 * 1:35109 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules)
 * 1:35110 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules)
 * 1:35111 <-> DISABLED <-> SERVER-OTHER OpenSSL anomalous x509 certificate with default org name and certificate chain detected (server-other.rules)
 * 1:35112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules)
 * 1:35113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules)
 * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules)
 * 1:35129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules)
 * 1:35130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules)
 * 1:35131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules)
 * 1:35132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules)
 * 1:35135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules)
 * 1:35136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules)
 * 1:35143 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules)
 * 1:35144 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer request for msostyle.dll over SMB attempt (file-office.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35149 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules)
 * 1:35150 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules)
 * 1:35160 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35161 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35162 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35163 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35166 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules)
 * 1:35167 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules)
 * 1:35168 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules)
 * 1:35169 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for rapi.dll over SMB attempt (file-office.rules)
 * 1:35174 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules)
 * 1:35175 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35188 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35239 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules)
 * 1:35240 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules)
 * 1:35241 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules)
 * 1:35242 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules)
 * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules)
 * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules)
 * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (server-other.rules)
 * 1:35256 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules)
 * 1:35282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules)
 * 1:35283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules)
 * 1:35284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules)
 * 1:35285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules)
 * 1:35286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules)
 * 1:35287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules)
 * 1:35288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules)
 * 1:35289 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules)
 * 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (server-other.rules)
 * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules)
 * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules)
 * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt  (exploit-kit.rules)
 * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules)
 * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (malware-backdoor.rules)
 * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules)
 * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules)
 * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules)
 * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules)
 * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome xssauditor policy bypass command injection attempt (browser-chrome.rules)
 * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules)
 * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules)
 * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules)
 * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules)
 * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules)
 * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules)
 * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules)
 * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:35487 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules)
 * 1:35488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules)
 * 1:35513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules)
 * 1:35514 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules)
 * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35529 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules)
 * 1:35530 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules)
 * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit flash exploit download attempt (exploit-kit.rules)
 * 1:35543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35544 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35550 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules)
 * 1:35552 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules)
 * 1:35553 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules)
 * 1:35554 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules)
 * 1:35555 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules)
 * 1:35561 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35562 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35563 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules)
 * 1:35564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules)
 * 1:35567 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules)
 * 1:35568 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35628 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules)
 * 1:35629 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules)
 * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules)
 * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules)
 * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules)
 * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules)
 * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules)
 * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules)
 * 1:35689 <-> DISABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules)
 * 1:35739 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules)
 * 1:35740 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt  (file-pdf.rules)
 * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules)
 * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules)
 * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules)
 * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules)
 * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules)
 * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules)
 * 1:35769 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike inbound connection  (malware-backdoor.rules)
 * 1:35770 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike outbound connection  (malware-backdoor.rules)
 * 1:35773 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules)
 * 1:35774 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules)
 * 1:35775 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules)
 * 1:35776 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules)
 * 1:35777 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules)
 * 1:35778 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules)
 * 1:35781 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules)
 * 1:35782 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules)
 * 1:35784 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules)
 * 1:35785 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules)
 * 1:35786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules)
 * 1:35787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules)
 * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules)
 * 1:35805 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules)
 * 1:35806 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules)
 * 1:35807 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules)
 * 1:35808 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules)
 * 1:35826 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules)
 * 1:35827 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules)
 * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules)
 * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules)
 * 1:35831 <-> DISABLED <-> SERVER-OTHER multiple vendors NTP daemon integer overflow attempt (server-other.rules)
 * 1:35845 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules)
 * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules)
 * 1:35851 <-> DISABLED <-> SERVER-OTHER QEMU VNC set-pixel-format memory corruption attempt (server-other.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:35876 <-> DISABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules)
 * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 1:35889 <-> DISABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules)
 * 1:35904 <-> DISABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules)
 * 1:35916 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules)
 * 1:35917 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules)
 * 1:35921 <-> DISABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules)
 * 1:35973 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules)
 * 1:35974 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules)
 * 1:35977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules)
 * 1:35978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules)
 * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules)
 * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:35986 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules)
 * 1:35987 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules)
 * 1:35988 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules)
 * 1:35989 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules)
 * 1:35994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules)
 * 1:35995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules)
 * 1:36010 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules)
 * 1:36011 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules)
 * 1:36012 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules)
 * 1:36013 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules)
 * 1:36016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules)
 * 1:36017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules)
 * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (server-other.rules)
 * 1:36028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules)
 * 1:36029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules)
 * 1:36034 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules)
 * 1:36035 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules)
 * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36067 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules)
 * 1:36096 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake oversized fragment length denial of service attempt (server-other.rules)
 * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules)
 * 1:36201 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules)
 * 1:36239 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules)
 * 1:36240 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules)
 * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules)
 * 1:36247 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules)
 * 1:36248 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules)
 * 1:36250 <-> DISABLED <-> SERVER-OTHER ntpd keyfile buffer overflow attempt (server-other.rules)
 * 1:36251 <-> DISABLED <-> SERVER-OTHER ntpq atoascii memory corruption attempt (server-other.rules)
 * 1:36252 <-> DISABLED <-> SERVER-OTHER ntpd remote configuration denial of service attempt (server-other.rules)
 * 1:36253 <-> DISABLED <-> SERVER-OTHER ntpd saveconfig directory traversal attempt (server-other.rules)
 * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules)
 * 1:36277 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules)
 * 1:36278 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules)
 * 1:36279 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules)
 * 1:36280 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules)
 * 1:36281 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules)
 * 1:36305 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules)
 * 1:36306 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules)
 * 1:36307 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules)
 * 1:36308 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules)
 * 1:36309 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules)
 * 1:36310 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules)
 * 1:36315 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules)
 * 1:36316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded MP4 potential information leak attempt (file-flash.rules)
 * 1:36317 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded FLV potential information leak attempt (file-flash.rules)
 * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules)
 * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (malware-other.rules)
 * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules)
 * 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules)
 * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules)
 * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules)
 * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules)
 * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules)
 * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules)
 * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules)
 * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules)
 * 1:36403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules)
 * 1:36404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules)
 * 1:36405 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules)
 * 1:36406 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules)
 * 1:36407 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules)
 * 1:36408 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules)
 * 1:36409 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules)
 * 1:36410 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules)
 * 1:36415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules)
 * 1:36416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules)
 * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36435 <-> DISABLED <-> SERVER-OTHER Xerox Administrator Console password extraction attempt (server-other.rules)
 * 1:36445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules)
 * 1:36446 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules)
 * 1:36454 <-> DISABLED <-> SERVER-OTHER multiple products WinExec function remote code execution attempt (server-other.rules)
 * 1:36455 <-> DISABLED <-> SERVER-OTHER Schneider Electric InduSoft Web Studio Remote Agent remote code execution attempt (server-other.rules)
 * 1:36456 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules)
 * 1:36457 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules)
 * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules)
 * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules)
 * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules)
 * 1:36492 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules)
 * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules)
 * 1:36498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
 * 1:36499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
 * 1:36500 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
 * 1:36501 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
 * 1:36523 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules)
 * 1:36524 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules)
 * 1:36525 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules)
 * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:36528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules)
 * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules)
 * 1:36535 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page detected (exploit-kit.rules)
 * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:36543 <-> ENABLED <-> EXPLOIT-KIT Hunter exploit kit landing page detected (exploit-kit.rules)
 * 1:36545 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules)
 * 1:36546 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules)
 * 1:36547 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules)
 * 1:36548 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules)
 * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules)
 * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules)
 * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules)
 * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules)
 * 1:36585 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari user assisted applescript code execution attempt (browser-webkit.rules)
 * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules)
 * 1:36606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules)
 * 1:36607 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules)
 * 1:36608 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules)
 * 1:36609 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules)
 * 1:36611 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules)
 * 1:36612 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules)
 * 1:36650 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules)
 * 1:36651 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules)
 * 1:36718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules)
 * 1:36719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules)
 * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules)
 * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules)
 * 1:36766 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules)
 * 1:36767 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules)
 * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules)
 * 1:36786 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules)
 * 1:36787 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules)
 * 1:36789 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules)
 * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules)
 * 1:36804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdistsvc.dll dll-load exploit attempt (os-windows.rules)
 * 1:36805 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet request for peerdistsvc.dll over SMB attempt (os-windows.rules)
 * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules)
 * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules)
 * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules)
 * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (server-other.rules)
 * 1:36825 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules)
 * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules)
 * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules)
 * 1:36856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules)
 * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules)
 * 1:36888 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:36912 <-> DISABLED <-> SERVER-OTHER Novell eDirectory dhost buffer overflow attempt (server-other.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:37017 <-> DISABLED <-> SERVER-OTHER Redis SSH authorized keys file overwrite attempt (server-other.rules)
 * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37028 <-> DISABLED <-> PROTOCOL-OTHER Websocket upgrade request without a client key detected (protocol-other.rules)
 * 1:37054 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules)
 * 1:37055 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules)
 * 1:37056 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules)
 * 1:37057 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules)
 * 1:37058 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules)
 * 1:37059 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules)
 * 1:37060 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules)
 * 1:37061 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules)
 * 1:37062 <-> DISABLED <-> APP-DETECT 12P DNS request attempt (app-detect.rules)
 * 1:37087 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow (os-windows.rules)
 * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules)
 * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules)
 * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules)
 * 1:37281 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules)
 * 1:37282 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules)
 * 1:37288 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37291 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules)
 * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules)
 * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules)
 * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules)
 * 1:37302 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header nonstandard port attempt (app-detect.rules)
 * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules)
 * 1:37304 <-> DISABLED <-> APP-DETECT Hola VPN non-http port ping (app-detect.rules)
 * 1:37305 <-> DISABLED <-> APP-DETECT Hola VPN tunnel keep alive (app-detect.rules)
 * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules)
 * 1:37310 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules)
 * 1:37311 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules)
 * 1:37314 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules)
 * 1:37315 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules)
 * 1:37318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rpawinet.dll dll-load exploit attempt (file-office.rules)
 * 1:37319 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for rpawinet.dll over SMB attempt (file-office.rules)
 * 1:37325 <-> DISABLED <-> BROWSER-CHROME Google Chrome same origin policy bypass attempt (browser-chrome.rules)
 * 1:37328 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37329 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37330 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37331 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37332 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37333 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37334 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37335 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37336 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37337 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37338 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37339 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37340 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37341 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37342 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules)
 * 1:37354 <-> DISABLED <-> APP-DETECT Jenkins Groovy script access through script console attempt (app-detect.rules)
 * 1:37355 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page detected (exploit-kit.rules)
 * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules)
 * 1:37364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules)
 * 1:37365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules)
 * 1:37366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules)
 * 1:37367 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules)
 * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (server-other.rules)
 * 1:37375 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers EXAMINE command buffer overflow attempt (server-mail.rules)
 * 1:37401 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules)
 * 1:37402 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules)
 * 1:37403 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request password parameter overflow attempt (server-other.rules)
 * 1:37404 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request username parameter overflow attempt (server-other.rules)
 * 1:37407 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules)
 * 1:37416 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules)
 * 1:37417 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules)
 * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules)
 * 1:37419 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules)
 * 1:37420 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT initial connection (malware-backdoor.rules)
 * 1:37421 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules)
 * 1:37422 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules)
 * 1:37431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules)
 * 1:37432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules)
 * 1:37441 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules)
 * 1:37442 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules)
 * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules)
 * 1:37452 <-> DISABLED <-> FILE-IDENTIFY PESpin v0.3 packer file magic detected (file-identify.rules)
 * 1:37453 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location.hostname DOM modification bypass attempt (browser-firefox.rules)
 * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules)
 * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules)
 * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules)
 * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules)
 * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules)
 * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules)
 * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules)
 * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules)
 * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules)
 * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules)
 * 1:37583 <-> DISABLED <-> INDICATOR-SHELLCODE Javascript 0xCCCC unicode unescape (indicator-shellcode.rules)
 * 1:37619 <-> DISABLED <-> SERVER-OTHER InterSystems Cache UtilConfigHome.csp buffer overflow attempt (server-other.rules)
 * 1:37620 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework variant outbound connection (pua-adware.rules)
 * 1:37621 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework User-Agent (pua-adware.rules)
 * 1:37635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules)
 * 1:37642 <-> ENABLED <-> PUA-ADWARE Win.Adware.Dealply outbound POST attempt (pua-adware.rules)
 * 1:37643 <-> DISABLED <-> SQL Oracle e-Business Suite ORACLESSWA SQL injection attempt (sql.rules)
 * 1:37648 <-> DISABLED <-> SQL Oracle e-Business Suite JTF_BISUTILITY_PUB SQL injection attempt (sql.rules)
 * 1:37649 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus reserved device name handling vulnerability attempt (file-other.rules)
 * 1:37651 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Downloader outbound connection attempt (malware-tools.rules)
 * 1:37654 <-> DISABLED <-> OS-LINUX Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt (os-linux.rules)
 * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules)
 * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules)
 * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules)
 * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules)
 * 1:37861 <-> DISABLED <-> SERVER-OTHER SafeNEt SoftRemote IKE service buffer overflow attempt (server-other.rules)
 * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules)
 * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules)
 * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules)
 * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules)
 * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37891 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules)
 * 1:37892 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules)
 * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37918 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit Internet Explorer exploit attempt (exploit-kit.rules)
 * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules)
 * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules)
 * 1:38135 <-> DISABLED <-> BROWSER-OTHER Apple iOS CoreGraphics library PDF embedded image handling information leak attempt (browser-other.rules)
 * 1:38136 <-> DISABLED <-> SERVER-MAIL excessive email recipients - potential spam attempt (server-mail.rules)
 * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules)
 * 1:38263 <-> DISABLED <-> SERVER-OTHER CUPS Filters command injection attempt (server-other.rules)
 * 1:38268 <-> DISABLED <-> SERVER-APACHE 404 OK response (server-apache.rules)
 * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules)
 * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules)
 * 1:41064 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Query Log (protocol-scada.rules)
 * 1:41065 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Read command (protocol-scada.rules)
 * 1:41066 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Regulating step command (protocol-scada.rules)
 * 1:41067 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Rest process command (protocol-scada.rules)
 * 1:41068 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Set point command (protocol-scada.rules)
 * 1:41069 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single command (protocol-scada.rules)
 * 1:41070 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single point information (protocol-scada.rules)
 * 1:41071 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Step point information (protocol-scada.rules)
 * 1:41072 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Test command with time tag (protocol-scada.rules)
 * 1:41073 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 bitstring of 32 bits (protocol-scada.rules)
 * 1:41074 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 clock sync command (protocol-scada.rules)
 * 1:41075 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 counter interrogation command (protocol-scada.rules)
 * 1:41076 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 double command issued (protocol-scada.rules)
 * 1:41077 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 unknown ASDU type detected (protocol-scada.rules)
 * 1:41078 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules)
 * 1:41079 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules)
 * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules)
 * 1:41090 <-> DISABLED <-> SERVER-OTHER Rockwell Factorytalk RNADiagReceiver denial of service attempt (server-other.rules)
 * 1:41091 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash Ethernet attempt (protocol-scada.rules)
 * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (server-other.rules)
 * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules)
 * 1:41132 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules)
 * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules)
 * 1:41207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules)
 * 1:41208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules)
 * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules)
 * 1:41298 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules)
 * 1:41299 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules)
 * 1:41300 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules)
 * 1:41301 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules)
 * 1:41302 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules)
 * 1:41303 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules)
 * 1:41304 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules)
 * 1:41305 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules)
 * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules)
 * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules)
 * 1:41365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RtlQueryRegistryValues buffer overflow attempt (os-windows.rules)
 * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules)
 * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco WebEx explicit use of web plugin (policy-other.rules)
 * 1:41416 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules)
 * 1:41417 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules)
 * 1:41440 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules)
 * 1:41445 <-> DISABLED <-> SERVER-OTHER QNAP remote buffer overflow attempt (server-other.rules)
 * 1:41462 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules)
 * 1:41463 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules)
 * 1:41464 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules)
 * 1:41465 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules)
 * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (server-other.rules)
 * 1:41483 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules)
 * 1:41484 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules)
 * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules)
 * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules)
 * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules)
 * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules)
 * 1:41563 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for imjp12k.dll over SMB attempt (file-office.rules)
 * 1:41564 <-> DISABLED <-> FILE-OFFICE Microsoft Office imjp12k.dll dll-load exploit attempt (file-office.rules)
 * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules)
 * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules)
 * 1:41637 <-> DISABLED <-> INDICATOR-COMPROMISE Writable SQL directories discovery attempt (indicator-compromise.rules)
 * 1:41640 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules)
 * 1:41641 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules)
 * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules)
 * 1:41648 <-> DISABLED <-> PROTOCOL-SCADA SCADA Trace Mode DoS attempt (protocol-scada.rules)
 * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules)
 * 1:41651 <-> DISABLED <-> SERVER-OTHER Schneider Electric ETY Telnet DOS attempt (server-other.rules)
 * 1:41658 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules)
 * 1:41659 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules)
 * 1:41664 <-> DISABLED <-> PUA-ADWARE Win.Adware.Xiazai variant outbound connection (pua-adware.rules)
 * 1:41688 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_http2 denial of service attempt (server-apache.rules)
 * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules)
 * 1:41736 <-> DISABLED <-> SERVER-OTHER Beck IPC CHIP DoS attempt (server-other.rules)
 * 1:41737 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules)
 * 1:41738 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules)
 * 1:41739 <-> DISABLED <-> PROTOCOL-SCADA Moxa Mass Config Tool DOS attempt (protocol-scada.rules)
 * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules)
 * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules)
 * 1:41747 <-> DISABLED <-> PROTOCOL-SCADA Moxa SoftCMS webserver DOS attempt (protocol-scada.rules)
 * 1:41755 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules)
 * 1:41756 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules)
 * 1:41757 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules)
 * 1:41758 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules)
 * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41771 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool  (malware-tools.rules)
 * 1:41778 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKFSim_vhfd buffer overflow attempt (protocol-scada.rules)
 * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules)
 * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules)
 * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules)
 * 1:41812 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file move attempt (server-other.rules)
 * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules)
 * 1:41924 <-> DISABLED <-> FILE-OTHER Notepad++ request for scilexer.dll over SMB attempt (file-other.rules)
 * 1:41925 <-> DISABLED <-> FILE-OTHER Notepad++ scilexer.dll dll-load exploit attempt (file-other.rules)
 * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules)
 * 1:41989 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules)
 * 1:41990 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules)
 * 1:41997 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules)
 * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (server-other.rules)
 * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (server-other.rules)
 * 1:42054 <-> DISABLED <-> PROTOCOL-SCADA Moxa get SNMP read string attempt (protocol-scada.rules)
 * 1:42055 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules)
 * 1:42056 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules)
 * 1:42057 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules)
 * 1:42058 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules)
 * 1:42064 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules)
 * 1:42065 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules)
 * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules)
 * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules)
 * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42100 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules)
 * 1:42101 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules)
 * 1:42109 <-> DISABLED <-> PROTOCOL-SCADA invalid modbus protocol identifier (protocol-scada.rules)
 * 1:42127 <-> DISABLED <-> PROTOCOL-SCADA Eaton Network Pi3Web DOS attempt (protocol-scada.rules)
 * 1:42133 <-> DISABLED <-> SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt (server-apache.rules)
 * 1:42163 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules)
 * 1:42164 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules)
 * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules)
 * 1:42224 <-> DISABLED <-> SERVER-OTHER Moxa MX-AOPC XML external entity injection attempt (server-other.rules)
 * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules)
 * 1:42227 <-> DISABLED <-> SERVER-OTHER NTP Config Unpeer denial of service attempt (server-other.rules)
 * 1:42229 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules)
 * 1:42230 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules)
 * 1:42231 <-> DISABLED <-> FILE-OFFICE RTF url moniker COM file download attempt (file-office.rules)
 * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules)
 * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules)
 * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat request for RARfsClientNP.dll over SMB attempt (file-other.rules)
 * 1:42280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat RARfsClientNP.dll dll-load exploit attempt (file-other.rules)
 * 1:42281 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules)
 * 1:42282 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules)
 * 1:42283 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules)
 * 1:42284 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server DOS attempt (protocol-scada.rules)
 * 1:42289 <-> DISABLED <-> INDICATOR-SCAN PHP info leak attempt (indicator-scan.rules)
 * 1:42304 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules)
 * 1:42305 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules)
 * 1:42307 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules)
 * 1:42308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules)
 * 1:42315 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules)
 * 1:42316 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules)
 * 1:42317 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules)
 * 1:42318 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules)
 * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules)
 * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules)
 * 1:42341 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules)
 * 1:42342 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules)
 * 1:42343 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules)
 * 1:42344 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules)
 * 1:42349 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules)
 * 1:42350 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules)
 * 1:42351 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules)
 * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules)
 * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules)
 * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules)
 * 1:42378 <-> DISABLED <-> SERVER-OTHER Yealink VoIP phone remote code execution attempt (server-other.rules)
 * 1:42396 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules)
 * 1:42397 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules)
 * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules)
 * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules)
 * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules)
 * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules)
 * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules)
 * 1:42773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules)
 * 1:42774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules)
 * 1:42786 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules)
 * 1:42822 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules)
 * 1:42823 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules)
 * 1:42824 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules)
 * 1:42825 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules)
 * 1:42846 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules)
 * 1:42847 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules)
 * 1:42861 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon TM221CE16R password retrieval attempt (protocol-scada.rules)
 * 1:42865 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS MIBEntryGet buffer overflow attempt (os-windows.rules)
 * 1:42870 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules)
 * 1:42871 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules)
 * 1:42872 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules)
 * 1:42873 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules)
 * 1:42874 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules)
 * 1:42875 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules)
 * 1:42876 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules)
 * 1:42877 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules)
 * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42919 <-> DISABLED <-> FILE-IDENTIFY ISO file attachment with executable detected (file-identify.rules)
 * 1:42927 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt  (indicator-compromise.rules)
 * 1:42928 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt  (indicator-compromise.rules)
 * 1:42934 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Historian buffer overflow attempt (protocol-scada.rules)
 * 1:42935 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules)
 * 1:42936 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules)
 * 1:42937 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42938 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules)
 * 1:42969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules)
 * 1:42970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules)
 * 1:42971 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules)
 * 1:42972 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules)
 * 1:42995 <-> DISABLED <-> PROTOCOL-SCADA Weintek EB Pro denial of service attempt (protocol-scada.rules)
 * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:43044 <-> DISABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules)
 * 1:43054 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IIS buffer overflow attempt (os-windows.rules)
 * 1:43065 <-> DISABLED <-> INDICATOR-COMPROMISE Trend Micro Control Manager WFINFOR cookie authentication bypass attempt (indicator-compromise.rules)
 * 1:43073 <-> DISABLED <-> SQL SysAid potential default credential login attempt (sql.rules)
 * 1:43074 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious new user creation attempt (indicator-compromise.rules)
 * 1:43075 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious user permissions creation (indicator-compromise.rules)
 * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules)
 * 1:43092 <-> DISABLED <-> INDICATOR-COMPROMISE OLE attachment with embedded PICT attempt (indicator-compromise.rules)
 * 1:43094 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor SCADA information leak attempt (server-other.rules)
 * 1:43103 <-> DISABLED <-> PROTOCOL-SCADA Weintek EasyBuilder Pro denial of service attempt (protocol-scada.rules)
 * 1:43104 <-> DISABLED <-> PROTOCOL-SCADA OPC Systems denial of service attempt (protocol-scada.rules)
 * 1:43105 <-> DISABLED <-> SERVER-OTHER Novus WS10 Data Server buffer overflow attempt (server-other.rules)
 * 1:43106 <-> DISABLED <-> PROTOCOL-SCADA Optima PLC APIFTP denial of service attempt (protocol-scada.rules)
 * 1:43116 <-> DISABLED <-> SERVER-OTHER Moore Industries NCS denial of service attempt (server-other.rules)
 * 1:43122 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess webvrpcs denial of service attempt (protocol-scada.rules)
 * 1:43123 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules)
 * 1:43124 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules)
 * 1:43125 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules)
 * 1:43126 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules)
 * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules)
 * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules)
 * 1:43130 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules)
 * 1:43131 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules)
 * 1:43132 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules)
 * 1:43133 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules)
 * 1:43136 <-> DISABLED <-> SERVER-MAIL SysGauge SMTP response buffer overflow (server-mail.rules)
 * 1:43137 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules)
 * 1:43138 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules)
 * 1:43139 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules)
 * 1:43140 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules)
 * 1:43141 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules)
 * 1:43142 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules)
 * 1:43143 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules)
 * 1:43144 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules)
 * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43177 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIPROTEC V4.24 crafted packet denial of service attempt (protocol-scada.rules)
 * 1:43218 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules)
 * 1:43219 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules)
 * 1:43221 <-> ENABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules)
 * 1:43225 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules)
 * 1:43226 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules)
 * 1:43227 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force off denial of service attempt (protocol-scada.rules)
 * 1:43228 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force on denial of service attempt (protocol-scada.rules)
 * 1:43229 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules)
 * 1:43230 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules)
 * 1:43231 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules)
 * 1:43232 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules)
 * 1:43233 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules)
 * 1:43234 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules)
 * 1:43235 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules)
 * 1:43236 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules)
 * 1:43239 <-> DISABLED <-> PROTOCOL-FTP WS-FTP REST command overly large file creation attempt (protocol-ftp.rules)
 * 1:43247 <-> DISABLED <-> SERVER-APACHE Apache Rave information disclosure attempt (server-apache.rules)
 * 1:43252 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 device connection enumeration attempt (protocol-scada.rules)
 * 1:43253 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 virtual manufacturing device domain variable enumeration attempt (protocol-scada.rules)
 * 1:43259 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules)
 * 1:43260 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules)
 * 1:43261 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules)
 * 1:43262 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules)
 * 1:43263 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules)
 * 1:43264 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules)
 * 1:43275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules)
 * 1:43276 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules)
 * 1:43277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules)
 * 1:43278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules)
 * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (server-other.rules)
 * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (browser-webkit.rules)
 * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (protocol-scada.rules)
 * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (server-other.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43368 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules)
 * 1:43369 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules)
 * 1:43370 <-> DISABLED <-> NETBIOS DCERPC possible wmi remote process launch (netbios.rules)
 * 1:43384 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules)
 * 1:43385 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules)
 * 1:43386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules)
 * 1:43387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules)
 * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (os-other.rules)
 * 1:43389 <-> DISABLED <-> INDICATOR-COMPROMISE Symantec Endpoint Protection potential binary planting RCE attempt (indicator-compromise.rules)
 * 1:43397 <-> DISABLED <-> SERVER-OTHER Proface GP-Pro EX EX-ED BeginPreRead stack buffer overflow attempt (server-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)
 * 1:43442 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules)
 * 1:43443 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules)
 * 1:43450 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules)
 * 1:43514 <-> DISABLED <-> SERVER-OTHER Cisco IOS authentication proxy authentication request attempt (server-other.rules)
 * 1:43516 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules)
 * 1:43517 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules)
 * 1:43525 <-> DISABLED <-> SERVER-OTHER Cisco ASA malformed SCCP packet denial of service attempt (server-other.rules)
 * 1:43540 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules)
 * 1:43541 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules)
 * 1:43542 <-> DISABLED <-> SERVER-OTHER CCProxy telnet ping buffer overflow attempt (server-other.rules)
 * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules)
 * 1:43546 <-> DISABLED <-> INDICATOR-COMPROMISE Juniper vSRX Application Firewall IPv6 REJECT buffer overflow attempt (indicator-compromise.rules)
 * 1:43547 <-> DISABLED <-> SERVER-APACHE httpd mod_mime content-type buffer overflow attempt (server-apache.rules)
 * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules)
 * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules)
 * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules)
 * 1:43565 <-> DISABLED <-> APP-DETECT HTTPTunnel proxy outbound connection detected (app-detect.rules)
 * 1:43566 <-> DISABLED <-> SERVER-OTHER LAN Messenger initiation request buffer overflow attempt (server-other.rules)
 * 1:43573 <-> DISABLED <-> SERVER-OTHER Cisco IOS DHCP denial of service attempt (server-other.rules)
 * 1:43576 <-> DISABLED <-> INDICATOR-COMPROMISE possible Samsung DVR authentication bypass attempt (indicator-compromise.rules)
 * 1:43581 <-> DISABLED <-> SERVER-OTHER Oracle DBMS AUTH_ALTER_SESSION SQL injection attempt (server-other.rules)
 * 1:43582 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .wav file buffer overflow attempt (file-other.rules)
 * 1:43596 <-> DISABLED <-> SERVER-OTHER Oracle Demantra information disclosure attempt (server-other.rules)
 * 1:43600 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules)
 * 1:43601 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules)
 * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules)
 * 1:43603 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules)
 * 1:43604 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules)
 * 1:43610 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules)
 * 1:43611 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules)
 * 1:43620 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules)
 * 1:43621 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules)
 * 1:43623 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules)
 * 1:43624 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules)
 * 1:43626 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules)
 * 1:43627 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules)
 * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules)
 * 1:43633 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules)
 * 1:43638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules)
 * 1:43639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules)
 * 1:43640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules)
 * 1:43641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules)
 * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules)
 * 1:43643 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox design mode deleted style memory corruption attempt (browser-firefox.rules)
 * 1:43644 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox display moz-deck style memory corruption attempt (browser-firefox.rules)
 * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules)
 * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules)
 * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules)
 * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules)
 * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules)
 * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (server-other.rules)
 * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules)
 * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules)
 * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules)
 * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules)
 * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules)
 * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules)
 * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules)
 * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules)
 * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (malware-other.rules)
 * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (malware-other.rules)
 * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (malware-other.rules)
 * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (server-other.rules)
 * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (server-other.rules)
 * 1:43728 <-> DISABLED <-> SERVER-OTHER XChat heap buffer overflow attempt (server-other.rules)
 * 1:43730 <-> DISABLED <-> SERVER-OTHER multiple vulnerabilities malformed mp3 buffer overflow attempt (server-other.rules)
 * 1:43748 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules)
 * 1:43749 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules)
 * 1:43750 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules)
 * 1:43751 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules)
 * 1:43752 <-> DISABLED <-> SERVER-OTHER Sun Solaris dhcpd malformed bootp denial of service attempt (server-other.rules)
 * 1:43753 <-> DISABLED <-> SERVER-OTHER Sami FTP RETR denial of service attempt (server-other.rules)
 * 1:43760 <-> DISABLED <-> PROTOCOL-NNTP Control overflow attempt (protocol-nntp.rules)
 * 1:43761 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox wyciwgy domain forgery attempt (browser-firefox.rules)
 * 1:43763 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules)
 * 1:43764 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules)
 * 1:43765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules)
 * 1:43766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules)
 * 1:43767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules)
 * 1:43768 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules)
 * 1:43769 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules)
 * 1:43770 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules)
 * 1:43771 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules)
 * 1:43772 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules)
 * 1:43773 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules)
 * 1:43774 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules)
 * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules)
 * 1:43794 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules)
 * 1:43795 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules)
 * 1:43797 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules)
 * 1:43798 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules)
 * 1:43806 <-> DISABLED <-> MALWARE-BACKDOOR HVL Rat inbound command (malware-backdoor.rules)
 * 1:43815 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules)
 * 1:43816 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules)
 * 1:43817 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules)
 * 1:43818 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules)
 * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules)
 * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules)
 * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (file-other.rules)
 * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (file-other.rules)
 * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules)
 * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules)
 * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43871 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules)
 * 1:43872 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules)
 * 1:43873 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules)
 * 1:43874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules)
 * 1:43879 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules)
 * 1:43880 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules)
 * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules)
 * 1:43892 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules)
 * 1:43914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules)
 * 1:43915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules)
 * 1:43918 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules)
 * 1:43919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules)
 * 1:43920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules)
 * 1:43921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules)
 * 1:43922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules)
 * 1:43923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules)
 * 1:43926 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules)
 * 1:43927 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules)
 * 1:43928 <-> DISABLED <-> PROTOCOL-OTHER NETBIOS Session Service header length field denial of service attempt (protocol-other.rules)
 * 1:43942 <-> DISABLED <-> FILE-OTHER Abbs Media Player LST buffer overflow attempt (file-other.rules)
 * 1:43943 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.DonaldDick variant outbound connection detection (malware-backdoor.rules)
 * 1:43944 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules)
 * 1:43945 <-> DISABLED <-> FILE-OTHER Magic Music Editor malformed CDA buffer overflow attempt (file-other.rules)
 * 1:43946 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules)
 * 1:43947 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules)
 * 1:43952 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules)
 * 1:43953 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules)
 * 1:43954 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules)
 * 1:43955 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules)
 * 1:43956 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules)
 * 1:43959 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules)
 * 1:43960 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules)
 * 1:43965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules)
 * 1:43966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules)
 * 1:43970 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules)
 * 1:43971 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules)
 * 1:43975 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules)
 * 1:43976 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules)
 * 1:43986 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electroc ModbusDrv.exe buffer overflow attempt (protocol-scada.rules)
 * 1:43987 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules)
 * 1:43988 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules)
 * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules)
 * 1:44009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules)
 * 1:44010 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules)
 * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules)
 * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules)
 * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules)
 * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules)
 * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules)
 * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules)
 * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules)
 * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules)
 * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules)
 * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules)
 * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules)
 * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:44078 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod file download (malware-other.rules)
 * 1:44096 <-> DISABLED <-> MALWARE-TOOLS Request to service that provices external IP address detected (malware-tools.rules)
 * 1:44103 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules)
 * 1:44104 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules)
 * 1:44105 <-> DISABLED <-> SERVER-OTHER WebPageTests upload feature remote file upload attempt (server-other.rules)
 * 1:44108 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules)
 * 1:44109 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules)
 * 1:44110 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules)
 * 1:44111 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules)
 * 1:44112 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules)
 * 1:44113 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules)
 * 1:44114 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules)
 * 1:44115 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules)
 * 1:44119 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules)
 * 1:44120 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules)
 * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules)
 * 1:44123 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules)
 * 1:44124 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules)
 * 1:44143 <-> DISABLED <-> SERVER-OTHER LCDproc test_func format string code execution attempt (server-other.rules)
 * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules)
 * 1:44152 <-> DISABLED <-> SERVER-OTHER Multmedia Builder MEF buffer overflow attempt (server-other.rules)
 * 1:44155 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules)
 * 1:44156 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules)
 * 1:44158 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules)
 * 1:44159 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules)
 * 1:44172 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious dynamic http link creation attempt (indicator-obfuscation.rules)
 * 1:44180 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules)
 * 1:44181 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules)
 * 1:44194 <-> DISABLED <-> FILE-MULTIMEDIA multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:44201 <-> DISABLED <-> SERVER-OTHER Verso NetPerformer frame relay access device telnet buffer overflow attempt (server-other.rules)
 * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules)
 * 1:44203 <-> DISABLED <-> SERVER-OTHER HP Data Protector memory corruption attempt (server-other.rules)
 * 1:44204 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules)
 * 1:44205 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules)
 * 1:44206 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44207 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44208 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44209 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules)
 * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules)
 * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:44286 <-> DISABLED <-> FILE-IMAGE Real-DRAW PRO malformed PNG denial of service attempt (file-image.rules)
 * 1:44303 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules)
 * 1:44304 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules)
 * 1:44320 <-> DISABLED <-> SERVER-OTHER Symantec Firewalls DNS response denial of service attempt (server-other.rules)
 * 1:44323 <-> DISABLED <-> FILE-OTHER RAR file malformed header antivirus evasion attempt (file-other.rules)
 * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules)
 * 1:44325 <-> DISABLED <-> FILE-OTHER ZIP file malformed header antivirus evasion attempt (file-other.rules)
 * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules)
 * 1:44355 <-> DISABLED <-> FILE-IMAGE Free Opener malformed JPEG file buffer overflow attempt (file-image.rules)
 * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules)
 * 1:44368 <-> DISABLED <-> PROTOCOL-SCADA CoDeSys GatewayService heap overrun attempt (protocol-scada.rules)
 * 1:44369 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules)
 * 1:44370 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules)
 * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules)
 * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules)
 * 1:44382 <-> DISABLED <-> SERVER-OTHER D-Link router remote reboot attempt (server-other.rules)
 * 1:44394 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules)
 * 1:44395 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules)
 * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules)
 * 1:44418 <-> DISABLED <-> SERVER-OTHER Tipping Point IPS reverse DNS lookup format string exploit attempt (server-other.rules)
 * 1:44434 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server possible OPTIONS method memory leak attempt (server-apache.rules)
 * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:44468 <-> DISABLED <-> SERVER-OTHER SAP Netweaver Dynpro Engine denial of service attempt (server-other.rules)
 * 1:44474 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Change Cipher spoof runtime detection (malware-other.rules)
 * 1:44475 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Handshake spoof runtime detection (malware-other.rules)
 * 1:44476 <-> DISABLED <-> PUA-ADWARE Win.Adware.OutBrowse variant outbound connection detected (pua-adware.rules)
 * 1:44479 <-> DISABLED <-> PROTOCOL-DNS dnsmasq overly large DNS query denial of service attempt (protocol-dns.rules)
 * 1:44481 <-> DISABLED <-> SERVER-OTHER dnsmasq IPv6 heap overflow attempt (server-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44574 <-> DISABLED <-> SERVER-OTHER Ipass Client control pipe remote code execution attempt (server-other.rules)
 * 1:44576 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ arbitrary file upload attempt (server-other.rules)
 * 1:44577 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ cross site scripting attempt (server-other.rules)
 * 1:44581 <-> DISABLED <-> SERVER-OTHER TrendMicro OfficeScan LogonUser buffer overflow attempt (server-other.rules)
 * 1:44585 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules)
 * 1:44586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules)
 * 1:44615 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious javascript deobfuscation calls attempt (indicator-obfuscation.rules)
 * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules)
 * 1:44633 <-> DISABLED <-> SERVER-OTHER Colorado FTP Server directory traversal attempt (server-other.rules)
 * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules)
 * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules)
 * 1:44647 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules)
 * 1:44648 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules)
 * 1:44649 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules)
 * 1:44650 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules)
 * 1:44651 <-> DISABLED <-> NETBIOS SMB NTLMSSP authentication brute force attempt (netbios.rules)
 * 1:44660 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 command execution attempt (server-other.rules)
 * 1:44661 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules)
 * 1:44662 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules)
 * 1:44663 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS SNMP security bypass attempt (server-other.rules)
 * 1:44665 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules)
 * 1:44666 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules)
 * 1:44674 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query integer overflow attempt (server-mysql.rules)
 * 1:44676 <-> DISABLED <-> SERVER-OTHER Wireshark Sigcomp buffer overflow attempt (server-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44679 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules)
 * 1:44680 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:44691 <-> DISABLED <-> PUA-ADWARE Win.Adware.Clover outbound connection (pua-adware.rules)
 * 1:44694 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44695 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44715 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules)
 * 1:44716 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules)
 * 1:44717 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules)
 * 1:44718 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules)
 * 1:44719 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules)
 * 1:44720 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules)
 * 1:44721 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Manager process arbitrary file execution attempt (server-other.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:44756 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK denial of service attempt (server-other.rules)
 * 1:44757 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules)
 * 1:44758 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules)
 * 1:44759 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules)
 * 1:44783 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules)
 * 1:44784 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules)
 * 1:44785 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules)
 * 1:44786 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules)
 * 1:44795 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules)
 * 1:44796 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules)
 * 1:44808 <-> DISABLED <-> INDICATOR-COMPROMISE Apache HTTP Server possible mod_dav.c remote denial of service vulnerability attempt (indicator-compromise.rules)
 * 1:44825 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules)
 * 1:44826 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules)
 * 1:44838 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules)
 * 1:44839 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules)
 * 1:44864 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules)
 * 1:44865 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules)
 * 1:44878 <-> DISABLED <-> SERVER-OTHER Mako Web Server arbitrary file upload attempt (server-other.rules)
 * 1:44889 <-> DISABLED <-> PUA-TOOLBARS WidgiToolbar toolbar runtime detection (pua-toolbars.rules)
 * 1:44904 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules)
 * 1:44905 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules)
 * 1:44906 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules)
 * 1:44907 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules)
 * 1:44914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules)
 * 1:44915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules)
 * 1:44919 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules)
 * 1:44920 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules)
 * 1:44931 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules)
 * 1:44932 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules)
 * 1:44935 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules)
 * 1:44936 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules)
 * 1:44941 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules)
 * 1:44942 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules)
 * 1:44947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:44948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:44957 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules)
 * 1:44958 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules)
 * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules)
 * 1:44974 <-> DISABLED <-> SERVER-OTHER Cisco IOS Smart Install identification attempt (server-other.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:44979 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules)
 * 1:44980 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules)
 * 1:44981 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules)
 * 1:44982 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules)
 * 1:44985 <-> DISABLED <-> SERVER-OTHER Galil RIO-47100 denial of service attempt (server-other.rules)
 * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45058 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules)
 * 1:45059 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules)
 * 1:45068 <-> DISABLED <-> SERVER-OTHER Oracle Identity Manager default login attempt (server-other.rules)
 * 1:45069 <-> DISABLED <-> SERVER-SAMBA Samba write andx command memory leak attempt (server-samba.rules)
 * 1:45070 <-> DISABLED <-> SERVER-SAMBA Samba write and close command memory leak attempt (server-samba.rules)
 * 1:45071 <-> DISABLED <-> SERVER-SAMBA Samba write and unlock command memory leak attempt (server-samba.rules)
 * 1:45072 <-> DISABLED <-> SERVER-SAMBA Samba write command memory leak attempt (server-samba.rules)
 * 1:45085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:45101 <-> DISABLED <-> PROTOCOL-SCADA vxworks rpc credential flavor integer overflow device crash attempt (protocol-scada.rules)
 * 1:45108 <-> DISABLED <-> PROTOCOL-RPC XDR string allocation denial of service attempt (protocol-rpc.rules)
 * 1:45125 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules)
 * 1:45126 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules)
 * 1:45152 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules)
 * 1:45153 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules)
 * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (server-other.rules)
 * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules)
 * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules)
 * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules)
 * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules)
 * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules)
 * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules)
 * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules)
 * 1:45206 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules)
 * 1:45207 <-> DISABLED <-> PROTOCOL-SCADA WelinTech Kingview History Server denial of service attempt (protocol-scada.rules)
 * 1:45224 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules)
 * 1:45225 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules)
 * 1:45227 <-> DISABLED <-> SERVER-OTHER Docker Rancher Server remote code execution attempt (server-other.rules)
 * 1:45228 <-> DISABLED <-> SERVER-OTHER Medal Of Honor Allied Assault getinfo buffer overflow attempt (server-other.rules)
 * 1:45233 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus stop command attempt (protocol-scada.rules)
 * 1:45234 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus start command attempt (protocol-scada.rules)
 * 1:45246 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules)
 * 1:45247 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules)
 * 1:45253 <-> DISABLED <-> SERVER-OTHER Dahua DVR hard-coded root login attempt (server-other.rules)
 * 1:45256 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules)
 * 1:45257 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules)
 * 1:45307 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules)
 * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules)
 * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules)
 * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules)
 * 1:45356 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules)
 * 1:45380 <-> DISABLED <-> SERVER-OTHER Sixnet SixView Manager directory traversal attempt (server-other.rules)
 * 1:45385 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules)
 * 1:45386 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules)
 * 1:45394 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd denial of service attempt (server-other.rules)
 * 1:45397 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules)
 * 1:45398 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules)
 * 1:45402 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules)
 * 1:45403 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules)
 * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules)
 * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules)
 * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules)
 * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules)
 * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules)
 * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules)
 * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules)
 * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules)
 * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules)
 * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules)
 * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules)
 * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules)
 * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules)
 * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules)
 * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules)
 * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules)
 * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules)
 * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (browser-firefox.rules)
 * 1:45491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules)
 * 1:45492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules)
 * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules)
 * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules)
 * 1:45533 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules)
 * 1:45534 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules)
 * 1:45535 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules)
 * 1:45536 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules)
 * 1:45543 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules)
 * 1:45544 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules)
 * 1:45545 <-> DISABLED <-> PUA-ADWARE Osx.Adware.Mughthesec outbound connection attempt (pua-adware.rules)
 * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (pua-other.rules)
 * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (malware-other.rules)
 * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (server-other.rules)
 * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules)
 * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules)
 * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules)
 * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules)
 * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules)
 * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules)
 * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules)
 * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules)
 * 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules)
 * 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules)
 * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules)
 * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules)
 * 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules)
 * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (protocol-ftp.rules)
 * 1:45611 <-> DISABLED <-> PROTOCOL-SNMP Cambium cnPilot SNMP request with read-only community string attempt (protocol-snmp.rules)
 * 1:45612 <-> DISABLED <-> PROTOCOL-TFTP WRITE long filename attempt (protocol-tftp.rules)
 * 1:45618 <-> DISABLED <-> PROTOCOL-SNMP Cambium ePMP SNMP request with read-only community string attempt (protocol-snmp.rules)
 * 1:45619 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules)
 * 1:45630 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules)
 * 1:45631 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules)
 * 1:45638 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules)
 * 1:45639 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules)
 * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:45669 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules)
 * 1:45670 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules)
 * 1:45671 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules)
 * 1:45672 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules)
 * 1:45684 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules)
 * 1:45685 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules)
 * 1:45686 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules)
 * 1:45687 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules)
 * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules)
 * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules)
 * 1:45745 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules)
 * 1:45746 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules)
 * 1:45747 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules)
 * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules)
 * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules)
 * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules)
 * 1:45776 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:45777 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules)
 * 1:45780 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules)
 * 1:45781 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules)
 * 1:45784 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules)
 * 1:45785 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules)
 * 1:45802 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:45803 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:45871 <-> DISABLED <-> PROTOCOL-SCADA IntegraXor 6x denial of service attempt (protocol-scada.rules)
 * 1:45879 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules)
 * 1:45880 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules)
 * 1:45919 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror EK landing page attempt (exploit-kit.rules)
 * 1:45933 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules)
 * 1:45934 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules)
 * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules)
 * 1:46072 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules)
 * 1:46073 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules)
 * 1:46074 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules)
 * 1:46075 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules)
 * 1:46077 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules)
 * 1:46078 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules)
 * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (protocol-other.rules)
 * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules)
 * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules)
 * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules)
 * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules)
 * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules)
 * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules)
 * 1:46258 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules)
 * 1:46259 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules)
 * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules)
 * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (server-other.rules)
 * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules)
 * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules)
 * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules)
 * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules)
 * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules)
 * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules)
 * 1:46336 <-> DISABLED <-> SERVER-APACHE  Apache Jetspeed User Manager service unauthorized API access attempt (server-apache.rules)
 * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules)
 * 1:46366 <-> ENABLED <-> PUA-OTHER CryptoNight webassembly download attempt (pua-other.rules)
 * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules)
 * 1:46373 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules)
 * 1:46374 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules)
 * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules)
 * 1:46381 <-> DISABLED <-> INDICATOR-COMPROMISE Potential data exfiltration through Google form submission (indicator-compromise.rules)
 * 1:46382 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration denial of service attempt (server-other.rules)
 * 1:46383 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration information disclosure attempt (server-other.rules)
 * 1:46387 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP zero-origin timestamp denial of service attempt (server-other.rules)
 * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules)
 * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules)
 * 1:46398 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules)
 * 1:46399 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules)
 * 1:46403 <-> DISABLED <-> NETBIOS SMB NTLM Authentication with unknown authentication message type attempt (netbios.rules)
 * 1:46409 <-> DISABLED <-> OS-WINDOWS Attempted DNS overflow (os-windows.rules)
 * 1:46412 <-> DISABLED <-> PUA-OTHER Javascript obfuscated by obfuscator.io download attempt (pua-other.rules)
 * 1:46417 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules)
 * 1:46418 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules)
 * 1:46419 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules)
 * 1:46420 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules)
 * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
 * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules)
 * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules)
 * 1:46484 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers DELETE command buffer overflow attempt (server-mail.rules)
 * 1:46495 <-> DISABLED <-> SERVER-OTHER HTTP request smuggling attempt (server-other.rules)
 * 1:46613 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules)
 * 1:46614 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules)
 * 1:46615 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules)
 * 1:46616 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules)
 * 1:46617 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules)
 * 1:46618 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules)
 * 1:46619 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules)
 * 1:46663 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound telize.com geo-IP location connection attempt (indicator-compromise.rules)
 * 1:46664 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound freegeoip.net geo-IP location connection attempt (indicator-compromise.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46679 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules)
 * 1:46711 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules)
 * 1:46712 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules)
 * 1:46715 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules)
 * 1:46716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules)
 * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules)
 * 1:46729 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules)
 * 1:46730 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules)
 * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules)
 * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules)
 * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules)
 * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules)
 * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:46848 <-> DISABLED <-> INDICATOR-COMPROMISE Possible Samba internal DNS forged response (indicator-compromise.rules)
 * 1:46878 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules)
 * 1:46879 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules)
 * 1:46880 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules)
 * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules)
 * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules)
 * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules)
 * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules)
 * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules)
 * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules)
 * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules)
 * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules)
 * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules)
 * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules)
 * 1:46931 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules)
 * 1:46932 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules)
 * 1:46957 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules)
 * 1:46958 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules)
 * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules)
 * 1:46975 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules)
 * 1:46976 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules)
 * 1:46977 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules)
 * 1:46978 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules)
 * 1:46979 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules)
 * 1:46980 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules)
 * 1:47018 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules)
 * 1:47019 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules)
 * 1:47024 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules)
 * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules)
 * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules)
 * 1:47043 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA user enumeration attempt (indicator-compromise.rules)
 * 1:47044 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA privilege escalation attempt (indicator-compromise.rules)
 * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules)
 * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules)
 * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules)
 * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules)
 * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules)
 * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules)
 * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules)
 * 1:47318 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules)
 * 1:47319 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules)
 * 1:47334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules)
 * 1:47335 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules)
 * 1:47378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules)
 * 1:47379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules)
 * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules)
 * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules)
 * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules)
 * 1:47422 <-> DISABLED <-> FILE-OTHER SAP GUI ABAP code arbitrary dll-load attempt (file-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:47541 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules)
 * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules)
 * 1:47611 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules)
 * 1:47612 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules)
 * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules)
 * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules)
 * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:47820 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules)
 * 1:47821 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules)
 * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
 * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules)
 * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules)
 * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules)
 * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules)
 * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules)
 * 1:47889 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:47890 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules)
 * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48109 <-> DISABLED <-> SERVER-OTHER Aktakom oscilloscope denial of service attempt (server-other.rules)
 * 1:48114 <-> DISABLED <-> SERVER-OTHER Delta Industrial Automation Robot DRAStudio Arbitrary File Disclosure attempt (server-other.rules)
 * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules)
 * 1:48127 <-> DISABLED <-> SERVER-OTHER Reliance SCADA Control Server Denial of Service attempt (server-other.rules)
 * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules)
 * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules)
 * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Filter Manager Elevation Of Privilege attempt (os-windows.rules)
 * 1:48211 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules)
 * 1:48212 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules)
 * 1:48221 <-> DISABLED <-> SERVER-OTHER Oracle MySQL uninitialized variable remote code execution attempt (server-other.rules)
 * 1:48222 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules)
 * 1:48223 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules)
 * 1:48224 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules)
 * 1:48225 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules)
 * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules)
 * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules)
 * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules)
 * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules)
 * 1:48400 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules)
 * 1:48401 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules)
 * 1:48439 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address/location detected (indicator-compromise.rules)
 * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules)
 * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules)
 * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules)
 * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules)
 * 1:48576 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules)
 * 1:48577 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules)
 * 1:48584 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules)
 * 1:48585 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules)
 * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules)
 * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules)
 * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules)
 * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules)
 * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules)
 * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules)
 * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules)
 * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
 * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48984 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII request  (protocol-scada.rules)
 * 1:48985 <-> DISABLED <-> PROTOCOL-SCADA PCOM Init Device ASCII request  (protocol-scada.rules)
 * 1:48986 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII request  (protocol-scada.rules)
 * 1:48987 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII request  (protocol-scada.rules)
 * 1:48988 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII request  (protocol-scada.rules)
 * 1:48989 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII request  (protocol-scada.rules)
 * 1:48990 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII request  (protocol-scada.rules)
 * 1:48991 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII request  (protocol-scada.rules)
 * 1:48992 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII request  (protocol-scada.rules)
 * 1:48993 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Longs ASCII request  (protocol-scada.rules)
 * 1:48994 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII request  (protocol-scada.rules)
 * 1:48995 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII request  (protocol-scada.rules)
 * 1:48996 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Longs ASCII request  (protocol-scada.rules)
 * 1:48997 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII request  (protocol-scada.rules)
 * 1:48998 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII request  (protocol-scada.rules)
 * 1:48999 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII request  (protocol-scada.rules)
 * 1:49000 <-> DISABLED <-> PROTOCOL-SCADA PCOM Stop Device ASCII request  (protocol-scada.rules)
 * 1:49001 <-> DISABLED <-> PROTOCOL-SCADA PCOM Start Device ASCII request  (protocol-scada.rules)
 * 1:49002 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Longs ASCII request  (protocol-scada.rules)
 * 1:49003 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII request  (protocol-scada.rules)
 * 1:49004 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII request  (protocol-scada.rules)
 * 1:49005 <-> DISABLED <-> PROTOCOL-SCADA PCOM Reset Device ASCII request  (protocol-scada.rules)
 * 1:49006 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Longs ASCII request  (protocol-scada.rules)
 * 1:49007 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII request  (protocol-scada.rules)
 * 1:49008 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary request (protocol-scada.rules)
 * 1:49009 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII reply (protocol-scada.rules)
 * 1:49010 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII reply (protocol-scada.rules)
 * 1:49011 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII reply (protocol-scada.rules)
 * 1:49012 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary request (protocol-scada.rules)
 * 1:49013 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII reply (protocol-scada.rules)
 * 1:49014 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary request (protocol-scada.rules)
 * 1:49015 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary request (protocol-scada.rules)
 * 1:49016 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII reply (protocol-scada.rules)
 * 1:49017 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII reply (protocol-scada.rules)
 * 1:49018 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII reply (protocol-scada.rules)
 * 1:49019 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Longs ASCII reply (protocol-scada.rules)
 * 1:49020 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII reply (protocol-scada.rules)
 * 1:49021 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII reply (protocol-scada.rules)
 * 1:49022 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII reply (protocol-scada.rules)
 * 1:49023 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII reply (protocol-scada.rules)
 * 1:49024 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII reply (protocol-scada.rules)
 * 1:49025 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII reply (protocol-scada.rules)
 * 1:49026 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII reply (protocol-scada.rules)
 * 1:49027 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII reply (protocol-scada.rules)
 * 1:49028 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII reply (protocol-scada.rules)
 * 1:49029 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Longs ASCII reply (protocol-scada.rules)
 * 1:49030 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary reply (protocol-scada.rules)
 * 1:49031 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary reply (protocol-scada.rules)
 * 1:49032 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary reply (protocol-scada.rules)
 * 1:49033 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary reply (protocol-scada.rules)
 * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules)
 * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules)
 * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
 * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules)
 * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules)
 * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules)
 * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules)
 * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules)

2019-04-26 22:47:56 UTC

Snort Subscriber Rules Update

Date: 2019-04-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49942 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules)
 * 1:49941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection attempt (malware-cnc.rules)
 * 1:49943 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules)
 * 1:49940 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 3:49939 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed RecolorInfoAtom out of bounds read attempt (file-office.rules)

Modified Rules:


 * 1:35189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:10064 <-> DISABLED <-> SERVER-OTHER Peercast URL Parameter overflow attempt (server-other.rules)
 * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules)
 * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules)
 * 1:10090 <-> DISABLED <-> PUA-ADWARE Trickler zango easymessenger outbound connection (pua-adware.rules)
 * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules)
 * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules)
 * 1:10093 <-> DISABLED <-> PUA-TOOLBARS Hijacker kuaiso toolbar runtime detection (pua-toolbars.rules)
 * 1:10094 <-> DISABLED <-> PUA-ADWARE Adware borlan runtime detection (pua-adware.rules)
 * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules)
 * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules)
 * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules)
 * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules)
 * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules)
 * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules)
 * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules)
 * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules)
 * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules)
 * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules)
 * 1:10111 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10115 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules)
 * 1:10123 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone default password attempt (protocol-voip.rules)
 * 1:10124 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone authentication bypass (protocol-voip.rules)
 * 1:10125 <-> DISABLED <-> SERVER-OTHER bomberclone buffer overflow attempt (server-other.rules)
 * 1:10131 <-> DISABLED <-> BROWSER-FIREFOX Mozilla compareTo arbitrary code execution attempt (browser-firefox.rules)
 * 1:10134 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service buffer overflow attempt (server-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10164 <-> DISABLED <-> PUA-ADWARE Adware adclicker-ej runtime detection (pua-adware.rules)
 * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules)
 * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules)
 * 1:10167 <-> DISABLED <-> MALWARE-OTHER Keylogger radar spy 1.0 runtime detection - send html log (malware-other.rules)
 * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules)
 * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules)
 * 1:10180 <-> DISABLED <-> PUA-TOOLBARS Adware eqiso runtime detection (pua-toolbars.rules)
 * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules)
 * 1:10182 <-> DISABLED <-> PUA-ADWARE Adware newweb runtime detection (pua-adware.rules)
 * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules)
 * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules)
 * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules)
 * 1:10186 <-> DISABLED <-> SERVER-MAIL ClamAV mime parsing directory traversal (server-mail.rules)
 * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules)
 * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules)
 * 1:10285 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (netbios.rules)
 * 1:10408 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules)
 * 1:10409 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules)
 * 1:10410 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules)
 * 1:10411 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules)
 * 1:10418 <-> DISABLED <-> OS-SOLARIS Oracle Solaris lpd unlink file attempt (os-solaris.rules)
 * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules)
 * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules)
 * 1:10437 <-> DISABLED <-> PUA-ADWARE Hijacker bazookabar outbound connection (pua-adware.rules)
 * 1:10439 <-> DISABLED <-> PUA-ADWARE Adware mokead runtime detection (pua-adware.rules)
 * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules)
 * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules)
 * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules)
 * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules)
 * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules)
 * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules)
 * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules)
 * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules)
 * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules)
 * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules)
 * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules)
 * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules)
 * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:10464 <-> DISABLED <-> PROTOCOL-TELNET kerberos login environment variable authentication bypass attempt (protocol-telnet.rules)
 * 1:11001 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules)
 * 1:11002 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules)
 * 1:11003 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:11073 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (os-windows.rules)
 * 1:11074 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (os-windows.rules)
 * 1:11175 <-> DISABLED <-> SERVER-ORACLE dbms_cdc_ipublish.chgtab_cache buffer overflow attempt (server-oracle.rules)
 * 1:11191 <-> DISABLED <-> SERVER-IIS Microsoft Content Management Server memory corruption (server-iis.rules)
 * 1:11203 <-> DISABLED <-> SERVER-ORACLE sys.dbms_apply_user_agent.set_registration_handler access attempt (server-oracle.rules)
 * 1:11205 <-> DISABLED <-> SERVER-ORACLE sys.dbms_upgrade_internal access attempt (server-oracle.rules)
 * 1:11263 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (server-apache.rules)
 * 1:11264 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (server-mssql.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11266 <-> DISABLED <-> SERVER-OTHER Kerio Personal Firewall authentication