This SRU number: 2018-04-18-001
Previous SRU number: 2018-04-16-001
Applies to:
This SEU number: 1836
Previous SEU: 1835
Applies to:
This is the complete list of rules added in SRU 2018-04-18-001 and SEU 1836.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | |||
---|---|---|---|---|---|---|---|
Con. | Bal. | Sec. | Max. | ||||
1 | 46347 | SERVER-WEBAPP | MediaWiki index.php rs cross site scripting attempt | off | off | off | off |
1 | 46348 | SERVER-WEBAPP | NetIQ Access Manager Identity Server directory traversal attempt | off | drop | drop | drop |
1 | 46349 | SERVER-WEBAPP | NetIQ Access Manager Identity Server directory traversal attempt | off | drop | drop | drop |
1 | 46350 | SERVER-WEBAPP | NetIQ Access Manager Identity Server directory traversal attempt | off | drop | drop | drop |
1 | 46351 | BROWSER-PLUGINS | Mitsubishi EZPcAut220 ActiveX clsid access attempt | off | off | off | off |
1 | 46352 | BROWSER-PLUGINS | Mitsubishi EZPcAut220 ActiveX clsid access attempt | off | off | off | off |
1 | 46353 | SERVER-WEBAPP | ManageEngine ServiceDesk download-file directory traversal attempt | off | off | off | off |
1 | 46354 | SERVER-WEBAPP | ManageEngine ServiceDesk download-file directory traversal attempt | off | off | off | off |
1 | 46355 | SERVER-WEBAPP | ManageEngine ServiceDesk download-file directory traversal attempt | off | off | off | off |
1 | 46356 | MALWARE-CNC | Andr.Trojan.Wroba outbound connection | off | drop | drop | off |
1 | 46357 | MALWARE-CNC | Andr.Trojan.Wroba outbound connection | off | drop | drop | off |
1 | 46358 | MALWARE-CNC | Andr.Trojan.Wroba outbound connection | off | drop | drop | off |
1 | 46359 | MALWARE-CNC | Andr.Trojan.Wroba outbound connection | off | drop | drop | off |
1 | 46360 | MALWARE-CNC | Andr.Trojan.Wroba outbound connection | off | drop | drop | off |
1 | 46361 | MALWARE-CNC | Andr.Trojan.Wroba outbound connection | off | drop | drop | off |
1 | 46362 | MALWARE-CNC | Andr.Trojan.Wroba outbound connection | off | drop | drop | off |
1 | 46363 | MALWARE-CNC | Andr.Trojan.Wroba outbound connection | off | drop | drop | off |
1 | 46364 | MALWARE-CNC | Andr.Trojan.Wroba outbound connection | off | drop | drop | off |
1 | 46368 | MALWARE-BACKDOOR | JSP Web shell upload attempt | off | off | drop | drop |
1 | 46369 | MALWARE-BACKDOOR | JSP Web shell access attempt | off | off | drop | drop |
1 | 46376 | SERVER-OTHER | libgd heap-overflow attempt | off | off | drop | drop |
1 | 46377 | SERVER-OTHER | libgd heap-overflow attempt | off | off | drop | drop |
1 | 46378 | MALWARE-CNC | Win.Trojan.Dropper variant outbound connection | off | drop | drop | drop |
1 | 46379 | SERVER-WEBAPP | Afian FileRun SQL injection attempt | off | off | drop | drop |
1 | 46380 | SERVER-WEBAPP | Afian FileRun SQL injection attempt | off | off | drop | drop |
1 | 46383 | SERVER-OTHER | Micro Focus Operations Orchestration information disclosure attempt | off | off | off | off |
1 | 46384 | BROWSER-IE | Internet Explorer URL file remote code execution attempt detected | off | drop | drop | drop |
1 | 46385 | BROWSER-IE | Internet Explorer URL file remote code execution attempt detected | off | drop | drop | drop |
3 | 46386 | SERVER-WEBAPP | Cisco IOS XE Web UI arbitrary file write attempt | off | off | drop | drop |
3 | 46390 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2018-0577 attack attempt | off | off | off | off |
3 | 46391 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2018-0577 attack attempt | off | off | off | off |
3 | 46392 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2018-0577 attack attempt | off | off | off | off |
3 | 46395 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2018-0578 attack attempt | off | off | off | off |
1 | 46396 | FILE-EXECUTABLE | Win.Ransomware.Rapid download attempt | off | drop | drop | drop |
1 | 46397 | FILE-EXECUTABLE | Win.Ransomware.Rapid download attempt | off | drop | drop | drop |
1 | 46398 | BROWSER-OTHER | Mozilla Firefox table object integer underflow | off | off | off | off |
1 | 46399 | BROWSER-OTHER | Mozilla Firefox table object integer underflow | off | off | off | off |
GID | SID | Rule Group | Rule Message | Policy State | |||
---|---|---|---|---|---|---|---|
Con. | Bal. | Sec. | Max. | ||||
1 | 46365 | PUA-OTHER | CoinHive Miner client detected | off | drop | drop | drop |
1 | 46366 | PUA-OTHER | CryptoNight webassembly download attempt | off | drop | drop | off |
1 | 46367 | FILE-IDENTIFY | WebAssembly file download detected | off | off | off | off |
1 | 46370 | PUA-OTHER | Moonify Miner client detected | off | drop | drop | drop |
1 | 46371 | PUA-OTHER | Moonify TLS server hello attempt | off | drop | drop | drop |
1 | 46372 | PUA-OTHER | Moonify TLS client hello attempt | off | drop | drop | drop |
1 | 46373 | PROTOCOL-OTHER | CLDAP potential reflected distributed denial of service attempt | off | off | off | off |
1 | 46374 | PROTOCOL-OTHER | CLDAP potential reflected distributed denial of service attempt | off | off | off | off |
1 | 46375 | SERVER-OTHER | DualDesk v20 Proxy.exe long string denial of service attempt | off | off | off | off |
1 | 46382 | SERVER-OTHER | Micro Focus Operations Orchestration denial of service attempt | off | off | off | off |
1 | 46387 | SERVER-OTHER | Multiple Vendors NTP zero-origin timestamp denial of service attempt | off | off | off | off |
3 | 46388 | FILE-OTHER | TRUFFLEHUNTER TALOS-2018-0579 attack attempt | off | off | drop | drop |
3 | 46389 | FILE-OTHER | TRUFFLEHUNTER TALOS-2018-0579 attack attempt | off | off | drop | drop |
1 | 46393 | FILE-IDENTIFY | WebAssembly file detected | off | off | off | off |
GID | SID | Rule Group | Rule Message | Policy State | |||
---|---|---|---|---|---|---|---|
Con. | Bal. | Sec. | Max. | ||||
1 | 46381 | INDICATOR-COMPROMISE | Potential data exfiltration through Google form submission | off | off | off | off |
1 | 46394 | FILE-IDENTIFY | WebAssembly file attachment detected | off | off | off | off |