This SRU number: 2020-01-30-001
Previous SRU number: 2020-01-28-001
Applies to:
This SEU number: 2118
Previous SEU: 2116
Applies to:
This is the complete list of rules added in SRU 2020-01-30-001 and SEU 2118.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 52981 | FILE-MULTIMEDIA | WM Downloader malformed .m3u file buffer overflow attempt | off | off | off | drop |
| 1 | 52982 | MALWARE-OTHER | Win.Trojan.Hyperbro variant payload download attempt | off | off | drop | drop |
| 1 | 52983 | MALWARE-OTHER | Win.Trojan.Hyperbro variant payload download attempt | off | off | drop | drop |
| 1 | 52984 | BROWSER-IE | Microsoft Internet Explorer improper copy buffer access information disclosure attempt | off | off | off | drop |
| 1 | 52985 | BROWSER-IE | Microsoft Internet Explorer improper copy buffer access information disclosure attempt | off | off | off | drop |
| 1 | 52986 | BROWSER-IE | Microsoft Edge scripting engine memory corruption attempt | off | off | off | drop |
| 1 | 52987 | BROWSER-IE | Microsoft Edge scripting engine memory corruption attempt | off | drop | drop | drop |
| 1 | 52988 | BROWSER-IE | Microsoft Edge scripting engine memory corruption attempt | off | off | off | drop |
| 1 | 52989 | BROWSER-IE | Microsoft Edge scripting engine memory corruption attempt | off | drop | drop | drop |
| 1 | 52990 | MALWARE-OTHER | Win.Trojan.VBGeneric-7565256-0 download attempt | off | off | drop | drop |
| 1 | 52991 | BROWSER-OTHER | Multiple products Content-Type HTTP header buffer overflow attempt | off | off | off | drop |
| 1 | 52992 | MALWARE-OTHER | Win.Trojan.Ponystealer-7564561-0 download attempt | off | off | drop | drop |
| 3 | 52993 | POLICY-OTHER | Cisco Small Business Series Switches admin settings page access detected | off | off | off | off |
| 3 | 52994 | POLICY-OTHER | Cisco Small Business Series Switches device configuration page access detected | off | off | off | off |
| 3 | 52995 | POLICY-OTHER | Cisco Small Business Series Switches device configuration page access detected | off | off | off | off |
| 3 | 52997 | SERVER-WEBAPP | Cisco Small Business Series Switches cross site scripting attempt | off | off | drop | drop |
| 1 | 52999 | MALWARE-OTHER | Win.Packed.Agen-7564625-0 download attempt | off | off | off | drop |
| 3 | 53000 | FILE-OTHER | TRUFFLEHUNTER TALOS-2020-0983 attack attempt | off | off | drop | drop |
| 3 | 53001 | FILE-OTHER | TRUFFLEHUNTER TALOS-2020-0983 attack attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 52996 | SERVER-WEBAPP | Cisco Small Business Series Switches information disclosure attempt | off | off | drop | drop |
| 3 | 52998 | SERVER-WEBAPP | Cisco Small Business Series Switches denial of service attempt | off | off | drop | drop |