Cisco Talos Update for FireSIGHT Management Center

Date: 2018-08-02

This SRU number: 2018-08-01-001
Previous SRU number: 2018-07-30-001

Applies to:

This SEU number: 1889
Previous SEU: 1888

Applies to:

This is the complete list of rules added in SRU 2018-08-01-001 and SEU 1889.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
147413POLICY-OTHEROracle WebLogic T3 inbound connection detectedoffoffoffoff
147414MALWARE-CNCOsx.Trojan.Calisto outbound connectionoffdropdropdrop
147415MALWARE-CNCOsx.Trojan.Calisto outbound connectionoffdropdropdrop
147417PUA-ADWARESlimware Utilities variant outbound connectionoffdropdropdrop
147418PUA-ADWARESlimware Utilities variant outbound connectionoffdropdropdrop
147419SERVER-WEBAPPEasy Hosting Control Panel cross site scripting attemptoffoffoffoff
147420MALWARE-CNCWin.Trojan.Kuping variant outbound connectionoffdropdropdrop
147421SERVER-WEBAPPJoomla Core com_fields cross site scripting attemptoffoffoffoff
147422FILE-OTHERSAP GUI ABAP code arbitrary dll-load attemptoffoffoffoff
147423SERVER-WEBAPPQNAP QCenter API date_config command injection attemptoffoffdropdrop
147424SERVER-WEBAPPSite Editor WordPress plugin local file access attemptoffoffoffdrop
147425SERVER-WEBAPPRaptr Plays.tv unauthenticated remote arbitrary file execution attemptoffoffoffoff
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
147416SERVER-WEBAPPAdvantech WebAcess Dashboard Viewer arbitrary file disclosure attemptoffoffoffoff
347426PROTOCOL-VOIPCisco SPA514G SDP field processing denial of service attemptoffoffoffdrop