This SRU number: 2018-05-03-001
Previous SRU number: 2018-04-30-003
Applies to:
This SEU number: 1845
Previous SEU: 1843
Applies to:
This is the complete list of rules added in SRU 2018-05-03-001 and SEU 1845.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 46469 | SERVER-WEBAPP | PHP unserialize integer overflow attempt | off | off | off | drop |
| 1 | 46470 | SERVER-WEBAPP | PHP unserialize integer overflow attempt | off | off | off | drop |
| 1 | 46471 | BROWSER-IE | Microsoft Edge Chakra code execution attempt | off | off | off | off |
| 1 | 46472 | BROWSER-IE | Microsoft Edge Chakra code execution attempt | off | off | off | off |
| 1 | 46473 | SERVER-OTHER | Spring Data Commons remote code execution attempt | off | drop | drop | drop |
| 1 | 46474 | SERVER-OTHER | Quest Appliance NetVault Backup buffer overflow attempt | off | drop | drop | drop |
| 1 | 46475 | MALWARE-CNC | Win.Trojan.SquirtDanger get module list outbound request | off | drop | drop | drop |
| 1 | 46476 | MALWARE-CNC | Win.Trojan.SquirtDanger inbound delivery attempt | off | drop | drop | drop |
| 1 | 46477 | MALWARE-CNC | Win.Trojan.SquirtDanger inbound delivery attempt | off | drop | drop | drop |
| 1 | 46478 | MALWARE-CNC | Win.Trojan.SquirtDanger inbound delivery attempt | off | drop | drop | drop |
| 1 | 46479 | MALWARE-CNC | Win.Trojan.SquirtDanger inbound delivery attempt | off | drop | drop | drop |
| 1 | 46480 | FILE-MULTIMEDIA | Apple QuickTime movie file keys atom integer overflow attempt | off | off | off | drop |
| 1 | 46481 | FILE-MULTIMEDIA | Apple QuickTime movie file keys atom integer overflow attempt | off | off | off | drop |
| 1 | 46482 | MALWARE-CNC | Installation Keylogger Osx.Trojan.Mokes data exfiltration | off | off | off | off |
| 1 | 46483 | SERVER-WEBAPP | Wordpress VideoWhisper Live Streaming Integration plugin double extension file upload attempt | off | off | off | off |
| 1 | 46484 | SERVER-MAIL | Multiple IMAP servers DELETE command buffer overflow attempt | off | off | off | off |
| 1 | 46485 | SERVER-WEBAPP | TwonkyMedia server directory listing attempt | off | off | off | off |
| 1 | 46486 | PUA-ADWARE | Slimware Utilities variant outbound connection | off | drop | drop | drop |
| 1 | 46487 | MALWARE-CNC | Win.Trojan.Ammy heartbeat | off | drop | drop | drop |
| 1 | 46488 | MALWARE-CNC | Win.Trojan.Ammy download attempt | off | drop | drop | drop |
| 1 | 46489 | SERVER-WEBAPP | Quest NetVault Backup Server NVBUBackup SQL injection attempt | off | off | drop | drop |
| 1 | 46490 | FILE-PDF | Adobe Flash Player ActionScript setFocus use after free attempt | off | drop | drop | drop |
| 1 | 46491 | FILE-PDF | Adobe Flash Player ActionScript setFocus use after free attempt | off | drop | drop | drop |
| 3 | 46492 | SERVER-WEBAPP | Cisco Prime Infrastructure upload servlet directory traversal attempt | off | off | drop | drop |
| 3 | 46493 | SERVER-WEBAPP | Cisco Prime Infrastructure upload servlet directory traversal attempt | off | off | drop | drop |
| 3 | 46494 | SERVER-WEBAPP | Cisco Prime Infrastructure upload servlet directory traversal attempt | off | off | drop | drop |
| 3 | 46496 | FILE-OTHER | Cisco WebEx Recording Player memory corruption attempt | off | off | drop | drop |
| 3 | 46497 | FILE-OTHER | Cisco WebEx Recording Player memory corruption attempt | off | off | drop | drop |
| 3 | 46498 | FILE-OTHER | Cisco WebEx Recording Player memory corruption attempt | off | off | drop | drop |
| 3 | 46499 | FILE-OTHER | Cisco WebEx Recording Player memory corruption attempt | off | off | drop | drop |
| 3 | 46500 | POLICY-OTHER | Docker API ContainerCreate request detected | off | off | off | off |
| 1 | 46501 | MALWARE-CNC | Win.Trojan.Agent outbound request | off | drop | drop | drop |
| 1 | 46502 | MALWARE-CNC | Win.Trojan.Agent outbound request | off | drop | drop | drop |
| 1 | 46503 | OS-WINDOWS | Microsoft Windows TTF cmap integer overflow attempt | off | off | off | drop |
| 1 | 46504 | OS-WINDOWS | Microsoft Windows TTF cmap integer overflow attempt | off | off | off | drop |
| 1 | 46505 | BROWSER-IE | Microsoft Edge eval heap overflow attempt | off | off | off | drop |
| 1 | 46506 | BROWSER-IE | Microsoft Edge eval heap overflow attempt | off | off | off | drop |
| 1 | 46507 | BROWSER-IE | Microsoft Edge eval heap overflow attempt | off | off | off | drop |
| 1 | 46508 | BROWSER-IE | Microsoft Edge eval heap overflow attempt | off | off | off | drop |
| 1 | 46509 | SERVER-WEBAPP | Unitrends Enterprise Backup API command injection attempt | off | off | drop | drop |
| 1 | 46510 | SERVER-WEBAPP | Belkin N750 F9K1103 wireless router command injection attempt | off | off | drop | drop |
| 1 | 46511 | SERVER-WEBAPP | Belkin N750 F9K1103 wireless router command injection attempt | off | off | drop | drop |
| 1 | 46512 | SERVER-WEBAPP | Belkin N750 F9K1103 wireless router command injection attempt | off | off | drop | drop |
| 1 | 46513 | SERVER-WEBAPP | Belkin N750 F9K1103 wireless router command injection attempt | off | off | drop | drop |
| 1 | 46514 | SERVER-WEBAPP | Belkin N750 F9K1103 wireless router command injection attempt | off | off | drop | drop |
| 1 | 46515 | SERVER-WEBAPP | Belkin N750 F9K1103 wireless router command injection attempt | off | off | drop | drop |
| 1 | 46516 | SERVER-WEBAPP | Belkin N750 F9K1103 wireless router command injection attempt | off | off | drop | drop |
| 1 | 46517 | SERVER-WEBAPP | Belkin N750 F9K1103 wireless router command injection attempt | off | off | drop | drop |
| 1 | 46518 | SERVER-WEBAPP | Belkin N750 F9K1103 wireless router remote telnet enable attempt | off | off | off | off |
| 1 | 46519 | SERVER-WEBAPP | Belkin N750 F9K1103 wireless router remote telnet enable attempt | off | off | off | off |
| 1 | 46520 | SERVER-WEBAPP | WebPort 1.16.2 directory traversal attempt | off | off | drop | drop |
| 1 | 46521 | SERVER-WEBAPP | WebPort 1.16.2 directory traversal attempt | off | off | drop | drop |
| 1 | 46522 | SERVER-WEBAPP | WebPort 1.16.2 directory traversal attempt | off | off | drop | drop |
| 1 | 46524 | SERVER-WEBAPP | OpenEMR 5.0 directory traversal attempt | off | off | drop | drop |
| 1 | 46525 | SERVER-WEBAPP | OpenEMR 5.0 directory traversal attempt | off | off | drop | drop |
| 1 | 46526 | SERVER-WEBAPP | OpenEMR 5.0 directory traversal attempt | off | off | drop | drop |
| 1 | 46527 | SERVER-WEBAPP | LibreEHR 2.0.0 directory traversal attempt | off | off | drop | drop |
| 1 | 46528 | SERVER-WEBAPP | LibreEHR 2.0.0 directory traversal attempt | off | off | drop | drop |
| 1 | 46529 | SERVER-WEBAPP | LibreEHR 2.0.0 directory traversal attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 46495 | SERVER-OTHER | HTTP request smuggling attempt | off | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 46523 | SERVER-OTHER | malicious HTML file transfer attempt | off | off | off | drop |