Talos Rules 2022-09-13
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2022-34725: A coding deficiency exists in Microsoft Windows ALPC that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 60553 through 60554, Snort3: GID 1, SID 300268.

Microsoft Vulnerability CVE-2022-34729: A coding deficiency exists in Microsoft Windows GDI that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 60549 through 60550, Snort3: GID 1, SID 300266.

Microsoft Vulnerability CVE-2022-35803: A coding deficiency exists in Microsoft Windows Common Log File System driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 60555 through 60558, Snort3: GID 1, SIDs 300269 through 300270.

Microsoft Vulnerability CVE-2022-37954: A coding deficiency exists in DirectX Graphics Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 60551 through 60552, Snort3: GID 1, SID 300267.

Microsoft Vulnerability CVE-2022-37957: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort2: GID 1, SIDs 60546 through 60547, Snort3: GID 1, SID 300265.

Talos also has added and modified multiple rules in the and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)
 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)
 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)
 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60560 <-> ENABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (snort3-server-webapp.rules)
 * 1:60559 <-> ENABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (snort3-server-webapp.rules)

Modified Rules:



2022-09-13 17:28:45 UTC

Snort Subscriber Rules Update

Date: 2022-09-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:60546 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60555 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60557 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60550 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60560 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60558 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60553 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60551 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60559 <-> DISABLED <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt (server-webapp.rules)
 * 1:60549 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:60552 <-> DISABLED <-> OS-WINDOWS DirectX Graphics kernel use after free attempt (os-windows.rules)
 * 1:60547 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules)
 * 1:60556 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt (os-windows.rules)
 * 1:60554 <-> DISABLED <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt (os-windows.rules)
 * 1:60548 <-> DISABLED <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt (server-webapp.rules)

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules:



2022-09-13 17:30:34 UTC

Snort Subscriber Rules Update

Date: 2022-09-12-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300265 <-> OS-WINDOWS Microsoft Windows privilege escalation attempt
* 1:300266 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:300267 <-> OS-WINDOWS DirectX Graphics kernel use after free attempt
* 1:300268 <-> OS-WINDOWS ALPC Port Object elevation of privilege attempt
* 1:300269 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:300270 <-> OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt
* 1:60548 <-> SERVER-WEBAPP Sophos Firewall User Portal and Webadmin authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt

Modified Rules: