Cisco Talos Update for FireSIGHT Management Center

Date: 2019-05-07

This SRU number: 2019-05-06-001
Previous SRU number: 2019-05-01-001

Applies to:

This SEU number: 2008
Previous SEU: 2007

Applies to:

This is the complete list of rules added in SRU 2019-05-06-001 and SEU 2008.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
150008MALWARE-CNCWin.Doc.Dropper SectorB06 malicious rtf dropper download attemptoffdropdropdrop
150009MALWARE-CNCWin.Doc.Dropper SectorB06 malicious rtf dropper download attemptoffdropdropdrop
150010MALWARE-CNCWin.Trojan.SectorB06 malicious executable download attemptoffdropdropdrop
150011MALWARE-CNCWin.Trojan.SectorB06 malicious executable download attemptoffdropdropdrop
150012MALWARE-CNCWin.Trojan.SectorB06 malicious executable download attemptoffdropdropdrop
150013MALWARE-CNCWin.Trojan.SectorB06 malicious executable download attemptoffdropdropdrop
150014SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150015SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150016SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150017SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150018SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150019SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150020SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150021SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150022SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150023SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150024SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150025SERVER-ORACLEOracle WebLogic Server remote command execution attemptoffdropdropdrop
150026BROWSER-IEMicrosoft Internet Explorer window scroll integer overflow attemptoffoffoffdrop
150027BROWSER-IEMicrosoft Internet Explorer window scroll integer overflow attemptoffoffoffdrop
150030SERVER-WEBAPPDojo Toolkit SDK cross site scripting attemptoffoffoffdrop
150031SERVER-WEBAPPDojo Toolkit SDK cross site scripting attemptoffoffoffdrop
150032SERVER-WEBAPPDojo Toolkit SDK cross site scripting attemptoffoffoffdrop
150033BROWSER-WEBKITApple WebKit updateReferencedText use-after-free attemptoffoffdropdrop
150034BROWSER-WEBKITApple WebKit updateReferencedText use-after-free attemptoffoffdropdrop
350035FILE-IMAGETRUFFLEHUNTER TALOS-2019-0821 attack attemptoffoffoffdrop
350036FILE-IMAGETRUFFLEHUNTER TALOS-2019-0821 attack attemptoffoffoffdrop
350037SERVER-WEBAPPCisco Elastic Services Controller authentication bypass attemptoffoffdropdrop
350038FILE-PDFTRUFFLEHUNTER TALOS-2019-0819 attack attemptoffoffoffdrop
350039FILE-PDFTRUFFLEHUNTER TALOS-2019-0819 attack attemptoffoffoffdrop
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
350040SERVER-WEBAPPTRUFFLEHUNTER TALOS-2019-0831 attack attemptoffoffoffdrop
Low Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
150028PUA-ADWAREOsx.Adware.TotalAdviseSearch variant download attemptoffoffoffdrop
150029PUA-ADWAREOsx.Adware.TotalAdviseSearch variant download attemptoffoffoffdrop