Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-other, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51593 <-> ENABLED <-> MALWARE-CNC Win.Adware.BrowserAssistant variant outbound connection (malware-cnc.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:51585 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51584 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51583 <-> DISABLED <-> SERVER-WEBAPP Lighttpd url-path-2f-decode denial of service attempt (server-webapp.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:51604 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51603 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51596 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51595 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51594 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 3:51592 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51589 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51591 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51600 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51598 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51590 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51613 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51612 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51599 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51611 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51610 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51609 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51605 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51602 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51597 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51587 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51601 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51588 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51618 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules)
* 1:29005 <-> DISABLED <-> SERVER-WEBAPP IBM Platform Symphony SOAP request processing buffer overflow attempt (server-webapp.rules) * 1:41500 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:48701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:48702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:48815 <-> DISABLED <-> SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (server-webapp.rules) * 1:50452 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51604 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51596 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51603 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51594 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51595 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:51593 <-> ENABLED <-> MALWARE-CNC Win.Adware.BrowserAssistant variant outbound connection (malware-cnc.rules) * 1:51584 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51585 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:51583 <-> DISABLED <-> SERVER-WEBAPP Lighttpd url-path-2f-decode denial of service attempt (server-webapp.rules) * 3:51598 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51589 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51590 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51609 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51587 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51591 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51605 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51599 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51588 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51601 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51602 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51597 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51618 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51610 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51592 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51613 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51600 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51612 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51611 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules)
* 1:29005 <-> DISABLED <-> SERVER-WEBAPP IBM Platform Symphony SOAP request processing buffer overflow attempt (server-webapp.rules) * 1:48702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:48701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:48815 <-> DISABLED <-> SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (server-webapp.rules) * 1:41500 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:50452 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51594 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51583 <-> DISABLED <-> SERVER-WEBAPP Lighttpd url-path-2f-decode denial of service attempt (server-webapp.rules) * 1:51593 <-> ENABLED <-> MALWARE-CNC Win.Adware.BrowserAssistant variant outbound connection (malware-cnc.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:51595 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51596 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51584 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:51585 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51603 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51604 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 3:51590 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51591 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51613 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51612 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51600 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51598 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51599 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51589 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51609 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51587 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51588 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51597 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51611 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51610 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51618 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51605 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51602 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51601 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51592 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules)
* 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules) * 1:48701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:41500 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:50452 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:48815 <-> DISABLED <-> SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (server-webapp.rules) * 1:29005 <-> DISABLED <-> SERVER-WEBAPP IBM Platform Symphony SOAP request processing buffer overflow attempt (server-webapp.rules) * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:48702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51604 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51585 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51595 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:51584 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51603 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51596 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:51594 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51593 <-> ENABLED <-> MALWARE-CNC Win.Adware.BrowserAssistant variant outbound connection (malware-cnc.rules) * 1:51583 <-> DISABLED <-> SERVER-WEBAPP Lighttpd url-path-2f-decode denial of service attempt (server-webapp.rules) * 3:51592 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51591 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51610 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51597 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51598 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51599 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51618 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51601 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51611 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51602 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51609 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51587 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51588 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51605 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51590 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51589 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51613 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51600 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51612 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules)
* 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:50452 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules) * 1:48815 <-> DISABLED <-> SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (server-webapp.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:29005 <-> DISABLED <-> SERVER-WEBAPP IBM Platform Symphony SOAP request processing buffer overflow attempt (server-webapp.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:41500 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules) * 1:48702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:48701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (snort3-server-webapp.rules) * 1:51593 <-> ENABLED <-> MALWARE-CNC Win.Adware.BrowserAssistant variant outbound connection (snort3-malware-cnc.rules) * 1:51585 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (snort3-browser-ie.rules) * 1:51583 <-> DISABLED <-> SERVER-WEBAPP Lighttpd url-path-2f-decode denial of service attempt (snort3-server-webapp.rules) * 1:51603 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (snort3-server-webapp.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (snort3-server-other.rules) * 1:51584 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (snort3-browser-ie.rules) * 1:51596 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (snort3-server-other.rules) * 1:51604 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (snort3-server-webapp.rules) * 1:51595 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (snort3-server-other.rules) * 1:51594 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (snort3-server-other.rules)
* 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (snort3-browser-plugins.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (snort3-server-webapp.rules) * 1:48815 <-> DISABLED <-> SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (snort3-server-webapp.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (snort3-policy-other.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (snort3-policy-other.rules) * 1:48702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (snort3-browser-ie.rules) * 1:29005 <-> DISABLED <-> SERVER-WEBAPP IBM Platform Symphony SOAP request processing buffer overflow attempt (snort3-server-webapp.rules) * 1:41500 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (snort3-browser-plugins.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (snort3-server-other.rules) * 1:48701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (snort3-browser-ie.rules) * 1:50452 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (snort3-file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51594 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51585 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51593 <-> ENABLED <-> MALWARE-CNC Win.Adware.BrowserAssistant variant outbound connection (malware-cnc.rules) * 1:51596 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51604 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51584 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51595 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51583 <-> DISABLED <-> SERVER-WEBAPP Lighttpd url-path-2f-decode denial of service attempt (server-webapp.rules) * 1:51603 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 3:51614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51613 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51599 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51590 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51598 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51600 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51591 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51589 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51612 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51592 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51609 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51618 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51597 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51605 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51610 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51611 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51601 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51587 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51588 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51602 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules)
* 1:29005 <-> DISABLED <-> SERVER-WEBAPP IBM Platform Symphony SOAP request processing buffer overflow attempt (server-webapp.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:48815 <-> DISABLED <-> SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (server-webapp.rules) * 1:48702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:48701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:50452 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules) * 1:41500 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51583 <-> DISABLED <-> SERVER-WEBAPP Lighttpd url-path-2f-decode denial of service attempt (server-webapp.rules) * 1:51595 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:51584 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51604 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51603 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51585 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51594 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51593 <-> ENABLED <-> MALWARE-CNC Win.Adware.BrowserAssistant variant outbound connection (malware-cnc.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:51596 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 3:51607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51592 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51589 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51609 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51602 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51598 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51599 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51601 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51613 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51588 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51587 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51597 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51612 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51618 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51610 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51591 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51611 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51600 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51590 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51605 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules)
* 1:48701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules) * 1:50452 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:29005 <-> DISABLED <-> SERVER-WEBAPP IBM Platform Symphony SOAP request processing buffer overflow attempt (server-webapp.rules) * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:48702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:48815 <-> DISABLED <-> SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (server-webapp.rules) * 1:41500 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
