This SRU number: 2019-05-06-001
Previous SRU number: 2019-05-01-001
Applies to:
This SEU number: 2008
Previous SEU: 2007
Applies to:
This is the complete list of rules added in SRU 2019-05-06-001 and SEU 2008.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | |||
---|---|---|---|---|---|---|---|
Con. | Bal. | Sec. | Max. | ||||
1 | 50008 | MALWARE-CNC | Win.Doc.Dropper SectorB06 malicious rtf dropper download attempt | off | drop | drop | drop |
1 | 50009 | MALWARE-CNC | Win.Doc.Dropper SectorB06 malicious rtf dropper download attempt | off | drop | drop | drop |
1 | 50010 | MALWARE-CNC | Win.Trojan.SectorB06 malicious executable download attempt | off | drop | drop | drop |
1 | 50011 | MALWARE-CNC | Win.Trojan.SectorB06 malicious executable download attempt | off | drop | drop | drop |
1 | 50012 | MALWARE-CNC | Win.Trojan.SectorB06 malicious executable download attempt | off | drop | drop | drop |
1 | 50013 | MALWARE-CNC | Win.Trojan.SectorB06 malicious executable download attempt | off | drop | drop | drop |
1 | 50014 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50015 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50016 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50017 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50018 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50019 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50020 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50021 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50022 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50023 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50024 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50025 | SERVER-ORACLE | Oracle WebLogic Server remote command execution attempt | off | drop | drop | drop |
1 | 50026 | BROWSER-IE | Microsoft Internet Explorer window scroll integer overflow attempt | off | off | off | drop |
1 | 50027 | BROWSER-IE | Microsoft Internet Explorer window scroll integer overflow attempt | off | off | off | drop |
1 | 50030 | SERVER-WEBAPP | Dojo Toolkit SDK cross site scripting attempt | off | off | off | drop |
1 | 50031 | SERVER-WEBAPP | Dojo Toolkit SDK cross site scripting attempt | off | off | off | drop |
1 | 50032 | SERVER-WEBAPP | Dojo Toolkit SDK cross site scripting attempt | off | off | off | drop |
1 | 50033 | BROWSER-WEBKIT | Apple WebKit updateReferencedText use-after-free attempt | off | off | drop | drop |
1 | 50034 | BROWSER-WEBKIT | Apple WebKit updateReferencedText use-after-free attempt | off | off | drop | drop |
3 | 50035 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2019-0821 attack attempt | off | off | off | drop |
3 | 50036 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2019-0821 attack attempt | off | off | off | drop |
3 | 50037 | SERVER-WEBAPP | Cisco Elastic Services Controller authentication bypass attempt | off | off | drop | drop |
3 | 50038 | FILE-PDF | TRUFFLEHUNTER TALOS-2019-0819 attack attempt | off | off | off | drop |
3 | 50039 | FILE-PDF | TRUFFLEHUNTER TALOS-2019-0819 attack attempt | off | off | off | drop |
GID | SID | Rule Group | Rule Message | Policy State | |||
---|---|---|---|---|---|---|---|
Con. | Bal. | Sec. | Max. | ||||
3 | 50040 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2019-0831 attack attempt | off | off | off | drop |
GID | SID | Rule Group | Rule Message | Policy State | |||
---|---|---|---|---|---|---|---|
Con. | Bal. | Sec. | Max. | ||||
1 | 50028 | PUA-ADWARE | Osx.Adware.TotalAdviseSearch variant download attempt | off | off | off | drop |
1 | 50029 | PUA-ADWARE | Osx.Adware.TotalAdviseSearch variant download attempt | off | off | off | drop |