This SRU number: 2019-10-17-001
Previous SRU number: 2019-10-14-001
Applies to:
This SEU number: 2083
Previous SEU: 2081
Applies to:
This is the complete list of rules added in SRU 2019-10-17-001 and SEU 2083.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 51890 | SERVER-WEBAPP | Cisco SPA100 Series analog telephone adapters buffer overflow attempt | off | off | drop | drop |
| 3 | 51891 | SERVER-WEBAPP | Cisco SPA100 Series analog telephone adapters buffer overflow attempt | off | off | drop | drop |
| 3 | 51892 | SERVER-WEBAPP | Cisco SPA100 Series analog telephone adapters buffer overflow attempt | off | off | drop | drop |
| 3 | 51893 | SERVER-WEBAPP | Cisco SPA100 Series analog telephone adapters buffer overflow attempt | off | off | drop | drop |
| 3 | 51894 | SERVER-WEBAPP | Cisco SPA100 Series analog telephone adapters buffer overflow attempt | off | off | drop | drop |
| 3 | 51895 | SERVER-WEBAPP | Cisco SPA100 Series analog telephone adapters buffer overflow attempt | off | off | drop | drop |
| 1 | 51896 | BROWSER-IE | Microsoft ChakraCore scripting engine memory corruption attempt | off | off | off | drop |
| 1 | 51897 | BROWSER-IE | Microsoft ChakraCore scripting engine memory corruption attempt | off | off | off | drop |
| 1 | 51898 | OS-OTHER | Cisco Nexus OS software command injection attempt | off | off | off | drop |
| 1 | 51899 | SERVER-WEBAPP | Adminer port scan server side request forgery attempt | off | off | drop | drop |
| 3 | 51900 | SERVER-WEBAPP | Cisco Small Business Switches cross site scripting attempt | off | off | drop | drop |
| 3 | 51902 | SERVER-WEBAPP | Cisco Small Business Switches cross site scripting attempt | off | off | drop | drop |
| 3 | 51903 | SERVER-WEBAPP | Cisco Small Business Switches cross site scripting attempt | off | off | drop | drop |
| 3 | 51904 | SERVER-WEBAPP | Cisco Small Business Switches cross site scripting attempt | off | off | drop | drop |
| 3 | 51905 | SERVER-WEBAPP | Cisco Small Business Switches cross site scripting attempt | off | off | drop | drop |
| 3 | 51906 | SERVER-WEBAPP | Cisco Small Business Switches cross site scripting attempt | off | off | drop | drop |
| 3 | 51907 | SERVER-WEBAPP | Cisco Small Business Switches cross site scripting attempt | off | off | drop | drop |
| 1 | 51908 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51909 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51910 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51911 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | off | off | off |
| 1 | 51912 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51913 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51914 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51915 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51916 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51917 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51918 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51919 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51920 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51921 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51922 | MALWARE-CNC | Andr.Trojan.Gustuff variant outbound cnc connection | off | drop | drop | drop |
| 1 | 51923 | INDICATOR-OBFUSCATION | Possible PHP eval backdoor upload attempt | off | off | off | drop |
| 3 | 51924 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2019-0917 attack attempt | off | off | drop | drop |
| 3 | 51925 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2019-0917 attack attempt | off | off | drop | drop |
| 3 | 51926 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2019-0917 attack attempt | off | off | drop | drop |
| 3 | 51927 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2019-0917 attack attempt | off | off | drop | drop |
| 3 | 51928 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2019-0917 attack attempt | off | off | drop | drop |
| 3 | 51929 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2019-0919 attack attempt | off | off | drop | drop |
| 1 | 51930 | SERVER-WEBAPP | PHP tag depth heap memory corruption attempt | off | off | off | drop |
| 3 | 51931 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2019-0916 attack attempt | off | off | drop | drop |
| 3 | 51932 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2019-0916 attack attempt | off | off | drop | drop |
| 3 | 51933 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2019-0916 attack attempt | off | off | drop | drop |
| 3 | 51934 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2019-0916 attack attempt | off | off | drop | drop |
| 3 | 51935 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2019-0916 attack attempt | off | off | drop | drop |
| 3 | 51936 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2019-0916 attack attempt | off | off | drop | drop |
| 3 | 51937 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2019-0916 attack attempt | off | off | drop | drop |
| 3 | 51938 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2019-0916 attack attempt | off | off | drop | drop |
| 1 | 51943 | BROWSER-IE | Microsoft Internet Explorer ActiveX type confusion attempt | off | drop | drop | drop |
| 1 | 51944 | BROWSER-IE | Microsoft Internet Explorer ActiveX type confusion attempt | off | drop | drop | drop |
| 1 | 51945 | FILE-OTHER | Ghostscript -dSAFER sandbox bypass attempt | off | off | off | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 51901 | SERVER-WEBAPP | Cisco Small Business Switches denial of service attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 51939 | DELETED | rrAZPB2CvyvtAXaAY74gTWUfLivviq78 | off | off | off | off |
| 1 | 51940 | DELETED | 0JUXKKbXzfsKZNPwGqmwIGI2W07OoiTa | off | off | off | off |
| 1 | 51941 | DELETED | E24EkHCWEpvJkLXVf4tUOY5QoxjutKqq | off | off | off | off |
| 1 | 51942 | DELETED | Q1HY8vF1W2bsP5zH2Q2W7eK4Lyz9HZOR | off | off | off | off |