This SRU number: 2019-06-26-001
Previous SRU number: 2019-06-24-001
Applies to:
This SEU number: 2038
Previous SEU: 2037
Applies to:
This is the complete list of rules added in SRU 2019-06-26-001 and SEU 2038.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 50505 | MALWARE-TOOLS | Malicious HTML application download attempt | off | drop | drop | drop |
| 1 | 50506 | MALWARE-TOOLS | Malicious HTML application download attempt | off | drop | drop | drop |
| 1 | 50507 | MALWARE-BACKDOOR | WebShellOrb PHP shell outbound connection attempt | off | drop | drop | drop |
| 1 | 50508 | MALWARE-BACKDOOR | WebShellOrb PHP shell upload attempt | off | drop | drop | drop |
| 1 | 50509 | EXPLOIT-KIT | Spelevo Exploit Kit landing page detected | off | drop | drop | drop |
| 1 | 50510 | EXPLOIT-KIT | Spelevo Exploit Kit landing page detected | off | drop | drop | drop |
| 1 | 50511 | EXPLOIT-KIT | Spelevo Exploit Kit browser exploit page detected | off | drop | drop | drop |
| 3 | 50512 | SERVER-WEBAPP | Cisco Data Center Network Manager authentication bypass attempt | off | drop | drop | drop |
| 3 | 50513 | SERVER-WEBAPP | Cisco Data Center Network Manager arbitrary WAR file upload attempt | off | drop | drop | drop |
| 1 | 50518 | BROWSER-FIREFOX | Mozilla Firefox Array.prototype.pop type confusion attempt | off | drop | drop | drop |
| 1 | 50519 | BROWSER-FIREFOX | Mozilla Firefox Array.prototype.pop type confusion attempt | off | drop | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 50514 | SERVER-WEBAPP | Cisco Data Center Network Manager arbitrary file download attempt | off | drop | drop | drop |
| 3 | 50515 | SERVER-WEBAPP | Cisco Data Center Network Manager information disclosure attempt | off | drop | drop | drop |
| 3 | 50516 | PROTOCOL-OTHER | TRUFFLEHUNTER TALOS-2019-0849 attack attempt | off | off | off | drop |
| 1 | 50517 | INDICATOR-COMPROMISE | undocumented SMB dialect request attempt | off | drop | drop | drop |