Sourcefire VRT Rules Update

Date: 2011-12-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.1.2.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20740 <-> DISABLED <-> WEB-MISC Dell OpenManage server application field buffer overflow attempt (web-misc.rules)
 * 1:20749 <-> DISABLED <-> EXPLOIT EMC Retrospect client crafted packet buffer overflow attempt (exploit.rules)
 * 1:20745 <-> DISABLED <-> EXPLOIT Ethereal Netflow dissector buffer overflow attempt (exploit.rules)
 * 1:20744 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt (web-client.rules)
 * 1:20737 <-> DISABLED <-> SPECIFIC-THREAT 427BB cookie-based authentication bypass attempt (specific-threats.rules)
 * 1:20736 <-> DISABLED <-> WEB-CLIENT Apple Safari x-man-page URI terminal escape attempt (web-client.rules)
 * 1:20738 <-> DISABLED <-> SPECIFIC-THREAT Check Point vpn-1 ISAKMP buffer overflow attempt (specific-threats.rules)
 * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detection (file-identify.rules)
 * 1:20742 <-> DISABLED <-> WEB-CLIENT Mozilla PLUGINSPAGE javascript execution attempt (web-client.rules)
 * 1:20747 <-> DISABLED <-> EXPLOIT Ethereal IGAP Dissector Buffer Overflow attempt (exploit.rules)
 * 1:20746 <-> DISABLED <-> EXPLOIT Ethereal IGAP Dissector Buffer Overflow attempt (exploit.rules)
 * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules)
 * 1:20743 <-> DISABLED <-> WEB-CLIENT Multiple web browser window injection attempt (web-client.rules)
 * 1:20748 <-> ENABLED <-> EXPLOIT Yahoo Messenger possible file transfer spoofing (exploit.rules)
 * 1:20741 <-> DISABLED <-> DOS SpamAssassin GTube string denial of service attempt (dos.rules)
 * 1:20739 <-> DISABLED <-> WEB-CLIENT Mozilla Object.watch parent access attempt (web-client.rules)

Modified Rules:


 * 1:8797 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAPath2.1 ActiveX function call access (web-activex.rules)
 * 1:8798 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAPair.1 ActiveX clsid access (web-activex.rules)
 * 1:8800 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAPair.1 ActiveX function call access (web-activex.rules)
 * 1:8801 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DANumber.1 ActiveX clsid access (web-activex.rules)
 * 1:8803 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DANumber.1 ActiveX function call access (web-activex.rules)
 * 1:8804 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAMontage.1 ActiveX clsid access (web-activex.rules)
 * 1:8806 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAMontage.1 ActiveX function call access (web-activex.rules)
 * 1:8807 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAMicrophone.1 ActiveX clsid access (web-activex.rules)
 * 1:8809 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAMicrophone.1 ActiveX function call access (web-activex.rules)
 * 1:8810 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAMatte.1 ActiveX clsid access (web-activex.rules)
 * 1:8812 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAMatte.1 ActiveX function call access (web-activex.rules)
 * 1:8813 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DALineStyle.1 ActiveX clsid access (web-activex.rules)
 * 1:8815 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DALineStyle.1 ActiveX function call access (web-activex.rules)
 * 1:8816 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAJoinStyle.1 ActiveX clsid access (web-activex.rules)
 * 1:8818 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAJoinStyle.1 ActiveX function call access (web-activex.rules)
 * 1:8819 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAImage.1 ActiveX clsid access (web-activex.rules)
 * 1:8821 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAImage.1 ActiveX function call access (web-activex.rules)
 * 1:8822 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAGeometry.1 ActiveX clsid access (web-activex.rules)
 * 1:8824 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAGeometry.1 ActiveX function call access (web-activex.rules)
 * 1:8825 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DADashStyle.1 ActiveX clsid access (web-activex.rules)
 * 1:8827 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DADashStyle.1 ActiveX function call access (web-activex.rules)
 * 1:8828 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAColor.1 ActiveX clsid access (web-activex.rules)
 * 1:8830 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAColor.1 ActiveX function call access (web-activex.rules)
 * 1:8831 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DACamera.1 ActiveX clsid access (web-activex.rules)
 * 1:8833 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DACamera.1 ActiveX function call access (web-activex.rules)
 * 1:8834 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DABoolean.1 ActiveX clsid access (web-activex.rules)
 * 1:8836 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DABoolean.1 ActiveX function call access (web-activex.rules)
 * 1:8837 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DABbox3.1 ActiveX clsid access (web-activex.rules)
 * 1:8839 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DABbox3.1 ActiveX function call access (web-activex.rules)
 * 1:8840 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DABbox2.1 ActiveX clsid access (web-activex.rules)
 * 1:8842 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DABbox2.1 ActiveX function call access (web-activex.rules)
 * 1:8843 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAArray.1 ActiveX clsid access (web-activex.rules)
 * 1:8845 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAArray.1 ActiveX function call access (web-activex.rules)
 * 1:8846 <-> ENABLED <-> WEB-ACTIVEX Microsoft Agent Character Custom Proxy Class ActiveX clsid access (web-activex.rules)
 * 1:8848 <-> ENABLED <-> WEB-ACTIVEX Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid access (web-activex.rules)
 * 1:8850 <-> ENABLED <-> WEB-ACTIVEX Microsoft Agent Custom Proxy Class ActiveX clsid access (web-activex.rules)
 * 1:8852 <-> ENABLED <-> WEB-ACTIVEX Microsoft Agent v2.0 ActiveX clsid access (web-activex.rules)
 * 1:8854 <-> DISABLED <-> WEB-ACTIVEX Microsoft Agent v2.0 ActiveX function call access (web-activex.rules)
 * 1:8856 <-> DISABLED <-> WEB-ACTIVEX Microsoft Agent v1.5 ActiveX function call access (web-activex.rules)
 * 1:8925 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrAddAlternateComputerName overflow attempt (netbios.rules)
 * 1:9027 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (netbios.rules)
 * 1:9132 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (netbios.rules)
 * 1:9228 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs NwGetConnectionInformation overflow attempt (netbios.rules)
 * 1:939 <-> DISABLED <-> WEB-FRONTPAGE posting (web-frontpage.rules)
 * 1:940 <-> DISABLED <-> WEB-FRONTPAGE shtml.dll access (web-frontpage.rules)
 * 1:9419 <-> DISABLED <-> SPECIFIC-THREATS sasser attempt (specific-threats.rules)
 * 1:9420 <-> DISABLED <-> SPECIFIC-THREATS korgo attempt (specific-threats.rules)
 * 1:9421 <-> DISABLED <-> SPECIFIC-THREATS zotob attempt (specific-threats.rules)
 * 1:9422 <-> DISABLED <-> SPECIFIC-THREATS msblast attempt (specific-threats.rules)
 * 1:9423 <-> DISABLED <-> SPECIFIC-THREATS lovegate attempt (specific-threats.rules)
 * 1:9427 <-> ENABLED <-> WEB-ACTIVEX Acer LunchApp.APlunch ActiveX clsid access (web-activex.rules)
 * 1:9431 <-> DISABLED <-> EXPLOIT Microsoft Outlook Express NNTP response overflow attempt (exploit.rules)
 * 1:9432 <-> DISABLED <-> WEB-CLIENT Microsoft Agent buffer overflow attempt (web-client.rules)
 * 1:9433 <-> DISABLED <-> WEB-CLIENT Microsoft Agent buffer overflow attempt (web-client.rules)
 * 1:9625 <-> ENABLED <-> WEB-CLIENT Windows Media Player ASX file ref href buffer overflow attempt (web-client.rules)
 * 1:9638 <-> DISABLED <-> TFTP PUT Microsoft RIS filename overwrite attempt (tftp.rules)
 * 1:9639 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detection (file-identify.rules)
 * 1:9640 <-> DISABLED <-> WEB-ACTIVEX ADODB.Connection ActiveX function call access (web-activex.rules)
 * 1:9641 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player ASF simple index object parsing buffer overflow attempt (web-client.rules)
 * 1:9642 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player ASF codec list object parsing buffer overflow attempt (web-client.rules)
 * 1:9643 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player ASF marker object parsing buffer overflow attempt (web-client.rules)
 * 1:967 <-> DISABLED <-> WEB-FRONTPAGE dvwssr.dll access (web-frontpage.rules)
 * 1:971 <-> DISABLED <-> WEB-IIS ISAPI .printer access (web-iis.rules)
 * 1:9769 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (netbios.rules)
 * 1:978 <-> DISABLED <-> WEB-IIS ASP contents view (web-iis.rules)
 * 1:979 <-> DISABLED <-> WEB-IIS ASP contents view (web-iis.rules)
 * 1:9841 <-> ENABLED <-> SMTP Micrsoft Office Outlook VEVENT overflow attempt (smtp.rules)
 * 1:9847 <-> DISABLED <-> WEB-CLIENT Microsoft Office Outlook Saved Search download attempt (web-client.rules)
 * 1:9848 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (web-client.rules)
 * 1:9849 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (web-client.rules)
 * 1:987 <-> DISABLED <-> FILE-IDENTIFY .htr access file download request (file-identify.rules)
 * 1:9914 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP tapisrv ClientRequest LSetAppPriority overflow attempt (netbios.rules)
 * 1:8795 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAPath2.1 ActiveX clsid access (web-activex.rules)
 * 1:8794 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAPoint2.1 ActiveX function call access (web-activex.rules)
 * 1:8792 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAPoint2.1 ActiveX clsid access (web-activex.rules)
 * 1:8791 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAPoint3.1 ActiveX function call access (web-activex.rules)
 * 1:8789 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAPoint3.1 ActiveX clsid access (web-activex.rules)
 * 1:8788 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DASound.1 ActiveX function call access (web-activex.rules)
 * 1:8786 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DASound.1 ActiveX clsid access (web-activex.rules)
 * 1:8785 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAString.1 ActiveX function call access (web-activex.rules)
 * 1:8783 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAString.1 ActiveX clsid access (web-activex.rules)
 * 1:8782 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DATransform2.1 ActiveX function call access (web-activex.rules)
 * 1:8780 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DATransform2.1 ActiveX clsid access (web-activex.rules)
 * 1:8779 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DATransform3.1 ActiveX function call access (web-activex.rules)
 * 1:8777 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DATransform3.1 ActiveX clsid access (web-activex.rules)
 * 1:8776 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAUserData.1 ActiveX function call access (web-activex.rules)
 * 1:8774 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAUserData.1 ActiveX clsid access (web-activex.rules)
 * 1:8773 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAVector2.1 ActiveX function call access (web-activex.rules)
 * 1:8771 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAVector2.1 ActiveX clsid access (web-activex.rules)
 * 1:8770 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAVector3.1 ActiveX function call access (web-activex.rules)
 * 1:8768 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAVector3.1 ActiveX clsid access (web-activex.rules)
 * 1:8767 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAView.1 ActiveX function call access (web-activex.rules)
 * 1:8765 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAView.1 ActiveX clsid access (web-activex.rules)
 * 1:8764 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.Sequence ActiveX function call access (web-activex.rules)
 * 1:8762 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.Sequence ActiveX clsid access (web-activex.rules)
 * 1:8761 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.SequencerControl ActiveX function call access (web-activex.rules)
 * 1:8759 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.SequencerControl ActiveX clsid access (web-activex.rules)
 * 1:8758 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.SpriteControl ActiveX function call access (web-activex.rules)
 * 1:8756 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.SpriteControl ActiveX clsid access (web-activex.rules)
 * 1:8755 <-> DISABLED <-> WEB-ACTIVEX LM.AutoEffectBvr.1 ActiveX function call access (web-activex.rules)
 * 1:8753 <-> ENABLED <-> WEB-ACTIVEX LM.AutoEffectBvr.1 ActiveX clsid access (web-activex.rules)
 * 1:8752 <-> DISABLED <-> WEB-ACTIVEX LM.LMBehaviorFactory.1 ActiveX function call access (web-activex.rules)
 * 1:8750 <-> ENABLED <-> WEB-ACTIVEX LM.LMBehaviorFactory.1 ActiveX clsid access (web-activex.rules)
 * 1:8749 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAEndStyle.1 ActiveX function call access (web-activex.rules)
 * 1:8747 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAEndStyle.1 ActiveX clsid access (web-activex.rules)
 * 1:8746 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAEvent.1 ActiveX function call access (web-activex.rules)
 * 1:8744 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAEvent.1 ActiveX clsid access (web-activex.rules)
 * 1:8743 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAFontStyle.1 ActiveX function call access (web-activex.rules)
 * 1:8741 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation.DAFontStyle.1 ActiveX clsid access (web-activex.rules)
 * 1:8727 <-> DISABLED <-> WEB-ACTIVEX XMLHTTP 4.0 ActiveX clsid access (web-activex.rules)
 * 1:8725 <-> ENABLED <-> WEB-ACTIVEX System Monitor ActiveX clsid access (web-activex.rules)
 * 1:8700 <-> DISABLED <-> WEB-IIS ASP.NET 2.0 cross-site scripting attempt (web-iis.rules)
 * 1:8540 <-> DISABLED <-> SQL xp_updatecolvbm vulnerable function attempt (sql.rules)
 * 1:8539 <-> DISABLED <-> SQL xp_updatecolvbm unicode vulnerable function attempt (sql.rules)
 * 1:8538 <-> DISABLED <-> SQL xp_updatecolvbm unicode vulnerable function attempt (sql.rules)
 * 1:8537 <-> DISABLED <-> SQL xp_sqlinventory unicode vulnerable function attempt (sql.rules)
 * 1:8536 <-> DISABLED <-> SQL xp_sqlinventory vulnerable function attempt (sql.rules)
 * 1:8535 <-> DISABLED <-> SQL xp_sqlinventory unicode vulnerable function attempt (sql.rules)
 * 1:8534 <-> DISABLED <-> SQL xp_sqlagent_monitor unicode vulnerable function attempt (sql.rules)
 * 1:8533 <-> DISABLED <-> SQL xp_sqlagent_monitor vulnerable function attempt (sql.rules)
 * 1:8532 <-> DISABLED <-> SQL xp_sqlagent_monitor unicode vulnerable function attempt (sql.rules)
 * 1:8531 <-> DISABLED <-> SQL xp_showcolv vulnerable function attempt (sql.rules)
 * 1:8530 <-> DISABLED <-> SQL xp_showcolv unicode vulnerable function attempt (sql.rules)
 * 1:8529 <-> DISABLED <-> SQL xp_showcolv unicode vulnerable function attempt (sql.rules)
 * 1:8528 <-> DISABLED <-> SQL xp_SetSQLSecurity vulnerable function attempt (sql.rules)
 * 1:8527 <-> DISABLED <-> SQL xp_SetSQLSecurity unicode vulnerable function attempt (sql.rules)
 * 1:8526 <-> DISABLED <-> SQL xp_SetSQLSecurity unicode vulnerable function attempt (sql.rules)
 * 1:8525 <-> DISABLED <-> SQL xp_proxiedmetadata vulnerable function attempt (sql.rules)
 * 1:8524 <-> DISABLED <-> SQL xp_proxiedmetadata unicode vulnerable function attempt (sql.rules)
 * 1:8523 <-> DISABLED <-> SQL xp_proxiedmetadata unicode vulnerable function attempt (sql.rules)
 * 1:8522 <-> DISABLED <-> SQL xp_printstatements vulnerable function attempt (sql.rules)
 * 1:8521 <-> DISABLED <-> SQL xp_printstatements unicode vulnerable function attempt (sql.rules)
 * 1:8520 <-> DISABLED <-> SQL xp_printstatements unicode vulnerable function attempt (sql.rules)
 * 1:8519 <-> DISABLED <-> SQL xp_peekqueue vulnerable function attempt (sql.rules)
 * 1:8518 <-> DISABLED <-> SQL xp_peekqueue unicode vulnerable function attempt (sql.rules)
 * 1:8517 <-> DISABLED <-> SQL xp_peekqueue unicode vulnerable function attempt (sql.rules)
 * 1:8516 <-> DISABLED <-> SQL xp_oasetproperty vulnerable function attempt (sql.rules)
 * 1:8515 <-> DISABLED <-> SQL xp_oasetproperty unicode vulnerable function attempt (sql.rules)
 * 1:8514 <-> DISABLED <-> SQL xp_oasetproperty unicode vulnerable function attempt (sql.rules)
 * 1:8513 <-> DISABLED <-> SQL xp_oamethod unicode vulnerable function attempt (sql.rules)
 * 1:8512 <-> DISABLED <-> SQL xp_oamethod vulnerable function attempt (sql.rules)
 * 1:8511 <-> DISABLED <-> SQL xp_oamethod unicode vulnerable function attempt (sql.rules)
 * 1:8510 <-> DISABLED <-> SQL xp_oagetproperty vulnerable function attempt (sql.rules)
 * 1:8509 <-> DISABLED <-> SQL xp_oagetproperty unicode vulnerable function attempt (sql.rules)
 * 1:8508 <-> DISABLED <-> SQL xp_oagetproperty unicode vulnerable function attempt (sql.rules)
 * 1:8507 <-> DISABLED <-> SQL xp_oadestroy vulnerable function attempt (sql.rules)
 * 1:8506 <-> DISABLED <-> SQL xp_oadestroy unicode vulnerable function attempt (sql.rules)
 * 1:8505 <-> DISABLED <-> SQL xp_oadestroy unicode vulnerable function attempt (sql.rules)
 * 1:8504 <-> DISABLED <-> SQL xp_enumresultset vulnerable function attempt (sql.rules)
 * 1:8503 <-> DISABLED <-> SQL xp_enumresultset unicode vulnerable function attempt (sql.rules)
 * 1:8502 <-> DISABLED <-> SQL xp_enumresultset unicode vulnerable function attempt (sql.rules)
 * 1:8501 <-> DISABLED <-> SQL xp_displayparamstmt vulnerable function attempt (sql.rules)
 * 1:8500 <-> DISABLED <-> SQL xp_displayparamstmt unicode vulnerable function attempt (sql.rules)
 * 1:8499 <-> DISABLED <-> SQL xp_displayparamstmt unicode vulnerable function attempt (sql.rules)
 * 1:8498 <-> DISABLED <-> SQL sp_oacreate unicode vulnerable function attempt (sql.rules)
 * 1:8497 <-> DISABLED <-> SQL sp_oacreate vulnerable function attempt (sql.rules)
 * 1:8496 <-> DISABLED <-> SQL sp_oacreate unicode vulnerable function attempt (sql.rules)
 * 1:8481 <-> DISABLED <-> FTP Microsoft NLST * dos attempt (ftp.rules)
 * 1:8478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Publisher file magic detection (file-identify.rules)
 * 1:8460 <-> ENABLED <-> NETBIOS-DG SMB Rename invalid buffer type unicode attempt (netbios.rules)
 * 1:7039 <-> ENABLED <-> NETBIOS SMB Trans andx mailslot heap overflow attempt (netbios.rules)
 * 1:7038 <-> ENABLED <-> NETBIOS-DG SMB Trans unicode mailslot heap overflow attempt (netbios.rules)
 * 1:7037 <-> ENABLED <-> NETBIOS-DG SMB Trans mailslot heap overflow attempt (netbios.rules)
 * 1:7036 <-> ENABLED <-> NETBIOS SMB Trans unicode mailslot heap overflow attempt (netbios.rules)
 * 1:7035 <-> ENABLED <-> NETBIOS SMB Trans mailslot heap overflow attempt (netbios.rules)
 * 1:7029 <-> ENABLED <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:7028 <-> ENABLED <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:7027 <-> ENABLED <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
 * 1:7026 <-> DISABLED <-> WEB-ACTIVEX RDS.Dataspace ActiveX function call access (web-activex.rules)
 * 1:7025 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel url unicode overflow attempt (web-client.rules)
 * 1:7024 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel style handling overflow attempt (web-client.rules)
 * 1:7009 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.StructuredGraphicsControl ActiveX function call access (web-activex.rules)
 * 1:7004 <-> DISABLED <-> WEB-ACTIVEX Internet.HHCtrl.1 ActiveX function call access (web-activex.rules)
 * 1:7002 <-> DISABLED <-> WEB-CLIENT Microsoft Office Excel url unicode overflow attempt (web-client.rules)
 * 1:695 <-> DISABLED <-> SQL xp_sprintf possible buffer overflow (sql.rules)
 * 1:6906 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences callback number overflow attempt (netbios.rules)
 * 1:689 <-> DISABLED <-> SQL xp_reg* registry access (sql.rules)
 * 1:686 <-> DISABLED <-> SQL xp_reg* - registry access (sql.rules)
 * 1:6810 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences area/country overflow attempt (netbios.rules)
 * 1:6714 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences phonebook mode overflow attempt (netbios.rules)
 * 1:8459 <-> ENABLED <-> NETBIOS-DG SMB Rename invalid buffer type unicode andx attempt (netbios.rules)
 * 1:8458 <-> ENABLED <-> NETBIOS-DG SMB Rename invalid buffer type attempt (netbios.rules)
 * 1:8457 <-> ENABLED <-> NETBIOS-DG SMB Rename invalid buffer type andx attempt (netbios.rules)
 * 1:8456 <-> ENABLED <-> NETBIOS SMB-DS Rename invalid buffer type unicode attempt (netbios.rules)
 * 1:8455 <-> ENABLED <-> NETBIOS SMB-DS Rename invalid buffer type unicode andx attempt (netbios.rules)
 * 1:8454 <-> ENABLED <-> NETBIOS SMB-DS Rename invalid buffer type attempt (netbios.rules)
 * 1:8453 <-> ENABLED <-> NETBIOS SMB-DS Rename invalid buffer type andx attempt (netbios.rules)
 * 1:8452 <-> ENABLED <-> NETBIOS SMB Rename invalid buffer type unicode attempt (netbios.rules)
 * 1:8451 <-> ENABLED <-> NETBIOS SMB Rename invalid buffer type unicode andx attempt (netbios.rules)
 * 1:8450 <-> ENABLED <-> NETBIOS SMB Rename invalid buffer type attempt (netbios.rules)
 * 1:8449 <-> ENABLED <-> NETBIOS SMB Rename invalid buffer type andx attempt (netbios.rules)
 * 1:8448 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel colinfo XF record overflow attempt (web-client.rules)
 * 1:8445 <-> DISABLED <-> WEB-CLIENT Microsoft Windows RTF file with embedded object package download attempt (web-client.rules)
 * 1:8425 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.NDFXArtEffects ActiveX function call access (web-activex.rules)
 * 1:8422 <-> DISABLED <-> WEB-ACTIVEX Outlook View OVCtl ActiveX clsid access (web-activex.rules)
 * 1:8419 <-> ENABLED <-> WEB-ACTIVEX WebViewFolderIcon.WebViewFolderIcon.1 ActiveX function call (web-activex.rules)
 * 1:8416 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Vector Markup Language fill method overflow attempt (web-client.rules)
 * 1:8414 <-> DISABLED <-> WEB-CLIENT Microsoft Office GIF image descriptor memory corruption attempt (web-client.rules)
 * 1:8413 <-> DISABLED <-> WEB-CLIENT HCP URI uplddrvinfo access (web-client.rules)
 * 1:8405 <-> DISABLED <-> WEB-ACTIVEX  ActiveX clsid access (web-activex.rules)
 * 1:8369 <-> ENABLED <-> WEB-ACTIVEX WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access (web-activex.rules)
 * 1:8349 <-> DISABLED <-> WEB-IIS Indexing Service ciRestriction cross-site scripting attempt (web-iis.rules)
 * 1:8253 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP webdav DavrCreateConnection username overflow attempt (netbios.rules)
 * 1:8157 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP webdav DavrCreateConnection hostname overflow attempt (netbios.rules)
 * 1:8083 <-> DISABLED <-> MISC Microsoft Windows UPnP Location overflow (misc.rules)
 * 1:8082 <-> DISABLED <-> MISC Microsoft Windows UPnP malformed advertisement (misc.rules)
 * 1:8069 <-> ENABLED <-> WEB-ACTIVEX Microsoft Virtual Machine ActiveX clsid access (web-activex.rules)
 * 1:8066 <-> ENABLED <-> WEB-ACTIVEX Windows Scripting Host Shell ActiveX clsid access (web-activex.rules)
 * 1:8064 <-> ENABLED <-> WEB-ACTIVEX Scriptlet.Typelib ActiveX clsid access (web-activex.rules)
 * 1:8063 <-> DISABLED <-> WEB-ACTIVEX ADODB.Stream ActiveX function call access (web-activex.rules)
 * 1:8051 <-> ENABLED <-> WEB-ACTIVEX WDM Instance Provider ActiveX clsid access (web-activex.rules)
 * 1:8049 <-> ENABLED <-> WEB-ACTIVEX WaveOut and DSound Class Manager ActiveX clsid access (web-activex.rules)
 * 1:8047 <-> ENABLED <-> WEB-ACTIVEX WaveIn Class Manager ActiveX clsid access (web-activex.rules)
 * 1:8045 <-> ENABLED <-> WEB-ACTIVEX Video Effect Class Manager 2 Input ActiveX clsid access (web-activex.rules)
 * 1:8043 <-> ENABLED <-> WEB-ACTIVEX Video Effect Class Manager 1 Input ActiveX clsid access (web-activex.rules)
 * 1:8041 <-> ENABLED <-> WEB-ACTIVEX VFW Capture Class Manager ActiveX clsid access (web-activex.rules)
 * 1:8039 <-> ENABLED <-> WEB-ACTIVEX syncui.dll ActiveX clsid access (web-activex.rules)
 * 1:8037 <-> ENABLED <-> WEB-ACTIVEX Swedish_Default Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8035 <-> ENABLED <-> WEB-ACTIVEX Spanish_Modern Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8033 <-> ENABLED <-> WEB-ACTIVEX QC.MessageMover.1 ActiveX clsid access (web-activex.rules)
 * 1:8031 <-> ENABLED <-> WEB-ACTIVEX Mslablti.MarshalableTI.1 ActiveX clsid access (web-activex.rules)
 * 1:8029 <-> ENABLED <-> WEB-ACTIVEX MidiOut Class Manager ActiveX clsid access (web-activex.rules)
 * 1:8027 <-> ENABLED <-> WEB-ACTIVEX Microsoft WBEM Event Subsystem ActiveX clsid access (web-activex.rules)
 * 1:8025 <-> ENABLED <-> WEB-ACTIVEX Microsoft HTML Window Security Proxy ActiveX clsid access (web-activex.rules)
 * 1:8023 <-> ENABLED <-> WEB-ACTIVEX Italian_Italian Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8021 <-> ENABLED <-> WEB-ACTIVEX ISSimpleCommandCreator.1 ActiveX clsid access (web-activex.rules)
 * 1:8019 <-> ENABLED <-> WEB-ACTIVEX Internet Explorer Address Bar ActiveX clsid access (web-activex.rules)
 * 1:8017 <-> ENABLED <-> WEB-ACTIVEX ICM Class Manager ActiveX clsid access (web-activex.rules)
 * 1:8015 <-> ENABLED <-> WEB-ACTIVEX German_German Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8013 <-> ENABLED <-> WEB-ACTIVEX French_French Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8011 <-> ENABLED <-> WEB-ACTIVEX English_US Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8009 <-> ENABLED <-> WEB-ACTIVEX English_UK Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8007 <-> ENABLED <-> WEB-ACTIVEX Dutch_Dutch Stemmer ActiveX clsid access (web-activex.rules)
 * 1:8005 <-> ENABLED <-> WEB-ACTIVEX DiskManagement.Connection ActiveX clsid access (web-activex.rules)
 * 1:8003 <-> ENABLED <-> WEB-ACTIVEX Content.mbcontent.1 ActiveX clsid access (web-activex.rules)
 * 1:8001 <-> ENABLED <-> WEB-ACTIVEX CommunicationManager ActiveX clsid access (web-activex.rules)
 * 1:7999 <-> ENABLED <-> WEB-ACTIVEX CLSID_CDIDeviceActionConfigPage ActiveX clsid access (web-activex.rules)
 * 1:7997 <-> ENABLED <-> WEB-ACTIVEX CLSID_ApprenticeICW ActiveX clsid access (web-activex.rules)
 * 1:7995 <-> ENABLED <-> WEB-ACTIVEX clbcatq.dll ActiveX clsid access (web-activex.rules)
 * 1:7993 <-> ENABLED <-> WEB-ACTIVEX clbcatex.dll ActiveX clsid access (web-activex.rules)
 * 1:7991 <-> ENABLED <-> WEB-ACTIVEX ACM Class Manager ActiveX clsid access (web-activex.rules)
 * 1:7989 <-> ENABLED <-> WEB-ACTIVEX WIA FileSystem USD ActiveX clsid access (web-activex.rules)
 * 1:7985 <-> ENABLED <-> WEB-ACTIVEX WebViewFolderIcon.WebViewFolderIcon.1 ActiveX clsid access (web-activex.rules)
 * 1:7981 <-> DISABLED <-> WEB-ACTIVEX Snapshot Viewer General Property Page Object ActiveX clsid access (web-activex.rules)
 * 1:7976 <-> ENABLED <-> WEB-ACTIVEX ShellFolder for CD Burning ActiveX clsid access (web-activex.rules)
 * 1:7970 <-> ENABLED <-> WEB-ACTIVEX PostBootReminder object ActiveX clsid access (web-activex.rules)
 * 1:7958 <-> ENABLED <-> WEB-ACTIVEX mk Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7954 <-> ENABLED <-> WEB-ACTIVEX Microsoft Forms 2.0 ComboBox ActiveX clsid access (web-activex.rules)
 * 1:7948 <-> ENABLED <-> WEB-ACTIVEX Microsoft Common Browser Architecture ActiveX clsid access (web-activex.rules)
 * 1:7944 <-> ENABLED <-> WEB-ACTIVEX https Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7942 <-> ENABLED <-> WEB-ACTIVEX http Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7938 <-> ENABLED <-> WEB-ACTIVEX gopher Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7934 <-> ENABLED <-> WEB-ACTIVEX ftp Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7928 <-> ENABLED <-> WEB-ACTIVEX file or local Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7914 <-> ENABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.NDFXArtEffects ActiveX clsid access (web-activex.rules)
 * 1:7904 <-> ENABLED <-> WEB-ACTIVEX CDL Asychronous Pluggable Protocol Handler ActiveX clsid access (web-activex.rules)
 * 1:7876 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Data Source Control 10.0 ActiveX clsid access (web-activex.rules)
 * 1:7874 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office PivotTable 10.0 ActiveX clsid access (web-activex.rules)
 * 1:7872 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Spreadsheet 10.0 ActiveX clsid access (web-activex.rules)
 * 1:7870 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Data Source Control 9.0 ActiveX clsid access (web-activex.rules)
 * 1:7866 <-> ENABLED <-> WEB-ACTIVEX ADODB.Connection ActiveX clsid access (web-activex.rules)
 * 1:7500 <-> ENABLED <-> WEB-ACTIVEX WM VIH2 Fix ActiveX clsid access (web-activex.rules)
 * 1:7498 <-> ENABLED <-> WEB-ACTIVEX WM TV Out Smooth Picture Filter ActiveX clsid access (web-activex.rules)
 * 1:7496 <-> ENABLED <-> WEB-ACTIVEX WMT Volume ActiveX clsid access (web-activex.rules)
 * 1:7494 <-> ENABLED <-> WEB-ACTIVEX WMT Virtual Source ActiveX clsid access (web-activex.rules)
 * 1:7492 <-> ENABLED <-> WEB-ACTIVEX WMT Virtual Renderer ActiveX clsid access (web-activex.rules)
 * 1:7490 <-> ENABLED <-> WEB-ACTIVEX WMT Switch Filter ActiveX clsid access (web-activex.rules)
 * 1:7488 <-> ENABLED <-> WEB-ACTIVEX WMT Screen capture Filter ActiveX clsid access (web-activex.rules)
 * 1:7486 <-> ENABLED <-> WEB-ACTIVEX WMT Screen Capture Filter Task Page ActiveX clsid access (web-activex.rules)
 * 1:7484 <-> ENABLED <-> WEB-ACTIVEX WMT Sample Info Filter ActiveX clsid access (web-activex.rules)
 * 1:7482 <-> ENABLED <-> WEB-ACTIVEX WMT MuxDeMux Filter ActiveX clsid access (web-activex.rules)
 * 1:7480 <-> ENABLED <-> WEB-ACTIVEX WMT Log Filter ActiveX clsid access (web-activex.rules)
 * 1:7478 <-> ENABLED <-> WEB-ACTIVEX WMT Interlacer ActiveX clsid access (web-activex.rules)
 * 1:7476 <-> ENABLED <-> WEB-ACTIVEX WMT Import Filter ActiveX clsid access (web-activex.rules)
 * 1:7474 <-> ENABLED <-> WEB-ACTIVEX WMT FormatConversion ActiveX clsid access (web-activex.rules)
 * 1:7472 <-> ENABLED <-> WEB-ACTIVEX WMT FormatConversion Prop Page ActiveX clsid access (web-activex.rules)
 * 1:7470 <-> ENABLED <-> WEB-ACTIVEX WMT DV Extract Filter ActiveX clsid access (web-activex.rules)
 * 1:7468 <-> ENABLED <-> WEB-ACTIVEX WMT DirectX Transform Wrapper ActiveX clsid access (web-activex.rules)
 * 1:7466 <-> ENABLED <-> WEB-ACTIVEX WMT DeInterlace Prop Page ActiveX clsid access (web-activex.rules)
 * 1:7464 <-> ENABLED <-> WEB-ACTIVEX WMT DeInterlace Filter ActiveX clsid access (web-activex.rules)
 * 1:7462 <-> ENABLED <-> WEB-ACTIVEX WMT Black Frame Generator ActiveX clsid access (web-activex.rules)
 * 1:7460 <-> ENABLED <-> WEB-ACTIVEX WMT Audio Analyzer ActiveX clsid access (web-activex.rules)
 * 1:7458 <-> ENABLED <-> WEB-ACTIVEX Wmm2fxb.dll ActiveX clsid access (web-activex.rules)
 * 1:7456 <-> ENABLED <-> WEB-ACTIVEX Wmm2fxa.dll ActiveX clsid access (web-activex.rules)
 * 1:7454 <-> ENABLED <-> WEB-ACTIVEX Wmm2ae.dll ActiveX clsid access (web-activex.rules)
 * 1:7452 <-> ENABLED <-> WEB-ACTIVEX WM Color Converter Filter ActiveX clsid access (web-activex.rules)
 * 1:7450 <-> ENABLED <-> WEB-ACTIVEX Stetch ActiveX clsid access (web-activex.rules)
 * 1:7448 <-> ENABLED <-> WEB-ACTIVEX ShotDetect ActiveX clsid access (web-activex.rules)
 * 1:7446 <-> ENABLED <-> WEB-ACTIVEX Record Queue ActiveX clsid access (web-activex.rules)
 * 1:7444 <-> ENABLED <-> WEB-ACTIVEX Mmedia.AsyncMHandler.1 ActiveX clsid access (web-activex.rules)
 * 1:7442 <-> ENABLED <-> WEB-ACTIVEX mmAEPlugIn.AEPlugIn.1 ActiveX clsid access (web-activex.rules)
 * 1:7439 <-> ENABLED <-> WEB-ACTIVEX HTML Help ActiveX clsid access (web-activex.rules)
 * 1:7437 <-> ENABLED <-> WEB-ACTIVEX Frame Eater ActiveX clsid access (web-activex.rules)
 * 1:7436 <-> ENABLED <-> WEB-ACTIVEX Dynamic Casts ActiveX function call (web-activex.rules)
 * 1:7435 <-> ENABLED <-> WEB-ACTIVEX Dynamic Casts ActiveX clsid access (web-activex.rules)
 * 1:7433 <-> ENABLED <-> WEB-ACTIVEX DirectX Transform Wrapper Property Page ActiveX clsid access (web-activex.rules)
 * 1:7431 <-> ENABLED <-> WEB-ACTIVEX DirectFrame.DirectControl.1 ActiveX clsid access (web-activex.rules)
 * 1:7429 <-> ENABLED <-> WEB-ACTIVEX Bitmap ActiveX clsid access (web-activex.rules)
 * 1:7427 <-> ENABLED <-> WEB-ACTIVEX Allocator Fix ActiveX clsid access (web-activex.rules)
 * 1:7425 <-> ENABLED <-> WEB-ACTIVEX 9x8Resize ActiveX clsid access (web-activex.rules)
 * 1:7424 <-> DISABLED <-> EXPLOIT Microsoft Windows MMC createcab.cmd cross site scripting attempt (exploit.rules)
 * 1:7423 <-> DISABLED <-> EXPLOIT Microsoft Windows MMC mmc.exe cross site scripting attempt (exploit.rules)
 * 1:7422 <-> DISABLED <-> EXPLOIT Microsoft Windows MMC mmcndmgr.dll cross site scripting attempt (exploit.rules)
 * 1:7210 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrPathCanonicalize overflow attempt (netbios.rules)
 * 1:7209 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt (netbios.rules)
 * 1:7204 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel object ftCmo overflow attempt (web-client.rules)
 * 1:7203 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word information string overflow attempt (web-client.rules)
 * 1:7202 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:7201 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word summary information null string overflow attempt (web-client.rules)
 * 1:7200 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information null string overflow attempt (web-client.rules)
 * 1:7199 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel label record overflow attempt (web-client.rules)
 * 1:7198 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel MSO.DLL malformed string parsing multi byte buffer over attempt (web-client.rules)
 * 1:7197 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel MSO.DLL malformed string parsing single byte buffer over attempt (web-client.rules)
 * 1:7070 <-> DISABLED <-> WEB-MISC Microsoft Internet Explorer encoded cross site scripting attempt (web-misc.rules)
 * 1:7048 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel object record overflow attempt (web-client.rules)
 * 1:7042 <-> ENABLED <-> NETBIOS-DG SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules)
 * 1:7041 <-> ENABLED <-> NETBIOS-DG SMB Trans andx mailslot heap overflow attempt (netbios.rules)
 * 1:7040 <-> ENABLED <-> NETBIOS SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules)
 * 1:704 <-> DISABLED <-> SQL xp_sprintf possible buffer overflow (sql.rules)
 * 1:6701 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (web-client.rules)
 * 1:6700 <-> DISABLED <-> WEB-CLIENT Microsoft Multiple Products malformed PNG detected tEXt overflow attempt (web-client.rules)
 * 1:6699 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (web-client.rules)
 * 1:6698 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (web-client.rules)
 * 1:6697 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sPLT overflow attempt (web-client.rules)
 * 1:6696 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (web-client.rules)
 * 1:6695 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (web-client.rules)
 * 1:6694 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (web-client.rules)
 * 1:6693 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (web-client.rules)
 * 1:6692 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (web-client.rules)
 * 1:6691 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (web-client.rules)
 * 1:6690 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (web-client.rules)
 * 1:6689 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (web-client.rules)
 * 1:6687 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX function call access (web-activex.rules)
 * 1:6686 <-> ENABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX clsid access (web-activex.rules)
 * 1:6684 <-> ENABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX clsid access (web-activex.rules)
 * 1:6682 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX function call access (web-activex.rules)
 * 1:6681 <-> ENABLED <-> WEB-ACTIVEX Windows Media Transform Effects ActiveX clsid access (web-activex.rules)
 * 1:6584 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (netbios.rules)
 * 1:658 <-> ENABLED <-> SMTP exchange mime DOS (smtp.rules)
 * 1:6517 <-> ENABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.Light ActiveX clsid access (web-activex.rules)
 * 1:6516 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.Light ActiveX function call access (web-activex.rules)
 * 1:6510 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer mhtml uri shortcut buffer overflow attempt (web-client.rules)
 * 1:6509 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer mhtml uri href buffer overflow attempt (web-client.rules)
 * 1:6456 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContext heap overflow attempt (netbios.rules)
 * 1:6455 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContext heap overflow attempt (netbios.rules)
 * 1:6444 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW heap overflow attempt (netbios.rules)
 * 1:6443 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (netbios.rules)
 * 1:6432 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid second uuid size attempt (netbios.rules)
 * 1:6431 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid second uuid size attempt (netbios.rules)
 * 1:6420 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid uuid size attempt (netbios.rules)
 * 1:6419 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid uuid size attempt (netbios.rules)
 * 1:6413 <-> DISABLED <-> SMTP Microsoft Windows Address Book Base64 encoded attachment detected (smtp.rules)
 * 1:6412 <-> DISABLED <-> SMTP Microsoft Windows Address Book attachment detected (smtp.rules)
 * 1:6411 <-> DISABLED <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
 * 1:6410 <-> DISABLED <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
 * 1:6409 <-> DISABLED <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
 * 1:6009 <-> ENABLED <-> WEB-ACTIVEX RDS.Dataspace ActiveX object access (web-activex.rules)
 * 1:6008 <-> ENABLED <-> WEB-ACTIVEX Microsoft DT DDS OrgChart GDD Route ActiveX object access (web-activex.rules)
 * 1:6007 <-> ENABLED <-> WEB-ACTIVEX Microsoft DT DDS OrgChart GDD Layout ActiveX object access (web-activex.rules)
 * 1:6006 <-> ENABLED <-> WEB-ACTIVEX Microsoft DT Icon Control ActiveX object access (web-activex.rules)
 * 1:6005 <-> ENABLED <-> WEB-ACTIVEX Microsoft DT DDS Straight Line Routing Logic 2 ActiveX object access (web-activex.rules)
 * 1:6004 <-> ENABLED <-> WEB-ACTIVEX Microsoft DT DDS Circular Auto Layout Logic 2 ActiveX object access (web-activex.rules)
 * 1:6003 <-> ENABLED <-> WEB-ACTIVEX Microsoft DT DDS Rectilinear GDD Route ActiveX object access (web-activex.rules)
 * 1:6002 <-> ENABLED <-> WEB-ACTIVEX Microsoft DT DDS Rectilinear GDD Layout ActiveX object access (web-activex.rules)
 * 1:5738 <-> ENABLED <-> NETBIOS-DG SMB Trans unicode andx Max Param DOS attempt (netbios.rules)
 * 1:5737 <-> ENABLED <-> NETBIOS SMB-DS Trans unicode andx Max Param DOS attempt (netbios.rules)
 * 1:5736 <-> ENABLED <-> NETBIOS SMB-DS Trans andx Max Param DOS attempt (netbios.rules)
 * 1:5735 <-> ENABLED <-> NETBIOS SMB Trans andx Max Param DOS attempt (netbios.rules)
 * 1:5734 <-> ENABLED <-> NETBIOS-DG SMB Trans andx Max Param DOS attempt (netbios.rules)
 * 1:5733 <-> ENABLED <-> NETBIOS SMB Trans unicode andx Max Param DOS attempt (netbios.rules)
 * 1:5732 <-> ENABLED <-> NETBIOS-DG SMB Trans unicode Max Param DOS attempt (netbios.rules)
 * 1:5731 <-> ENABLED <-> NETBIOS SMB-DS Trans unicode Max Param DOS attempt (netbios.rules)
 * 1:5730 <-> ENABLED <-> NETBIOS SMB-DS Trans Max Param DOS attempt (netbios.rules)
 * 1:5729 <-> ENABLED <-> NETBIOS SMB Trans Max Param DOS attempt (netbios.rules)
 * 1:5728 <-> ENABLED <-> NETBIOS-DG SMB Trans Max Param DOS attempt (netbios.rules)
 * 1:5727 <-> ENABLED <-> NETBIOS SMB Trans unicode Max Param DOS attempt (netbios.rules)
 * 1:5726 <-> ENABLED <-> NETBIOS-DG SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5725 <-> ENABLED <-> NETBIOS-DG SMB Trans andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5724 <-> ENABLED <-> NETBIOS SMB-DS Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5723 <-> ENABLED <-> NETBIOS SMB-DS Trans andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5722 <-> ENABLED <-> NETBIOS SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5721 <-> ENABLED <-> NETBIOS SMB Trans andx Max Param/Count DOS attempt (netbios.rules)
 * 1:5720 <-> ENABLED <-> NETBIOS-DG SMB Trans unicode Max Param/Count DOS attempt (netbios.rules)
 * 1:5719 <-> ENABLED <-> NETBIOS-DG SMB Trans Max Param/Count DOS attempt (netbios.rules)
 * 1:5718 <-> ENABLED <-> NETBIOS SMB-DS Trans unicode Max Param/Count DOS attempt (netbios.rules)
 * 1:5717 <-> ENABLED <-> NETBIOS SMB-DS Trans Max Param/Count DOS attempt (netbios.rules)
 * 1:5716 <-> ENABLED <-> NETBIOS SMB Trans unicode Max Param/Count DOS attempt (netbios.rules)
 * 1:5713 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Metafile invalid header size integer overflow (web-client.rules)
 * 1:5712 <-> ENABLED <-> WEB CLIENT Microsoft Windows Media Player invalid data offset bitmap heap overflow attempt (web-client.rules)
 * 1:5711 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player zero length bitmap heap overflow attempt (web-client.rules)
 * 1:5710 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (web-client.rules)
 * 1:5485 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (netbios.rules)
 * 1:5319 <-> ENABLED <-> WEB-CLIENT Metasploit Windows picture and fax viewer wmf arbitrary code execution attempt (web-client.rules)
 * 1:4647 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer javascript onload overflow attempt (web-client.rules)
 * 1:4648 <-> DISABLED <-> WEB-ACTIVEX wang image admin activex object access (web-activex.rules)
 * 1:4643 <-> ENABLED <-> WEB-CLIENT Microsoft Windows malformed shortcut file buffer overflow attempt (web-client.rules)
 * 1:4644 <-> ENABLED <-> WEB-CLIENT Microsoft Windows malformed shortcut file with comment buffer overflow attempt (web-client.rules)
 * 1:4413 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss AddPrinterEx overflow attempt (netbios.rules)
 * 1:4608 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP netware_cs function 43 overflow attempt (netbios.rules)
 * 1:4334 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (netbios.rules)
 * 1:4358 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (netbios.rules)
 * 1:4245 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP msdtc BuildContextW overflow attempt (netbios.rules)
 * 1:4246 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP msdtc BuildContextW overflow attempt (netbios.rules)
 * 1:4236 <-> ENABLED <-> WEB-ACTIVEX WMI ASDI Extension ActiveX object access (web-activex.rules)
 * 1:4231 <-> ENABLED <-> WEB-ACTIVEX Microsoft SysTray ActiveX object access (web-activex.rules)
 * 1:5318 <-> DISABLED <-> WEB-CLIENT Microsoft Windows wmf file arbitrary code execution attempt (web-client.rules)
 * 1:4230 <-> ENABLED <-> WEB-ACTIVEX Search Assistant UI ActiveX object access (web-activex.rules)
 * 1:5096 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules)
 * 1:5095 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerGetPrimaryDomainInformation attempt (netbios.rules)
 * 1:4990 <-> DISABLED <-> SQL heap-based overflow attempt (sql.rules)
 * 1:4989 <-> DISABLED <-> SQL heap-based overflow attempt (sql.rules)
 * 1:4983 <-> DISABLED <-> WEB-ACTIVEX Adodb.Stream ActiveX Object Access CreateObject Function (web-activex.rules)
 * 1:4982 <-> ENABLED <-> WEB-ACTIVEX Adodb.Stream ActiveX object access (web-activex.rules)
 * 1:4917 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer javascript onload prompt obfuscation overflow attempt (web-client.rules)
 * 1:4916 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer javascript onload document.write obfuscation overflow attempt (web-client.rules)
 * 1:4915 <-> ENABLED <-> WEB-ACTIVEX Shortcut Handler ActiveX object access (web-activex.rules)
 * 1:4914 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository Script Definition ActiveX object access (web-activex.rules)
 * 1:4913 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository Workspace ActiveX object access (web-activex.rules)
 * 1:4912 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository Root ActiveX object access (web-activex.rules)
 * 1:4911 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository Type Library ActiveX object access (web-activex.rules)
 * 1:4910 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository Relationship Definition ActiveX object access (web-activex.rules)
 * 1:4908 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository Method Definition ActiveX object access (web-activex.rules)
 * 1:4909 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository Property Definition ActiveX object access (web-activex.rules)
 * 1:4907 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository Collection Definition ActiveX object access (web-activex.rules)
 * 1:4906 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository Interface Definition ActiveX object access (web-activex.rules)
 * 1:4905 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository Object ActiveX object access (web-activex.rules)
 * 1:4903 <-> ENABLED <-> WEB-ACTIVEX VMR ImageSync 9 ActiveX object access (web-activex.rules)
 * 1:4904 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository Alias ActiveX object access (web-activex.rules)
 * 1:4902 <-> ENABLED <-> WEB-ACTIVEX Video Mixing Renderer 9 ActiveX object access (web-activex.rules)
 * 1:4901 <-> ENABLED <-> WEB-ACTIVEX VMR Allocator Presenter 9 ActiveX object access (web-activex.rules)
 * 1:4900 <-> ENABLED <-> WEB-ACTIVEX Outlook Progress Ctl ActiveX object access (web-activex.rules)
 * 1:4899 <-> ENABLED <-> WEB-ACTIVEX ISupportErrorInfo Interface ActiveX object access (web-activex.rules)
 * 1:4898 <-> ENABLED <-> WEB-ACTIVEX PSTypeComp ActiveX object access (web-activex.rules)
 * 1:4897 <-> ENABLED <-> WEB-ACTIVEX PSOAInterface ActiveX object access (web-activex.rules)
 * 1:4896 <-> ENABLED <-> WEB-ACTIVEX PSTypeLib ActiveX object access (web-activex.rules)
 * 1:4895 <-> ENABLED <-> WEB-ACTIVEX PSTypeInfo ActiveX object access (web-activex.rules)
 * 1:4232 <-> ENABLED <-> WEB-ACTIVEX Microsoft SysTray Invoker ActiveX object access (web-activex.rules)
 * 1:4234 <-> ENABLED <-> WEB-ACTIVEX Microsoft MSVTDGridCtrl7 ActiveX object access (web-activex.rules)
 * 1:4235 <-> ENABLED <-> WEB-ACTIVEX Helper Object for Java ActiveX object access (web-activex.rules)
 * 1:4894 <-> ENABLED <-> WEB-ACTIVEX PSEnumVariant ActiveX object access (web-activex.rules)
 * 1:4892 <-> ENABLED <-> WEB-ACTIVEX MTSEvents Class ActiveX object access (web-activex.rules)
 * 1:4893 <-> ENABLED <-> WEB-ACTIVEX Trident HTMLEditor ActiveX object access (web-activex.rules)
 * 1:4233 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Database Tools Query Designer v7.0 ActiveX object access (web-activex.rules)
 * 1:4890 <-> ENABLED <-> WEB-ACTIVEX IAVIStream & IAVIFile Proxy ActiveX object access (web-activex.rules)
 * 1:4891 <-> ENABLED <-> WEB-ACTIVEX cfw Class ActiveX object access (web-activex.rules)
 * 1:10012 <-> ENABLED <-> SMTP Micrsoft Office Outlook VEVENT non-TZID overflow attempt (smtp.rules)
 * 1:4755 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP locator nsi_binding_lookup_begin overflow attempt (netbios.rules)
 * 1:4754 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP locator nsi_binding_lookup_begin overflow attempt (netbios.rules)
 * 1:1037 <-> DISABLED <-> WEB-IIS showcode.asp access (web-iis.rules)
 * 1:10475 <-> ENABLED <-> MISC Microsoft Windows UPnP notification type overflow attempt (misc.rules)
 * 1:10603 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (netbios.rules)
 * 1:1079 <-> DISABLED <-> WEB-MISC Microsoft Windows WebDAV propfind access (web-misc.rules)
 * 1:10900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (netbios.rules)
 * 1:11073 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (netbios.rules)
 * 1:11074 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (netbios.rules)
 * 1:11191 <-> DISABLED <-> WEB-IIS Microsoft Content Management Server memory corruption (web-iis.rules)
 * 1:11222 <-> DISABLED <-> SMTP Exchange MODPROPS denial of service attempt (smtp.rules)
 * 1:11224 <-> DISABLED <-> WEB-ACTIVEX MSAuth ActiveX clsid access (web-activex.rules)
 * 1:11226 <-> DISABLED <-> WEB-ACTIVEX MSAuth ActiveX function call access (web-activex.rules)
 * 1:11228 <-> DISABLED <-> WEB-ACTIVEX Microsoft Input Method Editor 3 ActiveX clsid access (web-activex.rules)
 * 1:11230 <-> DISABLED <-> WEB-ACTIVEX Microsoft Cryptographic API COM 1 ActiveX clsid access (web-activex.rules)
 * 1:11232 <-> DISABLED <-> WEB-ACTIVEX Microsoft Cryptographic API COM 1 ActiveX function call access (web-activex.rules)
 * 1:11234 <-> DISABLED <-> WEB-ACTIVEX Microsoft Cryptographic API COM 2 ActiveX clsid access (web-activex.rules)
 * 1:11239 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.Redirect ActiveX clsid access (web-activex.rules)
 * 1:11241 <-> DISABLED <-> WEB-ACTIVEX DXImageTransform.Microsoft.Redirect ActiveX function call access (web-activex.rules)
 * 1:11243 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAstatics ActiveX clsid access (web-activex.rules)
 * 1:11245 <-> DISABLED <-> WEB-ACTIVEX DirectAnimation.DAstatics ActiveX function call access (web-activex.rules)
 * 1:11247 <-> DISABLED <-> WEB-ACTIVEX Research In Motion TeamOn Import ActiveX clsid access (web-activex.rules)
 * 1:11250 <-> DISABLED <-> WEB-ACTIVEX Sony Rootkit Uninstaller ActiveX clsid access (web-activex.rules)
 * 1:11252 <-> DISABLED <-> WEB-ACTIVEX IE Address ActiveX clsid access (web-activex.rules)
 * 1:11257 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer colgroup tag uninitialized memory corruption vulnerability (web-client.rules)
 * 1:11258 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Malformed Named Graph Information unicode overflow (web-client.rules)
 * 1:11264 <-> DISABLED <-> SQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (sql.rules)
 * 1:11290 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed named graph information ascii overflow (web-client.rules)
 * 1:11301 <-> DISABLED <-> WEB-ACTIVEX DB Software Laboratory DeWizardX ActiveX clsid access (web-activex.rules)
 * 1:11303 <-> DISABLED <-> WEB-ACTIVEX DB Software Laboratory DeWizardX ActiveX function call access (web-activex.rules)
 * 1:11324 <-> ENABLED <-> WEB-ACTIVEX Microsoft Input Method Editor 3 ActiveX function call access (web-activex.rules)
 * 1:11684 <-> DISABLED <-> EXPLOIT Microsoft Windows WINS overflow attempt (exploit.rules)
 * 1:1007 <-> DISABLED <-> WEB-IIS Form_JScript.asp access (web-iis.rules)
 * 1:1010 <-> DISABLED <-> WEB-IIS encoding access (web-iis.rules)
 * 1:10139 <-> DISABLED <-> WEB-ACTIVEX Microsoft Input Method Editor ActiveX function call access (web-activex.rules)
 * 1:10140 <-> ENABLED <-> WEB-ACTIVEX Microsoft Input Method Editor 2 ActiveX clsid access (web-activex.rules)
 * 1:10142 <-> ENABLED <-> WEB-ACTIVEX LexRefBilingualTextContext ActiveX clsid access (web-activex.rules)
 * 1:10145 <-> ENABLED <-> WEB-ACTIVEX HTML Inline Sound Control ActiveX clsid access (web-activex.rules)
 * 1:10147 <-> DISABLED <-> WEB-ACTIVEX HTML Inline Sound Control ActiveX function call access (web-activex.rules)
 * 1:10148 <-> ENABLED <-> WEB-ACTIVEX HTML Inline Movie Control ActiveX clsid access (web-activex.rules)
 * 1:10151 <-> ENABLED <-> WEB-ACTIVEX BlnSetUser Proxy ActiveX clsid access (web-activex.rules)
 * 1:10153 <-> DISABLED <-> WEB-ACTIVEX BlnSetUser Proxy ActiveX function call access (web-activex.rules)
 * 1:10154 <-> ENABLED <-> WEB-ACTIVEX BlnSetUser Proxy 2 ActiveX clsid access (web-activex.rules)
 * 1:1021 <-> DISABLED <-> WEB-IIS ism.dll attempt (web-iis.rules)
 * 1:1022 <-> DISABLED <-> WEB-IIS jet vba access (web-iis.rules)
 * 1:1023 <-> DISABLED <-> WEB-IIS msadcs.dll access (web-iis.rules)
 * 1:1033 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 1:1034 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 1:1035 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 1:11686 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows WebDAV search overflow attempt (specific-threats.rules)
 * 1:11826 <-> DISABLED <-> WEB-ACTIVEX Microsoft Voice Control ActiveX clsid access (web-activex.rules)
 * 1:11828 <-> DISABLED <-> WEB-ACTIVEX Microsoft Voice Control ActiveX function call access (web-activex.rules)
 * 1:11830 <-> DISABLED <-> WEB-ACTIVEX Microsoft Direct Speech Recognition ActiveX clsid access (web-activex.rules)
 * 1:11832 <-> DISABLED <-> WEB-ACTIVEX Microsoft Direct Speech Recognition ActiveX function call access (web-activex.rules)
 * 1:11834 <-> DISABLED <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)
 * 1:11836 <-> ENABLED <-> MISC Mircrosoft Office Visio version number anomaly (misc.rules)
 * 1:11837 <-> ENABLED <-> SMTP Microsoft Windows Mail UNC navigation remote command execution (smtp.rules)
 * 1:11838 <-> DISABLED <-> WEB-MISC Microsoft Windows API res buffer overflow attempt (web-misc.rules)
 * 1:11843 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (netbios.rules)
 * 1:11947 <-> ENABLED <-> WEB-CLIENT Microsoft Windows schannel security package (web-client.rules)
 * 1:11966 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer CSS tag memory corruption attempt (web-client.rules)
 * 1:1200 <-> ENABLED <-> ATTACK-RESPONSES Invalid URL (attack-responses.rules)
 * 1:12014 <-> DISABLED <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)
 * 1:12058 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (specific-threats.rules)
 * 1:12064 <-> DISABLED <-> WEB-IIS w3svc _vti_bin null pointer dereference attempt (web-iis.rules)
 * 1:12065 <-> ENABLED <-> POLICY Outbound Teredo traffic detected (policy.rules)
 * 1:12066 <-> ENABLED <-> POLICY Inbound Teredo traffic detected (policy.rules)
 * 1:12067 <-> ENABLED <-> POLICY Outbound Teredo traffic detected (policy.rules)
 * 1:12068 <-> ENABLED <-> POLICY Inbound Teredo traffic detected (policy.rules)
 * 1:12069 <-> ENABLED <-> EXPLOIT Microsoft Windows Active Directory Crafted LDAP ModifyRequest (exploit.rules)
 * 1:12070 <-> DISABLED <-> EXPLOIT Microsoft Office Excel malformed version field (exploit.rules)
 * 1:12099 <-> DISABLED <-> MISC Microsoft Office Excel rtWindow1 record handling arbitrary code execution attempt (misc.rules)
 * 1:12184 <-> DISABLED <-> MISC Microsoft Office Excel workbook workspace designation handling arbitrary code execution attempt (misc.rules)
 * 1:12198 <-> DISABLED <-> SNMP Microsoft Windows getbulk request (snmp.rules)
 * 1:12256 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed FBI record (web-client.rules)
 * 1:12261 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 PDWizard.File ActiveX clsid access (web-activex.rules)
 * 1:12263 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 PDWizard.File ActiveX function call access (web-activex.rules)
 * 1:12265 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 SearchHelper ActiveX clsid access (web-activex.rules)
 * 1:12267 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 SearchHelper ActiveX function call access (web-activex.rules)
 * 1:12269 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 TLIApplication ActiveX clsid access (web-activex.rules)
 * 1:12270 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 TLIApplication ActiveX function call (web-activex.rules)
 * 1:12273 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 TypeLibInfo ActiveX clsid access (web-activex.rules)
 * 1:12275 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Basic 6 TypeLibInfo ActiveX function call access (web-activex.rules)
 * 1:12277 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer CSS memory corruption exploit (exploit.rules)
 * 1:12278 <-> ENABLED <-> POLICY Microsoft Media Player compressed skin download - .wmz (policy.rules)
 * 1:12279 <-> DISABLED <-> WEB-CLIENT Microsoft XML substringData integer overflow attempt (web-client.rules)
 * 1:12280 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12281 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12282 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules)
 * 1:12284 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (web-client.rules)
 * 1:12393 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Edition 1 ActiveX clsid access (web-activex.rules)
 * 1:12395 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Edition 2 ActiveX clsid access (web-activex.rules)
 * 1:12397 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Edition 3 ActiveX clsid access (web-activex.rules)
 * 1:12399 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Edition 4 ActiveX clsid access (web-activex.rules)
 * 1:12401 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Edition 5 ActiveX clsid access (web-activex.rules)
 * 1:12403 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Edition 6 ActiveX clsid access (web-activex.rules)
 * 1:12405 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Edition 7 ActiveX clsid access (web-activex.rules)
 * 1:12407 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Edition 8 ActiveX clsid access (web-activex.rules)
 * 1:12409 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Edition 9 ActiveX clsid access (web-activex.rules)
 * 1:12411 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Edition 10 ActiveX clsid access (web-activex.rules)
 * 1:12423 <-> ENABLED <-> SMTP Microsoft CDO long header name (smtp.rules)
 * 1:12448 <-> ENABLED <-> WEB-ACTIVEX Microsoft Agent Control ActiveX clsid access (web-activex.rules)
 * 1:12450 <-> ENABLED <-> WEB-ACTIVEX Microsoft Agent Control ActiveX function call access (web-activex.rules)
 * 1:12452 <-> ENABLED <-> WEB-ACTIVEX MS Agent File Provider ActiveX clsid access (web-activex.rules)
 * 1:12456 <-> DISABLED <-> FILE-IDENTIFY Crystal Reports file magic detection (file-identify.rules)
 * 1:12463 <-> DISABLED <-> EXPLOIT Microsoft Windows Visual Studio Crystal Reports RPT file handling buffer overflow attempt (exploit.rules)
 * 1:1248 <-> DISABLED <-> WEB-FRONTPAGE rad fp30reg.dll access (web-frontpage.rules)
 * 1:12595 <-> DISABLED <-> WEB-IIS malicious ASP file upload attempt (web-iis.rules)
 * 1:12619 <-> DISABLED <-> EXPLOIT Microsoft Exchange ical/vcal malformed property (exploit.rules)
 * 1:12629 <-> DISABLED <-> WEB-MISC Microsoft Windows sharepoint cross site scripting attempt (web-misc.rules)
 * 1:12631 <-> DISABLED <-> EXPLOIT Microsoft Windows 2000 Kodak Imaging small offset malformed jpeg tables (exploit.rules)
 * 1:12632 <-> DISABLED <-> EXPLOIT Microsoft Windows 2000 Kodak Imaging large offset malformed jpeg tables (exploit.rules)
 * 1:12633 <-> ENABLED <-> EXPLOIT Microsoft Windows 2000 Kodak Imaging small offset malformed tiff (exploit.rules)
 * 1:12634 <-> ENABLED <-> EXPLOIT Microsoft Windows 2000 Kodak Imaging large offset malformed tiff 2 (exploit.rules)
 * 1:12635 <-> ENABLED <-> DOS RPC NTLMSSP malformed credentials (dos.rules)
 * 1:12641 <-> ENABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detection (file-identify.rules)
 * 1:12642 <-> ENABLED <-> DOS RPC NTLMSSP malformed credentials (dos.rules)
 * 1:12643 <-> DISABLED <-> WEB-CLIENT Microsoft Windows URI External handler arbitrary command attempt (web-client.rules)
 * 1:12664 <-> ENABLED <-> MISC Microsoft Windows ShellExecute and Internet Explorer 7 url handling code execution attempt (misc.rules)
 * 1:12687 <-> DISABLED <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules)
 * 1:12688 <-> DISABLED <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules)
 * 1:12770 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows obfuscated RDS.Dataspace ActiveX exploit attempt (specific-threats.rules)
 * 1:12946 <-> DISABLED <-> NETBIOS SMB-DS SMBv2 protocol negotiation attempt (netbios.rules)
 * 1:12947 <-> DISABLED <-> NETBIOS SMB SMBv2 protocol negotiation attempt (netbios.rules)
 * 1:12948 <-> DISABLED <-> WEB-ACTIVEX Vantage Linguistics 1 ActiveX clsid access (web-activex.rules)
 * 1:12950 <-> DISABLED <-> WEB-ACTIVEX Vantage Linguistics 2 ActiveX clsid access (web-activex.rules)
 * 1:12952 <-> DISABLED <-> WEB-ACTIVEX Vantage Linguistics 3 ActiveX clsid access (web-activex.rules)
 * 1:12954 <-> DISABLED <-> WEB-ACTIVEX DXLTPI.DLL ActiveX clsid access (web-activex.rules)
 * 1:12957 <-> DISABLED <-> WEB-ACTIVEX MSN Heartbeat 2 ActiveX clsid access (web-activex.rules)
 * 1:12959 <-> DISABLED <-> WEB-ACTIVEX MSN Heartbeat 3 ActiveX clsid access (web-activex.rules)
 * 1:12961 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Import 1 ActiveX clsid access (web-activex.rules)
 * 1:12963 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Import 2 ActiveX clsid access (web-activex.rules)
 * 1:12965 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Import 3 ActiveX clsid access (web-activex.rules)
 * 1:12967 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Import 4 ActiveX clsid access (web-activex.rules)
 * 1:12969 <-> DISABLED <-> WEB-ACTIVEX Intuit QuickBooks Online Import 5 ActiveX clsid access (web-activex.rules)
 * 1:12971 <-> DISABLED <-> EXPLOIT Microsoft Windows DirectX directshow wav file overflow attempt (exploit.rules)
 * 1:12972 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detection (file-identify.rules)
 * 1:12977 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
 * 1:12978 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
 * 1:12983 <-> DISABLED <-> WEB-CLIENT Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (web-client.rules)
 * 1:13158 <-> ENABLED <-> WEB_CLIENT Microsoft Media Player asf streaming format interchange data integer overflow attempt (web-client.rules)
 * 1:13159 <-> ENABLED <-> WEB_CLIENT Microsoft Media Player asf streaming format audio error masking integer overflow attempt (web-client.rules)
 * 1:13160 <-> ENABLED <-> WEB-CLIENT Microsoft Media Player asf streaming audio spread error correction data length integer overflow attempt (web-client.rules)
 * 1:13210 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
 * 1:13211 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
 * 1:13269 <-> DISABLED <-> EXPLOIT Multiple product nntp uri handling code execution attempt (exploit.rules)
 * 1:13270 <-> DISABLED <-> EXPLOIT Multiple product news uri handling code execution attempt (exploit.rules)
 * 1:13271 <-> DISABLED <-> EXPLOIT Multiple product telnet uri handling code execution attempt (exploit.rules)
 * 1:13272 <-> DISABLED <-> EXPLOIT Multiple product mailto uri handling code execution attempt (exploit.rules)
 * 1:13288 <-> ENABLED <-> BAD-TRAFFIC Microsoft Windows remote kernel tcp/ip icmp vulnerability exploit attempt (bad-traffic.rules)
 * 1:13321 <-> ENABLED <-> WEB-ACTIVEX Microsoft Package and Deployment Wizard ActiveX clsid access (web-activex.rules)
 * 1:13323 <-> DISABLED <-> WEB-ACTIVEX Microsoft Package and Deployment Wizard ActiveX function call access (web-activex.rules)
 * 1:13448 <-> ENABLED <-> WEB-CLIENT Microsoft Windows vbscript/jscript scripting engine begin buffer overflow attempt (web-client.rules)
 * 1:13449 <-> ENABLED <-> WEB-CLIENT Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt (web-client.rules)
 * 1:13451 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual FoxPro foxtlib ActiveX clsid access (web-activex.rules)
 * 1:13453 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX clsid access (web-client.rules)
 * 1:13454 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access (web-client.rules)
 * 1:13455 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX function call access (web-client.rules)
 * 1:13456 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access (web-client.rules)
 * 1:13457 <-> ENABLED <-> WEB-ACTIVEX Microsoft Forms 2.0 ActiveX clsid access (web-activex.rules)
 * 1:13459 <-> ENABLED <-> WEB-ACTIVEX Microsoft Forms 2.0 ActiveX function call access (web-activex.rules)
 * 1:13466 <-> ENABLED <-> WEB-CLIENT Microsoft Works file converter file section length headers memory corruption attempt (web-client.rules)
 * 1:13470 <-> ENABLED <-> EXPLOIT Microsoft Office Publisher memory corruption attempt (exploit.rules)
 * 1:13472 <-> DISABLED <-> EXPLOIT Microsoft Works invalid chunk size (exploit.rules)
 * 1:13474 <-> ENABLED <-> WEB-CLIENT Microsoft WebDAV MiniRedir remote code execution attempt (web-client.rules)
 * 1:13569 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel macro validation arbitrary code execution attempt (web-client.rules)
 * 1:13570 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel cf record arbitrary code excecution attempt (web-client.rules)
 * 1:13571 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel dval record arbitrary code excecution attempt (web-client.rules)
 * 1:13572 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (web-client.rules)
 * 1:13573 <-> ENABLED <-> WEB-CLIENT Microsoft Outlook arbitrary command line attempt (web-client.rules)
 * 1:13580 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Web Components remote code execution attempt ActiveX clsid access (web-activex.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detection (file-identify.rules)
 * 1:13619 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows getBulkRequest memory corruption attempt (specific-threats.rules)
 * 1:13626 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detection (file-identify.rules)
 * 1:13629 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detection (file-identify.rules)
 * 1:13630 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detection (file-identify.rules)
 * 1:13633 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detection (file-identify.rules)
 * 1:13665 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio DXF file invalid memory allocation exploit attempt (web-client.rules)
 * 1:13668 <-> ENABLED <-> WEB-ACTIVEX Microsoft Help 2.0 Contents Control ActiveX clsid access (web-activex.rules)
 * 1:13670 <-> ENABLED <-> WEB-ACTIVEX Microsoft Help 2.0 Contents Control ActiveX function call access (web-activex.rules)
 * 1:13672 <-> ENABLED <-> WEB-ACTIVEX Microsoft Help 2.0 Contents Control 2 ActiveX clsid access (web-activex.rules)
 * 1:13674 <-> ENABLED <-> WEB-ACTIVEX Microsoft Help 2.0 Contents Control 2 ActiveX function call access (web-activex.rules)
 * 1:13677 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer data stream memory corruption attempt (exploit.rules)
 * 1:13678 <-> DISABLED <-> FILE-IDENTIFY Microsoft EMF metafile file download request (file-identify.rules)
 * 1:1380 <-> DISABLED <-> WEB-IIS Form_VBScript.asp access (web-iis.rules)
 * 1:13807 <-> DISABLED <-> WEB-CLIENT Microsoft Windows metafile SetPaletteEntries heap overflow attempt (web-client.rules)
 * 1:13823 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectX SAMI file parsing buffer overflow attempt (web-client.rules)
 * 1:13824 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (web-client.rules)
 * 1:13827 <-> ENABLED <-> DOS Microsoft PGM denial of service attempt (dos.rules)
 * 1:13828 <-> ENABLED <-> WEB-ACTIVEX sapi.dll ActiveX clsid access (web-activex.rules)
 * 1:13830 <-> ENABLED <-> WEB-ACTIVEX sapi.dll alternate killbit ActiveX clsid access (web-activex.rules)
 * 1:13832 <-> ENABLED <-> WEB-ACTIVEX backweb ActiveX clsid access (web-activex.rules)
 * 1:13834 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer request header overwrite (web-client.rules)
 * 1:1384 <-> DISABLED <-> DOS UPnP malformed advertisement (dos.rules)
 * 1:1386 <-> DISABLED <-> SQL raiserror possible buffer overflow (sql.rules)
 * 1:1388 <-> DISABLED <-> EXPLOIT Microsoft Windows UPnP Location overflow attempt (exploit.rules)
 * 1:13888 <-> ENABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:13889 <-> ENABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:13890 <-> ENABLED <-> SQL Microsoft SQL Server Backup Database File integer overflow attempt (sql.rules)
 * 1:13891 <-> ENABLED <-> SQL Memory page overwrite attempt  (sql.rules)
 * 1:13892 <-> ENABLED <-> SQL Convert function style overwrite  (sql.rules)
 * 1:13893 <-> ENABLED <-> WEB-CLIENT Microsoft malformed saved search heap corruption attempt (web-client.rules)
 * 1:13894 <-> ENABLED <-> SMTP Micrsoft Office Outlook Web Access From field cross-site scripting attempt  (smtp.rules)
 * 1:13895 <-> ENABLED <-> SMTP Micrsoft Office Outlook Web Access invalid CSS escape sequence script execution attempt  (smtp.rules)
 * 1:13896 <-> DISABLED <-> SQL Microsoft SQL server MTF file download (sql.rules)
 * 1:13903 <-> DISABLED <-> WEB-ACTIVEX Microsoft Access Snapshot Viewer 1 ActiveX clsid access (web-activex.rules)
 * 1:13905 <-> DISABLED <-> WEB-ACTIVEX Microsoft Access Snapshot Viewer 1 ActiveX function call access (web-activex.rules)
 * 1:13907 <-> DISABLED <-> WEB-ACTIVEX Microsoft Access Snapshot Viewer 2 ActiveX clsid access (web-activex.rules)
 * 1:13948 <-> DISABLED <-> DNS large number of NXDOMAIN replies - possible DNS cache poisoning (dns.rules)
 * 1:13949 <-> DISABLED <-> DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (dns.rules)
 * 1:13960 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer static text range overflow attempt (web-client.rules)
 * 1:13961 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer table layout access violation vulnerability (web-client.rules)
 * 1:13962 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer MHTML zone control bypass attempt (web-client.rules)
 * 1:13963 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer argument validation in print preview handling vulnerability (web-client.rules)
 * 1:13964 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer span frontier parsing memory corruption (web-client.rules)
 * 1:13965 <-> ENABLED <-> WEB-ACTIVEX Microsoft Message System ActiveX clsid access (web-activex.rules)
 * 1:13967 <-> ENABLED <-> WEB-ACTIVEX Microsoft Message System ActiveX function call access (web-activex.rules)
 * 1:13970 <-> ENABLED <-> WEB-CLIENT Microsoft Office eps filters memory corruption attempt (web-client.rules)
 * 1:13971 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (web-client.rules)
 * 1:13972 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel country record arbitrary code execution attempt (web-client.rules)
 * 1:13974 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer XHTML element memory corruption attempt (web-client.rules)
 * 1:13980 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer http status response memory corruption vulnerability (web-client.rules)
 * 1:13981 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed chart arbitrary code execution attempt (web-client.rules)
 * 1:14021 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Studio Msmask32 ActiveX clsid access (web-activex.rules)
 * 1:14023 <-> DISABLED <-> WEB-ACTIVEX Microsoft Visual Studio Msmask32 ActiveX function call access (web-activex.rules)
 * 1:14255 <-> ENABLED <-> WEB-ACTIVEX Windows Media Encoder 9 ActiveX clsid access (web-activex.rules)
 * 1:14257 <-> ENABLED <-> WEB-ACTIVEX Windows Media Encoder 9 ActiveX function call access (web-activex.rules)
 * 1:14261 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI VML gradient size heap overflow attempt (web-client.rules)
 * 1:14262 <-> ENABLED <-> WEB-CLIENT Microsoft Office OneNote iframe caller exploit attempt (web-client.rules)
 * 1:1437 <-> DISABLED <-> FILE-IDENTIFY Windows Media download detection (file-identify.rules)
 * 1:1447 <-> DISABLED <-> MISC Microsoft Windows Terminal server request RDP (misc.rules)
 * 1:1448 <-> DISABLED <-> MISC Microsoft Windows Terminal server request (misc.rules)
 * 1:14635 <-> DISABLED <-> WEB-ACTIVEX Microsoft RSClientPrint ActiveX clsid access (web-activex.rules)
 * 1:14641 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (web-client.rules)
 * 1:14642 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel file with embedded ActiveX control (web-client.rules)
 * 1:14643 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer location and location.href cross domain security bypass vulnerability (web-client.rules)
 * 1:14644 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain unfocusable HTML element (web-client.rules)
 * 1:14645 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain setExpression exploit attempt (web-client.rules)
 * 1:14647 <-> ENABLED <-> NETBIOS SMB Search Search filename size integer underflow attempt  (netbios.rules)
 * 1:14648 <-> ENABLED <-> NETBIOS SMB Search unicode Search filename size integer underflow attempt  (netbios.rules)
 * 1:14649 <-> ENABLED <-> NETBIOS SMB Search Search filename size integer underflow attempt  (netbios.rules)
 * 1:14650 <-> ENABLED <-> NETBIOS SMB Search unicode Search filename size integer underflow attempt  (netbios.rules)
 * 1:14651 <-> ENABLED <-> NETBIOS SMB Search andx Search filename size integer underflow attempt  (netbios.rules)
 * 1:14652 <-> ENABLED <-> NETBIOS SMB Search unicode andx Search filename size integer underflow attempt  (netbios.rules)
 * 1:14653 <-> ENABLED <-> NETBIOS SMB Search andx Search filename size integer underflow attempt  (netbios.rules)
 * 1:14654 <-> ENABLED <-> NETBIOS SMB Search unicode andx Search filename size integer underflow attempt  (netbios.rules)
 * 1:14656 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer XSS mouseevent PII disclosure attempt (web-client.rules)
 * 1:14657 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain componentFromPoint memory corruption attempt (web-client.rules)
 * 1:14661 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt  (netbios.rules)
 * 1:14709 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode little endian attempt   (netbios.rules)
 * 1:14710 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt  (netbios.rules)
 * 1:14711 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response little endian attempt   (netbios.rules)
 * 1:14712 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX little endian attempt   (netbios.rules)
 * 1:14713 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response attempt   (netbios.rules)
 * 1:14714 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response unicode attempt   (netbios.rules)
 * 1:14715 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX attempt   (netbios.rules)
 * 1:14716 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode attempt   (netbios.rules)
 * 1:14717 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode little endian andx attempt   (netbios.rules)
 * 1:14718 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response unicode little endian andx attempt   (netbios.rules)
 * 1:14719 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response little endian andx attempt   (netbios.rules)
 * 1:14720 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX little endian andx attempt   (netbios.rules)
 * 1:14721 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response andx attempt   (netbios.rules)
 * 1:14722 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response unicode andx attempt   (netbios.rules)
 * 1:14723 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX andx attempt   (netbios.rules)
 * 1:14724 <-> ENABLED <-> NETBIOS SMB spoolss EnumJobs response WriteAndX unicode andx attempt   (netbios.rules)
 * 1:14725 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt  (netbios.rules)
 * 1:14726 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt  (netbios.rules)
 * 1:14737 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP host-integration bind attempt  (netbios.rules)
 * 1:14742 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Exchange MODPROPS denial of service PoC attempt (specific-threats.rules)
 * 1:14782 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt  (netbios.rules)
 * 1:14783 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt  (netbios.rules)
 * 1:14896 <-> DISABLED <-> NETBIOS-DG SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (netbios.rules)
 * 1:15012 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer MSXML DLL memory corruption attempt (web-client.rules)
 * 1:15015 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt  (netbios.rules)
 * 1:15082 <-> ENABLED <-> EXPLOIT Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (exploit.rules)
 * 1:15083 <-> ENABLED <-> EXPLOIT Microsoft Office Word .rtf file double free attempt (exploit.rules)
 * 1:15084 <-> ENABLED <-> WEB-ACTIVEX Microsoft Common Controls Animation Object ActiveX clsid access  (web-activex.rules)
 * 1:15086 <-> ENABLED <-> WEB-ACTIVEX Microsoft Common Controls Animation Object ActiveX function call access  (web-activex.rules)
 * 1:15088 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic Charts ActiveX clsid access  (web-activex.rules)
 * 1:15090 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic Charts ActiveX function call access  (web-activex.rules)
 * 1:15092 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic DataGrid ActiveX clsid access  (web-activex.rules)
 * 1:15094 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic DataGrid ActiveX function call access  (web-activex.rules)
 * 1:15096 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic FlexGrid ActiveX clsid access  (web-activex.rules)
 * 1:15098 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic FlexGrid ActiveX function call access  (web-activex.rules)
 * 1:15100 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic Hierarchical FlexGrid ActiveX clsid access  (web-activex.rules)
 * 1:15102 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic Hierarchical FlexGrid ActiveX function call access  (web-activex.rules)
 * 1:15104 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (web-client.rules)
 * 1:15105 <-> ENABLED <-> WEB-CLIENT Microsoft GDI WMF file parsing integer overflow attempt (web-client.rules)
 * 1:15106 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word .rtf file integer overflow attempt (web-client.rules)
 * 1:15107 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word .rtf file stylesheet buffer overflow attempt (web-client.rules)
 * 1:15108 <-> ENABLED <-> WEB-CLIENT Microsoft Office Sharepoint Server elevation of privilege exploit attempt (web-client.rules)
 * 1:15109 <-> ENABLED <-> WEB-ACTIVEX Shell.Explorer 1 ActiveX clsid access  (web-activex.rules)
 * 1:15112 <-> ENABLED <-> WEB-ACTIVEX Shell.Explorer 2 ActiveX function call access  (web-activex.rules)
 * 1:15114 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer embed src buffer overflow attempt (web-client.rules)
 * 1:15115 <-> ENABLED <-> WEB-CLIENT Microsoft Windows WebDAV pathname buffer overflow attempt (web-client.rules)
 * 1:15116 <-> ENABLED <-> WEB-CLIENT Microsoft Windows search protocol handler access attempt (web-client.rules)
 * 1:15122 <-> ENABLED <-> WEB-ACTIVEX Shell.Explorer 2 ActiveX clsid access  (web-activex.rules)
 * 1:15126 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer nested tag memory corruption attempt (web-client.rules)
 * 1:15127 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (netbios.rules)
 * 1:15128 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (netbios.rules)
 * 1:15129 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (netbios.rules)
 * 1:15130 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (netbios.rules)
 * 1:15131 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function andx attempt (netbios.rules)
 * 1:15132 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function attempt (netbios.rules)
 * 1:15133 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function unicode andx attempt (netbios.rules)
 * 1:15134 <-> DISABLED <-> NETBIOS SMB sp_replwritetovarbin vulnerable function unicode attempt (netbios.rules)
 * 1:15135 <-> DISABLED <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (netbios.rules)
 * 1:15136 <-> DISABLED <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (netbios.rules)
 * 1:15137 <-> DISABLED <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (netbios.rules)
 * 1:15138 <-> DISABLED <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (netbios.rules)
 * 1:15139 <-> DISABLED <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function andx attempt (netbios.rules)
 * 1:15140 <-> DISABLED <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function attempt (netbios.rules)
 * 1:15141 <-> DISABLED <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function unicode andx attempt (netbios.rules)
 * 1:15142 <-> DISABLED <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function unicode attempt (netbios.rules)
 * 1:15143 <-> ENABLED <-> SQL sp_replwritetovarbin unicode vulnerable function attempt (sql.rules)
 * 1:15144 <-> ENABLED <-> SQL sp_replwritetovarbin vulnerable function attempt (sql.rules)
 * 1:15196 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE unicode param_count underflow attempt  (netbios.rules)
 * 1:15197 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE param_count underflow attempt  (netbios.rules)
 * 1:15198 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE unicode param_count underflow attempt  (netbios.rules)
 * 1:15199 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE param_count underflow attempt  (netbios.rules)
 * 1:15200 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx param_count underflow attempt  (netbios.rules)
 * 1:15201 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE andx param_count underflow attempt  (netbios.rules)
 * 1:15202 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx param_count underflow attempt  (netbios.rules)
 * 1:15203 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE andx param_count underflow attempt  (netbios.rules)
 * 1:15204 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE unicode max_param_count underflow attempt  (netbios.rules)
 * 1:15205 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE unicode max_param_count underflow attempt  (netbios.rules)
 * 1:15206 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE max_param_count underflow attempt  (netbios.rules)
 * 1:15207 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE max_param_count underflow attempt  (netbios.rules)
 * 1:15208 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt  (netbios.rules)
 * 1:15209 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt  (netbios.rules)
 * 1:15210 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE andx max_param_count underflow attempt  (netbios.rules)
 * 1:15211 <-> ENABLED <-> NETBIOS SMB NT Trans NT CREATE andx max_param_count underflow attempt  (netbios.rules)
 * 1:15212 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 max_param_count underflow attempt  (netbios.rules)
 * 1:15213 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 unicode max_param_count underflow attempt  (netbios.rules)
 * 1:15214 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 max_param_count underflow attempt  (netbios.rules)
 * 1:15215 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 unicode max_param_count underflow attempt  (netbios.rules)
 * 1:15216 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 andx max_param_count underflow attempt  (netbios.rules)
 * 1:15217 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt  (netbios.rules)
 * 1:15218 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 andx max_param_count underflow attempt  (netbios.rules)
 * 1:15219 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt  (netbios.rules)
 * 1:15220 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 unicode param_count underflow attempt  (netbios.rules)
 * 1:15221 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 param_count underflow attempt  (netbios.rules)
 * 1:15222 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 param_count underflow attempt  (netbios.rules)
 * 1:15223 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 unicode param_count underflow attempt  (netbios.rules)
 * 1:15224 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx param_count underflow attempt  (netbios.rules)
 * 1:15225 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 andx param_count underflow attempt  (netbios.rules)
 * 1:15226 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 andx param_count underflow attempt  (netbios.rules)
 * 1:15227 <-> ENABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx param_count underflow attempt  (netbios.rules)
 * 1:15299 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio invalid ho tag attempt (web-client.rules)
 * 1:15302 <-> ENABLED <-> DOS Microsoft Exchange System Attendant denial of service attempt  (dos.rules)
 * 1:15303 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (web-client.rules)
 * 1:15304 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer object clone deletion memory corruption attempt (web-client.rules)
 * 1:15305 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer dynamic style update memory corruption attempt (web-client.rules)
 * 1:15386 <-> ENABLED <-> BAD-TRAFFIC Microsoft Windows wpad dynamic update request  (bad-traffic.rules)
 * 1:15387 <-> ENABLED <-> NETBIOS udp WINS WPAD registration attempt  (netbios.rules)
 * 1:15455 <-> ENABLED <-> EXPLOIT Microsoft WordPad and Office Text Converters XST parsing buffer overflow attempt (exploit.rules)
 * 1:15457 <-> ENABLED <-> EXPLOIT Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (exploit.rules)
 * 1:15458 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer navigating between pages race condition attempt (exploit.rules)
 * 1:15459 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer deleted/unitialized object memory corruption attempt (exploit.rules)
 * 1:15460 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer ActiveX load/unload race condition attempt (exploit.rules)
 * 1:15461 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer marquee tag onstart memory corruption (web-client.rules)
 * 1:15462 <-> ENABLED <-> WEB-CLIENT Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (web-client.rules)
 * 1:15466 <-> ENABLED <-> EXPLOIT Microsoft WordPad WordPerfect 6.x converter buffer overflow attempt (exploit.rules)
 * 1:15467 <-> ENABLED <-> EXPLOIT Microsoft WordPad and Office Text Converters PlcPcd aCP buffer overflow attempt (exploit.rules)
 * 1:15468 <-> ENABLED <-> WEB-CLIENT Apple Safari-Internet Explorer SearchPath blended threat dll request (web-client.rules)
 * 1:15469 <-> ENABLED <-> WEB-CLIENT Microsoft Office WordPad and Office text converters integer underflow attempt (web-client.rules)
 * 1:15475 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ISA Server cross-site scripting attempt (web-client.rules)
 * 1:15499 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint 95 converter CString in ExEmbed container buffer overflow attempt (web-client.rules)
 * 1:15500 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint LinkedSlide memory corruption (web-client.rules)
 * 1:15501 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (web-client.rules)
 * 1:15502 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (web-client.rules)
 * 1:15504 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint Download of version 4.0 file (web-client.rules)
 * 1:15505 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (web-client.rules)
 * 1:15506 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (web-client.rules)
 * 1:15512 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (netbios.rules)
 * 1:15513 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (netbios.rules)
 * 1:15517 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVI DirectShow quicktime parsing overflow attempt (web-client.rules)
 * 1:15523 <-> ENABLED <-> EXPLOIT Microsoft Windows srvsvc NetrShareEnum netname overflow attempt (exploit.rules)
 * 1:15524 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:15525 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:15526 <-> ENABLED <-> EXPLOIT Microsoft Works 4.x converter font name buffer overflow attempt (exploit.rules)
 * 1:15527 <-> ENABLED <-> EXPLOIT Microsoft Windows Active Directory LDAP denial of service attempt (exploit.rules)
 * 1:15529 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer cross-domain navigation cookie stealing attempt (web-client.rules)
 * 1:15531 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer Unexpected method call remote code execution attempt (web-client.rules)
 * 1:15534 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer XML HttpRequest race condition exploit attempt (web-client.rules)
 * 1:15535 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer setCapture heap corruption exploit attempt (web-client.rules)
 * 1:15536 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer invalid object modification exploit attempt (web-client.rules)
 * 1:15538 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer onreadystatechange memory corruption attempt (web-client.rules)
 * 1:15539 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Formula record remote code execution attempt (web-client.rules)
 * 1:15540 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer DOM memory corruption attempt (web-client.rules)
 * 1:15541 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel SST record remote code execution attempt (web-client.rules)
 * 1:15542 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Qsir and Qsif record remote code execution attempt (web-client.rules)
 * 1:15571 <-> DISABLED <-> EXPLOIT RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (exploit.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15588 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 1 ActiveX clsid access (web-activex.rules)
 * 1:15590 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 10 ActiveX clsid access (web-activex.rules)
 * 1:15592 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 11 ActiveX clsid access (web-activex.rules)
 * 1:15594 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 12 ActiveX clsid access (web-activex.rules)
 * 1:15596 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 13 ActiveX clsid access (web-activex.rules)
 * 1:15598 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 14 ActiveX clsid access (web-activex.rules)
 * 1:15600 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 15 ActiveX clsid access (web-activex.rules)
 * 1:15602 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 16 ActiveX clsid access (web-activex.rules)
 * 1:15604 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 17 ActiveX clsid access (web-activex.rules)
 * 1:15606 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 18 ActiveX clsid access (web-activex.rules)
 * 1:15608 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 19 ActiveX clsid access (web-activex.rules)
 * 1:15610 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 2 ActiveX clsid access (web-activex.rules)
 * 1:15612 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 20 ActiveX clsid access (web-activex.rules)
 * 1:15614 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 21 ActiveX clsid access (web-activex.rules)
 * 1:15616 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 22 ActiveX clsid access (web-activex.rules)
 * 1:15618 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 23 ActiveX clsid access (web-activex.rules)
 * 1:15620 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 24 ActiveX clsid access (web-activex.rules)
 * 1:15622 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 25 ActiveX clsid access (web-activex.rules)
 * 1:15624 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 26 ActiveX clsid access (web-activex.rules)
 * 1:15626 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 27 ActiveX clsid access (web-activex.rules)
 * 1:15628 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 28 ActiveX clsid access (web-activex.rules)
 * 1:15630 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 29 ActiveX clsid access (web-activex.rules)
 * 1:15632 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 3 ActiveX clsid access (web-activex.rules)
 * 1:15634 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 30 ActiveX clsid access (web-activex.rules)
 * 1:15636 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 31 ActiveX clsid access (web-activex.rules)
 * 1:15638 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 32 ActiveX clsid access (web-activex.rules)
 * 1:15640 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 33 ActiveX clsid access (web-activex.rules)
 * 1:15642 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 34 ActiveX clsid access (web-activex.rules)
 * 1:15644 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 35 ActiveX clsid access (web-activex.rules)
 * 1:15646 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 36 ActiveX clsid access (web-activex.rules)
 * 1:15648 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 37 ActiveX clsid access (web-activex.rules)
 * 1:15650 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 38 ActiveX clsid access (web-activex.rules)
 * 1:15652 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 39 ActiveX clsid access (web-activex.rules)
 * 1:15654 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 4 ActiveX clsid access (web-activex.rules)
 * 1:15656 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 40 ActiveX clsid access (web-activex.rules)
 * 1:15658 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 41 ActiveX clsid access (web-activex.rules)
 * 1:15660 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 42 ActiveX clsid access (web-activex.rules)
 * 1:15662 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 43 ActiveX clsid access (web-activex.rules)
 * 1:15664 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 44 ActiveX clsid access (web-activex.rules)
 * 1:15666 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 45 ActiveX clsid access (web-activex.rules)
 * 1:15668 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 5 ActiveX clsid access (web-activex.rules)
 * 1:1567 <-> DISABLED <-> WEB-IIS /exchange/root.asp attempt (web-iis.rules)
 * 1:15670 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 6 ActiveX clsid access (web-activex.rules)
 * 1:15671 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 6 ActiveX function call (web-activex.rules)
 * 1:15672 <-> ENABLED <-> WEB-ACTIVEX Microsoft Video 7 ActiveX clsid access (web-activex.rules)
 * 1:15674 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 8 ActiveX clsid access (web-activex.rules)
 * 1:15676 <-> DISABLED <-> WEB-ACTIVEX Microsoft Video 9 ActiveX clsid access (web-activex.rules)
 * 1:15678 <-> ENABLED <-> SPECIFIC-THREATS Microsoft DirectShow ActiveX exploit via JavaScript (specific-threats.rules)
 * 1:15679 <-> ENABLED <-> SPECIFIC-THREATS Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding (specific-threats.rules)
 * 1:15680 <-> ENABLED <-> EXPLOIT Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (exploit.rules)
 * 1:15681 <-> ENABLED <-> EXPLOIT Microsoft Office Publisher 2007 file format arbitrary code execution attempt (exploit.rules)
 * 1:15682 <-> ENABLED <-> WEB-CLIENT Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption attempt (web-client.rules)
 * 1:15684 <-> DISABLED <-> EXPLOIT Multiple product snews uri handling code execution attempt (exploit.rules)
 * 1:15685 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Web Components 10 Spreadsheet ActiveX clsid access  (web-activex.rules)
 * 1:15687 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Web Components 10 Spreadsheet ActiveX function call access  (web-activex.rules)
 * 1:15689 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access  (web-activex.rules)
 * 1:15691 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Web Components 11 Spreadsheet ActiveX function call access  (web-activex.rules)
 * 1:15693 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (web-client.rules)
 * 1:15694 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (web-client.rules)
 * 1:15695 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (web-client.rules)
 * 1:15731 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer javascript deleted reference arbitrary code execution attempt (exploit.rules)
 * 1:15732 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer CSS handling memory corruption attempt (exploit.rules)
 * 1:15733 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer empty table tag memory corruption attempt (exploit.rules)
 * 1:15849 <-> ENABLED <-> EXPLOIT Microsoft Windows WINS replication inform2 request memory corruption attempt (exploit.rules)
 * 1:15850 <-> ENABLED <-> EXPLOIT Remote Desktop orderType remote code execution attempt (exploit.rules)
 * 1:15852 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Web Components Datasource ActiveX clsid access (web-activex.rules)
 * 1:15854 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVIFile media file processing memory corruption attempt (web-client.rules)
 * 1:15855 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Spreadsheet 10.0 ActiveX function call access (web-activex.rules)
 * 1:15858 <-> DISABLED <-> WEB-ACTIVEX Microsoft Office Web Components Spreadsheet ActiveX clsid access (web-activex.rules)
 * 1:15860 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrGetJoinInformation attempt  (netbios.rules)
 * 1:15861 <-> ENABLED <-> WEB-ACTIVEX Microsoft Remote Desktop Client ActiveX clsid access   (web-activex.rules)
 * 1:15863 <-> ENABLED <-> WEB-ACTIVEX Microsoft Remote Desktop Client ActiveX function call access   (web-activex.rules)
 * 1:15883 <-> DISABLED <-> EXPLOIT SAPLPD 0x01 command buffer overflow attempt (exploit.rules)
 * 1:15884 <-> DISABLED <-> EXPLOIT SAPLPD 0x02 command buffer overflow attempt (exploit.rules)
 * 1:15885 <-> DISABLED <-> EXPLOIT SAPLPD 0x03 command buffer overflow attempt (exploit.rules)
 * 1:15886 <-> DISABLED <-> EXPLOIT SAPLPD 0x04 command buffer overflow attempt (exploit.rules)
 * 1:15887 <-> DISABLED <-> EXPLOIT SAPLPD 0x05 command buffer overflow attempt (exploit.rules)
 * 1:15888 <-> DISABLED <-> EXPLOIT SAPLPD 0x31 command buffer overflow attempt (exploit.rules)
 * 1:15889 <-> DISABLED <-> EXPLOIT SAPLPD 0x32 command buffer overflow attempt (exploit.rules)
 * 1:15890 <-> DISABLED <-> EXPLOIT SAPLPD 0x33 command buffer overflow attempt (exploit.rules)
 * 1:15891 <-> DISABLED <-> EXPLOIT SAPLPD 0x34 command buffer overflow attempt (exploit.rules)
 * 1:15894 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Color Management Module remote code execution attempt (specific-threats.rules)
 * 1:15910 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer getElementById object corruption (exploit.rules)
 * 1:15913 <-> ENABLED <-> WEB-CLIENT Microsoft Windows javascript arguments keyword override rce attempt (web-client.rules)
 * 1:15924 <-> DISABLED <-> WEB-ACTIVEX DHTML Editing ActiveX function call access (web-activex.rules)
 * 1:15930 <-> ENABLED <-> NETBIOS Microsoft Windows SMB malformed process ID high field remote code execution attempt (netbios.rules)
 * 1:15932 <-> DISABLED <-> FTP LIST globbing denial of service attack (ftp.rules)
 * 1:15933 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer URL canonicalization address bar spoofing attempt (web-client.rules)
 * 1:15995 <-> ENABLED <-> EXPLOIT Microsoft Windows DirectX malformed avi file mjpeg compression arbitrary code execution attempt (exploit.rules)
 * 1:16007 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (specific-threats.rules)
 * 1:16016 <-> ENABLED <-> SPECIFIC-THREATS Microsoft client for netware overflow attempt (specific-threats.rules)
 * 1:16022 <-> ENABLED <-> SPECIFIC-THREATS Windows Vista Windows mail file execution attempt (specific-threats.rules)
 * 1:16023 <-> DISABLED <-> SPECIFIC-THREATS Windows Vista Windows mail file execution attempt (specific-threats.rules)
 * 1:16059 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Office Excel malformed file format parsing code execution attempt (specific-threats.rules)
 * 1:16063 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer isindex buffer overflow attempt (web-client.rules)
 * 1:16064 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer onBeforeUnload address bar spoofing attempt (specific-threats.rules)
 * 1:16065 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer location.replace memory corruption attempt (specific-threats.rules)
 * 1:16066 <-> DISABLED <-> EXPLOIT Microsoft Windows Server driver crafted SMB data denial of service (exploit.rules)
 * 1:16073 <-> ENABLED <-> SPECIFIC-THREATS MS-SQL convert function unicode overflow (specific-threats.rules)
 * 1:16147 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows IIS malformed URL .dll denial of service attempt (specific-threats.rules)
 * 1:16149 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer data stream header remote code execution attempt (exploit.rules)
 * 1:16151 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer unitialized or deleted object access attempt (web-client.rules)
 * 1:16152 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer table layout unitialized or deleted object access attempt (exploit.rules)
 * 1:16153 <-> ENABLED <-> WEB-CLIENT Microsoft Windows malformed WMF meta escape record memory corruption (web-client.rules)
 * 1:16155 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer indexing service malformed parameters (web-client.rules)
 * 1:16157 <-> ENABLED <-> WEB-CLIENT Microsoft Windows malformed ASF voice codec memory corruption (web-client.rules)
 * 1:16159 <-> DISABLED <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 1 ActiveX clsid access (web-activex.rules)
 * 1:16161 <-> DISABLED <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 2 ActiveX clsid access (web-activex.rules)
 * 1:16163 <-> DISABLED <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 3 ActiveX clsid access (web-activex.rules)
 * 1:16165 <-> DISABLED <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 4 ActiveX clsid access (web-activex.rules)
 * 1:16167 <-> ENABLED <-> DOS Microsoft LSASS integer wrap denial of service attempt  (dos.rules)
 * 1:16168 <-> ENABLED <-> DOS Microsoft SMBv2 integer overflow denial of service attempt  (dos.rules)
 * 1:16169 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer dynamic style update memory corruption attempt (web-client.rules)
 * 1:16177 <-> ENABLED <-> EXPLOIT Microsoft Windows GDI+ Word file Office Art Property Table remote code execution attempt (exploit.rules)
 * 1:16178 <-> ENABLED <-> EXPLOIT Microsoft Windows GDI+ Excel file Office Art Property Table remote code execution attempt (exploit.rules)
 * 1:16181 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CryptoAPI ASN.1 integer overflow attempt (web-client.rules)
 * 1:16183 <-> ENABLED <-> WEB-CLIENT Microsoft Windows .NET MSIL CombineImpl suspicious usage (web-client.rules)
 * 1:16184 <-> ENABLED <-> EXPLOIT Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (exploit.rules)
 * 1:16185 <-> ENABLED <-> EXPLOIT Microsoft Windows GDI+ compressed TIFF file parsing remote code execution attempt (exploit.rules)
 * 1:16186 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (web-client.rules)
 * 1:16187 <-> ENABLED <-> EXPLOIT Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (exploit.rules)
 * 1:16188 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint bad text header txttype attempt (web-client.rules)
 * 1:16206 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows DNS server spoofing attempt (specific-threats.rules)
 * 1:16221 <-> ENABLED <-> EXPLOIT Microsoft ISA and Forefront Threat Management Web Proxy TCP Listener denial of service attempt (exploit.rules)
 * 1:16226 <-> ENABLED <-> EXPLOIT Microsoft Office Excel integer field in row record improper validation remote code execution attempt (exploit.rules)
 * 1:16229 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel oversized ib memory corruption attempt (web-client.rules)
 * 1:16231 <-> ENABLED <-> WEB-CLIENT Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (web-client.rules)
 * 1:16233 <-> ENABLED <-> EXPLOIT Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (exploit.rules)
 * 1:16234 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word Document remote code execution attempt (web-client.rules)
 * 1:16235 <-> ENABLED <-> EXPLOIT Microsoft Office Excel file SXDB record exploit attempt (exploit.rules)
 * 1:16236 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel file SxView record exploit attempt (web-client.rules)
 * 1:16238 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt  (netbios.rules)
 * 1:16239 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt  (netbios.rules)
 * 1:16240 <-> ENABLED <-> EXPLOIT Microsoft Office Excel file Window/Pane record exploit attempt (exploit.rules)
 * 1:16241 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (web-client.rules)
 * 1:16287 <-> ENABLED <-> SPECIFIC-THREATS SMB Negotiate Protocol response DoS attempt (specific-threats.rules)
 * 1:16294 <-> ENABLED <-> EXPLOIT Microsoft Windows TCP stack zero window size exploit attempt (exploit.rules)
 * 1:16300 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (web-client.rules)
 * 1:16301 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:16310 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 6/7 outerHTML invalid reference arbitrary code execution attempt (web-client.rules)
 * 1:16311 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt (web-client.rules)
 * 1:16312 <-> ENABLED <-> WEB-IIS ADFS custom header arbitrary code execution attempt  (web-iis.rules)
 * 1:16314 <-> ENABLED <-> EXPLOIT Microsoft Windows WordPad and Office text converter integer overflow attempt (exploit.rules)
 * 1:16317 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer mouse move during refresh memory corruption attempt (exploit.rules)
 * 1:16318 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio invalid ho tag attempt (web-client.rules)
 * 1:16319 <-> ENABLED <-> WEB-CLIENT Apple Safari-Internet Explorer SearchPath blended threat attempt (web-client.rules)
 * 1:16326 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer 8 DOM memory corruption attempt (exploit.rules)
 * 1:16327 <-> ENABLED <-> EXPLOIT Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt (exploit.rules)
 * 1:16328 <-> ENABLED <-> EXPLOIT Microsoft Office Project file parsing arbitrary memory access attempt (exploit.rules)
 * 1:16330 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer orphan DOM objects memory corruption attempt (web-client.rules)
 * 1:16339 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer object clone deletion memory corruption attempt - obfuscated (web-client.rules)
 * 1:16340 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows Media Player DHTML Editing ActiveX clsid access (specific-threats.rules)
 * 1:16342 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVIFile truncated media file processing memory corruption attempt (web-client.rules)
 * 1:16366 <-> ENABLED <-> EXPLOIT Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (exploit.rules)
 * 1:16367 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer invalid object access memory corruption attempt (web-client.rules)
 * 1:16369 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer deleted object access memory corruption attempt - public exploit (exploit.rules)
 * 1:16377 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (exploit.rules)
 * 1:16382 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML+TIME animatemotion property memory corruption attempt (web-client.rules)
 * 1:16397 <-> ENABLED <-> NETBIOS SMB andx invalid server name share access  (netbios.rules)
 * 1:16398 <-> ENABLED <-> NETBIOS SMB invalid server name share access  (netbios.rules)
 * 1:16399 <-> ENABLED <-> NETBIOS SMB unicode andx invalid server name share access  (netbios.rules)
 * 1:16400 <-> ENABLED <-> NETBIOS SMB unicode invalid server name share access  (netbios.rules)
 * 1:16401 <-> ENABLED <-> NETBIOS SMB andx invalid server name share access  (netbios.rules)
 * 1:16402 <-> ENABLED <-> NETBIOS SMB invalid server name share access  (netbios.rules)
 * 1:16403 <-> ENABLED <-> NETBIOS SMB unicode andx invalid server name share access  (netbios.rules)
 * 1:16404 <-> ENABLED <-> NETBIOS SMB unicode invalid server name share access  (netbios.rules)
 * 1:16409 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint improper filename remote code execution attempt (web-client.rules)
 * 1:16410 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (web-client.rules)
 * 1:16411 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:16412 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (web-client.rules)
 * 1:16414 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Shell Handler remote code execution attempt (web-client.rules)
 * 1:16416 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Malformed MSODrawing Record (web-client.rules)
 * 1:16417 <-> ENABLED <-> NETBIOS SMB Negotiate Protocol Response overflow attempt  (netbios.rules)
 * 1:16419 <-> ENABLED <-> WEB-ACTIVEX Microsoft Data Analyzer 3.5 ActiveX clsid access (web-activex.rules)
 * 1:16421 <-> ENABLED <-> EXPLOIT Microsoft Office PowerPoint out of bounds value remote code execution attempt (exploit.rules)
 * 1:16422 <-> ENABLED <-> EXPLOIT Microsoft Windows Paint JPEG with malformed SOFx field (exploit.rules)
 * 1:16428 <-> DISABLED <-> EXPLOIT Microsoft Outlook Express and Windows Mail NNTP handling buffer overflow attempt (exploit.rules)
 * 1:16454 <-> ENABLED <-> SPECIFIC-THREATS SMB Negotiate Protocol response DoS attempt - empty SMB 2 (specific-threats.rules)
 * 1:16461 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel EntExU2 write access violation attempt (specific-threats.rules)
 * 1:16462 <-> ENABLED <-> EXPLOIT Microsoft Office Excel BIFF8 formulas from records parsing code execution attempt (exploit.rules)
 * 1:16463 <-> ENABLED <-> EXPLOIT Microsoft Office Excel BIFF5 formulas from records parsing code execution attempt (exploit.rules)
 * 1:16464 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ContinueFRT12 heap overflow attempt (web-client.rules)
 * 1:16465 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (web-client.rules)
 * 1:16466 <-> ENABLED <-> EXPLOIT Microsoft Office Excel uninitialized stack variable code execution attempt (exploit.rules)
 * 1:16467 <-> ENABLED <-> EXPLOIT Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 1 (exploit.rules)
 * 1:16468 <-> ENABLED <-> EXPLOIT Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 2 (exploit.rules)
 * 1:16469 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (web-client.rules)
 * 1:16470 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (web-client.rules)
 * 1:16471 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (web-client.rules)
 * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules)
 * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules)
 * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules)
 * 1:16503 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer event handling remote code execution attempt (exploit.rules)
 * 1:16506 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (web-client.rules)
 * 1:16507 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer onreadystatechange memory corruption attempt (web-client.rules)
 * 1:16508 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 non-IE8 compatibility mode htmltime remote code execution attempt (web-client.rules)
 * 1:16510 <-> ENABLED <-> WEB-ACTIVEX Microsoft Tabular Control ActiveX overflow by CLSID  (web-activex.rules)
 * 1:16511 <-> ENABLED <-> WEB-ACTIVEX Microsoft Tabular Control ActiveX overflow by ProgID  (web-activex.rules)
 * 1:16512 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer malformed span/div html document heap corruption attempt (exploit.rules)
 * 1:16535 <-> ENABLED <-> EXPLOIT Microsoft Office Visio improper attribute code execution attempt (exploit.rules)
 * 1:16536 <-> ENABLED <-> EXPLOIT Microsoft Office Visio off-by-one in array index code execution attempt (exploit.rules)
 * 1:16537 <-> ENABLED <-> EXPLOIT Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (exploit.rules)
 * 1:16539 <-> ENABLED <-> NETBIOS SMBv1 BytesNeeded ring0 buffer overflow attempt  (netbios.rules)
 * 1:16540 <-> ENABLED <-> NETBIOS SMB2 client NetBufferList NULL entry remote code execution attempt  (netbios.rules)
 * 1:16541 <-> ENABLED <-> EXPLOIT Microsoft Windows Media Service stack overflow attempt (exploit.rules)
 * 1:16542 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:16543 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player codec code execution attempt (web-client.rules)
 * 1:16553 <-> ENABLED <-> EXPLOIT Microsoft Office Excel ptg index parsing code execution attempt (exploit.rules)
 * 1:16560 <-> ENABLED <-> WEB-MISC Microsoft Sharepoint XSS attempt (web-misc.rules)
 * 1:16578 <-> ENABLED <-> EXPLOIT Microsoft Windows Media Encoder 9 ActiveX buffer overflow attempt (exploit.rules)
 * 1:16586 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word Document remote code execution attempt (web-client.rules)
 * 1:16593 <-> ENABLED <-> WEB-CLIENT Microsoft VBE6.dll stack corruption attempt (web-client.rules)
 * 1:16595 <-> ENABLED <-> POP3 Windows Mail remote code execution attempt  (pop3.rules)
 * 1:16602 <-> DISABLED <-> SPECIFIC-THREATS Microsoft DirectShow 3 ActiveX exploit via JavaScript (specific-threats.rules)
 * 1:16635 <-> DISABLED <-> WEB-ACTIVEX Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (web-activex.rules)
 * 1:16636 <-> ENABLED <-> MISC Microsoft Windows .NET framework XMLDsig data tampering attempt  (misc.rules)
 * 1:16637 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer security zone restriction bypass attempt (exploit.rules)
 * 1:16638 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt (web-client.rules)
 * 1:16639 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (web-client.rules)
 * 1:16640 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (web-client.rules)
 * 1:16641 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (web-client.rules)
 * 1:16643 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Chart Sheet Substream memory corruption attempt (web-client.rules)
 * 1:16644 <-> ENABLED <-> EXPLOIT Microsoft Office Excel WOpt record memory corruption attempt (exploit.rules)
 * 1:16645 <-> ENABLED <-> EXPLOIT Microsoft Office Excel SxView record memory pointer corruption attempt (exploit.rules)
 * 1:16646 <-> ENABLED <-> EXPLOIT Microsoft Office Excel RealTimeData record stack buffer overflow attempt (exploit.rules)
 * 1:16647 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel RealTimeData record heap memory corruption attempt - 2 (web-client.rules)
 * 1:16648 <-> ENABLED <-> EXPLOIT Microsoft Office Excel RealTimeData record heap memory corruption attempt - 1 (exploit.rules)
 * 1:16650 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 1 (web-client.rules)
 * 1:16651 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (web-client.rules)
 * 1:16652 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (web-client.rules)
 * 1:16653 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (web-client.rules)
 * 1:16654 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel undocumented Publisher record heap buffer overflow attempt (web-client.rules)
 * 1:16655 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Lbl record stack overflow attempt (web-client.rules)
 * 1:16656 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel BIFF5 ExternSheet record stack overflow attempt (web-client.rules)
 * 1:16657 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DBQueryExt record memory corruption attempt (web-client.rules)
 * 1:16659 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer style sheet array memory corruption attempt (exploit.rules)
 * 1:16660 <-> ENABLED <-> DOS SharePoint Server 2007 help.aspx denial of service attempt  (dos.rules)
 * 1:16661 <-> ENABLED <-> EXPLOIT quartz.dll MJPEG content processing memory corruption attempt (exploit.rules)
 * 1:16665 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Help Centre escape sequence XSS attempt (web-client.rules)
 * 1:16800 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel FRTWrapper record buffer overflow attempt (specific-threats.rules)
 * 1:17034 <-> ENABLED <-> SMTP Microsoft Office Outlook AttachMethods local file execution attempt  (smtp.rules)
 * 1:17035 <-> ENABLED <-> SMTP Microsoft Office Outlook AttachMethods local file execution attempt  (smtp.rules)
 * 1:17036 <-> ENABLED <-> SMTP Microsoft Office Outlook AttachMethods local file execution attempt  (smtp.rules)
 * 1:17037 <-> ENABLED <-> WEB-ACTIVEX MS Access multiple control instantiation memory corruption attempt  (web-activex.rules)
 * 1:17038 <-> ENABLED <-> EXPLOIT Microsoft Office Access ACCWIZ library release after free attempt - 1 (exploit.rules)
 * 1:17039 <-> ENABLED <-> EXPLOIT Microsoft Office Access ACCWIZ library release after free attempt - 2 (exploit.rules)
 * 1:17042 <-> ENABLED <-> WEB-CLIENT Microsoft LNK shortcut download attempt (web-client.rules)
 * 1:17043 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows PIF shortcut file download request (file-identify.rules)
 * 1:17103 <-> ENABLED <-> WEB-IIS IIS 5.1 alternate data stream authentication bypass attempt (web-iis.rules)
 * 1:17112 <-> DISABLED <-> SPECIFIC-THREATS DCERPC rpcss2 _RemoteGetClassObject attempt (specific-threats.rules)
 * 1:17114 <-> ENABLED <-> WEB-CLIENT Microsoft SilverLight ImageSource remote code execution attempt (web-client.rules)
 * 1:17119 <-> ENABLED <-> EXPLOIT Microsoft Office Word sprmCMajority SPRM overflow attempt (exploit.rules)
 * 1:17120 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (web-client.rules)
 * 1:17121 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (web-client.rules)
 * 1:17122 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (web-client.rules)
 * 1:17123 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word rich text format invalid field size memory corruption attempt (web-client.rules)
 * 1:17124 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word malformed table record memory corruption attempt (web-client.rules)
 * 1:17125 <-> ENABLED <-> NETBIOS SMB Trans2 MaxDataCount overflow attempt  (netbios.rules)
 * 1:17128 <-> ENABLED <-> EXPLOIT Cinepak Codec VIDC decompression remote code execution attempt (exploit.rules)
 * 1:17129 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer use-after-free memory corruption attempt (web-client.rules)
 * 1:17130 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer boundElements arbitrary code execution (web-client.rules)
 * 1:17131 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (web-client.rules)
 * 1:17132 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer invalid object access attempt (exploit.rules)
 * 1:17133 <-> ENABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:17134 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel out-of-bounds structure read memory corruption attempt (web-client.rules)
 * 1:17135 <-> ENABLED <-> EXPLOIT Microsoft Windows Movie Maker string size overflow attempt (exploit.rules)
 * 1:17136 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer 6 race condition exploit attempt (exploit.rules)
 * 1:17231 <-> ENABLED <-> WEB-CLIENT Microsoft Kodak Imaging small offset malformed tiff - little-endian (web-client.rules)
 * 1:17232 <-> ENABLED <-> WEB-CLIENT Microsoft Kodak Imaging large offset malformed tiff - big-endian (web-client.rules)
 * 1:17249 <-> ENABLED <-> EXPLOIT Microsoft Windows LSASS integer overflow attempt (exploit.rules)
 * 1:1725 <-> DISABLED <-> WEB-IIS +.htr code fragment attempt (web-iis.rules)
 * 1:17250 <-> ENABLED <-> EXPLOIT Microsoft Windows WordPad sprmTSetBrc80 SPRM overflow attempt (exploit.rules)
 * 1:17252 <-> ENABLED <-> NETBIOS Microsoft Windows Print Spooler arbitrary file write attempt  (netbios.rules)
 * 1:17254 <-> ENABLED <-> WEB-MISC Microsoft Windows IIS stack exhaustion DoS attempt (web-misc.rules)
 * 1:17255 <-> ENABLED <-> EXPLOIT Microsoft Windows IIS FastCGI heap overflow attempt (exploit.rules)
 * 1:17256 <-> ENABLED <-> WEB-CLIENT Microsoft Windows uniscribe fonts parsing memory corruption attempt (web-client.rules)
 * 1:17306 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Malware Protection Engine file processing denial of service attempt (specific-threats.rules)
 * 1:17377 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (specific-threats.rules)
 * 1:17389 <-> ENABLED <-> SPECIFIC-THREATS Mozilla Firefox DOMNodeRemoved attack attempt (specific-threats.rules)
 * 1:17401 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer nested tag memory corruption attempt - unescaped (specific-threats.rules)
 * 1:17402 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer nested tag memory corruption attempt (specific-threats.rules)
 * 1:17404 <-> ENABLED <-> EXPLOIT Microsoft Office Word Converter XST structure buffer overflow attempt (exploit.rules)
 * 1:17405 <-> ENABLED <-> EXPLOIT Microsoft Office Word Converter XST structure buffer overflow attempt (exploit.rules)
 * 1:17406 <-> ENABLED <-> EXPLOIT Microsoft Office Word Converter XST structure buffer overflow attempt (exploit.rules)
 * 1:17410 <-> ENABLED <-> WEB-MISC Generic HyperLink buffer overflow attempt (web-misc.rules)
 * 1:17411 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CDF cross-domain scripting attempt (specific-threats.rules)
 * 1:17428 <-> ENABLED <-> WEB-MISC Microsoft ASP.NET information disclosure attempt (web-misc.rules)
 * 1:17429 <-> ENABLED <-> WEB-MISC Microsoft ASP.NET information disclosure attempt (web-misc.rules)
 * 1:17431 <-> ENABLED <-> EXPLOIT Microsoft Windows IIS SChannel improper certificate verification (exploit.rules)
 * 1:17435 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (netbios.rules)
 * 1:17436 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (netbios.rules)
 * 1:17437 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (netbios.rules)
 * 1:17438 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (netbios.rules)
 * 1:17442 <-> ENABLED <-> POLICY Microsoft Windows download of .lnk file that executes cmd.exe detected (policy.rules)
 * 1:17448 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability (specific-threats.rules)
 * 1:17462 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer marquee object handling memory corruption attempt (web-client.rules)
 * 1:17463 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer File Download Dialog Box Manipulation (specific-threats.rules)
 * 1:17467 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (web-client.rules)
 * 1:17468 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (web-client.rules)
 * 1:17525 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows IIS 5.0 WebDav Request Directory Security Bypass (specific-threats.rules)
 * 1:17546 <-> DISABLED <-> POLICY Microsoft Media Player compressed skin download - .wmd (policy.rules)
 * 1:17572 <-> ENABLED <-> WEB-CLIENT Microsoft XML Core Services cross-site information disclosure attempt (web-client.rules)
 * 1:17588 <-> ENABLED <-> WEB-ACTIVEX Microsoft Internet Explorer Install Engine ActiveX clsid access (web-activex.rules)
 * 1:17644 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer object clone deletion memory corruption attempt (specific-threats.rules)
 * 1:17645 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer CSS strings parsing memory corruption attempt (web-client.rules)
 * 1:17655 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed formula parsing code execution attempt (web-client.rules)
 * 1:17664 <-> ENABLED <-> WEB-CLIENT Microsoft Office GIF image descriptor memory corruption attempt (web-client.rules)
 * 1:17685 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer invalid pointer memory corruption attempt (exploit.rules)
 * 1:17686 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer invalid pointer memory corruption attempt (exploit.rules)
 * 1:17687 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer invalid pointer memory corruption attempt (exploit.rules)
 * 1:17690 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:17691 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:17692 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer ExecWB security zone bypass attempt (web-client.rules)
 * 1:17709 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer EMBED element memory corruption attempt (web-client.rules)
 * 1:17711 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ASF parsing memory corruption attempt (web-client.rules)
 * 1:17712 <-> ENABLED <-> SPECIFIC-THREATS TFTP PUT Microsoft RIS filename overwrite attempt (specific-threats.rules)
 * 1:1772 <-> DISABLED <-> WEB-IIS pbserver access (web-iis.rules)
 * 1:17720 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer static text range overflow attempt (web-client.rules)
 * 1:17721 <-> ENABLED <-> EXPLOIT Microsoft Windows WINS replication inform2 request memory corruption attempt (exploit.rules)
 * 1:17723 <-> ENABLED <-> NETBIOS possible SMB replay attempt - overlapping encryption keys detected  (netbios.rules)
 * 1:17724 <-> ENABLED <-> SPECIFIC-THREATS malicious ASP file upload attempt (specific-threats.rules)
 * 1:17729 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer EMBED element memory corruption attempt (specific-threats.rules)
 * 1:17730 <-> ENABLED <-> WEB-CLIENT Microsoft XML Core Services MIME Viewer memory corruption attempt (web-client.rules)
 * 1:17731 <-> ENABLED <-> BAD-TRAFFIC Microsoft Windows wpad dynamic update request  (bad-traffic.rules)
 * 1:17742 <-> ENABLED <-> EXPLOIT Microsoft Office Word remote code execution attempt (exploit.rules)
 * 1:17743 <-> ENABLED <-> EXPLOIT Microsoft Office Word RTF parsing memory corruption (exploit.rules)
 * 1:17746 <-> ENABLED <-> NETBIOS SMB client TRANS response Find_First2 filename overflow attempt (netbios.rules)
 * 1:17747 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer compressed HDMX font processing integer overflow attempt (exploit.rules)
 * 1:17750 <-> ENABLED <-> DOS Microsoft IIS 7.5 client verify null pointer attempt  (dos.rules)
 * 1:17752 <-> ENABLED <-> EXPLOIT OpenType Font file parsing denial of service attempt (exploit.rules)
 * 1:17753 <-> ENABLED <-> MULTIMEDIA Microsoft Windows Media Player network sharing service RTSP code execution attempt (multimedia.rules)
 * 1:17754 <-> ENABLED <-> EXPLOIT Microsoft Office Word bookmark bound check remote code execution attempt (exploit.rules)
 * 1:17755 <-> ENABLED <-> EXPLOIT Microsoft Office Word unchecked index value remote code execution attempt (exploit.rules)
 * 1:17756 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (web-client.rules)
 * 1:17757 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel CrErr record integer overflow attempt (web-client.rules)
 * 1:17758 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (specific-threats.rules)
 * 1:17759 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid SerAr object exploit attempt (specific-threats.rules)
 * 1:17760 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel RealTimeData record exploit attempt (specific-threats.rules)
 * 1:17763 <-> ENABLED <-> EXPLOIT Microsoft Office Excel GhostRw record exploit attempt (exploit.rules)
 * 1:17764 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel PtgName invalid index exploit attempt (specific-threats.rules)
 * 1:17766 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer 8 XSS in toStaticHTML API attempt (exploit.rules)
 * 1:17767 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability (exploit.rules)
 * 1:17768 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer 8 object event handler use after free exploit attempt (exploit.rules)
 * 1:17769 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer 8 CSS invalid mapping exploit attempt (exploit.rules)
 * 1:1777 <-> DISABLED <-> FTP EXPLOIT STAT * dos attempt (ftp.rules)
 * 1:17770 <-> ENABLED <-> WEB-ACTIVEX Microsoft HtmlDlgHelper ActiveX clsid access (web-activex.rules)
 * 1:17771 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer cross-domain information disclosure attempt (exploit.rules)
 * 1:17772 <-> ENABLED <-> WEB-ACTIVEX Microsoft Scriptlet Component ActiveX clsid access  (web-activex.rules)
 * 1:17773 <-> ENABLED <-> EXPLOIT Microsoft Windows Media Player Firefox plugin memory corruption attempt (exploit.rules)
 * 1:17774 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer 8 CSS XSRF exploit attempt (exploit.rules)
 * 1:1778 <-> DISABLED <-> FTP EXPLOIT STAT ? dos attempt (ftp.rules)
 * 1:17780 <-> ENABLED <-> SPECIFIC-THREATS CBO CBL CBM buffer overflow attempt (specific-threats.rules)
 * 1:1802 <-> DISABLED <-> WEB-IIS .asa HTTP header buffer overflow attempt (web-iis.rules)
 * 1:1803 <-> DISABLED <-> WEB-IIS .cer HTTP header buffer overflow attempt (web-iis.rules)
 * 1:1804 <-> DISABLED <-> WEB-IIS .cdx HTTP header buffer overflow attempt (web-iis.rules)
 * 1:18065 <-> ENABLED <-> EXPLOIT Microsoft Office PowerPoint converter bad indirection remote code execution attempt (exploit.rules)
 * 1:18066 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint integer underflow heap corruption attempt (web-client.rules)
 * 1:18067 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF parsing remote code execution attempt (web-client.rules)
 * 1:18068 <-> ENABLED <-> EXPLOIT Microsoft Office Excel malformed MsoDrawingObject record attempt (exploit.rules)
 * 1:18069 <-> ENABLED <-> WEB-CLIENT Microsoft Office Art drawing invalid shape identifier attempt (web-client.rules)
 * 1:18070 <-> ENABLED <-> NETBIOS Microsoft Office pptimpconv.dll dll-load exploit attempt  (netbios.rules)
 * 1:18071 <-> ENABLED <-> WEB-CLIENT Microsoft Office pptimpconv.dll dll-load exploit attempt (web-client.rules)
 * 1:18072 <-> ENABLED <-> WEB-MISC Microsoft Forefront UAG external redirect attempt (web-misc.rules)
 * 1:18073 <-> ENABLED <-> WEB-MISC Microsoft Forefront UAG arbitrary embedded scripting attempt (web-misc.rules)
 * 1:18074 <-> ENABLED <-> WEB-CLIENT Micrisoft Windows Forefront UAG URL XSS attempt (web-client.rules)
 * 1:18076 <-> ENABLED <-> WEB-CLIENT Microsoft Forefront UAG URL XSS alternate attempt (web-client.rules)
 * 1:18171 <-> DISABLED <-> EXPLOIT Multiple product mailto uri handling code execution attempt (exploit.rules)
 * 1:18172 <-> DISABLED <-> EXPLOIT Multiple product mailto uri handling code execution attempt (exploit.rules)
 * 1:18173 <-> DISABLED <-> EXPLOIT Multiple product mailto uri handling code execution attempt (exploit.rules)
 * 1:18195 <-> ENABLED <-> SPECIFIC-THREATS SMB Negotiate Protocol response DoS attempt (specific-threats.rules)
 * 1:18196 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt (web-client.rules)
 * 1:18197 <-> ENABLED <-> WEB-ACTIVEX Microsoft COleSite ActiveX memory corruption attempt  (web-activex.rules)
 * 1:18198 <-> ENABLED <-> WEB-ACTIVEX Microsoft COleSite ActiveX memory corruption attempt  (web-activex.rules)
 * 1:18199 <-> ENABLED <-> WEB-ACTIVEX Microsoft COleSite ActiveX memory corruption attempt  (web-activex.rules)
 * 1:18200 <-> ENABLED <-> EXPLOIT Microsoft Office .CGM file cell array heap overflow attempt (exploit.rules)
 * 1:18201 <-> ENABLED <-> EXPLOIT Microsoft Office TIFF filter remote code execution attempt (exploit.rules)
 * 1:18202 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Address Book smmscrpt.dll malicious DLL load (web-client.rules)
 * 1:18203 <-> ENABLED <-> NETBIOS Windows Address Book smmscrpt.dll malicious DLL load  (netbios.rules)
 * 1:18204 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (web-client.rules)
 * 1:18205 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (web-client.rules)
 * 1:18206 <-> ENABLED <-> NETBIOS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (netbios.rules)
 * 1:18207 <-> ENABLED <-> NETBIOS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (netbios.rules)
 * 1:18208 <-> ENABLED <-> WEB-CLIENT Microsoft Windows wininet peerdist.dll dll-load exploit attempt (web-client.rules)
 * 1:18209 <-> ENABLED <-> NETBIOS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (netbios.rules)
 * 1:18210 <-> ENABLED <-> WEB-CLIENT Microsoft Movie Maker hhctrl.ocx dll-load exploit attempt (web-client.rules)
 * 1:18211 <-> ENABLED <-> NETBIOS Microsoft Movie Maker hhctrl.ocx dll-load exploit attempt  (netbios.rules)
 * 1:18212 <-> ENABLED <-> SPECIFIC-THREATS MS Publisher tyo.oty field heap overflow attempt (specific-threats.rules)
 * 1:18214 <-> ENABLED <-> SPECIFIC-THREATS MS Publisher 97 conversion remote code execution attempt (specific-threats.rules)
 * 1:18215 <-> ENABLED <-> NETBIOS NETAPI RPC interface reboot attempt  (netbios.rules)
 * 1:18216 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 6 #default#anim attempt (web-client.rules)
 * 1:18218 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer time element memory corruption attempt (specific-threats.rules)
 * 1:18219 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ATMFD font driver remote code execution attempt (web-client.rules)
 * 1:18221 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer malformed table remote code execution attempt (web-client.rules)
 * 1:18222 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18223 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18224 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (web-client.rules)
 * 1:18225 <-> ENABLED <-> NETBIOS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt  (netbios.rules)
 * 1:18226 <-> ENABLED <-> NETBIOS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt  (netbios.rules)
 * 1:18227 <-> ENABLED <-> NETBIOS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt  (netbios.rules)
 * 1:18229 <-> ENABLED <-> SPECIFIC-THREATS Microsoft FlashPix tile length overflow attempt (specific-threats.rules)
 * 1:18230 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher memory corruption attempt (specific-threats.rules)
 * 1:18231 <-> ENABLED <-> WEB-CLIENT Microsoft Office Publisher oversized oti length attempt (web-client.rules)
 * 1:18233 <-> ENABLED <-> WEB-CLIENT Microsoft Office Publisher Adobe Font Driver code execution attempt (web-client.rules)
 * 1:18235 <-> ENABLED <-> WEB-CLIENT Microsoft Office PICT graphics converter memory corruption attempt (web-client.rules)
 * 1:18236 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office TIFFIM32.FLT filter memory corruption attempt (specific-threats.rules)
 * 1:18237 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Flashpix graphics filter fpx32.flt remote code execution attempt (web-client.rules)
 * 1:18238 <-> ENABLED <-> EXPLOIT Microsoft Sharepoint document conversion remote code excution attempt (exploit.rules)
 * 1:18240 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt (web-client.rules)
 * 1:18241 <-> ENABLED <-> WEB-ACTIVEX Microsoft WMI Administrator Tools Object Viewer ActiveX clsid access (web-activex.rules)
 * 1:18242 <-> ENABLED <-> WEB-ACTIVEX Microsoft WMI Administrator Tools Object Viewer ActiveX function call access (web-activex.rules)
 * 1:18243 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (specific-threats.rules)
 * 1:18265 <-> ENABLED <-> WEB-CLIENT Microsoft Office thumbnail bitmap invalid biClrUsed attempt (web-client.rules)
 * 1:18266 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (netbios.rules)
 * 1:18267 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (netbios.rules)
 * 1:18276 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Data Access Components library attempt (specific-threats.rules)
 * 1:18277 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (web-client.rules)
 * 1:18278 <-> ENABLED <-> NETBIOS Vista Backup Tool fveapi.dll dll-load exploit attempt  (netbios.rules)
 * 1:18280 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer oversize recordset object cache size exploit attempt (web-client.rules)
 * 1:18282 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer drag-and-drop vulnerability (web-client.rules)
 * 1:18297 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (web-client.rules)
 * 1:18309 <-> ENABLED <-> WEB-CLIENT Microsoft Vector Markup Language fill method overflow attempt (web-client.rules)
 * 1:18310 <-> ENABLED <-> SMTP Microsoft Office RTF parsing remote code execution attempt (smtp.rules)
 * 1:18313 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer createTextRange code execution attempt (specific-threats.rules)
 * 1:18315 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (netbios.rules)
 * 1:18320 <-> ENABLED <-> SPECIFIC-THREATS WINS association context validation overflow attempt (specific-threats.rules)
 * 1:18329 <-> ENABLED <-> WEB-ACTIVEX Microsoft WMI Administrator Tools Object Viewer ActiveX function call access (web-activex.rules)
 * 1:18335 <-> ENABLED <-> WEB-CLIENT Microsoft MHTML XSS attempt (web-client.rules)
 * 1:18396 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Hypervisor DOS vfd download attempt (web-client.rules)
 * 1:18398 <-> ENABLED <-> WEB-CLIENT Microsoft Office thumbnail bitmap invalid biClrUsed attempt (web-client.rules)
 * 1:18399 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel BRAI record remote code execution attempt (specific-threats.rules)
 * 1:18401 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Internet Explorer Base64 encoded script overflow attempt (web-client.rules)
 * 1:18402 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD Adobe font driver remote code execution attempt (specific-threats.rules)
 * 1:18403 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer datasrc overflow attempt (web-client.rules)
 * 1:18404 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer document.insertBefore memory corruption attempt (web-client.rules)
 * 1:18406 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows Server 2003 update service principal name spn dos executable attempt (specific-threats.rules)
 * 1:18407 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows Server 2003 update service principal name spn dos attempt (specific-threats.rules)
 * 1:18408 <-> ENABLED <-> EXPLOIT Microsoft Windows WMI tracing api integer truncation attempt (exploit.rules)
 * 1:18413 <-> ENABLED <-> EXPLOIT Microsoft Windoss WMI tracing api integer truncation attempt (exploit.rules)
 * 1:18415 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio deserialization double free attempt (specific-threats.rules)
 * 1:18416 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio ORMinfo classes length overflow attempt (specific-threats.rules)
 * 1:18417 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio ORMinfo classes length overflow attempt (specific-threats.rules)
 * 1:1842 <-> DISABLED <-> IMAP login buffer overflow attempt (imap.rules)
 * 1:18462 <-> ENABLED <-> NETBIOS Microsoft Windows 2003 browser election remote heap overflow attempt (netbios.rules)
 * 1:18494 <-> ENABLED <-> NETBIOS Microsoft product .dll dll-load exploit attempt  (netbios.rules)
 * 1:18495 <-> ENABLED <-> WEB-CLIENT Microsoft product .dll dll-load exploit attempt (web-client.rules)
 * 1:18496 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (web-client.rules)
 * 1:18497 <-> ENABLED <-> NETBIOS Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (netbios.rules)
 * 1:18498 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Media Player dvr-ms file parsing remote code execution attempt (specific-threats.rules)
 * 1:18499 <-> ENABLED <-> WEB-CLIENT Microsoft Groove mso.dll dll-load exploit attempt (web-client.rules)
 * 1:18500 <-> ENABLED <-> NETBIOS Groove mso.dll dll-load exploit attempt  (netbios.rules)
 * 1:18514 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (specific-threats.rules)
 * 1:18515 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio VSD file icon memory corruption (specific-threats.rules)
 * 1:18518 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (specific-threats.rules)
 * 1:18519 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (specific-threats.rules)
 * 1:18520 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (specific-threats.rules)
 * 1:18521 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (specific-threats.rules)
 * 1:18522 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (specific-threats.rules)
 * 1:18523 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (specific-threats.rules)
 * 1:18538 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel PtgName invalid index exploit attempt (specific-threats.rules)
 * 1:18539 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer event handling remote code execution attempt (exploit.rules)
 * 1:18540 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer invalid pointer memory corruption attempt (specific-threats.rules)
 * 1:18541 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 3 (specific-threats.rules)
 * 1:18542 <-> ENABLED <-> SPECIFIC-THREATS Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (specific-threats.rules)
 * 1:18545 <-> ENABLED <-> POLICY Microsoft Office Excel with embedded Flash file transfer (policy.rules)
 * 1:18546 <-> ENABLED <-> POLICY Microsoft Office Word with embedded Flash file transfer (policy.rules)
 * 1:18547 <-> ENABLED <-> POLICY Microsoft Office PowerPoint with embedded Flash file transfer (policy.rules)
 * 1:18548 <-> ENABLED <-> POLICY Microsoft Office Excel with embedded Flash file attachment (policy.rules)
 * 1:18549 <-> ENABLED <-> POLICY Microsoft Office Word with embedded Flash file attachment (policy.rules)
 * 1:18550 <-> ENABLED <-> POLICY Microsoft Office PowerPoint with embedded Flash file attachment (policy.rules)
 * 1:18554 <-> DISABLED <-> SMTP Microsoft Office PowerPoint .ppt attachment (smtp.rules)
 * 1:18583 <-> ENABLED <-> WEB-CLIENT Microsoft Windows wmf integer overflow attempt (web-client.rules)
 * 1:18590 <-> ENABLED <-> SPECIFIC-THREATS Outlook Express WAB file parsing buffer overflow attempt (specific-threats.rules)
 * 1:18615 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Works 4.x converter font name buffer overflow attempt (specific-threats.rules)
 * 1:18616 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Works 4.x converter font name buffer overflow attempt (specific-threats.rules)
 * 1:18619 <-> ENABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (web-client.rules)
 * 1:18620 <-> ENABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (web-client.rules)
 * 1:18621 <-> ENABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (web-client.rules)
 * 1:18622 <-> ENABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (web-client.rules)
 * 1:18623 <-> ENABLED <-> WEB-CLIENT Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (web-client.rules)
 * 1:18624 <-> ENABLED <-> EXPLOIT Microsoft Windows .NET framework optimizer escalation attempt (exploit.rules)
 * 1:18625 <-> ENABLED <-> NETBIOS MFC applications mfc40.dll dll-load exploit attempt  (netbios.rules)
 * 1:18626 <-> ENABLED <-> NETBIOS MFC applications mfc42.dll dll-load exploit attempt  (netbios.rules)
 * 1:18627 <-> ENABLED <-> NETBIOS MFC applications mfc80.dll dll-load exploit attempt  (netbios.rules)
 * 1:18628 <-> ENABLED <-> NETBIOS MFC applications mfc90.dll dll-load exploit attempt  (netbios.rules)
 * 1:18629 <-> ENABLED <-> NETBIOS MFC applications mfc100.dll dll-load exploit attempt  (netbios.rules)
 * 1:18632 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed Label record exploit attempt (web-client.rules)
 * 1:18633 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel RealTimeData record memory corruption attempt (web-client.rules)
 * 1:18634 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Workspace file FontCount record memory corruption attempt (web-client.rules)
 * 1:18635 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed record call to freed object attempt (specific-threats.rules)
 * 1:18636 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint SlideAtom record exploit attempt (specific-threats.rules)
 * 1:18637 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (web-client.rules)
 * 1:18638 <-> ENABLED <-> EXPLOIT Microsoft Office Excel OfficeArtSpContainer record exploit attempt (exploit.rules)
 * 1:18639 <-> ENABLED <-> EXPLOIT Microsoft Office Excel CatSerRange record exploit attempt (exploit.rules)
 * 1:18642 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word Converter sprmTSplit overflow attempt (specific-threats.rules)
 * 1:18643 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word Converter sprmTTextFflow overflow attempt (specific-threats.rules)
 * 1:18644 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows OpenType Fonts CompactFontFormat FontMatrix tranform memory corruption attempt (specific-threats.rules)
 * 1:18645 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows GDI+ arbitrary code execution attempt (specific-threats.rules)
 * 1:18646 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer 6/7 CSS swapNode memory corruption attempt (specific-threats.rules)
 * 1:18655 <-> ENABLED <-> BAD-TRAFFIC Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt  (bad-traffic.rules)
 * 1:18668 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Messenger ActiveX clsid access (web-activex.rules)
 * 1:18670 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer object management memory corruption attempt (web-client.rules)
 * 1:18671 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer object management memory corruption attempt (web-client.rules)
 * 1:18680 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF malformed pfragments field (web-client.rules)
 * 1:18683 <-> ENABLED <-> POLICY Microsoft Office Excel file with embedded PDF object (policy.rules)
 * 1:18691 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows AFD.SYS null write attempt (specific-threats.rules)
 * 1:18702 <-> ENABLED <-> SMTP Microsoft Office RTF malformed pfragments field (smtp.rules)
 * 1:18703 <-> ENABLED <-> SMTP Microsoft Office RTF malformed pfragments field (smtp.rules)
 * 1:18704 <-> ENABLED <-> SMTP Microsoft Office RTF malformed second pfragments field (smtp.rules)
 * 1:18705 <-> ENABLED <-> SMTP Microsoft Office RTF malformed second pfragments field (smtp.rules)
 * 1:18706 <-> ENABLED <-> WEB-CLIENT Microsoft Office RTF malformed second pfragments field (web-client.rules)
 * 1:18740 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel sheet object type confusion exploit attempt (specific-threats.rules)
 * 1:18806 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel RealTimeData record exploit attempt (specific-threats.rules)
 * 1:18948 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint converter bad indirection remote code execution attempt (specific-threats.rules)
 * 1:18950 <-> DISABLED <-> BAD-TRAFFIC Microsoft WINS service oversize payload exploit attempt (bad-traffic.rules)
 * 1:18952 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows uniscribe fonts parsing memory corruption attempt (specific-threats.rules)
 * 1:18953 <-> ENABLED <-> SPECIFIC-THREATS rich text format unexpected field type memory corruption attempt (specific-threats.rules)
 * 1:18954 <-> ENABLED <-> SPECIFIC-THREATS rich text format unexpected field type memory corruption attempt (specific-threats.rules)
 * 1:18961 <-> ENABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:18962 <-> ENABLED <-> WEB-CLIENT Microsoft Windows MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:18994 <-> ENABLED <-> NETBIOS Microsoft Windows 2003 browser election remote heap overflow attempt (netbios.rules)
 * 1:19063 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows Movie Maker string size overflow attempt (specific-threats.rules)
 * 1:19064 <-> DISABLED <-> SPECIFIC-THREATS Microsoft OpenType font index remote code execution attempt (specific-threats.rules)
 * 1:19065 <-> DISABLED <-> POLICY Microsoft Office Excel with embedded Flash file attachment attempt (policy.rules)
 * 1:19066 <-> DISABLED <-> POLICY Microsoft Office Excel with embedded Flash file attachment attempt (policy.rules)
 * 1:19067 <-> DISABLED <-> POLICY Microsoft Office Excel with embedded Flash file attachment attempt (policy.rules)
 * 1:19068 <-> DISABLED <-> POLICY Microsoft Office Excel with embedded Flash file attachment attempt (policy.rules)
 * 1:19069 <-> DISABLED <-> POLICY Microsoft Office Excel with embedded Flash file attachment attempt (policy.rules)
 * 1:19070 <-> DISABLED <-> POLICY Microsoft Office Excel with embedded Flash file attachment attempt (policy.rules)
 * 1:19079 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer getElementById object corruption (specific-threats.rules)
 * 1:19081 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer CSS style memory corruption attempt (specific-threats.rules)
 * 1:19119 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver remote code execution attempt (specific-threats.rules)
 * 1:19130 <-> ENABLED <-> WEB-CLIENT Microsoft Windows MSPaint jpeg with malformed SOFx field exploit attempt (web-client.rules)
 * 1:19133 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel EntExU2 write access violation attempt (specific-threats.rules)
 * 1:19134 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (specific-threats.rules)
 * 1:19143 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (web-client.rules)
 * 1:19144 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows MPEG Layer-3 audio heap corruption attempt (specific-threats.rules)
 * 1:19146 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (specific-threats.rules)
 * 1:19147 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (web-client.rules)
 * 1:19156 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office .CGM file cell array heap overflow attempt (specific-threats.rules)
 * 1:19171 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (web-client.rules)
 * 1:19172 <-> ENABLED <-> NETBIOS Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (netbios.rules)
 * 1:19174 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Vista feed headlines cross-site scripting attack attempt (web-client.rules)
 * 1:19181 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer iframe uninitialized memory corruption attempt (specific-threats.rules)
 * 1:19184 <-> ENABLED <-> EXPLOIT Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (exploit.rules)
 * 1:19185 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows .NET ArraySegment escape exploit attempt (specific-threats.rules)
 * 1:19186 <-> ENABLED <-> WEB-CLIENT Microsoft Certification service XSS attempt (web-client.rules)
 * 1:19188 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:19189 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (netbios.rules)
 * 1:19191 <-> ENABLED <-> NETBIOS SMB2 zero length write attempt (netbios.rules)
 * 1:19192 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows IIS Repeated Parameter Request denial of service attempt (specific-threats.rules)
 * 1:19196 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD Adobe font driver remote code execution attempt (specific-threats.rules)
 * 1:19199 <-> ENABLED <-> NETBIOS Smb2Create_Finalize malformed EndOfFile field exploit attempt (netbios.rules)
 * 1:19200 <-> ENABLED <-> EXPLOIT Microsoft Office Excel ObjBiff exploit attempt (exploit.rules)
 * 1:19203 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer MsgBox arbitrary code execution attempt (web-client.rules)
 * 1:19204 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer MsgBox arbitrary code execution attempt (web-client.rules)
 * 1:19221 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (netbios.rules)
 * 1:19222 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel ObjBiff validation exploit attempt (specific-threats.rules)
 * 1:19225 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel SerAuxTrend biff record corruption attempt (web-client.rules)
 * 1:19227 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Scenario heap memory overflow (specific-threats.rules)
 * 1:19229 <-> ENABLED <-> EXPLOIT Microsoft Office Excel SLK file excessive Picture records exploit attempt (exploit.rules)
 * 1:19230 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Selection exploit attempt (specific-threats.rules)
 * 1:19231 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Series record exploit attempt (web-client.rules)
 * 1:19232 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel XF record exploit attempt (specific-threats.rules)
 * 1:19234 <-> ENABLED <-> WEB-CLIENT Microsoft Visual Studio information disclosure attempt (web-client.rules)
 * 1:19235 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer copy/paste memory corruption attempt (specific-threats.rules)
 * 1:19236 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer drag event memory corruption attempt (specific-threats.rules)
 * 1:19237 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:19238 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer 8 self remove from markup vulnerability (exploit.rules)
 * 1:19239 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 toStaticHTML XSS attempt (web-client.rules)
 * 1:19240 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer IE6/7/8 reload stylesheet attempt (web-client.rules)
 * 1:19241 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (specific-threats.rules)
 * 1:19242 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (specific-threats.rules)
 * 1:19243 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer layout-grid-char value exploit attempt (web-client.rules)
 * 1:19245 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer redirect to cdl protocol attempt (web-client.rules)
 * 1:19246 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer CSS expression defined to empty selection attempt (web-client.rules)
 * 1:19258 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel SxView record memory pointer corruption attempt (specific-threats.rules)
 * 1:19259 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel WOpt record memory corruption attempt (specific-threats.rules)
 * 1:19260 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel malformed MsoDrawingObject record attempt (specific-threats.rules)
 * 1:19261 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (specific-threats.rules)
 * 1:19265 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:19266 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:19290 <-> ENABLED <-> NETBIOS Microsoft LNK shortcut download attempt (netbios.rules)
 * 1:19291 <-> ENABLED <-> NETBIOS Microsoft LNK shortcut download attempt (netbios.rules)
 * 1:19294 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel Chart Sheet Substream memory corruption attempt (web-client.rules)
 * 1:19295 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word HTML linked objects memory corruption attempt (specific-threats.rules)
 * 1:19296 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint improper filename remote code execution attempt (web-client.rules)
 * 1:19303 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:19308 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows embedded OpenType EOT font integer overflow attempt (specific-threats.rules)
 * 1:19313 <-> ENABLED <-> SPECIFIC-THREATS Symantec Antivirus Intel Service DoS Attempt (specific-threats.rules)
 * 1:19314 <-> ENABLED <-> NETBIOS Groove GroovePerfmon.dll dll-load exploit attempt (netbios.rules)
 * 1:19315 <-> ENABLED <-> WEB-CLIENT Microsoft Groove GroovePerfmon.dll dll-load exploit attempt (web-client.rules)
 * 1:19316 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office TIFF filter remote code execution attempt (specific-threats.rules)
 * 1:19320 <-> DISABLED <-> WEB-CLIENT Microsoft Windows AVI Header insufficient data corruption attempt (web-client.rules)
 * 1:19403 <-> ENABLED <-> SPECIFIC-THREATS Cinepak Codec VIDC decompression remote code execution attempt (specific-threats.rules)
 * 1:19405 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Outlook SMB attach by reference code execution attempt (specific-threats.rules)
 * 1:19406 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Outlook SMB attach by reference code execution attempt (specific-threats.rules)
 * 1:19407 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Outlook SMB attach by reference code execution attempt (specific-threats.rules)
 * 1:19411 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer Cross-Domain information disclosure attempt (specific-threats.rules)
 * 1:19413 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:19414 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (specific-threats.rules)
 * 1:19436 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt (web-client.rules)
 * 1:19442 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office embedded Office Art drawings execution attempt (specific-threats.rules)
 * 1:19443 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office embedded Office Art drawings execution attempt (specific-threats.rules)
 * 1:19444 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media sample duration header RCE attempt (web-client.rules)
 * 1:19445 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Timecode header RCE attempt (web-client.rules)
 * 1:19446 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media file name header RCE attempt (web-client.rules)
 * 1:19447 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media content type header RCE attempt (web-client.rules)
 * 1:19448 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media pixel aspect ratio header RCE attempt (web-client.rules)
 * 1:19449 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media encryption sample ID header RCE attempt (web-client.rules)
 * 1:19450 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media encryption sample ID header RCE attempt (web-client.rules)
 * 1:19458 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word sprmCMajority record buffer overflow attempt (specific-threats.rules)
 * 1:19459 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word sprmCMajority record buffer overflow attempt (specific-threats.rules)
 * 1:19460 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CSRSS multiple consoles on a single process attempt (web-client.rules)
 * 1:19461 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CSRSS NULL Fontface pointer attempt (web-client.rules)
 * 1:19462 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CSRSS negative array index code execution attempt (web-client.rules)
 * 1:19463 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CSRSS double free attempt (web-client.rules)
 * 1:19464 <-> ENABLED <-> SPECIFIC-THREATS Microsoft CSRSS integer overflow attempt (specific-threats.rules)
 * 1:19465 <-> ENABLED <-> NETBIOS Visio mfc71 dll-load exploit attempt (netbios.rules)
 * 1:19466 <-> ENABLED <-> WEB-CLIENT Microsoft Office Visio mfc71 dll-load exploit attempt (web-client.rules)
 * 1:19467 <-> ENABLED <-> SPECIFIC-THREATS Microsoft CSRSS NULL Fontface pointer attempt (specific-threats.rules)
 * 1:19468 <-> ENABLED <-> SPECIFIC-THREATS Microsoft stale data code execution attempt (specific-threats.rules)
 * 1:19469 <-> ENABLED <-> SPECIFIC-THREATS Microsoft invalid message kernel-mode memory disclosure attempt (specific-threats.rules)
 * 1:19552 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel format record code execution attempt (web-client.rules)
 * 1:19665 <-> ENABLED <-> EXPLOIT Microsoft Windows Remote Desktop web access cross-site scripting attempt (exploit.rules)
 * 1:19666 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer multi-window access memory corruption attempt (web-client.rules)
 * 1:19667 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer cross-domain scripting attack (specific-threats.rules)
 * 1:19668 <-> ENABLED <-> NETBIOS Internet Explorer telnet.exe file load exploit attempt (netbios.rules)
 * 1:19670 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer telnet.exe file load exploit attempt (web-client.rules)
 * 1:19671 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer XSL refreshing memory corruption attempt (web-client.rules)
 * 1:19672 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer stylesheet dynamic access memory corruption attempt (web-client.rules)
 * 1:19673 <-> ENABLED <-> NETBIOS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (netbios.rules)
 * 1:19674 <-> ENABLED <-> WEB-CLIENT Microsoft Data Access Components bidlab.dll dll-load exploit attempt (web-client.rules)
 * 1:19675 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio invalid UMLString data length exploit attempt (specific-threats.rules)
 * 1:19676 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Visio invalid UMLDTOptions object exploit attempt (specific-threats.rules)
 * 1:19677 <-> ENABLED <-> DNS Microsoft DNS NAPTR remote unauthenticated code execution vulnerability (dns.rules)
 * 1:19678 <-> ENABLED <-> ICMP Microsoft Windows remote unauthenticated DoS/bugcheck vulnerability (icmp.rules)
 * 1:19679 <-> ENABLED <-> WEB-CLIENT Microsoft Windows NDISTAPI Driver code execution attempt (web-client.rules)
 * 1:19680 <-> ENABLED <-> WEB-CLIENT Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (web-client.rules)
 * 1:19681 <-> ENABLED <-> WEB-CLIENT Microsoft Report Viewer reflect XSS attempt (web-client.rules)
 * 1:19694 <-> ENABLED <-> WEB-CGI Microsoft Windows .NET Chart Control directory traversal attempt (web-cgi.rules)
 * 1:1970 <-> DISABLED <-> WEB-IIS MDAC Content-Type overflow attempt (web-iis.rules)
 * 1:19707 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word Converter sprmTSplit overflow attempt (specific-threats.rules)
 * 1:1973 <-> DISABLED <-> FTP MKD overflow attempt (ftp.rules)
 * 1:19808 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer covered object memory corruption attempt (web-client.rules)
 * 1:19809 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer covered object memory corruption attempt (specific-threats.rules)
 * 1:19811 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office PowerPoint malformed record call to freed object attempt (specific-threats.rules)
 * 1:19814 <-> DISABLED <-> EXPLOIT Microsoft Internet Explorer empty table tag memory corruption attempt (exploit.rules)
 * 1:19818 <-> DISABLED <-> WEB-CLIENT Microsoft XML core services cross-domain information disclosure attempt (web-client.rules)
 * 1:19886 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer ani file processing - remote code execution attempt (web-client.rules)
 * 1:19893 <-> ENABLED <-> WEB-ACTIVEX Microsoft Tabular Control ActiveX overflow by CLSID / param tag (web-activex.rules)
 * 1:19894 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (web-client.rules)
 * 1:19910 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer VML user after free attempt (web-client.rules)
 * 1:19911 <-> ENABLED <-> WEB-CLIENT Microsoft SYmbolic LinK stack overflow attempt (web-client.rules)
 * 1:19932 <-> ENABLED <-> WEB-CLIENT Microsoft Office Publisher 2007 pointer dereference attempt (web-client.rules)
 * 1:19937 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer invalid object access memory corruption attempt (web-client.rules)
 * 1:19943 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (web-client.rules)
 * 1:19956 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Movie Maker project file heap buffer overflow attempt (web-client.rules)
 * 1:19972 <-> ENABLED <-> NETBIOS SMB client TRANS response paramcount overflow attempt (netbios.rules)
 * 1:20032 <-> DISABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20034 <-> DISABLED <-> EXPLOIT ESTsoft ALZip MIM File Buffer Overflow Attempt (exploit.rules)
 * 1:20049 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel SLK file excessive Picture records exploit attempt (specific-threats.rules)
 * 1:20062 <-> DISABLED <-> EXPLOIT Microsoft Office Excel File Importing Code Execution (exploit.rules)
 * 1:20071 <-> ENABLED <-> WEB-ACTIVEX WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID access (web-activex.rules)
 * 1:20073 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (specific-threats.rules)
 * 1:20111 <-> ENABLED <-> EXPLOIT Microsoft Sharepoint XSS vulnerability attempt (exploit.rules)
 * 1:20112 <-> ENABLED <-> EXPLOIT Microsoft Sharepoint XSS vulnerability attempt (exploit.rules)
 * 1:20113 <-> ENABLED <-> EXPLOIT Microsoft Sharepoint XSS vulnerability attempt (exploit.rules)
 * 1:20114 <-> ENABLED <-> EXPLOIT Microsoft SharePoint hiddenSpanData cross site scripting attempt (exploit.rules)
 * 1:20115 <-> ENABLED <-> EXPLOIT Microsoft Sharepoint XML external entity exploit attempt (exploit.rules)
 * 1:20116 <-> ENABLED <-> EXPLOIT Microsoft Sharepoint Javascript XSS attempt (exploit.rules)
 * 1:20117 <-> ENABLED <-> EXPLOIT Microsoft SharePoint XSS (exploit.rules)
 * 1:20118 <-> ENABLED <-> NETBIOS Windows shell extensions deskpan.dll dll-load exploit attempt (netbios.rules)
 * 1:20119 <-> ENABLED <-> WEB-CLIENT Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (web-client.rules)
 * 1:20120 <-> ENABLED <-> BAD-TRAFFIC Microsoft Windows WINS internal communications on network exploit attempt (bad-traffic.rules)
 * 1:20121 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid AxisParent record (specific-threats.rules)
 * 1:20122 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid AxisParent record (specific-threats.rules)
 * 1:20123 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid ShrFmla record (specific-threats.rules)
 * 1:20124 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid Lbl record (specific-threats.rules)
 * 1:20125 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid Lbl record (specific-threats.rules)
 * 1:20126 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel invalid Lbl record (specific-threats.rules)
 * 1:20127 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Conditional Formatting record vulnerability (specific-threats.rules)
 * 1:20128 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office invalid MS-OGRAPH DataFormat record (specific-threats.rules)
 * 1:20129 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office BpscBulletProof uninitialized pointer dereference attempt (specific-threats.rules)
 * 1:20132 <-> DISABLED <-> DOS SMB2 zero length write attempt (dos.rules)
 * 1:20133 <-> ENABLED <-> WEB-CLIENT Microsoft MHTML XSS attempt (web-client.rules)
 * 1:20139 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:20140 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:20141 <-> ENABLED <-> WEB-CLIENT Microsoft Office Word document summary information string overflow attempt (web-client.rules)
 * 1:20153 <-> DISABLED <-> SPECIFIC-THREATS Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (specific-threats.rules)
 * 1:20175 <-> DISABLED <-> WEB-ACTIVEX Microsoft Remote Desktop Client ActiveX clsid access (web-activex.rules)
 * 1:20227 <-> ENABLED <-> EXPLOIT VideoLAN VLC webm memory corruption attempt (exploit.rules)
 * 1:20246 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Outlook SMB attach by reference code execution attempt (specific-threats.rules)
 * 1:20247 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Outlook SMB attach by reference code execution attempt (specific-threats.rules)
 * 1:20253 <-> ENABLED <-> NETBIOS Microsoft products oleacc.dll dll-load exploit attempt (netbios.rules)
 * 1:20254 <-> ENABLED <-> WEB-CLIENT Microsoft products oleacc.dll dll-load exploit attempt (web-client.rules)
 * 1:20255 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Silverlight inheritance restriction bypass (specific-threats.rules)
 * 1:20256 <-> ENABLED <-> EXPLOIT Microsoft Forefront UAG http response splitting attempt (exploit.rules)
 * 1:20257 <-> ENABLED <-> WEB-MISC Microsoft ForeFront UAG ExcelTable.asp XSS attempt (web-misc.rules)
 * 1:20258 <-> ENABLED <-> EXPLOIT Microsoft Forefront UAG javascript handler in URI XSS attempt (exploit.rules)
 * 1:20259 <-> ENABLED <-> WEB-MISC Malicious Microsoft Agent Helper JAR download attempt (web-misc.rules)
 * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules)
 * 1:20261 <-> ENABLED <-> WEB-CLIENT Microsoft Windows win32k.sys kernel mode null pointer dereference attempt (web-client.rules)
 * 1:20262 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer onscroll DOS attempt (web-client.rules)
 * 1:20263 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer htmlfile null attribute access (web-client.rules)
 * 1:20264 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer selection option and form reset attack (specific-threats.rules)
 * 1:20265 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer null attribute crash (specific-threats.rules)
 * 1:20266 <-> ENABLED <-> WEB-MISC IE8 Javascript negative option index attack attempt (web-misc.rules)
 * 1:20267 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer circular reference exploit attempt (specific-threats.rules)
 * 1:20268 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer Marquee stylesheet object removal (specific-threats.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20270 <-> ENABLED <-> WEB-CLIENT Microsoft Windows afd.sys kernel-mode memory corruption attempt (web-client.rules)
 * 1:20271 <-> ENABLED <-> DOS Microsoft Host Integration Server SNA length dos attempt (dos.rules)
 * 1:20272 <-> ENABLED <-> DOS Microsoft Forefront UAG NLSessionS cookie overflow attempt (dos.rules)
 * 1:20273 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer jscript9 parsing corruption attempt (specific-threats.rules)
 * 1:20277 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (web-client.rules)
 * 1:20278 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:20279 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Exploerer HTML DOM invalid DHTML textnode creation attempt (web-client.rules)
 * 1:20463 <-> DISABLED <-> FILE-IDENTIFY ZIP file magic detection (file-identify.rules)
 * 1:20485 <-> DISABLED <-> FILE-IDENTIFY SIP log file magic detection (file-identify.rules)
 * 1:2050 <-> DISABLED <-> SQL version overflow attempt (sql.rules)
 * 1:20534 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel IPMT record buffer overflow attempt (specific-threats.rules)
 * 1:20540 <-> ENABLED <-> POLICY Microsoft Office Word document with embedded TrueType font (policy.rules)
 * 1:20543 <-> ENABLED <-> EXPLOIT Microsoft Windows IppRateLimitIcmp integer overflow exploit attempt (exploit.rules)
 * 1:20575 <-> ENABLED <-> SPECIFIC-THREATS Adobe Reader PDF JBIG2 remote code execution attempt (specific-threats.rules)
 * 1:20590 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint out of bounds value remote code execution attempt (web-client.rules)
 * 1:20634 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer onscroll DOS attempt (specific-threats.rules)
 * 1:20653 <-> ENABLED <-> SMTP Windows Media Player ASX file ref href buffer overflow attempt (smtp.rules)
 * 1:20664 <-> DISABLED <-> WEB-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (web-iis.rules)
 * 1:20665 <-> DISABLED <-> WEB-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (web-iis.rules)
 * 1:20671 <-> ENABLED <-> EXPLOIT Microsoft Windows Active Directory Crafted LDAP ModifyRequest (exploit.rules)
 * 1:20675 <-> DISABLED <-> WEB-IIS Microsoft Active Directory Federation Services code execution attempt (web-iis.rules)
 * 1:20690 <-> ENABLED <-> SPECIFIC-THREATS Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (specific-threats.rules)
 * 1:20699 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer XSRF timing attack against XSS filter (exploit.rules)
 * 1:20700 <-> ENABLED <-> NETBIOS Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (netbios.rules)
 * 1:20701 <-> ENABLED <-> NETBIOS Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (netbios.rules)
 * 1:20702 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (web-client.rules)
 * 1:20703 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (web-client.rules)
 * 1:20704 <-> ENABLED <-> WEB-ACTIVEX Microsoft Internet Explorer #default#time behavior attack attempt (web-activex.rules)
 * 1:20705 <-> ENABLED <-> WEB-ACTIVEX Microsoft Time DATIME.DLL ActiveX clsid access (web-activex.rules)
 * 1:20706 <-> ENABLED <-> WEB-ACTIVEX Microsoft Time DATIME.DLL ActiveX clsid access (web-activex.rules)
 * 1:20707 <-> ENABLED <-> WEB-ACTIVEX Dell IT Assistant ActiveX clsid access (web-activex.rules)
 * 1:20708 <-> ENABLED <-> WEB-ACTIVEX HP Easy Printer Care Software ActiveX clsid access (web-activex.rules)
 * 1:20709 <-> ENABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20710 <-> ENABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20711 <-> ENABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20712 <-> ENABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20713 <-> ENABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20714 <-> ENABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20715 <-> ENABLED <-> WEB-ACTIVEX HP Photo Creative ActiveX clsid access (web-activex.rules)
 * 1:20716 <-> ENABLED <-> WEB-ACTIVEX Yahoo!  CD Player ActiveX clsid access (web-activex.rules)
 * 1:20717 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows OLE versioned stream missing data stream (specific-threats.rules)
 * 1:20718 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Excel Lel record memory corruption attempt (specific-threats.rules)
 * 1:20719 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher Opltc memory corruption attempt (specific-threats.rules)
 * 1:20720 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Publisher 2003 EscherStm memory corruption attempt (specific-threats.rules)
 * 1:20721 <-> ENABLED <-> WEB-CLIENT Microsoft Office Publisher PLC object memory corruption attempt (web-client.rules)
 * 1:20722 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint invalid OfficeArtBlipDIB record exploit attempt (web-client.rules)
 * 1:20724 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Office Word border use-after-free attempt (specific-threats.rules)
 * 1:20734 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Media Player digital video recording buffer overflow attempt (web-client.rules)
 * 1:20735 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (specific-threats.rules)
 * 1:2090 <-> DISABLED <-> WEB-IIS WEBDAV exploit attempt (web-iis.rules)
 * 1:2091 <-> ENABLED <-> WEB-IIS WEBDAV nessus safe scan attempt (web-iis.rules)
 * 1:2101 <-> ENABLED <-> NETBIOS SMB Trans Max Param/Count DOS attempt (netbios.rules)
 * 1:2126 <-> DISABLED <-> MISC Microsoft Windows PPTP Start Control Request buffer overflow attempt (misc.rules)
 * 1:2129 <-> DISABLED <-> WEB-IIS nsiislog.dll access (web-iis.rules)
 * 1:2133 <-> DISABLED <-> WEB-IIS MS BizTalk server access (web-iis.rules)
 * 1:2252 <-> ENABLED <-> NETBIOS SMB-DS DCERPC Remote Activation bind attempt (netbios.rules)
 * 1:2253 <-> ENABLED <-> SMTP XEXCH50 overflow attempt (smtp.rules)
 * 1:2257 <-> ENABLED <-> NETBIOS DCERPC Messenger Service buffer overflow attempt (netbios.rules)
 * 1:2258 <-> ENABLED <-> NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt (netbios.rules)
 * 1:2329 <-> DISABLED <-> SQL probe response overflow attempt (sql.rules)
 * 1:2338 <-> ENABLED <-> FTP LIST buffer overflow attempt (ftp.rules)
 * 1:2374 <-> ENABLED <-> FTP NLST overflow attempt (ftp.rules)
 * 1:2382 <-> DISABLED <-> NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt (netbios.rules)
 * 1:2383 <-> DISABLED <-> NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt (netbios.rules)
 * 1:2386 <-> DISABLED <-> WEB-IIS NTLM ASN1 vulnerability scan attempt (web-iis.rules)
 * 1:2418 <-> DISABLED <-> MISC Microsoft Windows Terminal Server no encryption session initiation attempt (misc.rules)
 * 1:2435 <-> ENABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules)
 * 1:2508 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules)
 * 1:2511 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsass DsRolerUpgradeDownlevelServer overflow attempt (netbios.rules)
 * 1:2515 <-> DISABLED <-> WEB-MISC PCT Client_Hello overflow attempt (web-misc.rules)
 * 1:2517 <-> DISABLED <-> IMAP PCT Client_Hello overflow attempt (imap.rules)
 * 1:2518 <-> DISABLED <-> POP3 PCT Client_Hello overflow attempt (pop3.rules)
 * 1:2522 <-> DISABLED <-> WEB-MISC SSLv3 invalid Client_Hello attempt (web-misc.rules)
 * 1:2528 <-> DISABLED <-> SMTP PCT Client_Hello overflow attempt (smtp.rules)
 * 1:2531 <-> DISABLED <-> IMAP SSLv3 invalid Client_Hello attempt (imap.rules)
 * 1:2537 <-> DISABLED <-> POP3 SSLv3 invalid Client_Hello attempt (pop3.rules)
 * 1:2544 <-> DISABLED <-> SMTP SSLv3 invalid Client_Hello attempt (smtp.rules)
 * 1:2582 <-> DISABLED <-> WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt (web-misc.rules)
 * 1:2589 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Content-Disposition CLSID command attempt (web-client.rules)
 * 1:2665 <-> ENABLED <-> IMAP login literal format string attempt (imap.rules)
 * 1:2671 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt (web-client.rules)
 * 1:272 <-> DISABLED <-> DOS IGMP dos attack (dos.rules)
 * 1:2927 <-> DISABLED <-> NNTP Microsoft Windows XPAT pattern overflow attempt (nntp.rules)
 * 1:2936 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP nddeapi NDdeSetTrustedShareW overflow attempt (netbios.rules)
 * 1:3000 <-> DISABLED <-> NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules)
 * 1:3001 <-> DISABLED <-> NETBIOS SMB Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules)
 * 1:3002 <-> DISABLED <-> NETBIOS SMB Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules)
 * 1:3003 <-> DISABLED <-> NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules)
 * 1:3004 <-> DISABLED <-> NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules)
 * 1:3005 <-> DISABLED <-> NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules)
 * 1:3017 <-> DISABLED <-> EXPLOIT Microsoft Windows WINS overflow attempt (exploit.rules)
 * 1:3078 <-> DISABLED <-> NNTP Microsoft WIndows SEARCH pattern overflow attempt (nntp.rules)
 * 1:3079 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ANI file parsing overflow (web-client.rules)
 * 1:3114 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (netbios.rules)
 * 1:3130 <-> DISABLED <-> EXPLOIT MSN Messenger png overflow (exploit.rules)
 * 1:3132 <-> DISABLED <-> WEB-CLIENT Microsoft Multiple Products PNG large image width download attempt (web-client.rules)
 * 1:3133 <-> DISABLED <-> WEB-CLIENT Microsoft Multiple Products PNG large image height download attempt (web-client.rules)
 * 1:3134 <-> DISABLED <-> WEB-CLIENT Microsoft PNG large colour depth download attempt (web-client.rules)
 * 1:3143 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 command response overflow attempt (netbios.rules)
 * 1:3144 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
 * 1:3145 <-> DISABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (netbios.rules)
 * 1:3146 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
 * 1:3148 <-> ENABLED <-> WEB-CLIENT Microsoft Windows winhelp clsid attempt (web-client.rules)
 * 1:3149 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer 5/6 object type overflow attempt (web-client.rules)
 * 1:3150 <-> DISABLED <-> WEB-IIS SQLXML content type overflow (web-iis.rules)
 * 1:3158 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
 * 1:3159 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
 * 1:3171 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (netbios.rules)
 * 1:3192 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Media Player directory traversal via Content-Disposition attempt (web-client.rules)
 * 1:3199 <-> DISABLED <-> EXPLOIT Microsoft Windows WINS name query overflow attempt TCP (exploit.rules)
 * 1:3200 <-> DISABLED <-> EXPLOIT Microsoft Windows WINS name query overflow attempt UDP (exploit.rules)
 * 1:3218 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP winreg OpenKey overflow attempt (netbios.rules)
 * 1:3238 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP irot IrotIsRunning/Revoke overflow attempt (netbios.rules)
 * 1:3239 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP irot IrotIsRunning/Revoke overflow attempt (netbios.rules)
 * 1:3397 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator RemoteCreateInstance attempt (netbios.rules)
 * 1:3398 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator RemoteCreateInstance attempt (netbios.rules)
 * 1:3409 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP IActivation remoteactivation overflow attempt (netbios.rules)
 * 1:3442 <-> DISABLED <-> DOS WIN32 TCP print service overflow attempt (dos.rules)
 * 1:3461 <-> ENABLED <-> SMTP Content-Type overflow attempt (smtp.rules)
 * 1:3462 <-> ENABLED <-> SMTP Content-Encoding overflow attempt (smtp.rules)
 * 1:3486 <-> ENABLED <-> MISC Microsoft Windows SSLv3 invalid data version attempt (misc.rules)
 * 1:3511 <-> DISABLED <-> SMTP PCT Client_Hello overflow attempt (smtp.rules)
 * 1:3552 <-> ENABLED <-> WEB-CLIENT Microsoft Windows OLE32 MSHTA masquerade attempt (web-client.rules)
 * 1:3553 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer HTML DOM null DHTML element insertion attempt (web-client.rules)
 * 1:3590 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (netbios.rules)
 * 1:3591 <-> ENABLED <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (netbios.rules)
 * 1:3627 <-> ENABLED <-> POLICY X-LINK2STATE CHUNK command attempt (policy.rules)
 * 1:3632 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Bitmap width integer overflow attempt (web-client.rules)
 * 1:3634 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Bitmap width integer overflow multipacket attempt (web-client.rules)
 * 1:3682 <-> DISABLED <-> SMTP spoofed MIME-Type auto-execution attempt (smtp.rules)
 * 1:3683 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer spoofed MIME-Type auto-execution attempt (web-client.rules)
 * 1:3685 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer bitmap BitmapOffset multipacket integer overflow attempt (web-client.rules)
 * 1:3686 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer Content Advisor memory corruption attempt (web-client.rules)
 * 1:3687 <-> DISABLED <-> TELNET client ENV OPT USERVAR information disclosure (telnet.rules)
 * 1:3688 <-> DISABLED <-> TELNET client ENV OPT VAR information disclosure (telnet.rules)
 * 1:3689 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer tRNS overflow attempt (web-client.rules)
 * 1:3814 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer javaprxy.dll COM access (web-client.rules)
 * 1:3820 <-> DISABLED <-> WEB-CLIENT Microsoft Windows CHM file transfer attempt (web-client.rules)
 * 1:3967 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (netbios.rules)
 * 1:4060 <-> ENABLED <-> POLICY remote desktop protocol attempted administrator connection request (policy.rules)
 * 1:4072 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (netbios.rules)
 * 1:4132 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer msdds clsid attempt (web-client.rules)
 * 1:4133 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer devenum clsid attempt (web-client.rules)
 * 1:4134 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Exploerer blnmgr clsid attempt (web-client.rules)
 * 1:4135 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer JPEG heap overflow single packet attempt (web-client.rules)
 * 1:4136 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer JPEG heap overflow multipacket attempt (web-client.rules)
 * 1:4145 <-> ENABLED <-> WEB-ACTIVEX Windows Trouble Shooter ActiveX object access (web-activex.rules)
 * 1:4147 <-> ENABLED <-> WEB-ACTIVEX ActiveLabel ActiveX object access (web-activex.rules)
 * 1:4148 <-> DISABLED <-> WEB-ACTIVEX DHTML Editing ActiveX clsid access (web-activex.rules)
 * 1:4150 <-> DISABLED <-> WEB-ACTIVEX Outlook View OVCtl ActiveX function call access (web-activex.rules)
 * 1:4153 <-> ENABLED <-> WEB-ACTIVEX Eyedog ActiveX object access (web-activex.rules)
 * 1:4154 <-> ENABLED <-> WEB-ACTIVEX Active Setup ActiveX object access (web-activex.rules)
 * 1:4155 <-> ENABLED <-> WEB-ACTIVEX htmlfile ActiveX object access (web-activex.rules)
 * 1:4156 <-> ENABLED <-> WEB-ACTIVEX Windows Media Player 7+ ActiveX object access (web-activex.rules)
 * 1:4160 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Reporting Tool ActiveX object access (web-activex.rules)
 * 1:4161 <-> ENABLED <-> WEB-ACTIVEX DigWebX MSN ActiveX object access (web-activex.rules)
 * 1:4162 <-> ENABLED <-> WEB-ACTIVEX DigWebX MSN ActiveX object access (web-activex.rules)
 * 1:4163 <-> ENABLED <-> WEB-ACTIVEX DigWebX MSN ActiveX object access (web-activex.rules)
 * 1:4164 <-> ENABLED <-> WEB-ACTIVEX DigWebX MSN ActiveX object access (web-activex.rules)
 * 1:4165 <-> ENABLED <-> WEB-ACTIVEX Image Control 1.0 ActiveX object access (web-activex.rules)
 * 1:4167 <-> DISABLED <-> WEB-ACTIVEX MSN Heartbeat ActiveX clsid access (web-activex.rules)
 * 1:4169 <-> ENABLED <-> WEB-ACTIVEX Internet Explorer Active Setup ActiveX object access (web-activex.rules)
 * 1:4170 <-> DISABLED <-> WEB-ACTIVEX Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access (web-activex.rules)
 * 1:4171 <-> ENABLED <-> WEB-ACTIVEX Registration Wizard ActiveX object access (web-activex.rules)
 * 1:4172 <-> ENABLED <-> WEB-ACTIVEX Microsoft Agent v1.5 ActiveX clsid access (web-activex.rules)
 * 1:4173 <-> ENABLED <-> WEB-ACTIVEX MsnPUpld ActiveX object access (web-activex.rules)
 * 1:4174 <-> ENABLED <-> WEB-ACTIVEX Symantec RuFSI registry Information Class ActiveX object access (web-activex.rules)
 * 1:4175 <-> ENABLED <-> WEB-ACTIVEX Office 2000/2002 Web Components PivotTable ActiveX object access (web-activex.rules)
 * 1:4176 <-> ENABLED <-> WEB-ACTIVEX Office 2000 and 2002 Web Components Chart ActiveX object access (web-activex.rules)
 * 1:4177 <-> DISABLED <-> WEB-ACTIVEX Office 2000 and 2002 Web Components Spreadsheet ActiveX clsid access (web-activex.rules)
 * 1:4178 <-> ENABLED <-> WEB-ACTIVEX Office 2000 and 2002 Web Components Record Navigation Control ActiveX object access (web-activex.rules)
 * 1:4179 <-> ENABLED <-> WEB-ACTIVEX DirectX Files Viewer ActiveX object access (web-activex.rules)
 * 1:4180 <-> ENABLED <-> WEB-ACTIVEX Kodak Image Scan Control ActiveX object access (web-activex.rules)
 * 1:4181 <-> ENABLED <-> WEB-ACTIVEX Smartcard Enrollment ActiveX object access (web-activex.rules)
 * 1:4182 <-> ENABLED <-> WEB-ACTIVEX MSN Chat v4.5, 4.6 ActiveX object access (web-activex.rules)
 * 1:4183 <-> ENABLED <-> WEB-ACTIVEX HTML Help ActiveX object access (web-activex.rules)
 * 1:4184 <-> ENABLED <-> WEB-ACTIVEX Certificate Enrollment ActiveX object access (web-activex.rules)
 * 1:4185 <-> ENABLED <-> WEB-ACTIVEX Terminal Services Advanced Client ActiveX object access (web-activex.rules)
 * 1:4186 <-> ENABLED <-> WEB-ACTIVEX Kodak Image Editing ActiveX object access (web-activex.rules)
 * 1:4187 <-> ENABLED <-> WEB-ACTIVEX Terminal Services Advanced Client ActiveX object access (web-activex.rules)
 * 1:4188 <-> ENABLED <-> WEB-ACTIVEX RAV Online Scanner ActiveX object access (web-activex.rules)
 * 1:4189 <-> ENABLED <-> WEB-ACTIVEX Third-Party Plugin ActiveX object access (web-activex.rules)
 * 1:4190 <-> ENABLED <-> WEB-ACTIVEX Kodak Thumbnail Image ActiveX object access (web-activex.rules)
 * 1:4191 <-> ENABLED <-> WEB-ACTIVEX MsnPUpld ActiveX object access (web-activex.rules)
 * 1:4192 <-> ENABLED <-> WEB-ACTIVEX HHOpen ActiveX object access (web-activex.rules)
 * 1:4193 <-> ENABLED <-> WEB-ACTIVEX Kodak Image Editing ActiveX object access (web-activex.rules)
 * 1:4195 <-> DISABLED <-> WEB-CLIENT multipacket CBO CBL CBM file transfer attempt (web-client.rules)
 * 1:4196 <-> DISABLED <-> WEB-CLIENT CBO CBL CBM file transfer attempt (web-client.rules)
 * 1:4197 <-> ENABLED <-> WEB-ACTIVEX DigWebX MSN ActiveX object access (web-activex.rules)
 * 1:4198 <-> ENABLED <-> WEB-ACTIVEX Internet Explorer Blnmgrps.dll ActiveX object access (web-activex.rules)
 * 1:4199 <-> ENABLED <-> WEB-ACTIVEX Internet Explorer Blnmgrps.dll ActiveX object access (web-activex.rules)
 * 1:4200 <-> ENABLED <-> WEB-ACTIVEX Index Server Scope Administration ActiveX object access (web-activex.rules)
 * 1:4201 <-> ENABLED <-> WEB-ACTIVEX Queued Components Recorder ActiveX object access (web-activex.rules)
 * 1:4202 <-> ENABLED <-> WEB-ACTIVEX DirectAnimation ActiveX object access (web-activex.rules)
 * 1:4203 <-> ENABLED <-> WEB-ACTIVEX Microsoft Marquee Control ActiveX object access (web-activex.rules)
 * 1:4204 <-> ENABLED <-> WEB-ACTIVEX Microsoft DT PolyLine Control 2 ActiveX object access (web-activex.rules)
 * 1:4205 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Database Tools Database Designer v7.0 ActiveX object access (web-activex.rules)
 * 1:4206 <-> ENABLED <-> WEB-ACTIVEX Microsoft MPEG-4 Video Decompressor Property Page ActiveX object access (web-activex.rules)
 * 1:4207 <-> ENABLED <-> WEB-ACTIVEX Microsoft MS Audio Decompressor Control Property Page ActiveX object access (web-activex.rules)
 * 1:4208 <-> ENABLED <-> WEB-ACTIVEX LexRefStEsObject Class ActiveX object access (web-activex.rules)
 * 1:4209 <-> ENABLED <-> WEB-ACTIVEX LexRefStFrObject Class ActiveX object access (web-activex.rules)
 * 1:4210 <-> ENABLED <-> WEB-ACTIVEX Internet Explorer Msb1geen.dll ActiveX object access (web-activex.rules)
 * 1:4211 <-> ENABLED <-> WEB-ACTIVEX Microsoft DDS Library Shape Control ActiveX object access (web-activex.rules)
 * 1:4212 <-> ENABLED <-> WEB-ACTIVEX Microsoft DDS Generic Class ActiveX object access (web-activex.rules)
 * 1:4213 <-> ENABLED <-> WEB-ACTIVEX Microsoft DDS Picture Shape Control ActiveX object access (web-activex.rules)
 * 1:4214 <-> ENABLED <-> WEB-ACTIVEX Microsoft TipGW Init ActiveX object access (web-activex.rules)
 * 1:4215 <-> ENABLED <-> WEB-ACTIVEX Microsoft HTML Popup Window ActiveX object access (web-activex.rules)
 * 1:4216 <-> ENABLED <-> WEB-ACTIVEX CLSID_CComAcctImport ActiveX object access (web-activex.rules)
 * 1:4217 <-> ENABLED <-> WEB-ACTIVEX Microsoft Office Services on the Web Free/Busy ActiveX object access (web-activex.rules)
 * 1:4218 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic WebClass ActiveX object access (web-activex.rules)
 * 1:4219 <-> ENABLED <-> WEB-ACTIVEX Microsoft Network Connections Tray ActiveX object access (web-activex.rules)
 * 1:4220 <-> ENABLED <-> WEB-ACTIVEX Microsoft Network and Dial-Up Connections ActiveX object access (web-activex.rules)
 * 1:4221 <-> ENABLED <-> WEB-ACTIVEX Microsoft ProxyStub Dispatch ActiveX object access (web-activex.rules)
 * 1:4222 <-> ENABLED <-> WEB-ACTIVEX Internet Explorer Outllib.dll ActiveX object access (web-activex.rules)
 * 1:4223 <-> ENABLED <-> WEB-ACTIVEX Microsoft OpenCable Class ActiveX object access (web-activex.rules)
 * 1:4224 <-> ENABLED <-> WEB-ACTIVEX Microsoft VideoPort ActiveX object access (web-activex.rules)
 * 1:4225 <-> ENABLED <-> WEB-ACTIVEX Microsoft Repository ActiveX object access (web-activex.rules)
 * 1:4226 <-> ENABLED <-> WEB-ACTIVEX Microsoft DocHost User Interface Handler ActiveX object access (web-activex.rules)
 * 1:4227 <-> ENABLED <-> WEB-ACTIVEX Microsoft Network Connections ActiveX object access (web-activex.rules)
 * 1:4228 <-> ENABLED <-> WEB-ACTIVEX Microsoft Windows Start Menu ActiveX object access (web-activex.rules)
 * 1:4229 <-> ENABLED <-> WEB-ACTIVEX MSAPP Export Support for Microsoft Access ActiveX object access (web-activex.rules)
 * 1:10137 <-> ENABLED <-> WEB-ACTIVEX Microsoft Input Method Editor ActiveX clsid access (web-activex.rules)
 * 1:10144 <-> DISABLED <-> WEB-ACTIVEX LexRefBilingualTextContext ActiveX function call access (web-activex.rules)
 * 1:10150 <-> DISABLED <-> WEB-ACTIVEX HTML Inline Movie Control ActiveX function call access (web-activex.rules)
 * 1:1019 <-> DISABLED <-> WEB-IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules)
 * 1:1032 <-> DISABLED <-> WEB-IIS showcode access (web-iis.rules)
 * 1:1036 <-> DISABLED <-> WEB-IIS viewcode access (web-iis.rules)
 * 3:10127 <-> ENABLED <-> DOS Microsoft IP Options denial of service (dos.rules)
 * 3:12028 <-> ENABLED <-> SMTP Microsoft Exchange Server MIME base64 decoding code execution attempt (smtp.rules)
 * 3:12636 <-> ENABLED <-> NNTP XHDR buffer overflow attempt (nntp.rules)
 * 3:13287 <-> ENABLED <-> BAD-TRAFFIC Windows remote kernel tcp/ip igmp vulnerability exploit attempt (bad-traffic.rules)
 * 3:13450 <-> ENABLED <-> BAD-TRAFFIC invalid dhcp offer denial of service attempt (bad-traffic.rules)
 * 3:13469 <-> ENABLED <-> WEB-CLIENT Microsoft Word ole stream memory corruption attempt (web-client.rules)
 * 3:13471 <-> ENABLED <-> EXPLOIT Microsoft Publisher invalid pathname overwrite (exploit.rules)
 * 3:13475 <-> ENABLED <-> DOS Microsoft Active Directory LDAP denial of service attempt (dos.rules)
 * 3:13476 <-> ENABLED <-> WEB-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (web-iis.rules)
 * 3:13582 <-> ENABLED <-> WEB-CLIENT Microsoft Excel sst record arbitrary code execution attempt (web-client.rules)
 * 3:13666 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI integer overflow attempt (web-client.rules)
 * 3:13667 <-> ENABLED <-> BAD-TRAFFIC dns cache poisoning attempt (bad-traffic.rules)
 * 3:13676 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI emf filename buffer overflow attempt (web-client.rules)
 * 3:13718 <-> ENABLED <-> SMTP BDAT buffer overflow attempt (smtp.rules)
 * 3:13790 <-> ENABLED <-> WEB-CLIENT Microsoft Word malformed css remote code execution attempt (web-client.rules)
 * 3:13798 <-> ENABLED <-> WEB-CLIENT Microsoft malware protection engine denial of service attempt (web-client.rules)
 * 3:13802 <-> ENABLED <-> WEB-CLIENT Microsoft malware protection engine denial of service attempt (web-client.rules)
 * 3:13803 <-> ENABLED <-> WEB-CLIENT RTF control word overflow attempt (web-client.rules)
 * 3:13825 <-> ENABLED <-> DOS Microsoft PGM fragment denial of service attempt (dos.rules)
 * 3:13826 <-> ENABLED <-> EXPLOIT Microsoft WINS arbitrary memory modification attempt (exploit.rules)
 * 3:13835 <-> ENABLED <-> DOS Microsoft Active Directory LDAP cookie denial of service attempt (dos.rules)
 * 3:13879 <-> ENABLED <-> WEB-CLIENT Windows BMP image conversion arbitrary code execution attempt (web-client.rules)
 * 3:13887 <-> ENABLED <-> BAD-TRAFFIC dns root nameserver poisoning attempt (bad-traffic.rules)
 * 3:13922 <-> ENABLED <-> WEB-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (web-iis.rules)
 * 3:13946 <-> ENABLED <-> WEB-CLIENT Apple PICT/Quickdraw image converter packType 4 buffer overflow exploit attempt (web-client.rules)
 * 3:13947 <-> ENABLED <-> WEB-CLIENT Apple PICT/Quickdraw image converter packType 3 buffer overflow exploit attempt (web-client.rules)
 * 3:13954 <-> ENABLED <-> WEB-CLIENT Microsoft Color Management System EMF file processing overflow attempt (web-client.rules)
 * 3:13958 <-> ENABLED <-> WEB-CLIENT WordPerfect Graphics file invalid RLE buffer overflow attempt (web-client.rules)
 * 3:13969 <-> ENABLED <-> WEB-CLIENT Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (web-client.rules)
 * 3:13975 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Event System ActiveX clsid access (web-client.rules)
 * 3:13976 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Event System ActiveX clsid unicode access (web-client.rules)
 * 3:13977 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Event System ActiveX function call access (web-client.rules)
 * 3:13978 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Event System ActiveX function call unicode access (web-client.rules)
 * 3:13979 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Event System Subscription VBScript access (web-client.rules)
 * 3:14251 <-> ENABLED <-> EXPLOIT Microsoft GDI malformed metarecord buffer overflow attempt (exploit.rules)
 * 3:14252 <-> ENABLED <-> MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (multimedia.rules)
 * 3:14253 <-> ENABLED <-> MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (multimedia.rules)
 * 3:14254 <-> ENABLED <-> MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (multimedia.rules)
 * 3:14259 <-> ENABLED <-> WEB-CLIENT Microsoft GDI EMF malformed file buffer overflow attempt (web-client.rules)
 * 3:14260 <-> ENABLED <-> WEB-CLIENT Microsoft Windows GDI+ GIF image invalid number of extension blocks buffer overflow attempt (web-client.rules)
 * 3:14646 <-> ENABLED <-> DOS Active Directory malformed baseObject denial of service attempt (dos.rules)
 * 3:14655 <-> ENABLED <-> WEB-CLIENT Excel rept integer underflow attempt (web-client.rules)
 * 3:15009 <-> ENABLED <-> NETBIOS possible SMB replay attempt - overlapping encryption keys detected (netbios.rules)
 * 3:15117 <-> ENABLED <-> WEB-CLIENT Microsoft Excel malformed OBJ record arbitrary code execution attempt (web-client.rules)
 * 3:15118 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic Winsock ActiveX clsid access (web-activex.rules)
 * 3:15119 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic Winsock ActiveX clsid unicode access (web-activex.rules)
 * 3:15120 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic Winsock ActiveX function call access (web-activex.rules)
 * 3:15121 <-> ENABLED <-> WEB-ACTIVEX Microsoft Visual Basic Winsock ActiveX function call unicode access (web-activex.rules)
 * 3:15124 <-> ENABLED <-> NETBIOS Web-based NTLM replay attack attempt (netbios.rules)
 * 3:15125 <-> ENABLED <-> WEB-CLIENT Microsoft Word rich text file unpaired dpendgroup exploit attempt (web-client.rules)
 * 3:15298 <-> ENABLED <-> WEB-CLIENT Microsoft Visio could allow remote code execution (web-client.rules)
 * 3:15300 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer EMF polyline overflow attempt (web-client.rules)
 * 3:15301 <-> ENABLED <-> SMTP Exchange compressed RTF remote code execution attempt (smtp.rules)
 * 3:15329 <-> ENABLED <-> SMTP Microsoft Exchange MODPROPS memory corruption attempt (smtp.rules)
 * 3:15365 <-> ENABLED <-> WEB-CLIENT Microsoft Excel extrst record arbitrary code excecution attempt (web-client.rules)
 * 3:15453 <-> ENABLED <-> NETBIOS SMB replay attempt via NTLMSSP - overlapping encryption keys detected (netbios.rules)
 * 3:15454 <-> ENABLED <-> WEB-CLIENT Microsoft Office PowerPoint malformed msofbtTextbox exploit attempt (web-client.rules)
 * 3:15456 <-> ENABLED <-> EXPLOIT WinHTTP SSL/TLS impersonation attempt (exploit.rules)
 * 3:15465 <-> ENABLED <-> WEB-CLIENT Microsoft Excel malformed object record remote code execution attempt (web-client.rules)
 * 3:15470 <-> ENABLED <-> WEB-MISC IIS ASP/ASP.NET potentially malicious file upload attempt (web-misc.rules)
 * 3:15474 <-> ENABLED <-> BAD-TRAFFIC Microsoft ISA Server and Forefront Threat Management Gateway invalid RST denial of service attempt (bad-traffic.rules)
 * 3:15498 <-> ENABLED <-> WEB-CLIENT Microsoft PowerPoint CString atom overflow attempt (web-client.rules)
 * 3:15503 <-> ENABLED <-> WEB-CLIENT Download of PowerPoint 95 file (web-client.rules)
 * 3:15519 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel BRAI record remote code execution attempt (web-client.rules)
 * 3:15520 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel FtCbls remote code execution attempt (web-client.rules)
 * 3:15521 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel ExternSheet record remote code execution attempt (web-client.rules)
 * 3:15522 <-> ENABLED <-> DOS Active Directory invalid OID denial of service attempt (dos.rules)
 * 3:15528 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (netbios.rules)
 * 3:15683 <-> ENABLED <-> WEB-MISC ISA Server OTP-based Forms-authorization fallback policy bypass attempt (web-misc.rules)
 * 3:15847 <-> ENABLED <-> NETBIOS Telnet-based NTLM replay attack attempt (netbios.rules)
 * 3:15848 <-> ENABLED <-> EXPLOIT WINS replication request memory corruption attempt (exploit.rules)
 * 3:15851 <-> ENABLED <-> DOS Microsoft ASP.NET bad request denial of service attempt (dos.rules)
 * 3:15857 <-> ENABLED <-> WEB-CLIENT Microsoft Windows AVIFile media file invalid header length (web-client.rules)
 * 3:15920 <-> ENABLED <-> WEB-CLIENT Microsoft mp3 malformed APIC header RCE attempt (web-client.rules)
 * 3:15974 <-> ENABLED <-> EXPLOIT Microsoft IIS ASP handling buffer overflow (exploit.rules)
 * 3:16150 <-> ENABLED <-> EXPLOIT Internet Explorer variant argument validation remote code execution attempt (exploit.rules)
 * 3:16154 <-> ENABLED <-> WEB-CLIENT GDI+ .NET image property parsing memory corruption (web-client.rules)
 * 3:16156 <-> ENABLED <-> WEB-CLIENT Windows Media Player ASF marker object memory corruption attempt (web-client.rules)
 * 3:16158 <-> ENABLED <-> WEB-CLIENT malformed ASF codec memory corruption (web-client.rules)
 * 3:16179 <-> ENABLED <-> EXPLOIT Microsoft .NET MSIL CLR interface multiple instantiation attempt (exploit.rules)
 * 3:16180 <-> ENABLED <-> WEB-CLIENT Windows CryptoAPI common name spoofing attempt (web-client.rules)
 * 3:16182 <-> ENABLED <-> EXPLOIT Microsoft .NET MSIL stack corruption attempt (exploit.rules)
 * 3:16222 <-> ENABLED <-> WEB-CLIENT Malformed BMP dimensions arbitrary code execution attempt (web-client.rules)
 * 3:16227 <-> ENABLED <-> WEB-MISC Web Service on Devices API 'WSDAPI' URL processing buffer corruption attempt (web-misc.rules)
 * 3:16228 <-> ENABLED <-> WEB-CLIENT Microsoft Excel malformed StartObject record arbitrary code execution attempt (web-client.rules)
 * 3:16230 <-> ENABLED <-> WEB-CLIENT Microsoft Excel oversized ib memory corruption attempt (web-client.rules)
 * 3:16232 <-> ENABLED <-> WEB-CLIENT Windows TrueType font file parsing integer overflow attempt (web-client.rules)
 * 3:16237 <-> ENABLED <-> DOS Microsoft Active Directory NTDSA stack space exhaustion attempt (dos.rules)
 * 3:16329 <-> ENABLED <-> EXPLOIT Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (exploit.rules)
 * 3:16394 <-> ENABLED <-> DOS Active Directory Kerberos referral TGT renewal DoS attempt (dos.rules)
 * 3:16395 <-> ENABLED <-> NETBIOS SMB COPY command oversized pathname attempt (netbios.rules)
 * 3:16396 <-> ENABLED <-> NETBIOS SMB server srvnet.sys driver race condition attempt (netbios.rules)
 * 3:16405 <-> ENABLED <-> ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (icmp.rules)
 * 3:16408 <-> ENABLED <-> DOS Microsoft Windows TCP SACK invalid range denial of service attempt (dos.rules)
 * 3:16415 <-> ENABLED <-> WEB-CLIENT Microsoft DirectShow memory corruption attempt (web-client.rules)
 * 3:16418 <-> ENABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules)
 * 3:16504 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer 7 encoded content handling exploit attempt (exploit.rules)
 * 3:16505 <-> ENABLED <-> EXPLOIT Microsoft IE HTML parsing memory corruption attempt (exploit.rules)
 * 3:16509 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer designMode-enabled information disclosure attempt (exploit.rules)
 * 3:16530 <-> ENABLED <-> WEB-CLIENT CAB SIP authenticode alteration attempt (web-client.rules)
 * 3:16531 <-> ENABLED <-> NETBIOS SMB client TRANS response ring0 remote code execution attempt (netbios.rules)
 * 3:16532 <-> ENABLED <-> NETBIOS SMB client TRANS response ring0 remote code execution attempt (netbios.rules)
 * 3:16533 <-> ENABLED <-> BAD-TRAFFIC Microsoft Windows ISATAP-addressed IPv6 traffic spoofing attempt (bad-traffic.rules)
 * 3:16534 <-> ENABLED <-> DOS Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service attempt (dos.rules)
 * 3:16577 <-> ENABLED <-> NETBIOS Microsoft Windows SMBv2 compound request DoS attempt (netbios.rules)
 * 3:16649 <-> ENABLED <-> WEB-CLIENT Microsoft Excel HFPicture record stack buffer overflow attempt (web-client.rules)
 * 3:16658 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer 8 cross-site scripting attempt (web-client.rules)
 * 3:16662 <-> ENABLED <-> WEB-CLIENT Microsoft Excel SxView heap overflow attempt (web-client.rules)
 * 3:17041 <-> ENABLED <-> WEB-MISC ISA Server OTP-based Forms-authorization fallback policy bypass attempt (web-misc.rules)
 * 3:17115 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain information disclosure attempt (web-client.rules)
 * 3:17118 <-> ENABLED <-> EXPLOIT Microsoft .NET CreateDelegate method arbitrary code execution attempt (exploit.rules)
 * 3:17126 <-> ENABLED <-> NETBIOS SMB large session length with small packet (netbios.rules)
 * 3:17242 <-> ENABLED <-> WEB-CLIENT Windows Media Player ASF file arbitrary code execution attempt (web-client.rules)
 * 3:17251 <-> ENABLED <-> SMTP Outlook RTF remote code execution attempt (smtp.rules)
 * 3:17667 <-> ENABLED <-> MISC Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (misc.rules)
 * 3:17696 <-> ENABLED <-> EXPLOIT Microsoft DNS Server ANY query cache weakness (exploit.rules)
 * 3:17762 <-> ENABLED <-> WEB-CLIENT Microsoft Excel corrupted TABLE record clean up exploit attempt (web-client.rules)
 * 3:17765 <-> ENABLED <-> WEB-CLIENT OpenType Font file parsing buffer overflow attempt (web-client.rules)
 * 3:18063 <-> ENABLED <-> WEB-CLIENT Microsoft Office embedded Office Art drawings execution attempt (web-client.rules)
 * 3:18064 <-> ENABLED <-> EXPLOIT Microsoft .NET framework EntityObject execution attempt (exploit.rules)
 * 3:18213 <-> ENABLED <-> SPECIFIC-THREATS MS Publisher column and row remote code execution attempt (specific-threats.rules)
 * 3:18220 <-> ENABLED <-> WEB-CLIENT Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (web-client.rules)
 * 3:18249 <-> ENABLED <-> ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (icmp.rules)
 * 3:18400 <-> ENABLED <-> SPECIFIC-THREATS MS CRSS local process allowed to persist through logon or logoff attempt (specific-threats.rules)
 * 3:18405 <-> ENABLED <-> SPECIFIC-THREATS Microsoft LSASS domain name buffer overflow attempt (specific-threats.rules)
 * 3:18409 <-> ENABLED <-> SPECIFIC-THREATS Microsoft win32k.sys write message to dead thread code execution attempt (specific-threats.rules)
 * 3:18410 <-> ENABLED <-> SPECIFIC-THREATS Microsoft win32k.sys write message to dead thread code execution attempt (specific-threats.rules)
 * 3:18411 <-> ENABLED <-> SPECIFIC-THREATS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (specific-threats.rules)
 * 3:18412 <-> ENABLED <-> SPECIFIC-THREATS Microsoft win32k!xxxTrackPopupMenuEx privilege escalation attempt (specific-threats.rules)
 * 3:18414 <-> ENABLED <-> WEB-CLIENT Microsoft Windows Kerberos auth downgrade to DES MITM attempt (web-client.rules)
 * 3:18630 <-> ENABLED <-> WEB-CLIENT Microsoft Excel rtToolbarDef record integer overflow attempt (web-client.rules)
 * 3:18631 <-> ENABLED <-> WEB-CLIENT Microsoft Excel rtToolbarDef record integer overflow attempt (web-client.rules)
 * 3:18640 <-> ENABLED <-> WEB-CLIENT Microsoft Excel malformed SupBook record attempt (web-client.rules)
 * 3:18641 <-> ENABLED <-> SPECIFIC_THREATS Excel OBJ record invalid cmo.ot exploit attempt (specific-threats.rules)
 * 3:18660 <-> ENABLED <-> NETBIOS SMB2 write packet buffer overflow attempt (netbios.rules)
 * 3:18661 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18662 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18663 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18664 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18665 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18666 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18667 <-> ENABLED <-> EXPLOIT Microsoft win32k.sys escalation of privilege attempt (exploit.rules)
 * 3:18669 <-> ENABLED <-> WEB-CLIENT cross-domain object mainpulation attempt (web-client.rules)
 * 3:18672 <-> ENABLED <-> WEB-ACTIVEX Microsoft IE8 Developer Tool ActiveX clsid access (web-activex.rules)
 * 3:18673 <-> ENABLED <-> WEB-CLIENT Microsoft Fax Cover Page Editor heap corruption attempt (web-client.rules)
 * 3:18676 <-> ENABLED <-> WEB-CLIENT WEB-CLIENT Microsoft Office Excel DV record buffer overflow attempt (web-client.rules)
 * 3:18949 <-> ENABLED <-> WEB-CLIENT PowerPoint malformed RecolorInfoAtom exploit attempt (web-client.rules)
 * 3:19187 <-> ENABLED <-> BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt (bad-traffic.rules)
 * 3:20275 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss NetShareEnumAll response overflow attempt (netbios.rules)
 * 3:7019 <-> ENABLED <-> P2P WinNY connection attempt (p2p.rules)
 * 3:7196 <-> ENABLED <-> EXPLOIT Microsoft DHCP option overflow attempt (exploit.rules)
 * 3:8092 <-> ENABLED <-> DOS IGMP IP Options validation attempt (dos.rules)
 * 3:8351 <-> ENABLED <-> BAD-TRAFFIC PGM nak list overflow attempt (bad-traffic.rules)