* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-11-01-001
Previous SRU number: 2017-10-30-001
Applies to:
This SEU number: 1753
Previous SEU: 1752
Applies to:
This is the complete list of rules added in SRU 2017-11-01-001 and SEU 1753.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 44703 | POLICY-OTHER | Apache OpenOffice malicious macro exploitation attempt | off | off | off |
| 1 | 44704 | POLICY-OTHER | Apache OpenOffice malicious macro exploitation attempt | off | off | off |
| 1 | 44705 | POLICY-OTHER | Apache OpenOffice malicious macro exploitation attempt | off | off | off |
| 1 | 44706 | POLICY-OTHER | Apache OpenOffice malicious macro exploitation attempt | off | off | off |
| 3 | 44713 | POLICY-OTHER | TRUFFLEHUNTER TALOS-2017-0464 attack attempt | off | off | off |
| 3 | 44714 | POLICY-OTHER | TRUFFLEHUNTER TALOS-2017-0464 attack attempt | off | off | off |
| 1 | 44715 | SERVER-OTHER | Oracle GoldenGate Collector process remote start attempt | off | off | off |
| 1 | 44716 | SERVER-OTHER | Oracle GoldenGate arbitrary file write attempt | off | off | off |
| 1 | 44717 | SERVER-OTHER | Oracle GoldenGate Collector process remote start attempt | off | off | off |
| 1 | 44718 | SERVER-OTHER | Oracle GoldenGate arbitrary file write attempt | off | off | off |
| 1 | 44719 | SERVER-OTHER | Oracle GoldenGate arbitrary file write attempt | off | off | off |
| 1 | 44720 | SERVER-OTHER | Oracle GoldenGate arbitrary file write attempt | off | off | off |
| 1 | 44721 | SERVER-OTHER | Oracle GoldenGate Manager process arbitrary file execution attempt | off | off | off |
| 3 | 44722 | SERVER-WEBAPP | Cisco Prime Collaboration Provisioning pmclasschooser.xml SQL injection attempt | off | off | drop |
| 3 | 44723 | SERVER-WEBAPP | Cisco Prime Collaboration Provisioning pmclasschooser.xml SQL injection attempt | off | off | drop |
| 3 | 44724 | SERVER-WEBAPP | Cisco Firepower Smart Licensing command injection attempt | off | off | drop |
| 1 | 44728 | INDICATOR-COMPROMISE | Meterpreter windows x64 reverse_tcp stage payload download attempt | off | off | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 3 | 44707 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0471 attack attempt | off | off | drop |
| 3 | 44708 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0471 attack attempt | off | off | drop |
| 3 | 44709 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0471 attack attempt | off | off | drop |
| 3 | 44710 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0471 attack attempt | off | off | drop |
| 3 | 44711 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0471 attack attempt | off | off | drop |
| 3 | 44712 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0471 attack attempt | off | off | drop |
| 3 | 44725 | PROTOCOL-SNMP | Cisco Wireless LAN Controller clExtApDot11IfTable OID memory leak attempt | off | off | drop |
| 3 | 44726 | PROTOCOL-SNMP | Cisco Wireless LAN Controller cldcClientStatisticTable OID memory leak attempt | off | off | drop |
| 3 | 44727 | PROTOCOL-SNMP | Cisco Wireless LAN Controller cldcClientTable OID memory leak attempt | off | off | drop |