* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-12-12-001
Previous SRU number: 2017-12-06-001
Applies to:
This SEU number: 1769
Previous SEU: 1767
Applies to:
This is the complete list of rules added in SRU 2017-12-12-001 and SEU 1769.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 45121 | BROWSER-IE | Microsoft Internet Explorer use after free attempt | off | drop | drop |
1 | 45122 | BROWSER-IE | Microsoft Internet Explorer use after free attempt | off | drop | drop |
1 | 45123 | FILE-OFFICE | Microsoft Office Excel malformed spreadsheet use-after-free attempt | off | drop | drop |
1 | 45124 | FILE-OFFICE | Microsoft Office Excel malformed spreadsheet use-after-free attempt | off | drop | drop |
1 | 45128 | BROWSER-IE | Microsoft Edge defineGetter type confusion attempt | off | drop | drop |
1 | 45129 | BROWSER-IE | Microsoft Edge defineGetter type confusion attempt | off | drop | drop |
1 | 45130 | OS-WINDOWS | Microsoft Windows RRAS service arbitrary pointer dereference attempt | off | drop | drop |
1 | 45131 | OS-WINDOWS | Microsoft Windows RRAS service arbitrary pointer dereference attempt | off | drop | drop |
1 | 45132 | FILE-OFFICE | Microsoft Office Equation Editor object stack buffer overflow attempt | off | drop | drop |
1 | 45133 | FILE-OFFICE | Microsoft Office Equation Editor object stack buffer overflow attempt | off | drop | drop |
1 | 45134 | FILE-OFFICE | Microsoft Office Equation Editor object stack buffer overflow attempt | off | drop | drop |
1 | 45135 | FILE-OFFICE | Microsoft Office Equation Editor object stack buffer overflow attempt | off | drop | drop |
1 | 45136 | INDICATOR-COMPROMISE | Metasploit PowerShell CLI Download and Run attempt | off | drop | drop |
1 | 45137 | INDICATOR-COMPROMISE | Metasploit run hidden powershell attempt | off | drop | drop |
1 | 45138 | BROWSER-IE | Microsoft Internet Explorer scripting engine memory corruption attempt | off | drop | drop |
1 | 45139 | BROWSER-IE | Microsoft Internet Explorer scripting engine memory corruption attempt | off | drop | drop |
1 | 45140 | BROWSER-IE | Microsoft Edge Chakra RegExp engine memory corruption attempt | off | drop | drop |
1 | 45141 | BROWSER-IE | Microsoft Edge Chakra RegExp engine memory corruption attempt | off | drop | drop |
1 | 45142 | BROWSER-IE | Microsoft Edge Array type confusion attempt | off | drop | drop |
1 | 45143 | BROWSER-IE | Microsoft Edge Array type confusion attempt | off | drop | drop |
1 | 45144 | BROWSER-IE | Microsoft Internet Explorer scripting engine memory corruption attempt | off | drop | drop |
1 | 45145 | BROWSER-IE | Microsoft Internet Explorer scripting engine memory corruption attempt | off | drop | drop |
1 | 45148 | BROWSER-IE | Microsoft Internet Explorer Array out of bounds write attempt | off | drop | drop |
1 | 45149 | BROWSER-IE | Microsoft Internet Explorer Array out of bounds write attempt | off | drop | drop |
1 | 45150 | BROWSER-IE | Microsoft Edge JsSetCurrentContext out of bounds read attempt | off | drop | drop |
1 | 45151 | BROWSER-IE | Microsoft Edge JsSetCurrentContext out of bounds read attempt | off | drop | drop |
1 | 45152 | INDICATOR-COMPROMISE | Microsoft MsMpEng shrink compressed zip code execution attempt | off | off | off |
1 | 45153 | INDICATOR-COMPROMISE | Microsoft MsMpEng shrink compressed zip code execution attempt | off | off | off |
1 | 45154 | BROWSER-IE | Microsoft Internet Explorer dynamic style update memory corruption attempt | off | off | off |
1 | 45155 | BROWSER-IE | Microsoft Internet Explorer out of bounds read attempt | off | off | drop |
1 | 45156 | BROWSER-IE | Microsoft Internet Explorer out of bounds read attempt | off | off | drop |
3 | 45158 | FILE-PDF | TRUFFLEHUNTER TALOS-2017-0506 attack attempt | off | off | drop |
3 | 45159 | FILE-PDF | TRUFFLEHUNTER TALOS-2017-0506 attack attempt | off | off | drop |
1 | 45160 | BROWSER-IE | Microsoft Edge null pointer dereference attempt | off | off | drop |
1 | 45161 | BROWSER-IE | Microsoft Edge null pointer dereference attempt | off | off | drop |
1 | 45162 | BROWSER-IE | Microsoft Edge memory corruption attempt | off | drop | drop |
1 | 45163 | BROWSER-IE | Microsoft Edge memory corruption attempt | off | drop | drop |
1 | 45167 | BROWSER-IE | Microsoft Edge memory corruption attempt | off | drop | drop |
1 | 45168 | BROWSER-IE | Microsoft Edge memory corruption attempt | off | drop | drop |
1 | 45169 | BROWSER-IE | Microsoft Edge array type confusion attempt | off | drop | drop |
1 | 45170 | BROWSER-IE | Microsoft Edge array type confusion attempt | off | drop | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
3 | 45120 | SERVER-OTHER | Cisco Application Control Engine padding oracle attack attempt | off | off | off |
1 | 45125 | FILE-OTHER | Adobe Shockwave newModel memory disclosure attempt | off | off | off |
1 | 45126 | FILE-OTHER | Adobe Shockwave newModel memory disclosure attempt | off | off | off |
1 | 45127 | BROWSER-FIREFOX | Mozilla SSL certificate spoofing attempt | off | off | off |
1 | 45157 | SERVER-OTHER | SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt | off | off | off |
1 | 45164 | POLICY-OTHER | RPC Portmapper version 3 dump request attempt | off | off | off |
1 | 45165 | POLICY-OTHER | RPC Portmapper version 2 dump request attempt | off | off | off |
1 | 45166 | POLICY-OTHER | RPC Portmapper getstat request attempt | off | off | off |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 45146 | BROWSER-IE | Microsoft Internet Explorer scripting engine memory corruption attempt | off | drop | drop |
1 | 45147 | BROWSER-IE | Microsoft Internet Explorer scripting engine memory corruption attempt | off | drop | drop |