This SRU number: 2019-10-02-001
Previous SRU number: 2019-09-30-001
Applies to:
This SEU number: 2074
Previous SEU: 2073
Applies to:
This is the complete list of rules added in SRU 2019-10-02-001 and SEU 2074.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 51686 | SERVER-WEBAPP | Schneider Electric Accutech Manager HTTP URI buffer overflow attempt | off | off | off | drop |
| 3 | 51687 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51688 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51689 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51690 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51691 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51692 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51693 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51694 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51695 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51696 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51697 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51698 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51699 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51700 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51701 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51702 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51703 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51704 | SERVER-WEBAPP | Cisco Firepower Management Center SQL injection attempt | off | off | drop | drop |
| 3 | 51705 | SERVER-WEBAPP | Cisco Firepower Management Center directory traversal attempt | off | off | drop | drop |
| 3 | 51706 | SERVER-WEBAPP | Cisco Firepower Management Center directory traversal attempt | off | off | drop | drop |
| 3 | 51707 | SERVER-WEBAPP | Cisco Firepower Management Center directory traversal attempt | off | off | drop | drop |
| 3 | 51708 | SERVER-WEBAPP | Cisco Firepower Management Center command injection attempt | off | off | drop | drop |
| 3 | 51709 | SERVER-WEBAPP | Cisco Firepower Management Center command injection attempt | off | off | drop | drop |
| 3 | 51710 | SERVER-WEBAPP | Cisco Firepower Management Center command injection attempt | off | off | drop | drop |
| 3 | 51711 | SERVER-WEBAPP | Cisco Firepower Management Center command injection attempt | off | off | drop | drop |
| 1 | 51712 | INDICATOR-COMPROMISE | Win.Trojan.NanoCore DNS request for known malware domain bsbs.duckdns.org | off | off | drop | drop |
| 1 | 51714 | BROWSER-IE | Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt | off | off | drop | drop |
| 1 | 51715 | BROWSER-IE | Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt | off | off | drop | drop |
| 3 | 51716 | SERVER-WEBAPP | Cisco Firepower Management Center command injection attempt | off | off | drop | drop |
| 3 | 51717 | SERVER-WEBAPP | Cisco Firepower Management Center command injection attempt | off | off | drop | drop |
| 3 | 51718 | SERVER-WEBAPP | Cisco Firepower Management Center command injection attempt | off | off | drop | drop |
| 3 | 51719 | SERVER-WEBAPP | Cisco Firepower Management Center command injection attempt | off | off | drop | drop |
| 1 | 51720 | MALWARE-CNC | Win.Trojan.Alreay malicious executable download attempt | off | drop | drop | drop |
| 1 | 51721 | MALWARE-CNC | Win.Trojan.Alreay malicious executable download attempt | off | drop | drop | drop |
| 1 | 51722 | MALWARE-CNC | Win.Trojan.Alreay malicious executable download attempt | off | drop | drop | drop |
| 1 | 51723 | MALWARE-CNC | Win.Trojan.Alreay malicious executable download attempt | off | drop | drop | drop |
| 1 | 51725 | SERVER-WEBAPP | HAProxy H2 Frame heap memory corruption attempt | off | off | off | drop |
| 1 | 51726 | MALWARE-CNC | Win.Trojan.Silence variant proxy connection detected | off | drop | drop | drop |
| 1 | 51727 | MALWARE-CNC | Win.Trojan.Silence variant proxy connection detected | off | drop | drop | drop |
| 3 | 51728 | SERVER-WEBAPP | Cisco WebVPN cross site scripting attempt | off | off | drop | drop |
| 3 | 51729 | SERVER-WEBAPP | Cisco WebVPN cross site scripting attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 51685 | SERVER-OTHER | Symantec AMS Intel handler service overly large size1 dos attempt | off | off | off | drop |
| 3 | 51713 | SERVER-WEBAPP | Cisco WebVPN denial of service attempt | off | off | drop | drop |
| 1 | 51724 | SERVER-OTHER | Novell Remote Manager off-by-one denial of service attempt | off | off | off | drop |