Talos has added and modified multiple rules in the browser-ie, file-executable, file-other, malware-cnc, policy-other, server-iis and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules) * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules) * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
* 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules) * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules) * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules) * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules) * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules) * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules) * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules) * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules) * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules) * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules) * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules) * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules) * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules) * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules) * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules) * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules) * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules) * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules) * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules) * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules) * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules) * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules) * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules) * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules) * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules) * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules)
* 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules) * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules) * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules) * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules) * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules) * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules) * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules) * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules) * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules) * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules) * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules) * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules) * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules) * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules) * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules) * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules) * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules) * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules) * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules) * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules) * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules) * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules) * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules) * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules) * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules) * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules)
* 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules) * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules) * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules) * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules) * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules) * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules) * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules) * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules) * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules) * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules) * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules) * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules) * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules) * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules) * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules) * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules) * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules) * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules) * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules) * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules) * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules) * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules) * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules)
* 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules) * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules) * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules) * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules) * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules) * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules) * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules) * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules) * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules) * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules) * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules) * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules) * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules) * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules) * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules) * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules) * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules) * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules) * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules) * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules) * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules) * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules) * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules) * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
* 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules) * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules) * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules) * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules) * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules) * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules) * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules) * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules) * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules) * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules) * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules) * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules) * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules) * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules) * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules) * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules) * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules) * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules)
* 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules) * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules) * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules) * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules) * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules) * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules) * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules) * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules) * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules) * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules) * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules) * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules) * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules) * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules) * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules) * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules) * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules) * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules) * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules)
* 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules) * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules) * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules) * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules) * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules) * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules) * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules) * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules) * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules) * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules) * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules) * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules) * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules) * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules) * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules) * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules) * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules) * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules)
* 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules) * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules) * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules) * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules) * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules) * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules) * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules) * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules) * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules) * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules) * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules) * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules) * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (snort3-malware-cnc.rules) * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (snort3-malware-cnc.rules) * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (snort3-malware-cnc.rules) * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (snort3-malware-cnc.rules) * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (snort3-server-other.rules) * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (snort3-server-other.rules) * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (snort3-malware-cnc.rules) * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (snort3-malware-cnc.rules) * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (snort3-malware-cnc.rules) * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (snort3-server-other.rules) * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (snort3-server-other.rules) * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (snort3-server-other.rules) * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (snort3-server-other.rules) * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (snort3-malware-cnc.rules) * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (snort3-malware-cnc.rules) * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (snort3-malware-cnc.rules) * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (snort3-file-other.rules) * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (snort3-file-other.rules) * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (snort3-malware-cnc.rules) * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (snort3-browser-ie.rules) * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (snort3-browser-ie.rules) * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (snort3-server-webapp.rules) * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (snort3-server-webapp.rules)
* 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (snort3-policy-other.rules) * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (snort3-policy-other.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (snort3-policy-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (snort3-policy-other.rules) * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (snort3-policy-other.rules) * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (snort3-policy-other.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (snort3-policy-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (snort3-policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules) * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (snort3-policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (snort3-policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (snort3-policy-other.rules) * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (snort3-policy-other.rules) * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (snort3-policy-other.rules) * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (snort3-policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (snort3-policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (snort3-policy-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (snort3-policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (snort3-policy-other.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (snort3-policy-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (snort3-policy-other.rules) * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (snort3-policy-other.rules) * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (snort3-policy-other.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (snort3-policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (snort3-policy-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (snort3-policy-other.rules) * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (snort3-policy-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (snort3-policy-other.rules) * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (snort3-policy-other.rules) * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (snort3-policy-other.rules) * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (snort3-policy-other.rules) * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (snort3-policy-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (snort3-policy-other.rules) * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (snort3-policy-other.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (snort3-policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (snort3-policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (snort3-policy-other.rules) * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (snort3-policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (snort3-policy-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (snort3-policy-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (snort3-policy-other.rules) * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (snort3-policy-other.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (snort3-policy-other.rules) * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (snort3-policy-other.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (snort3-policy-other.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (snort3-policy-other.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (snort3-policy-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (snort3-file-other.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (snort3-policy-other.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (snort3-policy-other.rules) * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (snort3-policy-other.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (snort3-policy-other.rules) * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (snort3-policy-other.rules) * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (snort3-policy-other.rules) * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (snort3-policy-other.rules) * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (snort3-policy-other.rules) * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (snort3-policy-other.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (snort3-policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (snort3-policy-other.rules) * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (snort3-policy-other.rules) * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (snort3-policy-other.rules) * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (snort3-policy-other.rules) * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (snort3-policy-other.rules) * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (snort3-policy-other.rules) * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (snort3-policy-other.rules) * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (snort3-policy-other.rules) * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (snort3-server-other.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (snort3-policy-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (snort3-server-other.rules) * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (snort3-policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (snort3-policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (snort3-policy-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (snort3-policy-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (snort3-policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (snort3-policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (snort3-policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (snort3-policy-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (snort3-policy-other.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (snort3-policy-other.rules) * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (snort3-policy-other.rules) * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (snort3-policy-other.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (snort3-policy-other.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (snort3-policy-other.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (snort3-policy-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (snort3-policy-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (snort3-policy-other.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (snort3-policy-other.rules) * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (snort3-policy-other.rules) * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (snort3-policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (snort3-policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (snort3-policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (snort3-policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (snort3-policy-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (snort3-policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (snort3-policy-other.rules) * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (snort3-policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (snort3-policy-other.rules) * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (snort3-server-webapp.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (snort3-policy-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (snort3-policy-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (snort3-policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (snort3-policy-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (snort3-server-iis.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (snort3-policy-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (snort3-server-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (snort3-policy-other.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (snort3-policy-other.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (snort3-policy-other.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (snort3-policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (snort3-policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (snort3-policy-other.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (snort3-policy-other.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (snort3-policy-other.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (snort3-policy-other.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (snort3-policy-other.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (snort3-policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (snort3-policy-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (snort3-policy-other.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (snort3-policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (snort3-policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (snort3-policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (snort3-policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (snort3-policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (snort3-policy-other.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (snort3-policy-other.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (snort3-policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (snort3-policy-other.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (snort3-policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (snort3-policy-other.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- snort3-policy-other.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (snort3-policy-other.rules) * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (snort3-policy-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (snort3-policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (snort3-policy-other.rules) * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (snort3-policy-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (snort3-policy-other.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (snort3-policy-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (snort3-policy-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (snort3-policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (snort3-policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (snort3-policy-other.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (snort3-policy-other.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (snort3-policy-other.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (snort3-policy-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (snort3-policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (snort3-policy-other.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (snort3-policy-other.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (snort3-server-webapp.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (snort3-policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (snort3-policy-other.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (snort3-policy-other.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (snort3-policy-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (snort3-policy-other.rules) * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (snort3-server-webapp.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (snort3-policy-other.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (snort3-policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (snort3-policy-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (snort3-policy-other.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (snort3-policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (snort3-policy-other.rules) * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (snort3-policy-other.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (snort3-policy-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (snort3-policy-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (snort3-policy-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (snort3-policy-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (snort3-policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (snort3-policy-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (snort3-policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (snort3-policy-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (snort3-policy-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (snort3-policy-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (snort3-policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (snort3-policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (snort3-policy-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (snort3-policy-other.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (snort3-policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (snort3-policy-other.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (snort3-policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (snort3-policy-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (snort3-policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (snort3-policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (snort3-policy-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (snort3-policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (snort3-policy-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (snort3-policy-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (snort3-policy-other.rules) * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (snort3-policy-other.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (snort3-policy-other.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (snort3-policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (snort3-policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (snort3-policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules) * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (snort3-policy-other.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (snort3-policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (snort3-policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (snort3-policy-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (snort3-policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (snort3-policy-other.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (snort3-policy-other.rules) * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (snort3-server-webapp.rules) * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (snort3-policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (snort3-policy-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (snort3-policy-other.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (snort3-policy-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (snort3-policy-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (snort3-policy-other.rules) * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (snort3-server-webapp.rules) * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (snort3-policy-other.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (snort3-policy-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (snort3-policy-other.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (snort3-policy-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (snort3-policy-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (snort3-policy-other.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (snort3-policy-other.rules) * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (snort3-policy-other.rules) * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (snort3-policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (snort3-policy-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (snort3-policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (snort3-policy-other.rules) * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (snort3-policy-other.rules) * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (snort3-policy-other.rules) * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (snort3-policy-other.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (snort3-policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (snort3-policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (snort3-policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (snort3-policy-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (snort3-policy-other.rules) * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (snort3-policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (snort3-policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (snort3-policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (snort3-policy-other.rules) * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (snort3-policy-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (snort3-policy-other.rules) * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (snort3-policy-other.rules) * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (snort3-policy-other.rules) * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (snort3-policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (snort3-policy-other.rules) * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (snort3-policy-other.rules) * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (snort3-policy-other.rules) * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (snort3-policy-other.rules) * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (snort3-policy-other.rules) * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (snort3-policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (snort3-policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (snort3-policy-other.rules) * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (snort3-policy-other.rules) * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (snort3-policy-other.rules) * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (snort3-policy-other.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (snort3-policy-other.rules) * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (snort3-policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (snort3-policy-other.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (snort3-policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (snort3-policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (snort3-policy-other.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (snort3-policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (snort3-policy-other.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (snort3-server-webapp.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (snort3-policy-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (snort3-policy-other.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (snort3-server-webapp.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (snort3-policy-other.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (snort3-policy-other.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (snort3-policy-other.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (snort3-policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (snort3-policy-other.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (snort3-server-webapp.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (snort3-policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (snort3-policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (snort3-policy-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (snort3-policy-other.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (snort3-policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (snort3-policy-other.rules) * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (snort3-policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (snort3-policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (snort3-policy-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (snort3-policy-other.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (snort3-policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (snort3-policy-other.rules) * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (snort3-policy-other.rules) * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (snort3-policy-other.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (snort3-policy-other.rules) * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (snort3-policy-other.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (snort3-policy-other.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (snort3-policy-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (snort3-policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (snort3-policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (snort3-policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (snort3-policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (snort3-policy-other.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (snort3-policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (snort3-policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (snort3-policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (snort3-policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (snort3-policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (snort3-policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (snort3-policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (snort3-policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (snort3-policy-other.rules) * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (snort3-policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (snort3-policy-other.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (snort3-policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (snort3-policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (snort3-policy-other.rules) * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (snort3-policy-other.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (snort3-policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (snort3-policy-other.rules) * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (snort3-policy-other.rules) * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (snort3-policy-other.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (snort3-policy-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (snort3-policy-other.rules) * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (snort3-policy-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (snort3-policy-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (snort3-policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (snort3-policy-other.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (snort3-policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (snort3-policy-other.rules) * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (snort3-policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules) * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules) * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules)
* 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules) * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules) * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules) * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules) * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules) * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules) * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules) * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules) * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules) * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules) * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules) * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules) * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules) * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules) * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
