Cisco Talos Update for FireSIGHT Management Center

Date: 2019-09-26

This SRU number: 2019-09-25-001
Previous SRU number: 2019-09-23-001

Applies to:

This SEU number: 2072
Previous SEU: 2071

Applies to:

This is the complete list of rules added in SRU 2019-09-25-001 and SEU 2072.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
151620SERVER-WEBAPPvBulletin pre-authenticated command injection attemptdropdropdropdrop
151621SERVER-WEBAPPvBulletin pre-authenticated command injection attemptdropdropdropdrop
351622SERVER-WEBAPPCisco IOS XE Software command injection attemptoffoffdropdrop
351623SERVER-WEBAPPCisco IOS XE Software command injection attemptoffoffdropdrop
351624SERVER-WEBAPPCisco IOS XE Software command injection attemptoffoffdropdrop
351625SERVER-WEBAPPCisco IOS XE Software command injection attemptoffoffdropdrop
151629SERVER-WEBAPPTrend Micro Control Manager reporting.aspx SQL injection attemptoffoffdropdrop
151630SERVER-WEBAPPTrend Micro Control Manager reporting.aspx SQL injection attemptoffoffdropdrop
151631POLICY-OTHEREasy Hosting Control Panel command execution attemptoffoffoffdrop
151632INDICATOR-OBFUSCATIONJavaScript exploit obfuscation attemptoffoffoffdrop
151633INDICATOR-OBFUSCATIONJavaScript exploit obfuscation attemptoffoffoffdrop
151634MALWARE-CNCWin.Trojan.Ordinypt malicious executable download attemptoffdropdropdrop
151635MALWARE-CNCWin.Trojan.Ordinypt malicious executable download attemptoffdropdropdrop
151636EXPLOIT-KITRig exploit kit outbound connectionoffdropdropdrop
151637EXPLOIT-KITRig exploit kit executable download attemptoffdropdropdrop
151638EXPLOIT-KITRig exploit kit executable download attemptoffdropdropdrop
151639SERVER-OTHERAVEVA InduSoft Web Studio and InTouch Edge HMI buffer overflow attemptoffoffdropdrop
151640SERVER-WEBAPPJavaScript library OpenPGP.js improper signature verification attemptoffoffdropdrop
151641SERVER-WEBAPPJavaScript library OpenPGP.js improper signature verification attemptoffoffdropdrop
151642MALWARE-CNCOsx.Trojan.Gmera variant outbound connectionoffdropdropdrop
151643FILE-FLASHAdobe Flash Player use-after-free attemptoffoffdropdrop
151644FILE-FLASHAdobe Flash Player use-after-free attemptoffoffdropdrop
151647SERVER-OTHERIndusoft Web Studio and Intouch Machine Edition stack buffer overflow attemptoffoffdropdrop
151648FILE-FLASHAdobe Flash Player ActiveX same origin method execution attemptoffoffdropdrop
351650POLICY-OTHERTRUFFLEHUNTER TALOS-2019-0898 attack attemptoffoffoffoff
351651POLICY-OTHERTRUFFLEHUNTER TALOS-2019-0896 attack attemptoffoffoffoff
151653SERVER-WEBAPPWeblog Expert Web Server Enterprise denial of service attemptoffoffoffdrop
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
351626PROTOCOL-VOIPCisco IOS SIP denial of service attemptoffoffoffdrop
351627PROTOCOL-VOIPCisco IOS SIP denial of service attemptoffoffoffdrop
351628POLICY-OTHERCisco IOS Layer 2 Traceroute vlan enumeration detectedoffoffoffoff
351645SERVER-OTHERCisco IOx invalid TLS handshake type denial of service attemptoffoffoffdrop
351646SERVER-OTHERCisco IOS XE FTP Application Layer Gateway denial of service attemptoffoffoffdrop
351649OS-WINDOWSTRUFFLEHUNTER TALOS-2019-0901 attack attemptoffoffdropdrop
351652SERVER-WEBAPPTRUFFLEHUNTER TALOS-2019-0894 attack attemptoffoffdropdrop