Talos Rules 2020-11-19
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, exploit-kit, file-image, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-11-19 13:31:42 UTC

Snort Subscriber Rules Update

Date: 2020-11-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56425 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56426 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56427 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56428 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56429 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56430 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56432 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56433 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56434 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56435 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56436 <-> DISABLED <-> SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt (server-webapp.rules)
 * 1:56437 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56438 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56445 <-> ENABLED <-> SERVER-WEBAPP Java Library UniversalExtractor unauthorized deserialization attempt (server-webapp.rules)
 * 1:56446 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (exploit-kit.rules)
 * 1:56449 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56450 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 3:56431 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56424 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Spaces Connector command injection attempt (server-webapp.rules)
 * 3:56441 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56440 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56443 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56442 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56447 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56444 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56448 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

Modified Rules:


 * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:49992 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49994 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49993 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49995 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:56199 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1193 attack attempt (server-webapp.rules)

2020-11-19 13:31:42 UTC

Snort Subscriber Rules Update

Date: 2020-11-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56435 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56426 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56428 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56433 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56425 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56430 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56438 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56445 <-> ENABLED <-> SERVER-WEBAPP Java Library UniversalExtractor unauthorized deserialization attempt (server-webapp.rules)
 * 1:56446 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (exploit-kit.rules)
 * 1:56432 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56449 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56427 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56429 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56450 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56436 <-> DISABLED <-> SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt (server-webapp.rules)
 * 1:56437 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56434 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 3:56440 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56431 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56442 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56441 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56444 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56443 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56448 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56447 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56424 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Spaces Connector command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:49992 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49994 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49993 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49995 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:56199 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1193 attack attempt (server-webapp.rules)

2020-11-19 13:31:43 UTC

Snort Subscriber Rules Update

Date: 2020-11-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56433 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56427 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56429 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56445 <-> ENABLED <-> SERVER-WEBAPP Java Library UniversalExtractor unauthorized deserialization attempt (server-webapp.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56436 <-> DISABLED <-> SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt (server-webapp.rules)
 * 1:56426 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56437 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56435 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56425 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56434 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56430 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56432 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56449 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56428 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56446 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (exploit-kit.rules)
 * 1:56450 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56438 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 3:56424 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Spaces Connector command injection attempt (server-webapp.rules)
 * 3:56441 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56440 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56431 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56442 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56447 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56444 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56443 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56448 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

Modified Rules:


 * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:49995 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49993 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:56199 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1193 attack attempt (server-webapp.rules)
 * 3:49992 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49994 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)

2020-11-19 13:31:43 UTC

Snort Subscriber Rules Update

Date: 2020-11-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56429 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56433 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56428 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56432 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56446 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (exploit-kit.rules)
 * 1:56430 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56435 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56436 <-> DISABLED <-> SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt (server-webapp.rules)
 * 1:56449 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56427 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56437 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56450 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56425 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56434 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56426 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56445 <-> ENABLED <-> SERVER-WEBAPP Java Library UniversalExtractor unauthorized deserialization attempt (server-webapp.rules)
 * 1:56438 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 3:56431 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56424 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Spaces Connector command injection attempt (server-webapp.rules)
 * 3:56442 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56440 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56443 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56448 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56441 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56444 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56447 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

Modified Rules:


 * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:49995 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49993 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:56199 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1193 attack attempt (server-webapp.rules)
 * 3:49992 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49994 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)

2020-11-19 13:31:43 UTC

Snort Subscriber Rules Update

Date: 2020-11-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56437 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56432 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56446 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (exploit-kit.rules)
 * 1:56430 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56435 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56434 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56449 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56436 <-> DISABLED <-> SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt (server-webapp.rules)
 * 1:56429 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56425 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56450 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56428 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56433 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56427 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56445 <-> ENABLED <-> SERVER-WEBAPP Java Library UniversalExtractor unauthorized deserialization attempt (server-webapp.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56438 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56426 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 3:56447 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56440 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56424 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Spaces Connector command injection attempt (server-webapp.rules)
 * 3:56431 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56444 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56441 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56442 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56443 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56448 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)

Modified Rules:


 * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:56199 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1193 attack attempt (server-webapp.rules)
 * 3:49993 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49995 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49992 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49994 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)

2020-11-19 13:31:43 UTC

Snort Subscriber Rules Update

Date: 2020-11-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56429 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56435 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56446 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (exploit-kit.rules)
 * 1:56449 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56432 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56450 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56445 <-> ENABLED <-> SERVER-WEBAPP Java Library UniversalExtractor unauthorized deserialization attempt (server-webapp.rules)
 * 1:56434 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56425 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56437 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56433 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56438 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56426 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56430 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56436 <-> DISABLED <-> SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt (server-webapp.rules)
 * 1:56428 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56427 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 3:56443 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56424 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Spaces Connector command injection attempt (server-webapp.rules)
 * 3:56444 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56440 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56448 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56431 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56441 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56447 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56442 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:49992 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49995 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49994 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:56199 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1193 attack attempt (server-webapp.rules)
 * 3:49993 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)

2020-11-19 13:31:43 UTC

Snort Subscriber Rules Update

Date: 2020-11-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56437 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56429 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56436 <-> DISABLED <-> SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt (server-webapp.rules)
 * 1:56427 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56425 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56445 <-> ENABLED <-> SERVER-WEBAPP Java Library UniversalExtractor unauthorized deserialization attempt (server-webapp.rules)
 * 1:56435 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56426 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56433 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56432 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56446 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (exploit-kit.rules)
 * 1:56438 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56449 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56428 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56434 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56430 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56450 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 3:56443 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56444 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56448 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56424 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Spaces Connector command injection attempt (server-webapp.rules)
 * 3:56441 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56442 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56447 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56431 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56440 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:49995 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49992 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49994 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49993 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:56199 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1193 attack attempt (server-webapp.rules)

2020-11-19 13:31:43 UTC

Snort Subscriber Rules Update

Date: 2020-11-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56436 <-> DISABLED <-> SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt (server-webapp.rules)
 * 1:56430 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56446 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (exploit-kit.rules)
 * 1:56445 <-> ENABLED <-> SERVER-WEBAPP Java Library UniversalExtractor unauthorized deserialization attempt (server-webapp.rules)
 * 1:56438 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56435 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56449 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56429 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56433 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56425 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56432 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56428 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56450 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56427 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56426 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56434 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56437 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 3:56424 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Spaces Connector command injection attempt (server-webapp.rules)
 * 3:56441 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56443 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56447 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56442 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56444 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56431 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56440 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56448 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)

Modified Rules:


 * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:49995 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49992 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49994 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49993 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:56199 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1193 attack attempt (server-webapp.rules)

2020-11-19 13:31:43 UTC

Snort Subscriber Rules Update

Date: 2020-11-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56428 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (snort3-policy-other.rules)
 * 1:56432 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:56433 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:56430 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:56450 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (snort3-browser-chrome.rules)
 * 1:56445 <-> ENABLED <-> SERVER-WEBAPP Java Library UniversalExtractor unauthorized deserialization attempt (snort3-server-webapp.rules)
 * 1:56449 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (snort3-browser-chrome.rules)
 * 1:56426 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (snort3-malware-other.rules)
 * 1:56429 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:56427 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:56436 <-> DISABLED <-> SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt (snort3-server-webapp.rules)
 * 1:56437 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (snort3-browser-chrome.rules)
 * 1:56434 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:56425 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (snort3-malware-other.rules)
 * 1:56435 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:56438 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (snort3-browser-chrome.rules)
 * 1:56446 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (snort3-exploit-kit.rules)

Modified Rules:


 * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (snort3-server-webapp.rules)
 * 1:45545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.SHLayer variant outbound connection (snort3-malware-cnc.rules)
 * 1:50065 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (snort3-malware-other.rules)
 * 1:50066 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (snort3-malware-other.rules)

2020-11-19 13:31:43 UTC

Snort Subscriber Rules Update

Date: 2020-11-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56426 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56435 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56438 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56433 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56449 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56437 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules)
 * 1:56446 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (exploit-kit.rules)
 * 1:56425 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules)
 * 1:56436 <-> DISABLED <-> SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt (server-webapp.rules)
 * 1:56434 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56429 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56427 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56430 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56432 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56428 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:56450 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules)
 * 1:56445 <-> ENABLED <-> SERVER-WEBAPP Java Library UniversalExtractor unauthorized deserialization attempt (server-webapp.rules)
 * 3:56441 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56447 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56424 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Spaces Connector command injection attempt (server-webapp.rules)
 * 3:56444 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56440 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56431 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)
 * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules)
 * 3:56443 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56442 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules)
 * 3:56448 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules)

Modified Rules:


 * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:49995 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:56199 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1193 attack attempt (server-webapp.rules)
 * 3:49993 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49992 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)
 * 3:49994 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules)