Talos Rules 2020-05-14
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the app-detect, browser-ie, browser-other, browser-webkit, exploit-kit, file-flash, file-identify, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-backdoor, malware-cnc, malware-other, malware-tools, netbios, os-mobile, os-windows, policy-other, protocol-imap, protocol-other, protocol-pop, protocol-telnet, protocol-voip, pua-adware, pua-other, pua-toolbars, server-mail, server-mysql, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-05-14 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-05-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
 * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
 * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules)
 * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules)
 * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules)
 * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules)
 * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules)
 * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules)
 * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules)
 * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules)
 * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules)
 * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules)
 * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules)
 * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules)
 * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules)
 * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules)
 * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules)
 * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules)
 * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules)
 * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules)
 * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules)
 * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules)
 * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules)
 * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules)
 * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules)
 * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules)
 * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules)
 * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules)
 * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules)
 * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules)
 * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules)
 * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules)
 * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules)
 * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules)
 * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules)
 * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules)
 * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules)
 * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules)
 * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules)
 * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules)
 * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules)
 * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules)
 * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules)
 * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules)
 * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules)
 * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules)
 * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules)
 * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules)
 * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules)
 * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules)
 * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules)
 * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules)
 * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules)
 * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules)
 * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules)
 * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules)
 * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules)
 * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules)
 * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules)
 * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules)
 * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules)
 * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules)
 * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules)
 * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules)
 * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules)
 * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules)
 * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules)
 * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules)
 * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules)
 * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules)
 * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules)
 * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules)
 * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules)
 * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules)
 * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules)
 * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules)
 * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules)
 * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules)
 * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules)
 * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)
 * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules)
 * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules)
 * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules)
 * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules)
 * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules)
 * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules)
 * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules)
 * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules)
 * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules)
 * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules)
 * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules)
 * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules)
 * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules)
 * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules)
 * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules)
 * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules)
 * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules)
 * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules)
 * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules)
 * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules)
 * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules)
 * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules)
 * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules)
 * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules)
 * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules)
 * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules)
 * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules)
 * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules)
 * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules)
 * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules)
 * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules)
 * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules)
 * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules)
 * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules)
 * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules)
 * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules)
 * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules)
 * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules)
 * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules)
 * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules)
 * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules)
 * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules)
 * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules)
 * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules)
 * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules)
 * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules)
 * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules)
 * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules)
 * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules)
 * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules)
 * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules)
 * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules)
 * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules)
 * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules)
 * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules)
 * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules)
 * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules)
 * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules)
 * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules)
 * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules)
 * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules)
 * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules)
 * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules)
 * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules)
 * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules)
 * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules)
 * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules)
 * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules)
 * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules)
 * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules)
 * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules)
 * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules)
 * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules)
 * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules)
 * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules)
 * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules)
 * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules)
 * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules)
 * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules)
 * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules)
 * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules)
 * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules)
 * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules)
 * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules)
 * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules)
 * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules)
 * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules)
 * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules)
 * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules)
 * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules)
 * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules)
 * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules)
 * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules)
 * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules)
 * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules)
 * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules)
 * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules)
 * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules)
 * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules)
 * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules)
 * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules)
 * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules)
 * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules)
 * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules)
 * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules)
 * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules)
 * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules)
 * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules)
 * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules)
 * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules)
 * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules)
 * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules)
 * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules)
 * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules)
 * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules)
 * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules)
 * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules)
 * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules)
 * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules)
 * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules)
 * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules)
 * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules)
 * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules)
 * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules)
 * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules)
 * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules)
 * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules)
 * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules)
 * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules)
 * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules)
 * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules)
 * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules)
 * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules)
 * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)
 * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules)
 * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules)
 * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules)
 * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules)
 * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules)
 * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules)
 * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules)
 * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)

2020-05-14 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-05-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
 * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules)
 * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules)
 * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules)
 * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules)
 * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules)
 * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules)
 * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules)
 * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules)
 * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules)
 * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules)
 * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules)
 * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules)
 * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules)
 * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules)
 * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules)
 * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules)
 * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules)
 * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules)
 * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules)
 * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules)
 * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules)
 * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules)
 * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules)
 * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules)
 * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules)
 * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules)
 * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules)
 * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules)
 * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules)
 * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules)
 * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules)
 * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules)
 * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules)
 * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules)
 * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules)
 * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules)
 * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules)
 * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules)
 * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules)
 * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules)
 * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules)
 * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules)
 * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules)
 * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules)
 * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules)
 * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules)
 * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules)
 * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules)
 * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules)
 * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules)
 * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules)
 * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules)
 * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules)
 * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules)
 * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules)
 * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules)
 * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules)
 * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules)
 * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules)
 * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules)
 * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules)
 * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules)
 * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules)
 * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules)
 * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules)
 * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules)
 * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules)
 * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules)
 * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules)
 * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules)
 * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules)
 * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules)
 * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules)
 * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules)
 * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules)
 * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules)
 * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules)
 * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules)
 * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules)
 * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules)
 * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules)
 * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules)
 * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules)
 * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules)
 * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)
 * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules)
 * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules)
 * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules)
 * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules)
 * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules)
 * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules)
 * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules)
 * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules)
 * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules)
 * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules)
 * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules)
 * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules)
 * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules)
 * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules)
 * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules)
 * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules)
 * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules)
 * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules)
 * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules)
 * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules)
 * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules)
 * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules)
 * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules)
 * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules)
 * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules)
 * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules)
 * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules)
 * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules)
 * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules)
 * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules)
 * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules)
 * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules)
 * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules)
 * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules)
 * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules)
 * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules)
 * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules)
 * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules)
 * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules)
 * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules)
 * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules)
 * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules)
 * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules)
 * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules)
 * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules)
 * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules)
 * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules)
 * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules)
 * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules)
 * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules)
 * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules)
 * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules)
 * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules)
 * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules)
 * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules)
 * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules)
 * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules)
 * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules)
 * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules)
 * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules)
 * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules)
 * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules)
 * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules)
 * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules)
 * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules)
 * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules)
 * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules)
 * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules)
 * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules)
 * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules)
 * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules)
 * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules)
 * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules)
 * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules)
 * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules)
 * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules)
 * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules)
 * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules)
 * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules)
 * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules)
 * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules)
 * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules)
 * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules)
 * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules)
 * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules)
 * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules)
 * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)
 * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules)
 * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules)
 * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules)
 * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules)
 * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules)
 * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules)
 * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules)
 * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules)
 * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules)
 * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules)
 * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules)
 * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules)
 * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules)
 * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules)
 * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules)
 * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules)
 * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules)
 * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules)
 * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules)
 * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules)
 * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules)
 * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules)
 * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules)
 * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules)
 * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules)
 * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules)
 * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules)
 * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules)
 * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules)
 * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules)
 * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules)
 * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules)
 * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules)
 * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules)
 * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules)
 * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules)
 * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules)
 * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules)
 * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules)
 * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules)
 * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules)
 * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules)
 * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules)
 * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules)
 * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules)
 * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules)
 * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules)
 * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules)
 * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules)
 * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules)
 * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules)
 * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)

2020-05-14 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-05-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
 * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules)
 * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules)
 * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules)
 * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules)
 * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules)
 * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules)
 * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules)
 * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules)
 * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules)
 * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules)
 * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules)
 * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules)
 * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules)
 * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules)
 * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules)
 * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules)
 * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules)
 * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules)
 * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules)
 * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules)
 * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules)
 * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules)
 * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules)
 * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules)
 * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules)
 * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules)
 * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules)
 * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules)
 * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules)
 * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules)
 * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules)
 * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules)
 * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules)
 * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules)
 * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules)
 * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules)
 * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules)
 * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules)
 * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules)
 * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules)
 * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules)
 * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules)
 * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules)
 * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules)
 * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules)
 * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules)
 * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules)
 * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules)
 * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules)
 * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules)
 * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules)
 * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules)
 * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules)
 * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules)
 * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules)
 * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules)
 * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules)
 * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules)
 * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules)
 * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules)
 * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules)
 * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules)
 * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules)
 * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules)
 * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules)
 * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules)
 * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules)
 * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules)
 * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules)
 * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules)
 * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules)
 * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules)
 * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules)
 * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules)
 * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules)
 * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules)
 * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules)
 * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules)
 * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules)
 * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules)
 * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules)
 * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules)
 * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules)
 * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules)
 * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules)
 * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules)
 * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules)
 * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules)
 * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules)
 * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules)
 * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules)
 * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules)
 * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules)
 * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules)
 * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules)
 * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules)
 * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules)
 * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules)
 * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules)
 * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules)
 * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules)
 * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules)
 * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules)
 * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules)
 * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules)
 * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules)
 * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules)
 * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules)
 * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules)
 * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules)
 * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules)
 * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules)
 * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules)
 * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules)
 * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules)
 * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules)
 * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules)
 * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules)
 * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules)
 * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules)
 * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules)
 * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules)
 * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules)
 * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules)
 * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules)
 * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules)
 * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules)
 * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules)
 * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules)
 * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules)
 * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules)
 * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules)
 * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules)
 * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules)
 * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules)
 * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules)
 * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules)
 * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules)
 * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules)
 * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules)
 * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules)
 * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules)
 * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules)
 * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules)
 * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules)
 * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules)
 * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules)
 * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules)
 * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules)
 * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules)
 * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules)
 * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules)
 * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules)
 * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules)
 * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules)
 * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules)
 * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules)
 * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules)
 * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules)
 * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules)
 * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules)
 * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules)
 * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules)
 * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules)
 * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules)
 * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules)
 * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules)
 * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules)
 * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)
 * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules)
 * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules)
 * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules)
 * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules)
 * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules)
 * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules)
 * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules)
 * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules)
 * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules)
 * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules)
 * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules)
 * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules)
 * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules)
 * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules)
 * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules)
 * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules)
 * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules)
 * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules)
 * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules)
 * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules)
 * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules)
 * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules)
 * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules)
 * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules)
 * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules)
 * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules)
 * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules)
 * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules)
 * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules)
 * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules)
 * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules)
 * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules)
 * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules)
 * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules)
 * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules)
 * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules)
 * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules)
 * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules)
 * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules)
 * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules)
 * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules)
 * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules)
 * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules)
 * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules)
 * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules)
 * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules)
 * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules)
 * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules)
 * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules)
 * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules)
 * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules)
 * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)

2020-05-14 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-05-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
 * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules)
 * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules)
 * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules)
 * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules)
 * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules)
 * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules)
 * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules)
 * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules)
 * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules)
 * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules)
 * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules)
 * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules)
 * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules)
 * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules)
 * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules)
 * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules)
 * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules)
 * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules)
 * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules)
 * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules)
 * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules)
 * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules)
 * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules)
 * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules)
 * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules)
 * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules)
 * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules)
 * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules)
 * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules)
 * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules)
 * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules)
 * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules)
 * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules)
 * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules)
 * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules)
 * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules)
 * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules)
 * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules)
 * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules)
 * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules)
 * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules)
 * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules)
 * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules)
 * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules)
 * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules)
 * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules)
 * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules)
 * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules)
 * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules)
 * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules)
 * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules)
 * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules)
 * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules)
 * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules)
 * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules)
 * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules)
 * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules)
 * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules)
 * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules)
 * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules)
 * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules)
 * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules)
 * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules)
 * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules)
 * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules)
 * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules)
 * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules)
 * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules)
 * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules)
 * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules)
 * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules)
 * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules)
 * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules)
 * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules)
 * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules)
 * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules)
 * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules)
 * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules)
 * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules)
 * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules)
 * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules)
 * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules)
 * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules)
 * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)
 * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules)
 * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules)
 * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules)
 * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules)
 * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules)
 * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules)
 * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules)
 * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules)
 * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules)
 * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules)
 * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules)
 * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules)
 * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules)
 * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules)
 * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules)
 * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules)
 * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules)
 * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules)
 * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules)
 * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules)
 * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules)
 * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules)
 * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules)
 * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules)
 * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules)
 * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules)
 * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules)
 * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules)
 * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules)
 * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules)
 * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules)
 * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules)
 * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules)
 * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules)
 * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules)
 * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules)
 * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules)
 * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules)
 * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules)
 * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules)
 * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules)
 * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules)
 * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules)
 * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules)
 * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules)
 * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules)
 * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules)
 * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules)
 * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules)
 * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules)
 * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules)
 * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules)
 * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules)
 * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules)
 * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules)
 * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules)
 * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules)
 * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules)
 * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules)
 * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules)
 * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules)
 * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules)
 * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules)
 * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules)
 * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules)
 * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules)
 * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules)
 * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules)
 * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules)
 * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules)
 * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules)
 * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules)
 * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules)
 * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules)
 * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules)
 * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules)
 * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules)
 * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules)
 * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules)
 * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules)
 * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules)
 * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules)
 * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules)
 * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules)
 * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules)
 * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules)
 * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)
 * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules)
 * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules)
 * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules)
 * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules)
 * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules)
 * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules)
 * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules)
 * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules)
 * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules)
 * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules)
 * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules)
 * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules)
 * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules)
 * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules)
 * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules)
 * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules)
 * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules)
 * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules)
 * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules)
 * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules)
 * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules)
 * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules)
 * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules)
 * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules)
 * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules)
 * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules)
 * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules)
 * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules)
 * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules)
 * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules)
 * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules)
 * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules)
 * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules)
 * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules)
 * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules)
 * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules)
 * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules)
 * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules)
 * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules)
 * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules)
 * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules)
 * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules)
 * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules)
 * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules)
 * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules)
 * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules)
 * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules)
 * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules)
 * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules)
 * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules)
 * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules)
 * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)

2020-05-14 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-05-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
 * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules)
 * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules)
 * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules)
 * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules)
 * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules)
 * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules)
 * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules)
 * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules)
 * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules)
 * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules)
 * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules)
 * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules)
 * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules)
 * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules)
 * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules)
 * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules)
 * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules)
 * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules)
 * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules)
 * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules)
 * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules)
 * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules)
 * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules)
 * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules)
 * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules)
 * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules)
 * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules)
 * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules)
 * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules)
 * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules)
 * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules)
 * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules)
 * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules)
 * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules)
 * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules)
 * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules)
 * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules)
 * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules)
 * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules)
 * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules)
 * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules)
 * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules)
 * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules)
 * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules)
 * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules)
 * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules)
 * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules)
 * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules)
 * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules)
 * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules)
 * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules)
 * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules)
 * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules)
 * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules)
 * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules)
 * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules)
 * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules)
 * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules)
 * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules)
 * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules)
 * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules)
 * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules)
 * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules)
 * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules)
 * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules)
 * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules)
 * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules)
 * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules)
 * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules)
 * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules)
 * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules)
 * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules)
 * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules)
 * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules)
 * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules)
 * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules)
 * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules)
 * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules)
 * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules)
 * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules)
 * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules)
 * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules)
 * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules)
 * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules)
 * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules)
 * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules)
 * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules)
 * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules)
 * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules)
 * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules)
 * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules)
 * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules)
 * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules)
 * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules)
 * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules)
 * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules)
 * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules)
 * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules)
 * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules)
 * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules)
 * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules)
 * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules)
 * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules)
 * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules)
 * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules)
 * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules)
 * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules)
 * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules)
 * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules)
 * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules)
 * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules)
 * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules)
 * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules)
 * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules)
 * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules)
 * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules)
 * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules)
 * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules)
 * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules)
 * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules)
 * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules)
 * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules)
 * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules)
 * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules)
 * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules)
 * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules)
 * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules)
 * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules)
 * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules)
 * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules)
 * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules)
 * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules)
 * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules)
 * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules)
 * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules)
 * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules)
 * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules)
 * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules)
 * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules)
 * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules)
 * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules)
 * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules)
 * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules)
 * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules)
 * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules)
 * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules)
 * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules)
 * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules)
 * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules)
 * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules)
 * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules)
 * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules)
 * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules)
 * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules)
 * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules)
 * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules)
 * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules)
 * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules)
 * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules)
 * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules)
 * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules)
 * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules)
 * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules)
 * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)
 * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules)
 * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules)
 * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules)
 * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules)
 * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules)
 * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules)
 * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules)
 * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules)
 * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules)
 * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules)
 * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules)
 * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules)
 * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules)
 * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules)
 * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules)
 * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules)
 * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules)
 * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules)
 * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules)
 * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules)
 * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules)
 * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules)
 * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules)
 * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules)
 * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules)
 * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules)
 * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules)
 * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules)
 * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules)
 * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules)
 * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules)
 * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules)
 * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules)
 * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules)
 * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules)
 * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules)
 * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules)
 * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules)
 * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules)
 * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules)
 * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules)
 * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules)
 * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules)
 * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules)
 * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules)
 * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules)
 * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules)
 * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules)
 * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules)
 * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules)
 * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules)
 * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)
 * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules)
 * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules)
 * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules)
 * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules)
 * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules)
 * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules)
 * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules)
 * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)

2020-05-14 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-05-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules)
 * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
 * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
 * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)

Modified Rules:


 * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules)
 * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules)
 * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules)
 * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules)
 * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules)
 * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules)
 * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules)
 * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules)
 * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules)
 * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules)
 * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules)
 * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules)
 * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules)
 * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules)
 * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
 * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules)
 * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules)
 * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules)
 * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules)
 * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules)
 * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules)
 * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules)
 * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules)
 * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules)
 * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules)
 * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)
 * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules)
 * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules)
 * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules)
 * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules)
 * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules)
 * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules)
 * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules)
 * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules)
 * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules)
 * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules)
 * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules)
 * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules)
 * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules)
 * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules)
 * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules)
 * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules)
 * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules)
 * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules)
 * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules)
 * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules)
 * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules)
 * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules)
 * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules)
 * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules)
 * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules)
 * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules)
 * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules)
 * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules)
 * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules)
 * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules)
 * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules)
 * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules)
 * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules)
 * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules)
 * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules)
 * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules)
 * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules)
 * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules)
 * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules)
 * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules)
 * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules)
 * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules)
 * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules)
 * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules)
 * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules)
 * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules)
 * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules)
 * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules)
 * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules)
 * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules)
 * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules)
 * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules)
 * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules)
 * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules)
 * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules)
 * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules)
 * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules)
 * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules)
 * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules)
 * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules)
 * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules)
 * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules)
 * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules)
 * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules)
 * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules)
 * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules)
 * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules)
 * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules)
 * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules)
 * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules)
 * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules)
 * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules)
 * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules)
 * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules)
 * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules)
 * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules)
 * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules)
 * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules)
 * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules)
 * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules)
 * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules)
 * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules)
 * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules)
 * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules)
 * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules)
 * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules)
 * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules)
 * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules)
 * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules)
 * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules)
 * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules)
 * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules)
 * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules)
 * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules)
 * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules)
 * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules)
 * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules)
 * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules)
 * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules)
 * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules)
 * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules)
 * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules)
 * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules)
 * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules)
 * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules)
 * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules)
 * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules)
 * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules)
 * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules)
 * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules)
 * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules)
 * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules)
 * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules)
 * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules)
 * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules)
 * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules)
 * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules)
 * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules)
 * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules)
 * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules)
 * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules)
 * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules)
 * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules)
 * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules)
 * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules)
 * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules)
 * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules)
 * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules)
 * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules)
 * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules)
 * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules)
 * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules)
 * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules)
 * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules)
 * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules)
 * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules)
 * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules)
 * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules)
 * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules)
 * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules)
 * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules)
 * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules)
 * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules)
 * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules)
 * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules)
 * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules)
 * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules)
 * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules)
 * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)
 * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules)
 * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules)
 * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules)
 * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules)
 * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules)
 * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules)
 * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules)
 * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules)
 * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules)
 * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules)
 * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules)
 * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules)
 * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules)
 * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules)
 * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules)
 * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules)
 * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules)
 * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules)
 * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules)
 * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules)
 * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules)
 * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules)
 * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules)
 * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules)
 * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules)
 * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules)
 * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules)
 * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules)
 * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules)
 * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules)
 * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules)
 * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules)
 * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules)
 * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules)
 * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules)
 * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules)
 * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules)
 * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules)
 * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules)
 * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules)
 * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules)
 * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
 * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules)
 * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules)
 * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules)
 * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules)
 * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules)
 * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules)
 * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules)
 * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules)
 * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules)
 * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules)
 * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules)
 * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules)
 * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules)
 * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules)
 * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules)
 * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules)
 * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules)
 * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules)
 * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules)
 * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules)
 * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules)
 * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules)
 * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules)
 * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules)
 * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules)
 * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules)
 * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules)
 * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules)
 * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules)
 * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules)
 * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules)
 * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules)
 * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules)
 * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules)
 * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules)
 * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules)
 * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules)
 * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules)
 * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules)
 * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules)
 * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules)
 * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules)
 * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules)
 * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules)
 * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules)
 * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules)
 * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules)
 * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules)
 * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules)
 * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules)
 * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules)
 * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules)
 * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules)
 * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)

2020-05-14 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-05-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (snort3-malware-other.rules)
 * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (snort3-os-windows.rules)
 * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (snort3-malware-other.rules)
 * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (snort3-malware-other.rules)
 * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (snort3-malware-other.rules)
 * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (snort3-malware-other.rules)
 * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (snort3-malware-other.rules)
 * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (snort3-malware-other.rules)
 * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (snort3-browser-webkit.rules)
 * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (snort3-malware-other.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (snort3-malware-other.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (snort3-server-webapp.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (snort3-server-webapp.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (snort3-server-webapp.rules)
 * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (snort3-malware-other.rules)
 * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (snort3-malware-cnc.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (snort3-indicator-compromise.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (snort3-server-webapp.rules)
 * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (snort3-indicator-compromise.rules)
 * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (snort3-malware-other.rules)
 * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (snort3-malware-other.rules)
 * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (snort3-malware-other.rules)
 * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (snort3-malware-other.rules)
 * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (snort3-malware-other.rules)
 * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (snort3-malware-other.rules)
 * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (snort3-os-windows.rules)

Modified Rules:


 * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (snort3-file-identify.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules)
 * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (snort3-file-identify.rules)
 * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (snort3-file-identify.rules)
 * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (snort3-netbios.rules)
 * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (snort3-file-identify.rules)
 * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (snort3-malware-backdoor.rules)
 * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (snort3-malware-backdoor.rules)
 * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (snort3-file-identify.rules)
 * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (snort3-file-identify.rules)
 * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (snort3-netbios.rules)
 * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (snort3-server-other.rules)
 * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (snort3-file-identify.rules)
 * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (snort3-server-other.rules)
 * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (snort3-file-identify.rules)
 * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (snort3-file-identify.rules)
 * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (snort3-file-identify.rules)
 * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (snort3-file-identify.rules)
 * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (snort3-malware-cnc.rules)
 * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (snort3-file-identify.rules)
 * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (snort3-server-other.rules)
 * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (snort3-app-detect.rules)
 * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (snort3-file-identify.rules)
 * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (snort3-server-other.rules)
 * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (snort3-malware-other.rules)
 * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (snort3-malware-backdoor.rules)
 * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules)
 * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (snort3-file-identify.rules)
 * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (snort3-file-identify.rules)
 * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (snort3-file-identify.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (snort3-file-other.rules)
 * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (snort3-malware-backdoor.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (snort3-protocol-imap.rules)
 * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (snort3-protocol-other.rules)
 * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (snort3-malware-backdoor.rules)
 * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (snort3-malware-backdoor.rules)
 * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (snort3-malware-backdoor.rules)
 * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (snort3-malware-tools.rules)
 * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (snort3-malware-backdoor.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (snort3-malware-other.rules)
 * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (snort3-file-office.rules)
 * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (snort3-file-identify.rules)
 * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (snort3-malware-backdoor.rules)
 * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (snort3-malware-backdoor.rules)
 * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (snort3-malware-other.rules)
 * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (snort3-malware-other.rules)
 * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (snort3-malware-other.rules)
 * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (snort3-malware-other.rules)
 * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (snort3-malware-backdoor.rules)
 * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (snort3-malware-backdoor.rules)
 * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (snort3-malware-backdoor.rules)
 * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (snort3-malware-backdoor.rules)
 * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (snort3-malware-backdoor.rules)
 * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (snort3-malware-backdoor.rules)
 * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (snort3-malware-backdoor.rules)
 * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (snort3-malware-backdoor.rules)
 * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (snort3-malware-backdoor.rules)
 * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (snort3-malware-backdoor.rules)
 * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (snort3-malware-backdoor.rules)
 * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (snort3-malware-backdoor.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (snort3-file-identify.rules)
 * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (snort3-malware-backdoor.rules)
 * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (snort3-malware-backdoor.rules)
 * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (snort3-malware-backdoor.rules)
 * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (snort3-malware-backdoor.rules)
 * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (snort3-malware-backdoor.rules)
 * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (snort3-file-identify.rules)
 * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (snort3-malware-backdoor.rules)
 * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (snort3-malware-backdoor.rules)
 * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (snort3-malware-backdoor.rules)
 * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (snort3-malware-backdoor.rules)
 * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (snort3-file-identify.rules)
 * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (snort3-file-identify.rules)
 * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (snort3-malware-backdoor.rules)
 * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (snort3-malware-backdoor.rules)
 * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (snort3-malware-backdoor.rules)
 * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (snort3-malware-other.rules)
 * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (snort3-malware-other.rules)
 * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (snort3-malware-other.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (snort3-file-identify.rules)
 * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (snort3-malware-other.rules)
 * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (snort3-malware-other.rules)
 * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (snort3-malware-backdoor.rules)
 * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (snort3-malware-other.rules)
 * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (snort3-malware-other.rules)
 * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (snort3-pua-adware.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (snort3-file-identify.rules)
 * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (snort3-malware-other.rules)
 * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (snort3-pua-toolbars.rules)
 * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (snort3-malware-backdoor.rules)
 * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (snort3-file-multimedia.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (snort3-file-identify.rules)
 * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (snort3-file-identify.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (snort3-file-identify.rules)
 * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (snort3-malware-other.rules)
 * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (snort3-file-identify.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (snort3-file-identify.rules)
 * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (snort3-app-detect.rules)
 * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (snort3-file-identify.rules)
 * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (snort3-pua-adware.rules)
 * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (snort3-pua-adware.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (snort3-file-identify.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (snort3-file-identify.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (snort3-file-identify.rules)
 * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (snort3-file-identify.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (snort3-file-identify.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (snort3-file-identify.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (snort3-file-identify.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (snort3-file-identify.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (snort3-file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (snort3-file-identify.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (snort3-file-identify.rules)
 * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (snort3-netbios.rules)
 * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (snort3-netbios.rules)
 * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (snort3-netbios.rules)
 * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (snort3-netbios.rules)
 * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (snort3-netbios.rules)
 * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (snort3-netbios.rules)
 * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (snort3-netbios.rules)
 * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (snort3-netbios.rules)
 * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (snort3-file-pdf.rules)
 * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (snort3-file-identify.rules)
 * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (snort3-file-identify.rules)
 * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (snort3-file-identify.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (snort3-file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (snort3-file-identify.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (snort3-file-identify.rules)
 * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (snort3-browser-ie.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (snort3-file-identify.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (snort3-file-identify.rules)
 * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (snort3-file-identify.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (snort3-file-identify.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (snort3-file-identify.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (snort3-file-identify.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (snort3-file-identify.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (snort3-file-identify.rules)
 * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (snort3-file-identify.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (snort3-file-identify.rules)
 * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (snort3-file-identify.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (snort3-file-identify.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (snort3-file-identify.rules)
 * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (snort3-file-identify.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (snort3-file-identify.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (snort3-file-identify.rules)
 * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (snort3-pua-adware.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (snort3-file-identify.rules)
 * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (snort3-netbios.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (snort3-file-identify.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (snort3-file-identify.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (snort3-file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (snort3-file-identify.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (snort3-file-identify.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules)
 * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (snort3-netbios.rules)
 * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (snort3-file-other.rules)
 * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (snort3-protocol-pop.rules)
 * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (snort3-file-identify.rules)
 * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (snort3-file-identify.rules)
 * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (snort3-file-identify.rules)
 * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (snort3-netbios.rules)
 * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (snort3-netbios.rules)
 * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (snort3-netbios.rules)
 * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (snort3-netbios.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (snort3-file-identify.rules)
 * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (snort3-netbios.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (snort3-file-identify.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (snort3-file-identify.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (snort3-file-identify.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (snort3-file-identify.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (snort3-file-identify.rules)
 * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (snort3-server-mail.rules)
 * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (snort3-server-mail.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (snort3-file-identify.rules)
 * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (snort3-file-identify.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (snort3-server-webapp.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (snort3-file-identify.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (snort3-file-identify.rules)
 * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (snort3-server-other.rules)
 * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (snort3-server-oracle.rules)
 * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (snort3-file-identify.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (snort3-file-identify.rules)
 * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (snort3-server-webapp.rules)
 * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (snort3-file-identify.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (snort3-file-identify.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (snort3-server-other.rules)
 * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (snort3-file-identify.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (snort3-file-identify.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (snort3-file-identify.rules)
 * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (snort3-server-other.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (snort3-file-identify.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (snort3-file-identify.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (snort3-file-identify.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (snort3-file-identify.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (snort3-file-identify.rules)
 * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (snort3-netbios.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (snort3-file-identify.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (snort3-file-identify.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (snort3-file-identify.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (snort3-file-identify.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (snort3-file-identify.rules)
 * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (snort3-file-identify.rules)
 * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (snort3-file-identify.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (snort3-file-identify.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (snort3-file-identify.rules)
 * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (snort3-file-identify.rules)
 * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (snort3-file-identify.rules)
 * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (snort3-file-identify.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (snort3-file-identify.rules)
 * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (snort3-netbios.rules)
 * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (snort3-file-identify.rules)
 * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (snort3-file-identify.rules)
 * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (snort3-file-identify.rules)
 * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (snort3-file-identify.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (snort3-file-identify.rules)
 * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (snort3-file-identify.rules)
 * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (snort3-server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules)
 * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (snort3-malware-other.rules)
 * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (snort3-pua-adware.rules)
 * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (snort3-malware-other.rules)
 * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (snort3-file-identify.rules)
 * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (snort3-file-identify.rules)
 * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (snort3-file-identify.rules)
 * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (snort3-file-identify.rules)
 * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (snort3-file-identify.rules)
 * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (snort3-netbios.rules)
 * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (snort3-malware-other.rules)
 * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (snort3-file-identify.rules)
 * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (snort3-file-identify.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (snort3-file-identify.rules)
 * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (snort3-file-other.rules)
 * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (snort3-file-identify.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (snort3-file-identify.rules)
 * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (snort3-netbios.rules)
 * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (snort3-file-identify.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (snort3-file-identify.rules)
 * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (snort3-file-identify.rules)
 * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (snort3-file-identify.rules)
 * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (snort3-file-identify.rules)
 * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (snort3-file-identify.rules)
 * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (snort3-file-identify.rules)
 * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (snort3-file-identify.rules)
 * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (snort3-file-identify.rules)
 * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (snort3-file-identify.rules)
 * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules)
 * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (snort3-file-identify.rules)
 * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (snort3-file-identify.rules)
 * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (snort3-file-identify.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (snort3-file-identify.rules)
 * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (snort3-file-identify.rules)
 * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (snort3-file-identify.rules)
 * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (snort3-file-identify.rules)
 * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (snort3-file-identify.rules)
 * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (snort3-file-identify.rules)
 * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (snort3-file-identify.rules)
 * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (snort3-file-identify.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules)
 * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (snort3-file-identify.rules)
 * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (snort3-file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (snort3-file-identify.rules)
 * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (snort3-file-identify.rules)
 * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (snort3-file-identify.rules)
 * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (snort3-file-identify.rules)
 * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (snort3-file-identify.rules)
 * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (snort3-file-identify.rules)
 * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (snort3-file-identify.rules)
 * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (snort3-file-identify.rules)
 * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (snort3-file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (snort3-file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules)
 * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules)
 * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (snort3-file-identify.rules)
 * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (snort3-file-identify.rules)
 * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (snort3-file-identify.rules)
 * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (snort3-file-identify.rules)
 * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (snort3-file-identify.rules)
 * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (snort3-file-identify.rules)
 * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (snort3-file-identify.rules)
 * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (snort3-file-identify.rules)
 * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (snort3-file-identify.rules)
 * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (snort3-file-identify.rules)
 * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (snort3-file-identify.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (snort3-file-identify.rules)
 * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (snort3-pua-other.rules)
 * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (snort3-file-identify.rules)
 * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (snort3-file-identify.rules)
 * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (snort3-file-identify.rules)
 * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (snort3-file-identify.rules)
 * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (snort3-file-identify.rules)
 * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (snort3-file-identify.rules)
 * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (snort3-file-identify.rules)
 * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (snort3-file-identify.rules)
 * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (snort3-file-identify.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (snort3-file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (snort3-file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules)
 * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (snort3-file-identify.rules)
 * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (snort3-file-identify.rules)
 * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (snort3-file-identify.rules)
 * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (snort3-file-identify.rules)
 * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (snort3-file-identify.rules)
 * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (snort3-file-identify.rules)
 * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (snort3-file-identify.rules)
 * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (snort3-file-identify.rules)
 * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (snort3-file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (snort3-file-identify.rules)
 * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (snort3-file-identify.rules)
 * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (snort3-file-identify.rules)
 * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (snort3-file-identify.rules)
 * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (snort3-file-identify.rules)
 * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (snort3-file-identify.rules)
 * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (snort3-server-webapp.rules)
 * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (snort3-server-other.rules)
 * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (snort3-file-office.rules)
 * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (snort3-file-identify.rules)
 * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (snort3-file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (snort3-file-identify.rules)
 * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (snort3-file-identify.rules)
 * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (snort3-file-identify.rules)
 * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (snort3-file-identify.rules)
 * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (snort3-file-identify.rules)
 * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (snort3-file-identify.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (snort3-file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (snort3-file-identify.rules)
 * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (snort3-file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (snort3-file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (snort3-file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (snort3-file-identify.rules)
 * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (snort3-file-identify.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (snort3-file-identify.rules)
 * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (snort3-file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (snort3-file-identify.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (snort3-file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (snort3-file-identify.rules)
 * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (snort3-file-identify.rules)
 * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (snort3-file-identify.rules)
 * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (snort3-file-identify.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (snort3-file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (snort3-file-identify.rules)
 * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules)
 * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (snort3-file-identify.rules)
 * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (snort3-file-identify.rules)
 * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (snort3-file-identify.rules)
 * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (snort3-file-identify.rules)
 * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (snort3-file-identify.rules)
 * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (snort3-file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (snort3-file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (snort3-file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules)
 * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (snort3-file-identify.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (snort3-file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (snort3-file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (snort3-file-identify.rules)
 * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (snort3-file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules)
 * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (snort3-file-identify.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (snort3-file-identify.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (snort3-file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (snort3-file-identify.rules)
 * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (snort3-file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (snort3-file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (snort3-file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (snort3-file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (snort3-file-identify.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (snort3-file-identify.rules)
 * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (snort3-file-identify.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (snort3-file-identify.rules)
 * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (snort3-file-identify.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (snort3-file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules)
 * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (snort3-file-identify.rules)
 * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (snort3-file-identify.rules)
 * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (snort3-file-identify.rules)
 * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (snort3-file-identify.rules)
 * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (snort3-malware-cnc.rules)
 * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (snort3-file-identify.rules)
 * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (snort3-file-identify.rules)
 * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (snort3-file-identify.rules)
 * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (snort3-file-identify.rules)
 * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (snort3-file-identify.rules)
 * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (snort3-file-identify.rules)
 * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (snort3-file-identify.rules)
 * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (snort3-file-identify.rules)
 * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (snort3-file-identify.rules)
 * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (snort3-file-identify.rules)
 * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (snort3-file-identify.rules)
 * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (snort3-file-identify.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (snort3-file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (snort3-file-identify.rules)
 * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (snort3-file-identify.rules)
 * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (snort3-file-identify.rules)
 * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (snort3-file-identify.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (snort3-file-identify.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules)
 * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (snort3-file-identify.rules)
 * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (snort3-file-identify.rules)
 * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (snort3-file-identify.rules)
 * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (snort3-file-identify.rules)
 * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (snort3-file-identify.rules)
 * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (snort3-file-identify.rules)
 * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (snort3-file-identify.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (snort3-file-identify.rules)
 * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (snort3-file-identify.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (snort3-file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (snort3-file-identify.rules)
 * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (snort3-file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (snort3-file-identify.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (snort3-file-identify.rules)
 * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (snort3-file-identify.rules)
 * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (snort3-file-identify.rules)
 * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (snort3-exploit-kit.rules)
 * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (snort3-exploit-kit.rules)
 * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (snort3-file-identify.rules)
 * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (snort3-file-identify.rules)
 * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (snort3-file-identify.rules)
 * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (snort3-file-identify.rules)
 * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (snort3-file-identify.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (snort3-malware-cnc.rules)
 * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules)
 * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules)
 * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (snort3-file-identify.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (snort3-file-identify.rules)
 * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (snort3-file-identify.rules)
 * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (snort3-file-identify.rules)
 * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (snort3-file-identify.rules)
 * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (snort3-file-identify.rules)
 * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (snort3-file-identify.rules)
 * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (snort3-file-identify.rules)
 * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (snort3-file-identify.rules)
 * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (snort3-file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (snort3-file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (snort3-file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (snort3-file-identify.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (snort3-file-identify.rules)
 * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (snort3-file-identify.rules)
 * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (snort3-file-identify.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (snort3-file-identify.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (snort3-file-identify.rules)
 * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (snort3-file-identify.rules)
 * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (snort3-file-identify.rules)
 * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (snort3-file-identify.rules)
 * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (snort3-file-identify.rules)
 * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (snort3-file-identify.rules)
 * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (snort3-file-identify.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (snort3-file-identify.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules)
 * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (snort3-exploit-kit.rules)
 * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (snort3-exploit-kit.rules)
 * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (snort3-file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (snort3-file-identify.rules)
 * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (snort3-file-identify.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (snort3-file-identify.rules)
 * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (snort3-file-identify.rules)
 * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (snort3-file-identify.rules)
 * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (snort3-file-identify.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (snort3-file-identify.rules)
 * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (snort3-file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (snort3-file-identify.rules)
 * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (snort3-file-identify.rules)
 * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (snort3-file-identify.rules)
 * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (snort3-file-identify.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (snort3-file-identify.rules)
 * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (snort3-file-identify.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (snort3-file-identify.rules)
 * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules)
 * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules)
 * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules)
 * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (snort3-file-identify.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (snort3-file-identify.rules)
 * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (snort3-file-identify.rules)
 * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (snort3-file-identify.rules)
 * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (snort3-file-identify.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (snort3-file-identify.rules)
 * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (snort3-file-identify.rules)
 * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (snort3-file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (snort3-file-identify.rules)
 * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (snort3-file-identify.rules)
 * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (snort3-file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (snort3-file-identify.rules)
 * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (snort3-file-identify.rules)
 * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (snort3-file-identify.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (snort3-file-identify.rules)
 * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (snort3-file-identify.rules)
 * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (snort3-file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (snort3-file-identify.rules)
 * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (snort3-file-identify.rules)
 * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (snort3-file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (snort3-file-identify.rules)
 * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (snort3-file-identify.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (snort3-file-identify.rules)
 * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules)
 * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (snort3-file-identify.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (snort3-file-identify.rules)
 * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (snort3-file-identify.rules)
 * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (snort3-file-identify.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (snort3-file-identify.rules)
 * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (snort3-file-identify.rules)
 * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (snort3-file-identify.rules)
 * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (snort3-file-identify.rules)
 * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (snort3-file-identify.rules)
 * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (snort3-file-identify.rules)
 * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (snort3-file-identify.rules)
 * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (snort3-file-identify.rules)
 * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (snort3-file-identify.rules)
 * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (snort3-file-identify.rules)
 * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (snort3-file-identify.rules)
 * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (snort3-file-identify.rules)
 * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (snort3-file-identify.rules)
 * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (snort3-file-identify.rules)
 * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (snort3-file-identify.rules)
 * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (snort3-file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (snort3-file-identify.rules)
 * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (snort3-file-identify.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (snort3-file-identify.rules)
 * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (snort3-file-identify.rules)
 * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (snort3-file-identify.rules)
 * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (snort3-file-identify.rules)
 * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (snort3-file-identify.rules)
 * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules)
 * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules)
 * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules)
 * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules)
 * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (snort3-file-identify.rules)
 * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (snort3-file-identify.rules)
 * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (snort3-file-identify.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (snort3-file-identify.rules)
 * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (snort3-file-identify.rules)
 * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (snort3-file-identify.rules)
 * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (snort3-file-identify.rules)
 * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (snort3-file-identify.rules)
 * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules)
 * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules)
 * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules)
 * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules)
 * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (snort3-file-identify.rules)
 * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (snort3-file-identify.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (snort3-server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (snort3-server-other.rules)
 * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (snort3-file-office.rules)
 * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (snort3-protocol-telnet.rules)
 * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (snort3-file-identify.rules)
 * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (snort3-file-identify.rules)
 * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (snort3-file-identify.rules)
 * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (snort3-file-identify.rules)
 * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (snort3-file-identify.rules)
 * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (snort3-file-identify.rules)
 * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (snort3-file-identify.rules)
 * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (snort3-file-identify.rules)
 * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (snort3-file-identify.rules)
 * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (snort3-file-identify.rules)
 * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (snort3-file-identify.rules)
 * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (snort3-file-identify.rules)
 * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (snort3-file-identify.rules)
 * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (snort3-file-identify.rules)
 * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (snort3-file-identify.rules)
 * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (snort3-file-identify.rules)
 * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (snort3-file-identify.rules)
 * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (snort3-file-identify.rules)
 * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (snort3-file-identify.rules)
 * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (snort3-file-identify.rules)
 * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (snort3-file-identify.rules)
 * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (snort3-file-identify.rules)
 * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (snort3-file-identify.rules)
 * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (snort3-file-identify.rules)
 * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (snort3-file-identify.rules)
 * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (snort3-file-identify.rules)
 * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (snort3-file-identify.rules)
 * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (snort3-file-identify.rules)
 * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (snort3-file-identify.rules)
 * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (snort3-file-identify.rules)
 * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (snort3-file-identify.rules)
 * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (snort3-file-identify.rules)
 * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (snort3-file-identify.rules)
 * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (snort3-file-identify.rules)
 * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (snort3-file-identify.rules)
 * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (snort3-file-identify.rules)
 * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (snort3-file-identify.rules)
 * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (snort3-file-identify.rules)
 * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (snort3-file-identify.rules)
 * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (snort3-file-identify.rules)
 * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (snort3-file-identify.rules)
 * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (snort3-file-identify.rules)
 * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (snort3-file-identify.rules)
 * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (snort3-file-identify.rules)
 * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (snort3-file-identify.rules)
 * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (snort3-file-identify.rules)
 * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (snort3-file-identify.rules)
 * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (snort3-file-identify.rules)
 * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (snort3-file-identify.rules)
 * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (snort3-file-identify.rules)
 * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (snort3-file-identify.rules)
 * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (snort3-file-identify.rules)
 * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (snort3-file-identify.rules)
 * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (snort3-file-identify.rules)
 * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (snort3-file-identify.rules)
 * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (snort3-file-identify.rules)
 * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (snort3-file-identify.rules)
 * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (snort3-file-identify.rules)
 * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (snort3-file-identify.rules)
 * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (snort3-file-identify.rules)
 * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (snort3-file-identify.rules)
 * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (snort3-file-identify.rules)
 * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (snort3-file-identify.rules)
 * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (snort3-file-identify.rules)
 * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (snort3-file-identify.rules)
 * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (snort3-file-identify.rules)
 * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (snort3-file-identify.rules)
 * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (snort3-file-identify.rules)
 * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (snort3-file-identify.rules)
 * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (snort3-file-identify.rules)
 * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (snort3-file-identify.rules)
 * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (snort3-file-identify.rules)
 * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (snort3-file-identify.rules)
 * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (snort3-file-identify.rules)
 * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (snort3-file-identify.rules)
 * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (snort3-file-identify.rules)
 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (snort3-file-identify.rules)
 * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (snort3-file-identify.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (snort3-file-identify.rules)
 * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules)
 * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules)
 * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules)
 * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules)
 * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules)
 * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules)
 * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules)
 * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (snort3-protocol-voip.rules)
 * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (snort3-exploit-kit.rules)
 * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (snort3-file-identify.rules)
 * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (snort3-file-identify.rules)
 * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (snort3-file-identify.rules)
 * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (snort3-file-identify.rules)
 * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (snort3-file-identify.rules)
 * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (snort3-file-identify.rules)
 * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (snort3-file-identify.rules)
 * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (snort3-sql.rules)
 * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (snort3-file-identify.rules)
 * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (snort3-file-identify.rules)
 * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (snort3-file-identify.rules)
 * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (snort3-file-identify.rules)
 * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (snort3-file-identify.rules)
 * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (snort3-file-identify.rules)
 * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (snort3-file-identify.rules)
 * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (snort3-file-identify.rules)
 * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (snort3-file-identify.rules)
 * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (snort3-file-identify.rules)
 * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (snort3-file-identify.rules)
 * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (snort3-app-detect.rules)
 * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (snort3-file-identify.rules)
 * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (snort3-file-identify.rules)
 * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (snort3-file-identify.rules)
 * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (snort3-file-identify.rules)
 * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (snort3-file-identify.rules)
 * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (snort3-file-identify.rules)
 * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (snort3-file-identify.rules)
 * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (snort3-file-identify.rules)
 * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (snort3-file-identify.rules)
 * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (snort3-file-identify.rules)
 * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules)
 * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (snort3-file-identify.rules)
 * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (snort3-file-identify.rules)
 * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules)
 * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (snort3-file-identify.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (snort3-file-identify.rules)
 * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (snort3-file-identify.rules)
 * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (snort3-file-identify.rules)
 * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (snort3-file-identify.rules)
 * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (snort3-file-identify.rules)
 * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (snort3-file-identify.rules)
 * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (snort3-file-identify.rules)
 * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules)
 * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules)
 * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (snort3-file-identify.rules)
 * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (snort3-file-identify.rules)
 * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (snort3-file-identify.rules)
 * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (snort3-file-identify.rules)
 * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (snort3-file-identify.rules)
 * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (snort3-file-identify.rules)
 * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (snort3-file-identify.rules)
 * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (snort3-file-identify.rules)
 * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (snort3-file-identify.rules)
 * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (snort3-file-identify.rules)
 * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (snort3-file-identify.rules)
 * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (snort3-file-identify.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules)
 * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules)
 * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules)
 * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (snort3-file-identify.rules)
 * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (snort3-file-identify.rules)
 * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (snort3-file-identify.rules)
 * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (snort3-file-identify.rules)
 * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (snort3-file-identify.rules)
 * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (snort3-file-identify.rules)
 * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (snort3-file-identify.rules)
 * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (snort3-file-identify.rules)
 * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (snort3-file-identify.rules)
 * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (snort3-file-identify.rules)
 * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (snort3-file-identify.rules)
 * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (snort3-file-identify.rules)
 * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (snort3-file-identify.rules)
 * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (snort3-file-identify.rules)
 * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (snort3-file-identify.rules)
 * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (snort3-file-identify.rules)
 * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (snort3-file-identify.rules)
 * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (snort3-file-identify.rules)
 * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (snort3-file-identify.rules)
 * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (snort3-file-identify.rules)
 * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (snort3-file-identify.rules)
 * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (snort3-file-identify.rules)
 * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (snort3-file-identify.rules)
 * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (snort3-file-identify.rules)
 * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (snort3-file-identify.rules)
 * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (snort3-file-identify.rules)
 * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (snort3-file-identify.rules)
 * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (snort3-file-identify.rules)
 * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (snort3-file-identify.rules)
 * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (snort3-file-identify.rules)
 * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (snort3-file-identify.rules)
 * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (snort3-file-identify.rules)
 * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (snort3-file-identify.rules)
 * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (snort3-file-identify.rules)
 * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules)
 * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules)
 * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (snort3-file-identify.rules)
 * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (snort3-file-identify.rules)
 * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (snort3-file-identify.rules)
 * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (snort3-file-identify.rules)
 * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (snort3-file-identify.rules)
 * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (snort3-file-identify.rules)
 * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (snort3-file-identify.rules)
 * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (snort3-file-identify.rules)
 * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules)
 * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules)
 * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (snort3-file-identify.rules)
 * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (snort3-file-identify.rules)
 * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (snort3-file-identify.rules)
 * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (snort3-file-identify.rules)
 * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (snort3-file-identify.rules)
 * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (snort3-file-identify.rules)
 * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (snort3-file-identify.rules)
 * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (snort3-file-identify.rules)
 * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (snort3-file-identify.rules)
 * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (snort3-file-identify.rules)
 * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (snort3-file-identify.rules)
 * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (snort3-file-identify.rules)
 * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (snort3-file-identify.rules)
 * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (snort3-file-identify.rules)
 * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (snort3-file-identify.rules)
 * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules)
 * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules)
 * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules)
 * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules)
 * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules)
 * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules)
 * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules)
 * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules)
 * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules)
 * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules)
 * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules)
 * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules)
 * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules)
 * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules)
 * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules)
 * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (snort3-file-identify.rules)
 * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (snort3-file-identify.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (snort3-os-windows.rules)
 * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (snort3-exploit-kit.rules)
 * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (snort3-os-mobile.rules)
 * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (snort3-file-office.rules)
 * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (snort3-file-office.rules)
 * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (snort3-file-identify.rules)
 * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (snort3-file-identify.rules)
 * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (snort3-file-identify.rules)
 * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (snort3-file-identify.rules)
 * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (snort3-file-identify.rules)
 * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (snort3-file-identify.rules)
 * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (snort3-file-identify.rules)
 * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (snort3-file-identify.rules)
 * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (snort3-file-identify.rules)
 * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (snort3-file-identify.rules)
 * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (snort3-file-identify.rules)
 * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules)
 * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules)
 * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (snort3-os-windows.rules)
 * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (snort3-file-identify.rules)
 * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (snort3-file-identify.rules)
 * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (snort3-file-identify.rules)
 * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (snort3-file-identify.rules)
 * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (snort3-file-identify.rules)
 * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (snort3-file-identify.rules)
 * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (snort3-file-identify.rules)
 * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules)
 * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules)
 * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (snort3-file-identify.rules)
 * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (snort3-file-identify.rules)
 * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (snort3-file-office.rules)
 * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (snort3-server-webapp.rules)
 * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (snort3-os-windows.rules)
 * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (snort3-file-identify.rules)
 * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (snort3-malware-cnc.rules)
 * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (snort3-malware-cnc.rules)
 * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (snort3-file-flash.rules)
 * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (snort3-file-flash.rules)
 * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (snort3-file-identify.rules)
 * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (snort3-file-identify.rules)
 * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules)
 * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules)
 * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules)
 * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules)
 * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (snort3-file-identify.rules)
 * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (snort3-file-identify.rules)
 * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (snort3-file-identify.rules)
 * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (snort3-file-identify.rules)
 * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (snort3-file-identify.rules)
 * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (snort3-file-identify.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (snort3-file-identify.rules)
 * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (snort3-file-identify.rules)
 * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (snort3-file-identify.rules)
 * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (snort3-file-identify.rules)
 * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (snort3-file-identify.rules)
 * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (snort3-file-identify.rules)
 * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (snort3-file-identify.rules)
 * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (snort3-file-identify.rules)
 * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (snort3-file-identify.rules)
 * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (snort3-file-identify.rules)
 * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (snort3-file-identify.rules)
 * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (snort3-file-identify.rules)
 * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (snort3-file-identify.rules)
 * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (snort3-file-identify.rules)
 * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (snort3-file-identify.rules)
 * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (snort3-file-identify.rules)
 * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (snort3-file-identify.rules)
 * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (snort3-file-identify.rules)
 * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (snort3-protocol-voip.rules)
 * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (snort3-file-identify.rules)
 * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (snort3-file-identify.rules)
 * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (snort3-file-identify.rules)
 * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (snort3-file-identify.rules)
 * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (snort3-file-identify.rules)
 * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (snort3-file-identify.rules)
 * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (snort3-file-identify.rules)
 * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (snort3-file-identify.rules)
 * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (snort3-file-identify.rules)
 * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (snort3-file-identify.rules)
 * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (snort3-file-identify.rules)
 * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (snort3-file-identify.rules)
 * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (snort3-file-identify.rules)
 * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (snort3-netbios.rules)
 * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (snort3-file-identify.rules)
 * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (snort3-file-identify.rules)
 * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (snort3-file-identify.rules)
 * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (snort3-file-identify.rules)
 * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (snort3-exploit-kit.rules)
 * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (snort3-file-identify.rules)
 * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (snort3-file-identify.rules)
 * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (snort3-file-identify.rules)
 * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (snort3-file-identify.rules)
 * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (snort3-file-identify.rules)
 * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (snort3-file-identify.rules)
 * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (snort3-file-identify.rules)
 * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (snort3-file-identify.rules)
 * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (snort3-file-identify.rules)
 * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (snort3-file-identify.rules)
 * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (snort3-server-other.rules)
 * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (snort3-file-identify.rules)
 * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (snort3-file-identify.rules)
 * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (snort3-file-identify.rules)
 * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (snort3-file-identify.rules)
 * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (snort3-file-identify.rules)
 * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules)
 * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules)
 * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules)
 * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules)
 * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules)
 * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules)
 * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (snort3-file-identify.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (snort3-file-identify.rules)
 * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (snort3-file-identify.rules)
 * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (snort3-netbios.rules)
 * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules)
 * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules)
 * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (snort3-file-identify.rules)
 * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules)
 * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (snort3-protocol-other.rules)
 * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (snort3-file-identify.rules)
 * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (snort3-file-identify.rules)
 * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (snort3-file-identify.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (snort3-file-identify.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (snort3-file-identify.rules)
 * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (snort3-exploit-kit.rules)
 * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (snort3-exploit-kit.rules)
 * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (snort3-file-identify.rules)
 * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (snort3-file-identify.rules)
 * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (snort3-file-identify.rules)
 * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (snort3-file-identify.rules)
 * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (snort3-file-identify.rules)
 * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (snort3-file-identify.rules)
 * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (snort3-file-identify.rules)
 * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (snort3-file-identify.rules)
 * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules)
 * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (snort3-server-other.rules)
 * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules)
 * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (snort3-file-flash.rules)
 * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (snort3-file-identify.rules)
 * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (snort3-file-identify.rules)
 * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (snort3-file-identify.rules)
 * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (snort3-file-identify.rules)
 * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (snort3-protocol-imap.rules)
 * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (snort3-file-identify.rules)
 * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (snort3-file-identify.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (snort3-file-identify.rules)
 * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (snort3-file-identify.rules)
 * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (snort3-file-identify.rules)
 * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (snort3-file-identify.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (snort3-server-mysql.rules)
 * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (snort3-file-identify.rules)
 * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules)
 * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (snort3-file-office.rules)
 * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (snort3-malware-backdoor.rules)
 * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (snort3-file-identify.rules)
 * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (snort3-file-identify.rules)
 * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules)
 * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules)
 * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (snort3-file-identify.rules)
 * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules)
 * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (snort3-file-flash.rules)
 * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (snort3-file-identify.rules)
 * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (snort3-file-identify.rules)
 * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (snort3-file-identify.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (snort3-file-identify.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (snort3-file-identify.rules)
 * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (snort3-protocol-other.rules)
 * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (snort3-file-identify.rules)
 * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (snort3-file-identify.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (snort3-os-windows.rules)
 * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (snort3-exploit-kit.rules)
 * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules)
 * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (snort3-file-identify.rules)
 * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules)
 * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (snort3-file-identify.rules)
 * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (snort3-file-multimedia.rules)
 * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (snort3-file-identify.rules)
 * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (snort3-file-identify.rules)
 * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (snort3-file-identify.rules)
 * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (snort3-browser-other.rules)
 * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules)
 * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (snort3-file-identify.rules)
 * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (snort3-file-identify.rules)
 * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (snort3-file-identify.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (snort3-file-identify.rules)
 * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (snort3-file-identify.rules)
 * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (snort3-file-identify.rules)
 * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (snort3-file-identify.rules)
 * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (snort3-file-identify.rules)
 * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (snort3-file-identify.rules)
 * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (snort3-server-other.rules)
 * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (snort3-file-identify.rules)
 * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (snort3-file-identify.rules)
 * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (snort3-file-identify.rules)
 * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules)
 * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (snort3-file-identify.rules)
 * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (snort3-file-identify.rules)
 * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (snort3-file-identify.rules)
 * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (snort3-file-identify.rules)
 * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (snort3-file-identify.rules)
 * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (snort3-file-identify.rules)
 * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (snort3-malware-cnc.rules)
 * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (snort3-server-other.rules)
 * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (snort3-os-windows.rules)
 * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (snort3-file-office.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (snort3-file-identify.rules)
 * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (snort3-file-identify.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (snort3-file-identify.rules)
 * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (snort3-file-identify.rules)
 * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (snort3-file-identify.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (snort3-malware-cnc.rules)
 * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (snort3-file-identify.rules)
 * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (snort3-file-identify.rules)
 * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (snort3-os-windows.rules)
 * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (snort3-file-identify.rules)
 * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (snort3-netbios.rules)
 * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (snort3-file-identify.rules)
 * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (snort3-file-identify.rules)
 * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (snort3-file-identify.rules)
 * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (snort3-file-identify.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (snort3-file-identify.rules)
 * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (snort3-file-identify.rules)
 * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (snort3-file-identify.rules)
 * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (snort3-file-identify.rules)
 * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (snort3-file-identify.rules)
 * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules)
 * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (snort3-file-identify.rules)
 * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (snort3-file-identify.rules)
 * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (snort3-file-identify.rules)
 * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (snort3-file-identify.rules)
 * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (snort3-file-identify.rules)
 * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (snort3-file-identify.rules)
 * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (snort3-file-identify.rules)
 * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (snort3-server-webapp.rules)
 * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (snort3-file-identify.rules)
 * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (snort3-browser-other.rules)
 * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (snort3-file-identify.rules)
 * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (snort3-file-identify.rules)
 * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (snort3-file-identify.rules)
 * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (snort3-file-identify.rules)
 * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (snort3-server-other.rules)
 * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (snort3-file-identify.rules)
 * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (snort3-file-identify.rules)
 * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (snort3-server-other.rules)
 * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (snort3-os-windows.rules)
 * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (snort3-exploit-kit.rules)
 * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (snort3-file-identify.rules)
 * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (snort3-file-identify.rules)
 * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (snort3-file-identify.rules)
 * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (snort3-file-identify.rules)
 * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (snort3-file-identify.rules)
 * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (snort3-server-webapp.rules)
 * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (snort3-file-identify.rules)
 * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (snort3-file-identify.rules)
 * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (snort3-file-identify.rules)
 * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (snort3-file-identify.rules)
 * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (snort3-file-identify.rules)
 * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (snort3-file-identify.rules)
 * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (snort3-netbios.rules)
 * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (snort3-file-identify.rules)
 * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (snort3-file-identify.rules)
 * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (snort3-file-identify.rules)
 * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (snort3-file-identify.rules)
 * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (snort3-netbios.rules)
 * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (snort3-file-identify.rules)
 * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (snort3-file-identify.rules)
 * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (snort3-file-identify.rules)
 * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (snort3-file-identify.rules)
 * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (snort3-file-identify.rules)
 * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (snort3-exploit-kit.rules)
 * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (snort3-file-identify.rules)
 * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (snort3-file-identify.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (snort3-os-windows.rules)
 * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (snort3-file-identify.rules)
 * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (snort3-file-identify.rules)
 * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (snort3-file-identify.rules)
 * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (snort3-file-identify.rules)
 * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (snort3-file-identify.rules)
 * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (snort3-malware-backdoor.rules)
 * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (snort3-file-identify.rules)
 * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (snort3-file-identify.rules)
 * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (snort3-server-other.rules)
 * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules)
 * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (snort3-file-identify.rules)
 * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (snort3-server-other.rules)
 * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (snort3-file-identify.rules)
 * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (snort3-file-flash.rules)
 * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (snort3-file-identify.rules)
 * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (snort3-file-identify.rules)
 * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (snort3-file-identify.rules)
 * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (snort3-malware-other.rules)
 * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (snort3-file-identify.rules)
 * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (snort3-file-identify.rules)
 * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (snort3-file-identify.rules)
 * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (snort3-file-identify.rules)
 * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (snort3-file-identify.rules)
 * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (snort3-file-identify.rules)
 * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (snort3-file-identify.rules)
 * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (snort3-file-identify.rules)
 * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (snort3-file-identify.rules)
 * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules)
 * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (snort3-exploit-kit.rules)
 * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (snort3-file-identify.rules)
 * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (snort3-file-identify.rules)
 * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (snort3-file-identify.rules)
 * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (snort3-netbios.rules)
 * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (snort3-file-identify.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (snort3-file-identify.rules)
 * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (snort3-file-identify.rules)
 * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (snort3-file-identify.rules)
 * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (snort3-file-identify.rules)
 * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules)
 * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (snort3-file-identify.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (snort3-file-identify.rules)
 * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules)
 * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (snort3-file-identify.rules)
 * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (snort3-file-identify.rules)
 * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (snort3-file-identify.rules)
 * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (snort3-file-identify.rules)
 * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (snort3-file-identify.rules)
 * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (snort3-file-identify.rules)
 * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (snort3-file-identify.rules)
 * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (snort3-file-identify.rules)
 * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (snort3-file-identify.rules)
 * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (snort3-file-identify.rules)
 * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (snort3-file-identify.rules)
 * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (snort3-netbios.rules)
 * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules)
 * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (snort3-file-identify.rules)
 * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (snort3-file-identify.rules)
 * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (snort3-file-identify.rules)
 * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules)
 * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (snort3-file-identify.rules)
 * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (snort3-file-identify.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (snort3-file-identify.rules)
 * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (snort3-file-identify.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (snort3-malware-cnc.rules)
 * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (snort3-file-identify.rules)
 * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules)
 * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (snort3-file-identify.rules)
 * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (snort3-file-identify.rules)
 * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (snort3-file-identify.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (snort3-policy-other.rules)
 * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (snort3-file-identify.rules)
 * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (snort3-file-identify.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (snort3-os-windows.rules)
 * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (snort3-file-identify.rules)
 * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (snort3-file-identify.rules)
 * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (snort3-file-identify.rules)
 * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (snort3-file-identify.rules)
 * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (snort3-file-identify.rules)
 * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (snort3-file-identify.rules)
 * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (snort3-file-identify.rules)
 * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (snort3-file-identify.rules)
 * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (snort3-file-identify.rules)
 * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (snort3-file-identify.rules)
 * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (snort3-netbios.rules)
 * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (snort3-file-office.rules)
 * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (snort3-file-identify.rules)
 * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (snort3-file-identify.rules)
 * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (snort3-file-identify.rules)
 * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (snort3-file-office.rules)
 * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (snort3-server-webapp.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (snort3-file-identify.rules)
 * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (snort3-file-identify.rules)
 * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (snort3-protocol-other.rules)
 * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (snort3-file-identify.rules)
 * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (snort3-file-identify.rules)
 * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (snort3-server-webapp.rules)
 * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (snort3-file-identify.rules)
 * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules)
 * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (snort3-file-identify.rules)
 * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (snort3-file-identify.rules)
 * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (snort3-file-identify.rules)
 * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (snort3-file-identify.rules)
 * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (snort3-malware-other.rules)
 * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (snort3-file-identify.rules)
 * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (snort3-malware-backdoor.rules)
 * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (snort3-malware-backdoor.rules)
 * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (snort3-malware-backdoor.rules)
 * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (snort3-malware-backdoor.rules)

2020-05-14 13:32:19 UTC

Snort Subscriber Rules Update

Date: 2020-05-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53972 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll DNS download attempt (malware-other.rules)
 * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules)
 * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules)
 * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules)
 * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE CobaltStrike multiple large DNS TXT query responses (indicator-compromise.rules)
 * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules)
 * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules)
 * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user creation command injection attempt (server-webapp.rules)
 * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules)
 * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules)
 * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules)
 * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules)
 * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules)
 * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)
 * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules)

Modified Rules:


 * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules)
 * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules)
 * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules)
 * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules)
 * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules)
 * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules)
 * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules)
 * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules)
 * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules)
 * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules)
 * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules)
 * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules)
 * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules)
 * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules)
 * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules)
 * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules)
 * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules)
 * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules)
 * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules)
 * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules)
 * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules)
 * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules)
 * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules)
 * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules)
 * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules)
 * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules)
 * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules)
 * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules)
 * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules)
 * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules)
 * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules)
 * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules)
 * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules)
 * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules)
 * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules)
 * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules)
 * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules)
 * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules)
 * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules)
 * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules)
 * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules)
 * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules)
 * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules)
 * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules)
 * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules)
 * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules)
 * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules)
 * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules)
 * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules)
 * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules)
 * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules)
 * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules)
 * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules)
 * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules)
 * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules)
 * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules)
 * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules)
 * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules)
 * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules)
 * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules)
 * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules)
 * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules)
 * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules)
 * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules)
 * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules)
 * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules)
 * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules)
 * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules)
 * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules)
 * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules)
 * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules)
 * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules)
 * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules)
 * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules)
 * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules)
 * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules)
 * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules)
 * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules)
 * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules)
 * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules)
 * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules)
 * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules)
 * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules)
 * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules)
 * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules)
 * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules)
 * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules)
 * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules)
 * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules)
 * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules)
 * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules)
 * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules)
 * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules)
 * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
 * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules)
 * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules)
 * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)
 * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules)
 * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules)
 * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules)
 * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules)
 * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules)
 * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules)
 * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules)
 * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules)
 * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules)
 * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules)
 * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules)
 * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules)
 * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules)
 * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules)
 * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules)
 * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules)
 * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules)
 * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules)
 * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules)
 * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules)
 * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules)
 * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules)
 * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules)
 * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules)
 * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules)
 * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules)
 * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules)
 * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules)
 * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules)
 * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules)
 * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules)
 * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules)
 * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules)
 * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules)
 * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules)
 * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules)
 * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules)
 * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules)
 * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules)
 * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules)
 * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules)
 * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules)
 * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules)
 * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules)
 * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules)
 * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules)
 * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules)
 * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules)
 * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules)
 * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules)
 * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules)
 * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules)
 * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules)
 * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules)
 * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules)
 * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules)
 * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules)
 * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules)
 * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules)
 * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules)
 * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules)
 * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules)
 * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules)
 * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules)
 * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules)
 * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules)
 * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules)
 * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules)
 * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules)
 * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules)
 * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules)
 * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules)
 * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules)
 * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules)
 * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules)
 * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules)
 * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules)
 * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules)
 * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules)
 * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules)
 * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules)
 * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules)
 * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules)
 * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules)
 * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules)
 * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules)
 * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules)
 * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules)
 * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules)
 * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules)
 * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules)
 * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules)
 * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules)
 * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules)
 * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules)
 * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules)
 * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules)
 * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules)
 * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules)
 * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules)
 * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules)
 * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules)
 * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules)
 * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules)
 * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules)
 * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules)
 * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules)
 * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules)
 * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules)
 * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules)
 * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules)
 * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules)
 * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules)
 * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules)
 * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules)
 * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules)
 * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules)
 * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules)
 * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules)
 * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules)
 * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules)
 * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules)
 * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules)
 * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules)
 * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules)
 * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules)
 * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules)
 * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules)
 * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules)
 * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules)
 * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules)
 * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules)
 * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules)
 * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules)
 * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules)
 * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules)
 * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules)
 * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules)
 * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules)
 * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules)
 * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules)
 * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules)
 * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules)
 * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules)
 * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules)
 * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules)
 * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)
 * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windo