This SRU number: 2018-06-20-001
Previous SRU number: 2018-06-18-001
Applies to:
This SEU number: 1866
Previous SEU: 1865
Applies to:
This is the complete list of rules added in SRU 2018-06-20-001 and SEU 1866.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 46990 | OS-OTHER | Apple macOS and iOS fgetattrlist kernel heap overflow attempt | off | off | drop | drop |
| 1 | 46991 | OS-OTHER | Apple macOS and iOS fgetattrlist kernel heap overflow attempt | off | off | drop | drop |
| 3 | 46992 | SERVER-WEBAPP | Cisco NX-OS NX-API privilege escalation attempt | off | drop | drop | drop |
| 3 | 46995 | SERVER-OTHER | Cisco NX-OS Fabric Services Protocol heap buffer overflow attempt | off | off | drop | drop |
| 3 | 46996 | SERVER-OTHER | Cisco NX-OS Fabric Services Protocol heap buffer overflow attempt | off | off | drop | drop |
| 1 | 46997 | SERVER-WEBAPP | XiongMai NVR login.htm buffer overflow attempt | off | off | drop | drop |
| 1 | 46998 | MALWARE-CNC | Win.Trojan.MnuBot variant outbound SQL connection | off | drop | drop | drop |
| 1 | 46999 | INDICATOR-COMPROMISE | SettingContent-ms file type download attempt | off | off | off | off |
| 1 | 47000 | INDICATOR-COMPROMISE | SettingContent-ms file type download attempt | off | off | off | off |
| 1 | 47001 | INDICATOR-COMPROMISE | SettingContent-ms file type download attempt | off | drop | drop | drop |
| 1 | 47002 | INDICATOR-COMPROMISE | SettingContent-ms file type download attempt | off | off | off | off |
| 3 | 47003 | SERVER-OTHER | Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt | off | off | drop | drop |
| 3 | 47004 | SERVER-OTHER | Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt | off | off | drop | drop |
| 1 | 47005 | MALWARE-CNC | Win.Trojan.SocketPlayer outbound connection | off | drop | drop | drop |
| 1 | 47006 | MALWARE-CNC | Win.Trojan.SocketPlayer outbound connection | off | drop | drop | drop |
| 1 | 47007 | SERVER-WEBAPP | Spring Web Flow arbitrary code exeuction attempt | off | off | off | off |
| 3 | 47008 | SERVER-WEBAPP | Cisco NX-OS NX-API ins_api command injection attempt | off | off | drop | drop |
| 3 | 47009 | SERVER-WEBAPP | Cisco NX-OS NX-API cli_ascii command injection attempt | off | off | drop | drop |
| 3 | 47010 | SERVER-WEBAPP | Cisco FX-OS mod_nuova stack buffer overflow attempt | off | off | drop | drop |
| 3 | 47011 | SERVER-OTHER | Cisco NX-OS Fabric Services Protocol TLV out of bounds read attempt | off | off | drop | drop |
| 3 | 47012 | SERVER-OTHER | Cisco NX-OS Fabric Services Protocol TLV out of bounds read attempt | off | off | drop | drop |
| 3 | 47013 | SERVER-OTHER | Cisco NX-OS Fabric Services Protocol TLV integer overflow attempt | off | off | drop | drop |
| 3 | 47014 | SERVER-OTHER | Cisco NX-OS Fabric Services Protocol TLV integer overflow attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 46993 | SERVER-OTHER | Cisco NX-OS Fabric Services Protocol denial of service attempt | off | off | drop | drop |
| 3 | 46994 | SERVER-OTHER | Cisco NX-OS Fabric Services Protocol denial of service attempt | off | off | drop | drop |