Talos has added and modified multiple rules in the browser-ie, file-image and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58063 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58064 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58067 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58068 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58069 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58070 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58071 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58072 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt (server-webapp.rules) * 3:58080 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58074 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58073 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58075 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58078 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58077 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58079 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules)
* 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58072 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt (server-webapp.rules) * 1:58063 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58070 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58064 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58069 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58067 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58071 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58068 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 3:58080 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58074 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58073 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58075 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58078 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58077 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58079 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules)
* 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58069 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58071 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58067 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58063 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58072 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt (server-webapp.rules) * 1:58064 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58070 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58068 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 3:58080 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58073 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58074 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58075 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58077 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58079 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58078 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules)
* 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58069 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58067 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58068 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58072 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt (server-webapp.rules) * 1:58063 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58064 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58071 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58070 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 3:58080 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58074 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58073 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58075 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58079 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58078 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58077 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules)
* 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58071 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58067 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58072 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt (server-webapp.rules) * 1:58070 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58064 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58068 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58063 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58069 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 3:58073 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58078 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58079 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58075 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58080 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58074 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58077 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules)
* 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58068 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58069 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58071 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58064 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58070 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58067 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58063 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58072 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt (server-webapp.rules) * 3:58078 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58074 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58073 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58079 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58077 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58080 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58075 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules)
* 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58063 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58070 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58069 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58068 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58064 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58072 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt (server-webapp.rules) * 1:58071 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58067 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 3:58079 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58075 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58080 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58077 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58074 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58078 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58073 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules)
* 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58071 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58067 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58063 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58064 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58070 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58069 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58072 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt (server-webapp.rules) * 1:58068 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 3:58078 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58075 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58074 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58077 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58080 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58073 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58079 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules)
* 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58071 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58068 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58063 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58064 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58070 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58072 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt (server-webapp.rules) * 1:58067 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58069 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 3:58079 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58074 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58073 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt (file-image.rules) * 3:58076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58078 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58077 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58075 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules) * 3:58080 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt (server-other.rules)
* 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (snort3-server-webapp.rules) * 1:58068 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (snort3-server-webapp.rules) * 1:58063 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (snort3-server-webapp.rules) * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (snort3-server-webapp.rules) * 1:58070 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (snort3-server-webapp.rules) * 1:58067 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (snort3-server-webapp.rules) * 1:58071 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (snort3-server-webapp.rules) * 1:300048 <-> ENABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (snort3-native.rules) * 1:58072 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt (snort3-server-webapp.rules) * 1:58064 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (snort3-server-webapp.rules) * 1:58069 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (snort3-server-webapp.rules)
* 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (snort3-browser-ie.rules) * 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (snort3-browser-ie.rules) * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (snort3-server-webapp.rules) * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58070 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules) * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58068 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58064 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:58072 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt (server-webapp.rules) * 1:58067 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58063 <-> DISABLED <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt (server-webapp.rules) * 1:58069 <-> DISABLED <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (server-webapp.rules) * 1:58071 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt (server-webapp.rules)
* 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300048 <-> MALWARE-CNC Cobalt Strike outbound beacon command result * 1:58063 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58064 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58067 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58068 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58069 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58070 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58071 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58072 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt * 3:58073 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58074 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58075 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58077 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58078 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58079 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58080 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt
* 1:39484 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:39485 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300048 <-> MALWARE-CNC Cobalt Strike outbound beacon command result * 1:58063 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58064 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58067 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58068 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58069 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58070 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58071 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58072 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt * 3:58073 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58074 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58075 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58077 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58078 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58079 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58080 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt
* 1:39484 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:39485 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300048 <-> MALWARE-CNC Cobalt Strike outbound beacon command result * 1:58063 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58064 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58067 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58068 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58069 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58070 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58071 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58072 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt * 3:58073 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58074 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58075 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58077 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58078 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58079 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58080 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt
* 1:39484 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:39485 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300048 <-> MALWARE-CNC Cobalt Strike outbound beacon command result * 1:58063 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58064 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58067 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58068 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58069 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58070 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58071 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58072 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt * 3:58073 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58074 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58075 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58077 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58078 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58079 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58080 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt
* 1:39484 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:39485 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300048 <-> MALWARE-CNC Cobalt Strike outbound beacon command result * 1:58063 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58064 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58067 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58068 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58069 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58070 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58071 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58072 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt * 3:58073 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58074 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58075 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58077 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58078 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58079 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58080 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt
* 1:39484 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:39485 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300048 <-> MALWARE-CNC Cobalt Strike outbound beacon command result * 1:58063 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58064 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58067 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58068 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58069 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58070 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58071 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58072 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt * 3:58073 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58074 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58075 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58077 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58078 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58079 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58080 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt
* 1:39484 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:39485 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300048 <-> MALWARE-CNC Cobalt Strike outbound beacon command result * 1:58063 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58064 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58067 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58068 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58069 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58070 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58071 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58072 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt * 3:58073 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58074 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58075 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58077 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58078 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58079 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58080 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt
* 1:39484 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:39485 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300048 <-> MALWARE-CNC Cobalt Strike outbound beacon command result * 1:58063 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58064 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58067 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58068 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58069 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58070 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58071 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58072 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt * 3:58073 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58074 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58075 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58077 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58078 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58079 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58080 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt
* 1:39484 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:39485 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300048 <-> MALWARE-CNC Cobalt Strike outbound beacon command result * 1:58063 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58064 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58067 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58068 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58069 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58070 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58071 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58072 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt * 3:58073 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58074 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58075 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58077 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58078 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58079 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58080 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt
* 1:39484 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:39485 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300048 <-> MALWARE-CNC Cobalt Strike outbound beacon command result * 1:58063 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58064 <-> SERVER-WEBAPP Kentico CMS unsafe deserialization remote code execution attempt * 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:58067 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58068 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58069 <-> SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt * 1:58070 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58071 <-> SERVER-WEBAPP Nagios XI Web SSH Terminal sshterm cross site scripting attempt * 1:58072 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise displayName_get SQL injection attempt * 3:58073 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58074 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1368 attack attempt * 3:58075 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58076 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58077 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58078 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58079 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt * 3:58080 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1369 attack attempt
* 1:39484 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:39485 <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt * 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt * 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
