This section describes the changes from VDB 336 (4:39:44 PM on June 15th, 2020 UTC) to
VDB 337 (4:52:14 PM on July 10th, 2020 UTC).
Application Protocol Detectors
Total Added:
|
0
|
Total Removed:
|
0
|
Total Updated
|
5
|
Client Detectors
Total Added:
|
0
|
Total Removed:
|
0
|
Total Updated
|
2
|
Web Application Detectors
Total Added:
|
15
|
Total Removed:
|
0
|
Total Updated
|
10
|
FireSIGHT/Firepower Detector Updates
Total Added:
|
0
|
Total Removed:
|
0
|
Total Updated
|
7
|
Operating System Fingerprint Details
Total Added:
|
0
|
Total Removed:
|
0
|
Total Updated
|
0
|
Operating System and Hardware Fingerprint Details
Total Added:
|
0
|
Total Removed:
|
0
|
Total Updated
|
0
|
Vulnerability References
Total Added:
|
0
|
Total Removed:
|
0
|
Total Updated
|
0
|
Fingerprint References
Total Added:
|
0
|
Total Removed:
|
0
|
Total Updated
|
0
|
File Type Detectors
Total Added:
|
0
|
Total Removed:
|
0
|
Total Updated
|
0
|
Operating System Fingerprint Details:
Operating System and Hardware Fingerprint Details:
Fingerprint Reference Details:
In this release, we have introduced a more streamlined method for syncing our latest
Vulnerability data from the National Vulnerability Database (NVD). This change allows us
to have more up-to-date vulnerability references that are directly synchronized with our
current IPS rules and the published NVD data.
-
Last Updated: July 2, 2020
-
Total Vulnerabilities: 11,146
-
Updated 83,000 software entries and deprecated the old software entries.
These optimizations have also helped to reduce the overall VDB package size down to the
10MB range.
Application Protocol Detectors:
-
Battle.net: Modified
detector to avoid false positives (Updated)
-
SSL: Modified detector to extract new
metadata. (Updated)
-
DNS: Modified detector to extract new
metadata. (Updated)
-
IMAP: Modified detector
to improve detection (Updated)
-
HTTP: Modified detector
to distinguish tunneled flows (Updated)
Client Detectors:
Web Application Detectors:
FireSIGHT/Firepower Detector Updates:
-
QQ: Modified detector to improve detection and memory
usage. (Updated)
-
OpenVPN: Modified detector to improve
detection and memory usage. (Updated)
-
RTP: Modified detector to improve detection and memory
usage. (Updated)
-
Fuze: Modified detector to avoid false positives on RTP
traffic (Updated)
-
Exchange: Modified detector for better
coverage (Updated)
-
Salesforce.com: Modified detector for
better coverage (Updated)
-
Microsoft: Modified detector for better
coverage (Updated)
File Type Detector Details:
Snort ID Vulnerability Reference Details: