This SRU number: 2020-01-22-001
Previous SRU number: 2020-01-21-001
Applies to:
This SEU number: 2114
Previous SEU: 2113
Applies to:
This is the complete list of rules added in SRU 2020-01-22-001 and SEU 2114.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 52627 | SERVER-WEBAPP | Cisco Firepower Management Center LDAP authentication bypass attempt | off | drop | drop | drop |
| 3 | 52628 | SERVER-WEBAPP | Cisco Firepower Management Center LDAP authentication bypass attempt | off | drop | drop | drop |
| 3 | 52629 | SERVER-WEBAPP | Cisco Firepower Management Center LDAP authentication bypass attempt | off | drop | drop | drop |
| 3 | 52630 | SERVER-WEBAPP | Cisco Firepower Management Center LDAP authentication bypass attempt | off | drop | drop | drop |
| 3 | 52631 | SERVER-WEBAPP | Cisco Firepower Management Center LDAP authentication bypass attempt | off | drop | drop | drop |
| 3 | 52632 | SERVER-WEBAPP | Cisco Firepower Management Center LDAP authentication bypass attempt | off | drop | drop | drop |
| 1 | 52637 | SERVER-WEBAPP | eMerge E3 Access Controller command injection attempt | off | off | drop | drop |
| 1 | 52638 | SERVER-WEBAPP | eMerge E3 Access Controller command injection attempt | off | off | drop | drop |
| 1 | 52639 | SERVER-WEBAPP | eMerge E3 Access Controller command injection attempt | off | off | drop | drop |
| 1 | 52640 | SERVER-WEBAPP | eMerge E3 Access Controller command injection attempt | off | off | drop | drop |
| 3 | 52641 | SERVER-WEBAPP | Cisco Smart Software Manager unauthorized password change attempt | off | off | drop | drop |
| 3 | 52642 | SERVER-WEBAPP | Cisco Smart Software Manager unauthorized password change attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 52633 | SERVER-OTHER | Cisco IOS EVPN NLRI parsing denial of service attempt | off | off | drop | drop |
| 1 | 52634 | INDICATOR-COMPROMISE | Website defacement via HTTP PUT request attempt | off | off | drop | drop |
| 1 | 52635 | INDICATOR-COMPROMISE | Website defacement via HTTP PUT request attempt | off | off | drop | drop |
| 3 | 52643 | SERVER-WEBAPP | Cisco Smart Software Manager denial of service attempt | off | off | drop | drop |
| 3 | 52644 | SERVER-WEBAPP | Cisco Smart Software Manager denial of service attempt | off | off | drop | drop |
| 3 | 52645 | PROTOCOL-SNMP | Cisco IOS IS-IS SNMP denial of service attempt | off | off | drop | drop |
| 3 | 52646 | PROTOCOL-SNMP | Cisco IOS IS-IS SNMP denial of service attempt | off | off | drop | drop |
| 3 | 52647 | PROTOCOL-SNMP | Cisco IOS IS-IS SNMP denial of service attempt | off | off | drop | drop |
| 3 | 52648 | PROTOCOL-SNMP | Cisco IOS IS-IS SNMP denial of service attempt | off | off | drop | drop |
| 3 | 52649 | PROTOCOL-SNMP | Cisco IOS IS-IS SNMP denial of service attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 52636 | POLICY-OTHER | HTTP PUT request for Default.aspx attempt | off | off | off | drop |