Talos Rules 2021-02-23
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, file-executable, file-other, malware-cnc, policy-other, server-iis and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-02-23 14:07:06 UTC

Snort Subscriber Rules Update

Date: 2021-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules)
 * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules)
 * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules)
 * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules)
 * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules)
 * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules)
 * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules)
 * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules)
 * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules)
 * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules)
 * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules)
 * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules)
 * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules)
 * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules)
 * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules)
 * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules)
 * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules)
 * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules)
 * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules)
 * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules)
 * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules)
 * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules)
 * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules)
 * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules)
 * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules)
 * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules)
 * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules)
 * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules)
 * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules)
 * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules)
 * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules)
 * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules)
 * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules)
 * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)
 * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules)
 * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules)
 * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules)
 * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules)
 * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules)
 * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules)
 * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules)
 * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules)
 * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules)
 * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules)
 * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules)
 * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules)
 * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules)
 * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules)
 * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules)
 * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules)
 * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules)
 * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules)
 * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules)
 * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
 * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules)
 * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules)
 * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules)
 * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules)
 * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules)
 * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules)
 * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules)
 * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules)
 * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules)
 * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules)
 * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules)
 * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules)
 * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules)
 * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules)
 * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules)
 * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules)
 * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules)
 * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules)
 * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules)
 * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules)
 * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules)
 * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules)
 * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules)
 * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules)
 * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules)
 * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules)
 * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules)
 * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules)
 * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules)
 * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules)
 * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules)
 * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules)
 * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected  (policy-other.rules)
 * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules)
 * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules)
 * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules)
 * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules)
 * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules)
 * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules)
 * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules)
 * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules)
 * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules)
 * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules)
 * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules)
 * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules)
 * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
 * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)

2021-02-23 14:07:06 UTC

Snort Subscriber Rules Update

Date: 2021-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules)
 * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules)
 * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)

Modified Rules:


 * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules)
 * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules)
 * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules)
 * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules)
 * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules)
 * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules)
 * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules)
 * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules)
 * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules)
 * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules)
 * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules)
 * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules)
 * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules)
 * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules)
 * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules)
 * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules)
 * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules)
 * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules)
 * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules)
 * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules)
 * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules)
 * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules)
 * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules)
 * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules)
 * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules)
 * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules)
 * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules)
 * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules)
 * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules)
 * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules)
 * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules)
 * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules)
 * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules)
 * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules)
 * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules)
 * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules)
 * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules)
 * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
 * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules)
 * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules)
 * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules)
 * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules)
 * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules)
 * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules)
 * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules)
 * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules)
 * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules)
 * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules)
 * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules)
 * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules)
 * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules)
 * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules)
 * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules)
 * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules)
 * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules)
 * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules)
 * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules)
 * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules)
 * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules)
 * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules)
 * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules)
 * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules)
 * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules)
 * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules)
 * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules)
 * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules)
 * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules)
 * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules)
 * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules)
 * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules)
 * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules)
 * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules)
 * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected  (policy-other.rules)
 * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules)
 * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules)
 * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules)
 * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules)
 * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules)
 * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules)
 * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules)
 * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules)
 * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules)
 * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules)
 * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules)
 * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules)
 * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules)
 * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules)
 * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules)
 * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules)
 * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)
 * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules)
 * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules)
 * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules)
 * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules)
 * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules)
 * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules)
 * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules)
 * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules)
 * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
 * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)

2021-02-23 14:07:06 UTC

Snort Subscriber Rules Update

Date: 2021-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules)
 * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules)
 * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules)
 * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules)
 * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules)
 * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules)
 * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules)
 * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
 * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules)
 * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules)
 * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules)
 * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules)
 * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules)
 * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules)
 * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules)
 * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules)
 * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules)
 * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules)
 * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules)
 * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules)
 * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules)
 * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules)
 * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules)
 * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules)
 * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules)
 * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules)
 * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules)
 * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules)
 * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules)
 * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules)
 * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules)
 * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules)
 * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules)
 * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules)
 * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules)
 * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules)
 * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules)
 * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules)
 * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules)
 * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules)
 * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules)
 * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules)
 * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules)
 * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules)
 * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules)
 * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules)
 * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules)
 * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules)
 * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules)
 * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules)
 * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules)
 * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules)
 * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules)
 * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules)
 * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules)
 * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules)
 * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules)
 * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules)
 * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules)
 * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules)
 * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules)
 * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules)
 * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules)
 * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules)
 * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules)
 * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules)
 * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules)
 * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules)
 * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules)
 * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules)
 * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules)
 * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules)
 * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules)
 * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules)
 * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules)
 * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected  (policy-other.rules)
 * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules)
 * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules)
 * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules)
 * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules)
 * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules)
 * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules)
 * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules)
 * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules)
 * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules)
 * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules)
 * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules)
 * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules)
 * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules)
 * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules)
 * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules)
 * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules)
 * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)
 * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules)
 * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules)
 * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules)
 * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules)
 * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules)
 * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules)
 * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules)
 * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules)
 * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
 * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)

2021-02-23 14:07:06 UTC

Snort Subscriber Rules Update

Date: 2021-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules)
 * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules)
 * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)

Modified Rules:


 * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules)
 * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules)
 * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules)
 * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules)
 * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules)
 * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules)
 * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules)
 * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules)
 * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules)
 * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules)
 * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules)
 * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules)
 * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules)
 * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules)
 * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules)
 * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules)
 * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules)
 * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules)
 * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules)
 * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules)
 * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules)
 * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
 * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules)
 * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules)
 * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules)
 * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules)
 * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules)
 * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules)
 * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules)
 * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules)
 * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules)
 * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules)
 * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules)
 * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules)
 * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules)
 * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules)
 * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules)
 * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules)
 * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules)
 * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules)
 * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules)
 * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules)
 * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules)
 * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules)
 * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules)
 * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules)
 * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules)
 * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules)
 * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules)
 * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules)
 * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules)
 * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules)
 * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules)
 * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules)
 * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules)
 * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules)
 * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules)
 * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules)
 * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules)
 * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules)
 * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules)
 * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules)
 * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules)
 * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules)
 * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules)
 * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules)
 * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules)
 * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules)
 * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules)
 * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules)
 * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules)
 * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules)
 * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules)
 * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules)
 * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules)
 * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected  (policy-other.rules)
 * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules)
 * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules)
 * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules)
 * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules)
 * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules)
 * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules)
 * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules)
 * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules)
 * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules)
 * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules)
 * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules)
 * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules)
 * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules)
 * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules)
 * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules)
 * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules)
 * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)
 * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules)
 * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules)
 * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules)
 * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules)
 * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules)
 * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules)
 * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules)
 * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules)
 * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
 * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)

2021-02-23 14:07:06 UTC

Snort Subscriber Rules Update

Date: 2021-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules)
 * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules)
 * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)

Modified Rules:


 * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules)
 * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules)
 * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules)
 * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules)
 * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules)
 * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules)
 * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules)
 * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules)
 * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules)
 * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules)
 * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules)
 * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules)
 * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules)
 * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules)
 * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules)
 * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules)
 * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
 * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules)
 * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules)
 * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules)
 * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules)
 * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules)
 * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules)
 * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules)
 * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
 * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules)
 * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules)
 * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules)
 * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules)
 * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules)
 * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules)
 * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules)
 * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules)
 * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules)
 * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules)
 * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules)
 * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules)
 * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules)
 * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules)
 * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules)
 * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules)
 * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules)
 * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules)
 * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules)
 * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules)
 * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules)
 * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules)
 * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules)
 * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules)
 * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules)
 * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules)
 * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules)
 * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules)
 * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules)
 * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules)
 * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules)
 * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules)
 * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules)
 * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules)
 * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules)
 * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules)
 * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules)
 * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules)
 * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules)
 * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules)
 * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules)
 * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules)
 * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules)
 * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules)
 * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules)
 * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules)
 * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules)
 * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules)
 * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected  (policy-other.rules)
 * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules)
 * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules)
 * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules)
 * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules)
 * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules)
 * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules)
 * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules)
 * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules)
 * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules)
 * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules)
 * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules)
 * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules)
 * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules)
 * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules)
 * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules)
 * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules)
 * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules)
 * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules)
 * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules)
 * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules)
 * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules)
 * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules)
 * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
 * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)

2021-02-23 14:07:06 UTC

Snort Subscriber Rules Update

Date: 2021-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules)
 * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules)
 * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)

Modified Rules:


 * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules)
 * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules)
 * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules)
 * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules)
 * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules)
 * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules)
 * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules)
 * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules)
 * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules)
 * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules)
 * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules)
 * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules)
 * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules)
 * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules)
 * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules)
 * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules)
 * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules)
 * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules)
 * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules)
 * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules)
 * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules)
 * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules)
 * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules)
 * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules)
 * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules)
 * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules)
 * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules)
 * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules)
 * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules)
 * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules)
 * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules)
 * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules)
 * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules)
 * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules)
 * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules)
 * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules)
 * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules)
 * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules)
 * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules)
 * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules)
 * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules)
 * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules)
 * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules)
 * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules)
 * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules)
 * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules)
 * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules)
 * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules)
 * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules)
 * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules)
 * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules)
 * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules)
 * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules)
 * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules)
 * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules)
 * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected  (policy-other.rules)
 * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules)
 * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules)
 * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules)
 * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules)
 * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules)
 * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules)
 * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules)
 * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules)
 * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules)
 * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules)
 * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules)
 * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules)
 * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules)
 * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)
 * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules)
 * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules)
 * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules)
 * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules)
 * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules)
 * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules)
 * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules)
 * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules)
 * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules)
 * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules)
 * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules)
 * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules)
 * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules)
 * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules)
 * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules)
 * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
 * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)

2021-02-23 14:07:06 UTC

Snort Subscriber Rules Update

Date: 2021-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules)
 * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules)
 * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)

Modified Rules:


 * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules)
 * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules)
 * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules)
 * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
 * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules)
 * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules)
 * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules)
 * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules)
 * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules)
 * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules)
 * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules)
 * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules)
 * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules)
 * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules)
 * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules)
 * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules)
 * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules)
 * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules)
 * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules)
 * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules)
 * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules)
 * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules)
 * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules)
 * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules)
 * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules)
 * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules)
 * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules)
 * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules)
 * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules)
 * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules)
 * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules)
 * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules)
 * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules)
 * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules)
 * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)
 * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules)
 * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules)
 * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules)
 * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules)
 * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules)
 * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules)
 * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules)
 * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules)
 * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules)
 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules)
 * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules)
 * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules)
 * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules)
 * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules)
 * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules)
 * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules)
 * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules)
 * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules)
 * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules)
 * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules)
 * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules)
 * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules)
 * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules)
 * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules)
 * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules)
 * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules)
 * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules)
 * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules)
 * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected  (policy-other.rules)
 * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules)
 * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules)
 * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules)
 * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules)
 * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules)
 * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules)
 * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules)
 * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules)
 * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules)
 * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules)
 * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules)
 * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules)
 * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules)
 * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules)
 * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules)
 * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules)
 * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules)
 * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules)
 * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules)
 * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules)
 * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules)
 * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules)
 * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
 * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)

2021-02-23 14:07:06 UTC

Snort Subscriber Rules Update

Date: 2021-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules)
 * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules)
 * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules)
 * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules)
 * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules)
 * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules)
 * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules)
 * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules)
 * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules)
 * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
 * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules)
 * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules)
 * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules)
 * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules)
 * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules)
 * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules)
 * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules)
 * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules)
 * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules)
 * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules)
 * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules)
 * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules)
 * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules)
 * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules)
 * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules)
 * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules)
 * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules)
 * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules)
 * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules)
 * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules)
 * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules)
 * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules)
 * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules)
 * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules)
 * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules)
 * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules)
 * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules)
 * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules)
 * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules)
 * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules)
 * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules)
 * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules)
 * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules)
 * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules)
 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules)
 * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules)
 * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules)
 * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules)
 * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules)
 * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules)
 * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules)
 * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules)
 * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules)
 * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules)
 * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules)
 * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules)
 * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules)
 * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules)
 * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules)
 * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules)
 * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected  (policy-other.rules)
 * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules)
 * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules)
 * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules)
 * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules)
 * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules)
 * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules)
 * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules)
 * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules)
 * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules)
 * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules)
 * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules)
 * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules)
 * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules)
 * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules)
 * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules)
 * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules)
 * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules)
 * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules)
 * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules)
 * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules)
 * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules)
 * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
 * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules)
 * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules)
 * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules)
 * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules)
 * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules)
 * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules)
 * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules)
 * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules)
 * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules)
 * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules)
 * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
 * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)

2021-02-23 14:07:06 UTC

Snort Subscriber Rules Update

Date: 2021-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (snort3-malware-cnc.rules)
 * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (snort3-malware-cnc.rules)
 * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (snort3-malware-cnc.rules)
 * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (snort3-server-other.rules)
 * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (snort3-server-other.rules)
 * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (snort3-malware-cnc.rules)
 * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (snort3-malware-cnc.rules)
 * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (snort3-malware-cnc.rules)
 * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (snort3-server-other.rules)
 * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (snort3-server-other.rules)
 * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (snort3-server-other.rules)
 * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (snort3-server-other.rules)
 * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (snort3-malware-cnc.rules)
 * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (snort3-malware-cnc.rules)
 * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (snort3-malware-cnc.rules)
 * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (snort3-file-other.rules)
 * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (snort3-file-other.rules)
 * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (snort3-malware-cnc.rules)
 * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (snort3-browser-ie.rules)
 * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (snort3-browser-ie.rules)
 * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (snort3-server-webapp.rules)
 * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (snort3-policy-other.rules)
 * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (snort3-policy-other.rules)
 * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (snort3-policy-other.rules)
 * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules)
 * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (snort3-policy-other.rules)
 * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (snort3-policy-other.rules)
 * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (snort3-policy-other.rules)
 * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (snort3-policy-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (snort3-policy-other.rules)
 * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules)
 * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (snort3-policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (snort3-policy-other.rules)
 * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules)
 * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules)
 * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (snort3-policy-other.rules)
 * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (snort3-policy-other.rules)
 * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (snort3-policy-other.rules)
 * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (snort3-policy-other.rules)
 * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (snort3-policy-other.rules)
 * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules)
 * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (snort3-policy-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (snort3-policy-other.rules)
 * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (snort3-policy-other.rules)
 * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (snort3-policy-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (snort3-policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (snort3-policy-other.rules)
 * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (snort3-policy-other.rules)
 * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (snort3-policy-other.rules)
 * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (snort3-policy-other.rules)
 * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (snort3-policy-other.rules)
 * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (snort3-policy-other.rules)
 * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (snort3-policy-other.rules)
 * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (snort3-policy-other.rules)
 * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (snort3-policy-other.rules)
 * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (snort3-policy-other.rules)
 * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (snort3-policy-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (snort3-policy-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (snort3-policy-other.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (snort3-policy-other.rules)
 * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (snort3-policy-other.rules)
 * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (snort3-policy-other.rules)
 * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (snort3-policy-other.rules)
 * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (snort3-policy-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (snort3-policy-other.rules)
 * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (snort3-policy-other.rules)
 * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (snort3-policy-other.rules)
 * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (snort3-policy-other.rules)
 * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (snort3-policy-other.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (snort3-policy-other.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (snort3-policy-other.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (snort3-policy-other.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (snort3-file-other.rules)
 * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (snort3-policy-other.rules)
 * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (snort3-policy-other.rules)
 * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (snort3-policy-other.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (snort3-policy-other.rules)
 * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (snort3-policy-other.rules)
 * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (snort3-policy-other.rules)
 * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (snort3-policy-other.rules)
 * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (snort3-policy-other.rules)
 * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (snort3-policy-other.rules)
 * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (snort3-policy-other.rules)
 * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (snort3-policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (snort3-policy-other.rules)
 * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (snort3-policy-other.rules)
 * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (snort3-policy-other.rules)
 * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (snort3-policy-other.rules)
 * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (snort3-policy-other.rules)
 * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (snort3-policy-other.rules)
 * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (snort3-policy-other.rules)
 * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (snort3-server-other.rules)
 * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (snort3-policy-other.rules)
 * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (snort3-server-other.rules)
 * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (snort3-policy-other.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (snort3-policy-other.rules)
 * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (snort3-policy-other.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (snort3-policy-other.rules)
 * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (snort3-policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (snort3-policy-other.rules)
 * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (snort3-policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (snort3-policy-other.rules)
 * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (snort3-policy-other.rules)
 * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (snort3-policy-other.rules)
 * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (snort3-policy-other.rules)
 * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (snort3-policy-other.rules)
 * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (snort3-policy-other.rules)
 * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (snort3-policy-other.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (snort3-policy-other.rules)
 * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (snort3-policy-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (snort3-policy-other.rules)
 * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (snort3-policy-other.rules)
 * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (snort3-policy-other.rules)
 * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (snort3-policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (snort3-policy-other.rules)
 * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (snort3-policy-other.rules)
 * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (snort3-policy-other.rules)
 * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (snort3-policy-other.rules)
 * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (snort3-policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (snort3-policy-other.rules)
 * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (snort3-policy-other.rules)
 * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (snort3-policy-other.rules)
 * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (snort3-server-webapp.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (snort3-policy-other.rules)
 * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (snort3-policy-other.rules)
 * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (snort3-policy-other.rules)
 * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (snort3-policy-other.rules)
 * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (snort3-server-iis.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (snort3-policy-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (snort3-server-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
 * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (snort3-policy-other.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (snort3-policy-other.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (snort3-policy-other.rules)
 * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (snort3-policy-other.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (snort3-policy-other.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (snort3-policy-other.rules)
 * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (snort3-policy-other.rules)
 * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (snort3-policy-other.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (snort3-policy-other.rules)
 * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (snort3-policy-other.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (snort3-policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (snort3-policy-other.rules)
 * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (snort3-policy-other.rules)
 * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (snort3-policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (snort3-policy-other.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (snort3-policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (snort3-policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (snort3-policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (snort3-policy-other.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (snort3-policy-other.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (snort3-policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (snort3-policy-other.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (snort3-policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (snort3-policy-other.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- snort3-policy-other.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (snort3-policy-other.rules)
 * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (snort3-policy-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (snort3-policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (snort3-policy-other.rules)
 * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (snort3-policy-other.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (snort3-policy-other.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (snort3-policy-other.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (snort3-policy-other.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (snort3-policy-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (snort3-policy-other.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (snort3-policy-other.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (snort3-policy-other.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (snort3-policy-other.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (snort3-policy-other.rules)
 * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (snort3-policy-other.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (snort3-policy-other.rules)
 * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (snort3-policy-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (snort3-server-webapp.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (snort3-policy-other.rules)
 * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (snort3-policy-other.rules)
 * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (snort3-policy-other.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (snort3-policy-other.rules)
 * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (snort3-policy-other.rules)
 * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (snort3-server-webapp.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (snort3-policy-other.rules)
 * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (snort3-policy-other.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (snort3-policy-other.rules)
 * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (snort3-policy-other.rules)
 * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (snort3-policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (snort3-policy-other.rules)
 * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (snort3-policy-other.rules)
 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (snort3-policy-other.rules)
 * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (snort3-policy-other.rules)
 * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (snort3-policy-other.rules)
 * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (snort3-policy-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (snort3-policy-other.rules)
 * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (snort3-policy-other.rules)
 * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (snort3-policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (snort3-policy-other.rules)
 * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (snort3-policy-other.rules)
 * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (snort3-policy-other.rules)
 * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (snort3-policy-other.rules)
 * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (snort3-policy-other.rules)
 * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (snort3-policy-other.rules)
 * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (snort3-policy-other.rules)
 * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (snort3-policy-other.rules)
 * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (snort3-policy-other.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (snort3-policy-other.rules)
 * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (snort3-policy-other.rules)
 * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (snort3-policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules)
 * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (snort3-policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (snort3-policy-other.rules)
 * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (snort3-policy-other.rules)
 * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (snort3-policy-other.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (snort3-policy-other.rules)
 * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (snort3-policy-other.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (snort3-policy-other.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (snort3-policy-other.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (snort3-policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (snort3-policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules)
 * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (snort3-policy-other.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (snort3-policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (snort3-policy-other.rules)
 * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (snort3-policy-other.rules)
 * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (snort3-policy-other.rules)
 * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (snort3-policy-other.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (snort3-policy-other.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (snort3-policy-other.rules)
 * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (snort3-policy-other.rules)
 * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (snort3-policy-other.rules)
 * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (snort3-policy-other.rules)
 * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (snort3-policy-other.rules)
 * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (snort3-policy-other.rules)
 * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (snort3-policy-other.rules)
 * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (snort3-policy-other.rules)
 * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (snort3-policy-other.rules)
 * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (snort3-policy-other.rules)
 * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules)
 * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules)
 * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (snort3-policy-other.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (snort3-policy-other.rules)
 * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules)
 * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (snort3-policy-other.rules)
 * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (snort3-policy-other.rules)
 * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (snort3-policy-other.rules)
 * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (snort3-policy-other.rules)
 * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (snort3-policy-other.rules)
 * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (snort3-policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules)
 * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules)
 * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (snort3-policy-other.rules)
 * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (snort3-policy-other.rules)
 * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (snort3-policy-other.rules)
 * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (snort3-policy-other.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (snort3-policy-other.rules)
 * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (snort3-policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules)
 * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (snort3-policy-other.rules)
 * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules)
 * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (snort3-policy-other.rules)
 * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules)
 * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (snort3-policy-other.rules)
 * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (snort3-policy-other.rules)
 * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (snort3-policy-other.rules)
 * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules)
 * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (snort3-policy-other.rules)
 * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected  (snort3-policy-other.rules)
 * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (snort3-policy-other.rules)
 * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (snort3-policy-other.rules)
 * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (snort3-policy-other.rules)
 * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (snort3-policy-other.rules)
 * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (snort3-policy-other.rules)
 * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (snort3-policy-other.rules)
 * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (snort3-policy-other.rules)
 * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (snort3-policy-other.rules)
 * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (snort3-policy-other.rules)
 * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (snort3-policy-other.rules)
 * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (snort3-policy-other.rules)
 * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (snort3-policy-other.rules)
 * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (snort3-policy-other.rules)
 * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (snort3-policy-other.rules)
 * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (snort3-policy-other.rules)
 * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (snort3-policy-other.rules)
 * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (snort3-policy-other.rules)
 * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (snort3-policy-other.rules)
 * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (snort3-policy-other.rules)
 * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (snort3-policy-other.rules)
 * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (snort3-policy-other.rules)
 * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (snort3-policy-other.rules)
 * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (snort3-policy-other.rules)
 * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (snort3-policy-other.rules)
 * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (snort3-policy-other.rules)
 * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (snort3-policy-other.rules)
 * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (snort3-policy-other.rules)
 * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (snort3-policy-other.rules)
 * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (snort3-policy-other.rules)
 * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (snort3-policy-other.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (snort3-policy-other.rules)
 * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (snort3-policy-other.rules)
 * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (snort3-policy-other.rules)
 * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (snort3-policy-other.rules)
 * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (snort3-policy-other.rules)
 * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (snort3-policy-other.rules)
 * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (snort3-policy-other.rules)
 * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (snort3-policy-other.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (snort3-policy-other.rules)
 * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (snort3-policy-other.rules)
 * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (snort3-policy-other.rules)
 * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (snort3-policy-other.rules)
 * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (snort3-policy-other.rules)
 * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (snort3-policy-other.rules)
 * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (snort3-policy-other.rules)
 * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (snort3-policy-other.rules)
 * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (snort3-policy-other.rules)
 * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (snort3-policy-other.rules)
 * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (snort3-policy-other.rules)
 * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (snort3-policy-other.rules)
 * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (snort3-policy-other.rules)
 * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (snort3-policy-other.rules)
 * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (snort3-policy-other.rules)
 * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (snort3-policy-other.rules)
 * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (snort3-policy-other.rules)
 * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (snort3-policy-other.rules)
 * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (snort3-policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules)
 * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (snort3-policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (snort3-policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (snort3-policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules)
 * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (snort3-policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules)
 * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (snort3-policy-other.rules)
 * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (snort3-policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (snort3-policy-other.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (snort3-policy-other.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (snort3-policy-other.rules)
 * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (snort3-policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (snort3-policy-other.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (snort3-policy-other.rules)
 * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (snort3-policy-other.rules)
 * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (snort3-policy-other.rules)
 * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (snort3-policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (snort3-policy-other.rules)
 * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (snort3-policy-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (snort3-policy-other.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (snort3-policy-other.rules)
 * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (snort3-policy-other.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (snort3-policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (snort3-policy-other.rules)
 * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (snort3-policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
 * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules)
 * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules)
 * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (snort3-policy-other.rules)
 * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (snort3-policy-other.rules)

2021-02-23 14:07:06 UTC

Snort Subscriber Rules Update

Date: 2021-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
 * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules)
 * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules)
 * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
 * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
 * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
 * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
 * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
 * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)

Modified Rules:


 * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules)
 * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules)
 * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules)
 * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules)
 * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules)
 * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
 * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules)
 * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules)
 * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules)
 * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules)
 * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules)
 * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules)
 * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules)
 * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules)
 * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules)
 * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules)
 * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules)
 * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules)
 * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules)
 * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules)
 * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules)
 * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules)
 * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules)
 * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules)
 * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules)
 * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules)
 * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules)
 * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules)
 * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)
 * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules)
 * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules)
 * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules)
 * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules)
 * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules)
 * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules)
 * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules)
 * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules)
 * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules)
 * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules)
 * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules)
 * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules)
 * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules)
 * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules)
 * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules)
 * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules)
 * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules)
 * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules)
 * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules)
 * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules)
 * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules)
 * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules)
 * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules)
 * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules)
 * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules)
 * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules)
 * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules)
 * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules)
 * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules)
 * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules)
 * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules)
 * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules)
 * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules)
 * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules)
 * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules)
 * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules)
 * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules)
 * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules)
 * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules)
 * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules)
 * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules)
 * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules)
 * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules)
 * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules)
 * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules)
 * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules)
 * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules)
 * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules)
 * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules)
 * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules)
 * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules)
 * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules)
 * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules)
 * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules)
 * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules)
 * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules)
 * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules)
 * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules)
 * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules)
 * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules)
 * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
 * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules)
 * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules)
 * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules)
 * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules)
 * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules)
 * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules)
 * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules)
 * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules)
 * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules)
 * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules)
 * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules)
 * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules)
 * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules)
 * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules)
 * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules)
 * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules)
 * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules)
 * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules)
 * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules)
 * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules)
 * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules)
 * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules)
 * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules)
 * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules)
 * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules)
 * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules)
 * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules)
 * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules)
 * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules)
 * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules)
 * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules)
 * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules)
 * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules)
 * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules)
 * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules)
 * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules)
 * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules)
 * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules)
 * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules)
 * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules)
 * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules)
 * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules)
 * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules)
 * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules)
 * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules)
 * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules)
 * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules)
 * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules)
 * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules)
 * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
 * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected  (policy-other.rules)
 * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules)
 * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules)
 * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules)
 * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules)
 * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules)
 * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules)
 * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules)
 * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules)
 * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules)
 * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules)
 * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules)
 * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules)
 * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules)
 * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules)
 * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules)
 * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules)
 * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules)
 * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules)
 * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules)
 * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules)
 * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules)
 * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules)
 * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules)
 * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules)
 * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules)
 * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules)
 * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules)
 * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules)
 * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules)
 * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules)
 * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
 * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)