This SRU number: 2020-01-02-001
Previous SRU number: 2019-12-24-001
Applies to:
This SEU number: 2107
Previous SEU: 2106
Applies to:
This is the complete list of rules added in SRU 2020-01-02-001 and SEU 2107.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 52514 | SERVER-WEBAPP | Chimera Web Portal System cross site scripting attempt | off | off | off | drop |
| 1 | 52515 | SERVER-WEBAPP | Chimera Web Portal System cross site scripting attempt | off | off | off | drop |
| 1 | 52516 | INDICATOR-COMPROMISE | Win.Trojan.ReverseTcpPowershell connection attempt | off | off | drop | drop |
| 1 | 52517 | INDICATOR-COMPROMISE | Win.Trojan.ReverseTcpPowershell connection attempt | off | off | drop | drop |
| 1 | 52518 | MALWARE-TOOLS | Win.Trojan.ReverseTcpPowershell download attempt | off | drop | drop | drop |
| 1 | 52519 | MALWARE-TOOLS | Win.Trojan.ReverseTcpPowershell download attempt | off | drop | drop | drop |
| 1 | 52520 | BROWSER-IE | Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt | off | off | off | drop |
| 1 | 52521 | BROWSER-IE | Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt | off | off | off | drop |
| 1 | 52522 | BROWSER-IE | Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt | off | off | off | drop |
| 1 | 52523 | BROWSER-IE | Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt | off | off | off | drop |
| 3 | 52525 | SERVER-WEBAPP | Cisco Data Center Network Manager XML external entity injection attempt | off | off | drop | drop |
| 3 | 52526 | SERVER-WEBAPP | Cisco Data Center Network Manager XML external entity injection attempt | off | off | drop | drop |
| 3 | 52527 | SERVER-WEBAPP | Cisco Data Center Network Manager XML external entity injection attempt | off | off | drop | drop |
| 3 | 52528 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52529 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52530 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52531 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52532 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52533 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52534 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52535 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52536 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52537 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52538 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52539 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52540 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52541 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52542 | SERVER-WEBAPP | Cisco Data Center Network Manager displayServerInfos information disclosure attempt | off | off | drop | drop |
| 3 | 52543 | SERVER-WEBAPP | Cisco Data Center Network Manager SQL injection attempt | off | off | drop | drop |
| 3 | 52544 | SERVER-WEBAPP | Cisco Data Center Network Manager SQL injection attempt | off | off | drop | drop |
| 3 | 52545 | SERVER-WEBAPP | Cisco Data Center Network Manager directory traversal attempt | off | off | drop | drop |
| 3 | 52546 | SERVER-WEBAPP | Cisco Data Center Network Manager LanFabricImpl createLanFabric command injection attempt | off | off | drop | drop |
| 3 | 52547 | SERVER-WEBAPP | Cisco Data Center Network Manager SanWS importTS arbitrary file upload attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 52524 | PROTOCOL-DNS | dnsmasq crafted OPT record denial of service attempt | off | off | off | drop |