This SRU number: 2020-07-22-001
Previous SRU number: 2020-07-20-001
Applies to:
This SEU number: 2189
Previous SEU: 2188
Applies to:
This is the complete list of rules added in SRU 2020-07-22-001 and SEU 2189.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | |||
---|---|---|---|---|---|---|---|
Con. | Bal. | Sec. | Max. | ||||
1 | 54594 | MALWARE-OTHER | Win.Dropper.Ap0calypseRAT-8992619-0 download attempt | off | off | off | drop |
1 | 54595 | MALWARE-OTHER | Win.Dropper.Ap0calypseRAT-8992619-0 download attempt | off | off | off | drop |
1 | 54596 | SERVER-WEBAPP | WordPress bbPress plugin unauthenticated privilege escalation attempt | off | off | drop | drop |
1 | 54597 | SERVER-WEBAPP | WordPress bbPress plugin unauthenticated privilege escalation attempt | off | off | drop | drop |
3 | 54598 | SERVER-WEBAPP | Cisco ASA directory traversal attempt | off | off | drop | drop |
3 | 54599 | SERVER-WEBAPP | Cisco ASA directory traversal attempt | off | off | drop | drop |
3 | 54600 | SERVER-WEBAPP | Cisco ASA directory traversal attempt | off | off | drop | drop |
3 | 54601 | SERVER-WEBAPP | Cisco ASA directory traversal attempt | off | off | drop | drop |
1 | 54602 | SERVER-WEBAPP | Laravel Framework PendingCommand arbitrary command execution attempt | off | off | drop | drop |
1 | 54603 | SERVER-WEBAPP | Laravel Framework PendingCommand arbitrary command execution attempt | off | off | drop | drop |
1 | 54604 | MALWARE-OTHER | Win.Dropper.Dorkbot-8975168-0 download attempt | off | off | drop | drop |
1 | 54605 | MALWARE-OTHER | Win.Dropper.Dorkbot-8975168-0 download attempt | off | off | drop | drop |
3 | 54606 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2020-1126 attack attempt | off | off | drop | drop |
3 | 54607 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2020-1126 attack attempt | off | off | drop | drop |
3 | 54608 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2020-1126 attack attempt | off | off | drop | drop |
1 | 54609 | SERVER-OTHER | Hummingbird InetD LPD buffer overflow attempt | off | off | off | drop |
1 | 54610 | MALWARE-CNC | Win.Trojan.Prometei variant outbound connection | off | drop | drop | drop |
1 | 54611 | MALWARE-CNC | Win.Trojan.Prometei variant outbound connection | off | drop | drop | drop |
1 | 54612 | MALWARE-CNC | Win.Trojan.Prometei variant outbound connection | off | drop | drop | drop |
1 | 54617 | SERVER-WEBAPP | GeoVision Door Access Control hidden url access attempt | off | drop | drop | drop |
1 | 54618 | FILE-OTHER | Microsoft .NET API XPS file parsing remote code execution attempt | off | off | drop | drop |
1 | 54619 | FILE-OTHER | Microsoft .NET API XPS file parsing remote code execution attempt | off | off | drop | drop |
1 | 54620 | FILE-OFFICE | Microsoft Office Equation Editor stack buffer overflow attempt | off | off | drop | drop |
1 | 54621 | FILE-OFFICE | Microsoft Office Equation Editor stack buffer overflow attempt | off | off | drop | drop |
1 | 54622 | BROWSER-CHROME | Google Chrome ReadableStream out of bounds read attempt | off | off | drop | drop |
1 | 54623 | BROWSER-CHROME | Google Chrome ReadableStream out of bounds read attempt | off | off | drop | drop |
1 | 54624 | BROWSER-CHROME | Google Chrome blink webaudio module use after free attempt | off | off | drop | drop |
1 | 54625 | BROWSER-CHROME | Google Chrome blink webaudio module use after free attempt | off | off | drop | drop |
1 | 54626 | MALWARE-CNC | Vbs.Trojan.Dridex variant payload outbound download attempt | off | drop | drop | drop |
1 | 54627 | MALWARE-CNC | Vbs.Trojan.Dridex variant payload inbound download attempt | off | drop | drop | drop |
1 | 54628 | MALWARE-CNC | Vbs.Trojan.Dridex variant payload inbound download attempt | off | drop | drop | drop |
1 | 54629 | SERVER-WEBAPP | Microsoft Windows .NET API XML unsafe deserialization attempt | off | off | drop | drop |
GID | SID | Rule Group | Rule Message | Policy State | |||
---|---|---|---|---|---|---|---|
Con. | Bal. | Sec. | Max. | ||||
1 | 54613 | SERVER-OTHER | Zoom client spoofed chat message attempt | off | off | drop | drop |
1 | 54614 | SERVER-OTHER | Zoom client unauthorized user kick attempt | off | off | drop | drop |
1 | 54615 | SERVER-OTHER | Zoom client unauthorized screen control attempt | off | off | drop | drop |
1 | 54616 | SERVER-OTHER | Zoom client unauthorized conference termination attempt | off | off | drop | drop |
1 | 54630 | PROTOCOL-DNS | BIND DNS server TSIG denial of service attempt | off | off | drop | drop |