Sourcefire VRT Rules Update

Date: 2013-06-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.4.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:26964 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jnlp request (exploit-kit.rules)
 * 1:26958 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 3 (exploit-kit.rules)
 * 1:26961 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit landing page (exploit-kit.rules)
 * 1:26946 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.Uptime RAT beacon attempt (malware-cnc.rules)
 * 1:26950 <-> ENABLED <-> EXPLOIT-KIT DotCachef/DotCache exploit kit Zeroaccess download attempt (exploit-kit.rules)
 * 1:26981 <-> DISABLED <-> SERVER-WEBAPP WordPress login denial of service attempt (server-webapp.rules)
 * 1:25617 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25618 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:25589 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:26973 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules)
 * 1:26941 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.PipCreat RAT dropper download attempt (malware-cnc.rules)
 * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26962 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit portable executable download (exploit-kit.rules)
 * 1:26939 <-> ENABLED <-> OS-MOBILE Android Tetus device information leakage variant (os-mobile.rules)
 * 1:26938 <-> ENABLED <-> OS-MOBILE Android Tetus device information leakage (os-mobile.rules)
 * 1:26977 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules)
 * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules)
 * 1:25550 <-> DISABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules)
 * 1:25619 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:26979 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules)
 * 1:26951 <-> ENABLED <-> EXPLOIT-KIT DotCachef/DotCache Exploit Kit Malvertising Campaign URI request (exploit-kit.rules)
 * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules)
 * 1:26942 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.PipCreat RAT beacon attempt (malware-cnc.rules)
 * 1:26952 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules)
 * 1:26943 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.Post_Show RAT beacon attempt (malware-cnc.rules)
 * 1:26967 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:26966 <-> ENABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules)
 * 1:26980 <-> DISABLED <-> DOS RealNetworks Helix snmp master agent denial of service attempt (dos.rules)
 * 1:26978 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules)
 * 1:25664 <-> ENABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules)
 * 1:25601 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:26959 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 4 (exploit-kit.rules)
 * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules)
 * 1:26971 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fasternation.net - Win.Trojan.Pirminay (blacklist.rules)
 * 1:26960 <-> ENABLED <-> EXPLOIT-KIT Zuponcic Exploit kit redirection received (exploit-kit.rules)
 * 1:26945 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.Bisonal RAT beacon attempt (malware-cnc.rules)
 * 1:25612 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:26940 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.TripleNine RAT beacon attempt (malware-cnc.rules)
 * 1:25620 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules)
 * 1:26944 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.Post_Show RAT beacon attempt (malware-cnc.rules)
 * 1:26965 <-> ENABLED <-> MALWARE-CNC Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules)
 * 1:26957 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 2 (exploit-kit.rules)
 * 1:26947 <-> ENABLED <-> EXPLOIT-KIT DotCachef/DotCache exploit kit inbound java exploit download (exploit-kit.rules)
 * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules)
 * 1:26976 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules)
 * 1:26974 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image uploader ActiveX clsid access attempt (browser-plugins.rules)
 * 1:26954 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules)
 * 1:26975 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image uploader ActiveX function call access attempt (browser-plugins.rules)
 * 1:26956 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 1 (exploit-kit.rules)
 * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules)
 * 1:25549 <-> DISABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules)
 * 1:26949 <-> ENABLED <-> EXPLOIT-KIT DotCachef/DotCache exploit kit landing page (exploit-kit.rules)
 * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules)
 * 1:26982 <-> ENABLED <-> FILE-FLASH Adobe SWF remote memory corruption attempt (file-flash.rules)
 * 1:26953 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-300/DIR-600 unauthenticated remote command execution attempt (server-webapp.rules)
 * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe SWF remote memory corruption attempt (file-flash.rules)
 * 1:26948 <-> ENABLED <-> EXPLOIT-KIT DotCachef/DotCache exploit kit inbound java exploit download (exploit-kit.rules)
 * 1:26963 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jar request (exploit-kit.rules)
 * 3:26972 <-> ENABLED <-> EXPLOIT CUPS IPP multi-valued attribute memory corruption attempt (exploit.rules)

Modified Rules:


 * 1:710 <-> DISABLED <-> PROTOCOL-TELNET EZsetup account attempt (protocol-telnet.rules)
 * 1:599 <-> DISABLED <-> PROTOCOL-RPC portmap listing TCP 32771 (protocol-rpc.rules)
 * 1:635 <-> DISABLED <-> INDICATOR-SCAN XTACACS logout (indicator-scan.rules)
 * 1:719 <-> DISABLED <-> PROTOCOL-TELNET root login (protocol-telnet.rules)
 * 1:10408 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules)
 * 1:8081 <-> DISABLED <-> INDICATOR-SCAN UPnP service discover attempt (indicator-scan.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9623 <-> DISABLED <-> PROTOCOL-RPC UNIX authentication machinename string overflow attempt TCP (protocol-rpc.rules)
 * 1:9624 <-> DISABLED <-> PROTOCOL-RPC UNIX authentication machinename string overflow attempt UDP (protocol-rpc.rules)
 * 1:9638 <-> DISABLED <-> PROTOCOL-TFTP PUT Microsoft RIS filename overwrite attempt (protocol-tftp.rules)
 * 1:2921 <-> DISABLED <-> PROTOCOL-DNS UDP inverse query (protocol-dns.rules)
 * 1:585 <-> DISABLED <-> PROTOCOL-RPC portmap sadmind request UDP (protocol-rpc.rules)
 * 1:518 <-> DISABLED <-> PROTOCOL-TFTP Put (protocol-tftp.rules)
 * 1:26937 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer image download spoofing attempt (browser-ie.rules)
 * 1:26653 <-> ENABLED <-> EXPLOIT-KIT Mutiple exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:24701 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules)
 * 1:26442 <-> ENABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules)
 * 1:26826 <-> ENABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake credential theft attempt (os-mobile.rules)
 * 1:26827 <-> ENABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake device information disclosure attempt (os-mobile.rules)
 * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules)
 * 1:26783 <-> ENABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake APK file download (os-mobile.rules)
 * 1:577 <-> DISABLED <-> PROTOCOL-RPC portmap bootparam request UDP (protocol-rpc.rules)
 * 1:26689 <-> ENABLED <-> OS-MOBILE Android Denofow phone information exfiltration (os-mobile.rules)
 * 1:26500 <-> ENABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules)
 * 1:26104 <-> ENABLED <-> OS-MOBILE Android KMin imei imsi leakage (os-mobile.rules)
 * 1:26550 <-> ENABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules)
 * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules)
 * 1:587 <-> DISABLED <-> PROTOCOL-RPC portmap status request UDP (protocol-rpc.rules)
 * 1:18786 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (protocol-scada.rules)
 * 1:18787 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (protocol-scada.rules)
 * 1:18788 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (protocol-scada.rules)
 * 1:18789 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (protocol-scada.rules)
 * 1:1890 <-> DISABLED <-> PROTOCOL-RPC status GHBN format string attack (protocol-rpc.rules)
 * 1:1891 <-> DISABLED <-> PROTOCOL-RPC status GHBN format string attack (protocol-rpc.rules)
 * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules)
 * 1:1893 <-> DISABLED <-> PROTOCOL-SNMP missing community string attempt (protocol-snmp.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19007 <-> DISABLED <-> SERVER-SAMBA Samba SID parsing overflow attempt (server-samba.rules)
 * 1:1905 <-> DISABLED <-> PROTOCOL-RPC AMD UDP amqproc_mount plog overflow attempt (protocol-rpc.rules)
 * 1:1906 <-> DISABLED <-> PROTOCOL-RPC AMD TCP amqproc_mount plog overflow attempt (protocol-rpc.rules)
 * 1:1907 <-> DISABLED <-> PROTOCOL-RPC CMSD UDP CMSD_CREATE buffer overflow attempt (protocol-rpc.rules)
 * 1:1908 <-> DISABLED <-> PROTOCOL-RPC CMSD TCP CMSD_CREATE buffer overflow attempt (protocol-rpc.rules)
 * 1:1910 <-> DISABLED <-> PROTOCOL-RPC CMSD udp CMSD_INSERT buffer overflow attempt (protocol-rpc.rules)
 * 1:1909 <-> DISABLED <-> PROTOCOL-RPC CMSD TCP CMSD_INSERT buffer overflow attempt (protocol-rpc.rules)
 * 1:19100 <-> DISABLED <-> FILE-JAVA Oracle Java Soundbank resource name overflow attempt (file-java.rules)
 * 1:1911 <-> DISABLED <-> PROTOCOL-RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (protocol-rpc.rules)
 * 1:1913 <-> DISABLED <-> PROTOCOL-RPC STATD UDP stat mon_name format string exploit attempt (protocol-rpc.rules)
 * 1:1912 <-> DISABLED <-> PROTOCOL-RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (protocol-rpc.rules)
 * 1:1914 <-> DISABLED <-> PROTOCOL-RPC STATD TCP stat mon_name format string exploit attempt (protocol-rpc.rules)
 * 1:1915 <-> DISABLED <-> PROTOCOL-RPC STATD UDP monitor mon_name format string exploit attempt (protocol-rpc.rules)
 * 1:1916 <-> DISABLED <-> PROTOCOL-RPC STATD TCP monitor mon_name format string exploit attempt (protocol-rpc.rules)
 * 1:1917 <-> DISABLED <-> INDICATOR-SCAN UPnP service discover attempt (indicator-scan.rules)
 * 1:1922 <-> DISABLED <-> PROTOCOL-RPC portmap proxy attempt TCP (protocol-rpc.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:1923 <-> DISABLED <-> PROTOCOL-RPC portmap proxy attempt UDP (protocol-rpc.rules)
 * 1:1924 <-> DISABLED <-> PROTOCOL-RPC mountd UDP export request (protocol-rpc.rules)
 * 1:1926 <-> DISABLED <-> PROTOCOL-RPC mountd UDP exportall request (protocol-rpc.rules)
 * 1:1925 <-> DISABLED <-> PROTOCOL-RPC mountd TCP exportall request (protocol-rpc.rules)
 * 1:1941 <-> DISABLED <-> PROTOCOL-TFTP GET filename overflow attempt (protocol-tftp.rules)
 * 1:19416 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules)
 * 1:19417 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules)
 * 1:19418 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPhone download attempt (os-mobile.rules)
 * 1:1948 <-> DISABLED <-> PROTOCOL-DNS dns zone transfer via UDP detected (protocol-dns.rules)
 * 1:19419 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPod download attempt (os-mobile.rules)
 * 1:1949 <-> DISABLED <-> PROTOCOL-RPC portmap SET attempt TCP 111 (protocol-rpc.rules)
 * 1:1950 <-> DISABLED <-> PROTOCOL-RPC portmap SET attempt UDP 111 (protocol-rpc.rules)
 * 1:1952 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount request (protocol-rpc.rules)
 * 1:1951 <-> DISABLED <-> PROTOCOL-RPC mountd TCP mount request (protocol-rpc.rules)
 * 1:1953 <-> DISABLED <-> PROTOCOL-RPC AMD TCP pid request (protocol-rpc.rules)
 * 1:1954 <-> DISABLED <-> PROTOCOL-RPC AMD UDP pid request (protocol-rpc.rules)
 * 1:1955 <-> DISABLED <-> PROTOCOL-RPC AMD TCP version request (protocol-rpc.rules)
 * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules)
 * 1:1956 <-> DISABLED <-> PROTOCOL-RPC AMD UDP version request (protocol-rpc.rules)
 * 1:1957 <-> DISABLED <-> PROTOCOL-RPC sadmind UDP PING (protocol-rpc.rules)
 * 1:1958 <-> DISABLED <-> PROTOCOL-RPC sadmind TCP PING (protocol-rpc.rules)
 * 1:1959 <-> DISABLED <-> PROTOCOL-RPC portmap NFS request UDP (protocol-rpc.rules)
 * 1:1960 <-> DISABLED <-> PROTOCOL-RPC portmap NFS request TCP (protocol-rpc.rules)
 * 1:19604 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (file-java.rules)
 * 1:19603 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspotrc file load exploit attempt (file-java.rules)
 * 1:1961 <-> DISABLED <-> PROTOCOL-RPC portmap RQUOTA request UDP (protocol-rpc.rules)
 * 1:1962 <-> DISABLED <-> PROTOCOL-RPC portmap RQUOTA request TCP (protocol-rpc.rules)
 * 1:1963 <-> DISABLED <-> PROTOCOL-RPC RQUOTA getquota overflow attempt UDP (protocol-rpc.rules)
 * 1:1964 <-> DISABLED <-> PROTOCOL-RPC tooltalk UDP overflow attempt (protocol-rpc.rules)
 * 1:1965 <-> DISABLED <-> PROTOCOL-RPC tooltalk TCP overflow attempt (protocol-rpc.rules)
 * 1:19779 <-> DISABLED <-> INDICATOR-SCAN sqlmap SQL injection scan attempt (indicator-scan.rules)
 * 1:19926 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules)
 * 1:19933 <-> DISABLED <-> INDICATOR-SCAN DirBuster brute forcing tool detected (indicator-scan.rules)
 * 1:2005 <-> DISABLED <-> PROTOCOL-RPC portmap kcms_server request UDP (protocol-rpc.rules)
 * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20055 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JPEGImageReader overflow attempt (file-java.rules)
 * 1:2014 <-> DISABLED <-> PROTOCOL-RPC portmap UNSET attempt TCP 111 (protocol-rpc.rules)
 * 1:2006 <-> DISABLED <-> PROTOCOL-RPC portmap kcms_server request TCP (protocol-rpc.rules)
 * 1:2007 <-> ENABLED <-> PROTOCOL-RPC kcms_server directory traversal attempt (protocol-rpc.rules)
 * 1:2015 <-> DISABLED <-> PROTOCOL-RPC portmap UNSET attempt UDP 111 (protocol-rpc.rules)
 * 1:2016 <-> DISABLED <-> PROTOCOL-RPC portmap status request TCP (protocol-rpc.rules)
 * 1:2017 <-> DISABLED <-> PROTOCOL-RPC portmap espd request UDP (protocol-rpc.rules)
 * 1:20173 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules)
 * 1:20174 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20178 <-> DISABLED <-> PROTOCOL-SCADA RSLogix rna protocol denial of service attempt (protocol-scada.rules)
 * 1:2018 <-> DISABLED <-> PROTOCOL-RPC mountd TCP dump request (protocol-rpc.rules)
 * 1:2019 <-> DISABLED <-> PROTOCOL-RPC mountd UDP dump request (protocol-rpc.rules)
 * 1:2020 <-> DISABLED <-> PROTOCOL-RPC mountd TCP unmount request (protocol-rpc.rules)
 * 1:20207 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules)
 * 1:634 <-> DISABLED <-> INDICATOR-SCAN Amanda client-version request (indicator-scan.rules)
 * 1:20208 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules)
 * 1:20209 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules)
 * 1:2021 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount request (protocol-rpc.rules)
 * 1:20210 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules)
 * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules)
 * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules)
 * 1:20216 <-> DISABLED <-> PROTOCOL-SCADA Beckhoff TwinCAT DoS (protocol-scada.rules)
 * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (os-mobile.rules)
 * 1:2022 <-> DISABLED <-> PROTOCOL-RPC mountd TCP unmountall request (protocol-rpc.rules)
 * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (os-mobile.rules)
 * 1:2023 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmountall request (protocol-rpc.rules)
 * 1:2024 <-> DISABLED <-> PROTOCOL-RPC RQUOTA getquota overflow attempt TCP (protocol-rpc.rules)
 * 1:20239 <-> DISABLED <-> FILE-JAVA Oracle Java GIF LZW minimum code size overflow attempt (file-java.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20248 <-> DISABLED <-> PROTOCOL-RPC IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt (protocol-rpc.rules)
 * 1:2025 <-> DISABLED <-> PROTOCOL-RPC yppasswd username overflow attempt UDP (protocol-rpc.rules)
 * 1:2027 <-> DISABLED <-> PROTOCOL-RPC yppasswd old password overflow attempt UDP (protocol-rpc.rules)
 * 1:2026 <-> DISABLED <-> PROTOCOL-RPC yppasswd username overflow attempt TCP (protocol-rpc.rules)
 * 1:2028 <-> DISABLED <-> PROTOCOL-RPC yppasswd old password overflow attempt TCP (protocol-rpc.rules)
 * 1:2029 <-> DISABLED <-> PROTOCOL-RPC yppasswd new password overflow attempt UDP (protocol-rpc.rules)
 * 1:2030 <-> DISABLED <-> PROTOCOL-RPC yppasswd new password overflow attempt TCP (protocol-rpc.rules)
 * 1:2031 <-> DISABLED <-> PROTOCOL-RPC yppasswd user update UDP (protocol-rpc.rules)
 * 1:2032 <-> DISABLED <-> PROTOCOL-RPC yppasswd user update TCP (protocol-rpc.rules)
 * 1:2033 <-> DISABLED <-> PROTOCOL-RPC ypserv maplist request UDP (protocol-rpc.rules)
 * 1:2034 <-> DISABLED <-> PROTOCOL-RPC ypserv maplist request TCP (protocol-rpc.rules)
 * 1:2035 <-> DISABLED <-> PROTOCOL-RPC portmap network-status-monitor request UDP (protocol-rpc.rules)
 * 1:2036 <-> DISABLED <-> PROTOCOL-RPC portmap network-status-monitor request TCP (protocol-rpc.rules)
 * 1:2037 <-> DISABLED <-> PROTOCOL-RPC network-status-monitor mon-callback request UDP (protocol-rpc.rules)
 * 1:2038 <-> DISABLED <-> PROTOCOL-RPC network-status-monitor mon-callback request TCP (protocol-rpc.rules)
 * 1:2041 <-> DISABLED <-> INDICATOR-SCAN xtacacs failed login response (indicator-scan.rules)
 * 1:2043 <-> DISABLED <-> INDICATOR-SCAN isakmp login failed (indicator-scan.rules)
 * 1:20444 <-> ENABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:20430 <-> ENABLED <-> FILE-JAVA Oracle Java Web Start BasicServiceImpl security policy bypass attempt (file-java.rules)
 * 1:2045 <-> DISABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt UDP (protocol-rpc.rules)
 * 1:20529 <-> DISABLED <-> FILE-JAVA Oracle Java trusted method chaining attempt (file-java.rules)
 * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:20582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:20622 <-> DISABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules)
 * 1:20638 <-> DISABLED <-> PROTOCOL-SCADA Progea Movicon/PowerHMI EIDP over HTTP memory corruption attempt (protocol-scada.rules)
 * 1:2079 <-> DISABLED <-> PROTOCOL-RPC portmap nlockmgr request UDP (protocol-rpc.rules)
 * 1:2080 <-> DISABLED <-> PROTOCOL-RPC portmap nlockmgr request TCP (protocol-rpc.rules)
 * 1:20812 <-> ENABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:2081 <-> DISABLED <-> PROTOCOL-RPC portmap rpc.xfsmd request UDP (protocol-rpc.rules)
 * 1:20813 <-> ENABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2082 <-> DISABLED <-> PROTOCOL-RPC portmap rpc.xfsmd request TCP (protocol-rpc.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:20831 <-> DISABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (file-java.rules)
 * 1:2083 <-> DISABLED <-> PROTOCOL-RPC rpc.xfsmd xfs_export attempt UDP (protocol-rpc.rules)
 * 1:2084 <-> DISABLED <-> PROTOCOL-RPC rpc.xfsmd xfs_export attempt TCP (protocol-rpc.rules)
 * 1:20858 <-> DISABLED <-> FILE-JAVA Oracle Java getSoundBank overflow Attempt malicious jar file (file-java.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:2092 <-> DISABLED <-> PROTOCOL-RPC portmap proxy integer overflow attempt UDP (protocol-rpc.rules)
 * 1:2093 <-> DISABLED <-> PROTOCOL-RPC portmap proxy integer overflow attempt TCP (protocol-rpc.rules)
 * 1:2094 <-> DISABLED <-> PROTOCOL-RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (protocol-rpc.rules)
 * 1:2095 <-> DISABLED <-> PROTOCOL-RPC CMSD TCP CMSD_CREATE array buffer overflow attempt (protocol-rpc.rules)
 * 1:21000 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX clsid access (protocol-scada.rules)
 * 1:21001 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX function call access (protocol-scada.rules)
 * 1:21056 <-> ENABLED <-> FILE-JAVA Oracle Java attempt to write in system32 (file-java.rules)
 * 1:21079 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC HMI Administrator cookie detected (protocol-scada.rules)
 * 1:21100 <-> DISABLED <-> PROTOCOL-RPC Novell Netware xdr decode string length buffer overflow attempt (protocol-rpc.rules)
 * 1:21146 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules)
 * 1:21147 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules)
 * 1:21148 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules)
 * 1:21149 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules)
 * 1:21164 <-> DISABLED <-> SERVER-SAMBA Samba username map script command injection attempt (server-samba.rules)
 * 1:21339 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom auth field attempt (file-multimedia.rules)
 * 1:21370 <-> DISABLED <-> SERVER-SAMBA Samba name mangling buffer overflow attempt (server-samba.rules)
 * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (file-java.rules)
 * 1:21462 <-> DISABLED <-> FILE-JAVA Oracle Java Plugin security bypass (file-java.rules)
 * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules)
 * 1:21483 <-> DISABLED <-> PROTOCOL-SCADA Moxa Device Manager buffer overflow attempt (protocol-scada.rules)
 * 1:21490 <-> DISABLED <-> PROTOCOL-SCADA General Electric d20me configuration retrieval attempt (protocol-scada.rules)
 * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (protocol-scada.rules)
 * 1:586 <-> DISABLED <-> PROTOCOL-RPC portmap selection_svc request UDP (protocol-rpc.rules)
 * 1:26016 <-> ENABLED <-> OS-MOBILE Android GGTracker server communication (os-mobile.rules)
 * 1:25998 <-> ENABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules)
 * 1:24904 <-> ENABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24905 <-> ENABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24906 <-> ENABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:584 <-> DISABLED <-> PROTOCOL-RPC portmap rusers request UDP (protocol-rpc.rules)
 * 1:26486 <-> ENABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules)
 * 1:26504 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules)
 * 1:24915 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules)
 * 1:26291 <-> ENABLED <-> OS-MOBILE Android Ksapp device registration (os-mobile.rules)
 * 1:595 <-> DISABLED <-> PROTOCOL-RPC portmap espd request TCP (protocol-rpc.rules)
 * 1:574 <-> DISABLED <-> PROTOCOL-RPC mountd TCP export request (protocol-rpc.rules)
 * 1:3154 <-> DISABLED <-> PROTOCOL-DNS UDP inverse query overflow (protocol-dns.rules)
 * 1:24993 <-> DISABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules)
 * 1:26414 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server executable file upload attempt (protocol-scada.rules)
 * 1:26017 <-> ENABLED <-> OS-MOBILE Android GGTracker leak of device phone number (os-mobile.rules)
 * 1:10482 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp request (protocol-rpc.rules)
 * 1:25006 <-> ENABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules)
 * 1:588 <-> DISABLED <-> PROTOCOL-RPC portmap ttdbserv request UDP (protocol-rpc.rules)
 * 1:2922 <-> DISABLED <-> PROTOCOL-DNS TCP inverse query (protocol-dns.rules)
 * 1:579 <-> DISABLED <-> PROTOCOL-RPC portmap mountd request UDP (protocol-rpc.rules)
 * 1:26484 <-> ENABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules)
 * 1:26552 <-> ENABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules)
 * 1:26705 <-> ENABLED <-> OS-MOBILE Android Ewalls device information exfiltration (os-mobile.rules)
 * 1:520 <-> DISABLED <-> PROTOCOL-TFTP root directory (protocol-tftp.rules)
 * 1:25057 <-> DISABLED <-> PROTOCOL-SCADA Tridium Niagara directory traversal config.bog access attempt (protocol-scada.rules)
 * 1:24770 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:575 <-> DISABLED <-> PROTOCOL-RPC portmap admind request UDP (protocol-rpc.rules)
 * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules)
 * 1:26415 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules)
 * 1:25121 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:26549 <-> ENABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules)
 * 1:582 <-> DISABLED <-> PROTOCOL-RPC portmap rexd request UDP (protocol-rpc.rules)
 * 1:26935 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer image download spoofing attempt (browser-ie.rules)
 * 1:26503 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules)
 * 1:26551 <-> ENABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules)
 * 1:3153 <-> DISABLED <-> PROTOCOL-DNS TCP inverse query overflow (protocol-dns.rules)
 * 1:26488 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules)
 * 1:25999 <-> ENABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules)
 * 1:26485 <-> ENABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules)
 * 1:26102 <-> ENABLED <-> OS-MOBILE Android GoldDream device registration (os-mobile.rules)
 * 1:26388 <-> ENABLED <-> OS-MOBILE Android Stels server response (os-mobile.rules)
 * 1:25122 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:25123 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:10411 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules)
 * 1:3147 <-> DISABLED <-> PROTOCOL-TELNET login buffer overflow attempt (protocol-telnet.rules)
 * 1:25136 <-> ENABLED <-> EXPLOIT-KIT Styx Exploit Kit plugin detection connection (exploit-kit.rules)
 * 1:26588 <-> ENABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules)
 * 1:572 <-> DISABLED <-> PROTOCOL-RPC DOS ttdbserv Solaris (protocol-rpc.rules)
 * 1:26272 <-> ENABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules)
 * 1:26018 <-> ENABLED <-> OS-MOBILE Android GGTracker installation call out (os-mobile.rules)
 * 1:26443 <-> ENABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules)
 * 1:24803 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Real-Time Information Portal directory traversal attempt (protocol-scada.rules)
 * 1:253 <-> DISABLED <-> PROTOCOL-DNS SPOOF query response PTR with TTL of 1 min. and no authority (protocol-dns.rules)
 * 1:25333 <-> DISABLED <-> PROTOCOL-DNS Exim DKIM decoding buffer overflow attempt (protocol-dns.rules)
 * 1:26529 <-> ENABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (malware-backdoor.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:254 <-> DISABLED <-> PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority (protocol-dns.rules)
 * 1:589 <-> DISABLED <-> PROTOCOL-RPC portmap yppasswd request UDP (protocol-rpc.rules)
 * 1:26185 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules)
 * 1:25472 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:25473 <-> DISABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:26768 <-> ENABLED <-> OS-MOBILE Android Fakedoc device information leakage (os-mobile.rules)
 * 1:26114 <-> ENABLED <-> OS-MOBILE Android Zitmo trojan intercepted sms upload (os-mobile.rules)
 * 1:26186 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules)
 * 1:519 <-> DISABLED <-> PROTOCOL-TFTP parent directory (protocol-tftp.rules)
 * 1:24769 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules)
 * 1:26257 <-> DISABLED <-> OS-MOBILE Android ANDR-WIN.MSIL variant PC-USB Malicious executable file download (os-mobile.rules)
 * 1:492 <-> DISABLED <-> PROTOCOL-TELNET login failed (protocol-telnet.rules)
 * 1:583 <-> DISABLED <-> PROTOCOL-RPC portmap rstatd request UDP (protocol-rpc.rules)
 * 1:580 <-> DISABLED <-> PROTOCOL-RPC portmap nisd request UDP (protocol-rpc.rules)
 * 1:255 <-> DISABLED <-> PROTOCOL-DNS dns zone transfer via TCP detected (protocol-dns.rules)
 * 1:590 <-> DISABLED <-> PROTOCOL-RPC portmap ypserv request UDP (protocol-rpc.rules)
 * 1:26502 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules)
 * 1:26693 <-> ENABLED <-> OS-MOBILE Android Antammi device information exfiltration (os-mobile.rules)
 * 1:26795 <-> ENABLED <-> OS-MOBILE Android ANDR.Trojan.ZertSecurity apk download (os-mobile.rules)
 * 1:25512 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSsend variant outbound connection (os-mobile.rules)
 * 1:25542 <-> DISABLED <-> PROTOCOL-RPC EMC NetWorker nsrindexd service buffer overflow attempt (protocol-rpc.rules)
 * 1:25562 <-> ENABLED <-> FILE-JAVA Oracle Java obfuscated jar file download attempt (file-java.rules)
 * 1:3817 <-> DISABLED <-> PROTOCOL-TFTP GET transfer mode overflow attempt (protocol-tftp.rules)
 * 1:569 <-> ENABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt TCP (protocol-rpc.rules)
 * 1:3688 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT VAR information disclosure (protocol-telnet.rules)
 * 1:256 <-> DISABLED <-> PROTOCOL-DNS named authors attempt (protocol-dns.rules)
 * 1:26190 <-> ENABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules)
 * 1:25615 <-> ENABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules)
 * 1:26246 <-> ENABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules)
 * 1:516 <-> DISABLED <-> PROTOCOL-SNMP NT UserList (protocol-snmp.rules)
 * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules)
 * 1:494 <-> DISABLED <-> INDICATOR-COMPROMISE command completed (indicator-compromise.rules)
 * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules)
 * 1:26499 <-> ENABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules)
 * 1:25616 <-> ENABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules)
 * 1:26487 <-> ENABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules)
 * 1:257 <-> DISABLED <-> PROTOCOL-DNS named version attempt (protocol-dns.rules)
 * 1:25830 <-> ENABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules)
 * 1:26247 <-> ENABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules)
 * 1:26387 <-> ENABLED <-> OS-MOBILE Android Stels initial server contact (os-mobile.rules)
 * 1:25831 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:26189 <-> ENABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules)
 * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules)
 * 1:10464 <-> DISABLED <-> PROTOCOL-TELNET kerberos login environment variable authentication bypass attempt (protocol-telnet.rules)
 * 1:26192 <-> ENABLED <-> OS-MOBILE Android CruseWind imei leakage (os-mobile.rules)
 * 1:26292 <-> ENABLED <-> FILE-JAVA Oracle Java Jar file downloaded when zip is defined (file-java.rules)
 * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:26410 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to j.maxmind.com detected (indicator-compromise.rules)
 * 1:26439 <-> ENABLED <-> FILE-JAVA Oracle Java known malicious jar file download - specific structure (file-java.rules)
 * 1:25833 <-> ENABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules)
 * 1:593 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request TCP (protocol-rpc.rules)
 * 1:25834 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:26761 <-> ENABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules)
 * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules)
 * 1:578 <-> DISABLED <-> PROTOCOL-RPC portmap cmsd request UDP (protocol-rpc.rules)
 * 1:26760 <-> ENABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules)
 * 1:26936 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer image download spoofing attempt (browser-ie.rules)
 * 1:26392 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules)
 * 1:10484 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt (protocol-rpc.rules)
 * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules)
 * 1:24585 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:26205 <-> ENABLED <-> OS-MOBILE Android Fakenetflix email password upload (os-mobile.rules)
 * 1:25850 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules)
 * 1:25851 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules)
 * 1:3274 <-> DISABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules)
 * 1:26273 <-> ENABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules)
 * 1:3687 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT USERVAR information disclosure (protocol-telnet.rules)
 * 1:25852 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules)
 * 1:24696 <-> DISABLED <-> PROTOCOL-RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (protocol-rpc.rules)
 * 1:581 <-> DISABLED <-> PROTOCOL-RPC portmap pcnfsd request UDP (protocol-rpc.rules)
 * 1:24814 <-> ENABLED <-> PROTOCOL-SNMP Samsung printer default community string (protocol-snmp.rules)
 * 1:26716 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules)
 * 1:26587 <-> ENABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules)
 * 1:25864 <-> ENABLED <-> OS-MOBILE Android AngryBirdsRioUnlocker initial device info send (os-mobile.rules)
 * 1:25868 <-> ENABLED <-> OS-MOBILE Android.Trojan.Rus.SMS outbound communication attempt (os-mobile.rules)
 * 1:26290 <-> ENABLED <-> OS-MOBILE Android ANDR.Trojan.RootSmart outbound communication attempt (os-mobile.rules)
 * 1:26087 <-> ENABLED <-> OS-MOBILE Android GoneIn60Seconds data upload (os-mobile.rules)
 * 1:25997 <-> ENABLED <-> OS-MOBILE Android jSMSHider initial encrypted device info send (os-mobile.rules)
 * 1:576 <-> DISABLED <-> PROTOCOL-RPC portmap amountd request UDP (protocol-rpc.rules)
 * 1:26015 <-> ENABLED <-> OS-MOBILE Android Lovetrap initial connection (os-mobile.rules)
 * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules)
 * 1:598 <-> DISABLED <-> PROTOCOL-RPC portmap listing TCP 111 (protocol-rpc.rules)
 * 1:10132 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules)
 * 1:10133 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules)
 * 1:21494 <-> DISABLED <-> PROTOCOL-SCADA General Electric D20ME backdoor attempt (protocol-scada.rules)
 * 1:21501 <-> DISABLED <-> FILE-JAVA Oracle JavaScript file upload keystroke hijack attempt (file-java.rules)
 * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (os-mobile.rules)
 * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (os-mobile.rules)
 * 1:21664 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules)
 * 1:21665 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules)
 * 1:21666 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules)
 * 1:21667 <-> DISABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules)
 * 1:21806 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:21817 <-> DISABLED <-> PROTOCOL-DNS excessive queries of type ANY - potential DoS (protocol-dns.rules)
 * 1:2184 <-> DISABLED <-> PROTOCOL-RPC mountd TCP mount path overflow attempt (protocol-rpc.rules)
 * 1:21938 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom default backdoor login attempt (protocol-telnet.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:22005 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:22004 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules)
 * 1:637 <-> DISABLED <-> INDICATOR-SCAN Webtrends Scanner UDP Probe (indicator-scan.rules)
 * 1:22006 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:22008 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:22007 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:18747 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (protocol-scada.rules)
 * 1:636 <-> DISABLED <-> INDICATOR-SCAN cybercop udp bomb (indicator-scan.rules)
 * 1:619 <-> DISABLED <-> INDICATOR-SCAN cybercop os probe (indicator-scan.rules)
 * 1:622 <-> DISABLED <-> INDICATOR-SCAN ipEye SYN scan (indicator-scan.rules)
 * 1:626 <-> DISABLED <-> INDICATOR-SCAN cybercop os PA12 attempt (indicator-scan.rules)
 * 1:627 <-> DISABLED <-> INDICATOR-SCAN cybercop os SFU12 probe (indicator-scan.rules)
 * 1:630 <-> DISABLED <-> INDICATOR-SCAN synscan portscan (indicator-scan.rules)
 * 1:616 <-> DISABLED <-> INDICATOR-SCAN ident version request (indicator-scan.rules)
 * 1:10410 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules)
 * 1:612 <-> DISABLED <-> PROTOCOL-RPC rusers query UDP (protocol-rpc.rules)
 * 1:10409 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules)
 * 1:709 <-> DISABLED <-> PROTOCOL-TELNET 4Dgifts SGI account attempt (protocol-telnet.rules)
 * 1:10483 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp request (protocol-rpc.rules)
 * 1:1100 <-> DISABLED <-> INDICATOR-SCAN L3retriever HTTP Probe (indicator-scan.rules)
 * 1:10485 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (protocol-rpc.rules)
 * 1:712 <-> DISABLED <-> PROTOCOL-TELNET ld_library_path (protocol-telnet.rules)
 * 1:713 <-> DISABLED <-> PROTOCOL-TELNET livingston DOS (protocol-telnet.rules)
 * 1:714 <-> DISABLED <-> PROTOCOL-TELNET resolv_host_conf (protocol-telnet.rules)
 * 1:715 <-> DISABLED <-> PROTOCOL-TELNET Attempted SU from wrong group (protocol-telnet.rules)
 * 1:717 <-> DISABLED <-> PROTOCOL-TELNET not on console (protocol-telnet.rules)
 * 1:718 <-> DISABLED <-> PROTOCOL-TELNET login incorrect (protocol-telnet.rules)
 * 1:17787 <-> DISABLED <-> PROTOCOL-SCADA Modbus read discrete inputs from external source (protocol-scada.rules)
 * 1:1101 <-> DISABLED <-> INDICATOR-SCAN Webtrends HTTP probe (indicator-scan.rules)
 * 1:11288 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp request (protocol-rpc.rules)
 * 1:11289 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp zero-length payload denial of service attempt (protocol-rpc.rules)
 * 1:1133 <-> DISABLED <-> INDICATOR-SCAN cybercop os probe (indicator-scan.rules)
 * 1:12046 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind RPC Library unix authentication buffer overflow attempt (protocol-rpc.rules)
 * 1:12057 <-> DISABLED <-> SERVER-WEBAPP WhatsUpGold configuration access (server-webapp.rules)
 * 1:12075 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules)
 * 1:12185 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp request (protocol-rpc.rules)
 * 1:12186 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp request (protocol-rpc.rules)
 * 1:12187 <-> ENABLED <-> PROTOCOL-RPC portmap 2112 tcp rename_principal attempt (protocol-rpc.rules)
 * 1:12188 <-> ENABLED <-> PROTOCOL-RPC portmap 2112 udp rename_principal attempt (protocol-rpc.rules)
 * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules)
 * 1:12458 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin port query tcp request (protocol-rpc.rules)
 * 1:12464 <-> DISABLED <-> PROTOCOL-NNTP cancel overflow attempt (protocol-nntp.rules)
 * 1:1252 <-> DISABLED <-> PROTOCOL-TELNET bsd telnet exploit response (protocol-telnet.rules)
 * 1:1253 <-> DISABLED <-> PROTOCOL-TELNET bsd exploit client finishing (protocol-telnet.rules)
 * 1:12608 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp request (protocol-rpc.rules)
 * 1:12609 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp format string attack attempt (protocol-rpc.rules)
 * 1:1262 <-> DISABLED <-> PROTOCOL-RPC portmap admind request TCP (protocol-rpc.rules)
 * 1:12626 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin port query udp request (protocol-rpc.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin port query tcp portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin port query udp portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:1263 <-> DISABLED <-> PROTOCOL-RPC portmap amountd request TCP (protocol-rpc.rules)
 * 1:1264 <-> DISABLED <-> PROTOCOL-RPC portmap bootparam request TCP (protocol-rpc.rules)
 * 1:1265 <-> DISABLED <-> PROTOCOL-RPC portmap cmsd request TCP (protocol-rpc.rules)
 * 1:1267 <-> DISABLED <-> PROTOCOL-RPC portmap nisd request TCP (protocol-rpc.rules)
 * 1:1268 <-> DISABLED <-> PROTOCOL-RPC portmap pcnfsd request TCP (protocol-rpc.rules)
 * 1:1269 <-> DISABLED <-> PROTOCOL-RPC portmap rexd request TCP (protocol-rpc.rules)
 * 1:1270 <-> DISABLED <-> PROTOCOL-RPC portmap rstatd request TCP (protocol-rpc.rules)
 * 1:12708 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind auth buffer overflow attempt (protocol-rpc.rules)
 * 1:1271 <-> DISABLED <-> PROTOCOL-RPC portmap rusers request TCP (protocol-rpc.rules)
 * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules)
 * 1:1272 <-> DISABLED <-> PROTOCOL-RPC portmap sadmind request TCP (protocol-rpc.rules)
 * 1:1273 <-> DISABLED <-> PROTOCOL-RPC portmap selection_svc request TCP (protocol-rpc.rules)
 * 1:1274 <-> DISABLED <-> PROTOCOL-RPC portmap ttdbserv request TCP (protocol-rpc.rules)
 * 1:1275 <-> DISABLED <-> PROTOCOL-RPC portmap yppasswd request TCP (protocol-rpc.rules)
 * 1:1276 <-> DISABLED <-> PROTOCOL-RPC portmap ypserv request TCP (protocol-rpc.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:1279 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request UDP (protocol-rpc.rules)
 * 1:1280 <-> DISABLED <-> PROTOCOL-RPC portmap listing UDP 111 (protocol-rpc.rules)
 * 1:1281 <-> DISABLED <-> PROTOCOL-RPC portmap listing UDP 32771 (protocol-rpc.rules)
 * 1:1289 <-> DISABLED <-> PROTOCOL-TFTP GET Admin.dll (protocol-tftp.rules)
 * 1:13223 <-> ENABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules)
 * 1:13249 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 10/8 address detected (protocol-dns.rules)
 * 1:13250 <-> ENABLED <-> PROTOCOL-RPC portmap 390113 tcp request (protocol-rpc.rules)
 * 1:13251 <-> ENABLED <-> PROTOCOL-RPC portmap 390113 udp request (protocol-rpc.rules)
 * 1:13252 <-> ENABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 4 attempt (protocol-rpc.rules)
 * 1:13253 <-> ENABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 4 attempt (protocol-rpc.rules)
 * 1:13256 <-> ENABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 5 attempt (protocol-rpc.rules)
 * 1:13257 <-> ENABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 5 attempt (protocol-rpc.rules)
 * 1:13291 <-> ENABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules)
 * 1:13716 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 232 attempt (protocol-rpc.rules)
 * 1:13717 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 232 attempt (protocol-rpc.rules)
 * 1:13805 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 234 attempt (protocol-rpc.rules)
 * 1:13806 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 234 attempt (protocol-rpc.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:13948 <-> DISABLED <-> PROTOCOL-DNS large number of NXDOMAIN replies - possible DNS cache poisoning (protocol-dns.rules)
 * 1:13949 <-> DISABLED <-> PROTOCOL-DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (protocol-dns.rules)
 * 1:13950 <-> ENABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:1411 <-> DISABLED <-> PROTOCOL-SNMP public access udp (protocol-snmp.rules)
 * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules)
 * 1:1413 <-> DISABLED <-> PROTOCOL-SNMP private access udp (protocol-snmp.rules)
 * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules)
 * 1:1415 <-> DISABLED <-> PROTOCOL-SNMP Broadcast request (protocol-snmp.rules)
 * 1:1416 <-> DISABLED <-> PROTOCOL-SNMP broadcast trap (protocol-snmp.rules)
 * 1:1417 <-> DISABLED <-> PROTOCOL-SNMP request udp (protocol-snmp.rules)
 * 1:1418 <-> DISABLED <-> PROTOCOL-SNMP request tcp (protocol-snmp.rules)
 * 1:1419 <-> DISABLED <-> PROTOCOL-SNMP trap udp (protocol-snmp.rules)
 * 1:1420 <-> DISABLED <-> PROTOCOL-SNMP trap tcp (protocol-snmp.rules)
 * 1:1421 <-> DISABLED <-> PROTOCOL-SNMP AgentX/tcp request (protocol-snmp.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:1426 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-req-app attempt (protocol-snmp.rules)
 * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA CitectSCADA ODBC buffer overflow attempt (protocol-scada.rules)
 * 1:1427 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-trap-app attempt (protocol-snmp.rules)
 * 1:1435 <-> DISABLED <-> PROTOCOL-DNS named authors attempt (protocol-dns.rules)
 * 1:1441 <-> DISABLED <-> PROTOCOL-TFTP GET nc.exe (protocol-tftp.rules)
 * 1:1442 <-> DISABLED <-> PROTOCOL-TFTP GET shadow (protocol-tftp.rules)
 * 1:1443 <-> DISABLED <-> PROTOCOL-TFTP GET passwd (protocol-tftp.rules)
 * 1:1444 <-> DISABLED <-> PROTOCOL-TFTP Get (protocol-tftp.rules)
 * 1:14777 <-> DISABLED <-> PROTOCOL-DNS single byte encoded name response (protocol-dns.rules)
 * 1:15074 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 65 to 72 (protocol-scada.rules)
 * 1:15075 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 100 to 110 (protocol-scada.rules)
 * 1:15076 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils - too many outputs (protocol-scada.rules)
 * 1:15077 <-> DISABLED <-> PROTOCOL-SCADA Modbus read multiple coils - too many inputs (protocol-scada.rules)
 * 1:15081 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start xml encoding buffer overflow attempt (file-java.rules)
 * 1:1538 <-> DISABLED <-> PROTOCOL-NNTP AUTHINFO USER overflow attempt (protocol-nntp.rules)
 * 1:15389 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write attempt (protocol-scada.rules)
 * 1:15390 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill attempt (protocol-scada.rules)
 * 1:15391 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area transfer attempt (protocol-scada.rules)
 * 1:15392 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area write attempt (protocol-scada.rules)
 * 1:15393 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area clear attempt (protocol-scada.rules)
 * 1:15394 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect attempt (protocol-scada.rules)
 * 1:15395 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear attempt (protocol-scada.rules)
 * 1:15396 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area write attempt (protocol-scada.rules)
 * 1:15397 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area clear attempt (protocol-scada.rules)
 * 1:15398 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RUN attempt (protocol-scada.rules)
 * 1:15399 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS STOP attempt (protocol-scada.rules)
 * 1:15400 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS clock write attempt (protocol-scada.rules)
 * 1:15401 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right acquire attempt (protocol-scada.rules)
 * 1:15402 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right forced acquire attempt (protocol-scada.rules)
 * 1:15403 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS single file write attempt (protocol-scada.rules)
 * 1:15404 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file delete attempt (protocol-scada.rules)
 * 1:15405 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset attempt (protocol-scada.rules)
 * 1:15406 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset cancel attempt (protocol-scada.rules)
 * 1:15407 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file memory write attempt (protocol-scada.rules)
 * 1:15408 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS data link table write attempt (protocol-scada.rules)
 * 1:15409 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RESET attempt (protocol-scada.rules)
 * 1:15410 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS name delete attempt (protocol-scada.rules)
 * 1:15411 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory card format attempt (protocol-scada.rules)
 * 1:15412 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write overflow attempt (protocol-scada.rules)
 * 1:15413 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill overflow attempt (protocol-scada.rules)
 * 1:15414 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt (protocol-scada.rules)
 * 1:15473 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules)
 * 1:15581 <-> DISABLED <-> SERVER-SAMBA Samba wildcard filename matching denial of service attempt (server-samba.rules)
 * 1:15713 <-> DISABLED <-> PROTOCOL-SCADA DNP3 device trouble (protocol-scada.rules)
 * 1:15714 <-> DISABLED <-> PROTOCOL-SCADA DNP3 corrupt configuration (protocol-scada.rules)
 * 1:15715 <-> DISABLED <-> PROTOCOL-SCADA DNP3 event buffer overflow error (protocol-scada.rules)
 * 1:15716 <-> DISABLED <-> PROTOCOL-SCADA DNP3 parameter error (protocol-scada.rules)
 * 1:15717 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unknown object error (protocol-scada.rules)
 * 1:15718 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unsupported function code error (protocol-scada.rules)
 * 1:15719 <-> DISABLED <-> PROTOCOL-SCADA DNP3 link service not supported (protocol-scada.rules)
 * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules)
 * 1:15935 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 192.168/16 address detected (protocol-dns.rules)
 * 1:15983 <-> DISABLED <-> SERVER-SAMBA Samba arbitrary file access exploit attempt (server-samba.rules)
 * 1:15984 <-> DISABLED <-> SERVER-SAMBA Samba Printer Change Notification Request DoS attempt (server-samba.rules)
 * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules)
 * 1:16034 <-> ENABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules)
 * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules)
 * 1:16081 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp XDR SString buffer overflow attempt (protocol-rpc.rules)
 * 1:16082 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp XDR SString buffer overflow attempt (protocol-rpc.rules)
 * 1:16083 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp request (protocol-rpc.rules)
 * 1:16084 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp request (protocol-rpc.rules)
 * 1:16085 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp xml buffer overflow attempt (protocol-rpc.rules)
 * 1:16086 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp xml buffer overflow attempt (protocol-rpc.rules)
 * 1:1616 <-> DISABLED <-> PROTOCOL-DNS named version attempt (protocol-dns.rules)
 * 1:16285 <-> DISABLED <-> PROTOCOL-RPC AIX ttdbserv function 15 buffer overflow attempt (protocol-rpc.rules)
 * 1:16288 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules)
 * 1:1638 <-> DISABLED <-> INDICATOR-SCAN SSH Version map attempt (indicator-scan.rules)
 * 1:16446 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp request (protocol-rpc.rules)
 * 1:16447 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin udp request (protocol-rpc.rules)
 * 1:16448 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp adm_build_path overflow attempt (protocol-rpc.rules)
 * 1:16449 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin udp adm_build_path overflow attempt (protocol-rpc.rules)
 * 1:16699 <-> ENABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules)
 * 1:16700 <-> ENABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules)
 * 1:16701 <-> ENABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules)
 * 1:16702 <-> ENABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules)
 * 1:16705 <-> ENABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16706 <-> ENABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17152 <-> DISABLED <-> SERVER-SAMBA Samba smbd flags2 header parsing denial of service attempt (server-samba.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules)
 * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules)
 * 1:1732 <-> DISABLED <-> PROTOCOL-RPC portmap rwalld request UDP (protocol-rpc.rules)
 * 1:1733 <-> DISABLED <-> PROTOCOL-RPC portmap rwalld request TCP (protocol-rpc.rules)
 * 1:1746 <-> DISABLED <-> PROTOCOL-RPC portmap cachefsd request UDP (protocol-rpc.rules)
 * 1:1747 <-> DISABLED <-> PROTOCOL-RPC portmap cachefsd request TCP (protocol-rpc.rules)
 * 1:17483 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns A record response denial of service attempt (protocol-dns.rules)
 * 1:17484 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns PTR record response denial of service attempt (protocol-dns.rules)
 * 1:17485 <-> DISABLED <-> PROTOCOL-DNS Symantec Gateway products DNS cache poisoning attempt (protocol-dns.rules)
 * 1:17522 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow (file-java.rules)
 * 1:17562 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt (file-java.rules)
 * 1:17563 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow (file-java.rules)
 * 1:17586 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start malicious parameter value (file-java.rules)
 * 1:17623 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules)
 * 1:17624 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules)
 * 1:17631 <-> ENABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:17639 <-> ENABLED <-> SERVER-SAMBA Samba Root File System access bypass attempt (server-samba.rules)
 * 1:17661 <-> ENABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules)
 * 1:17749 <-> ENABLED <-> PROTOCOL-RPC Linux Kernel nfsd v4 CAP_MKNOD security bypass attempt (protocol-rpc.rules)
 * 1:17776 <-> DISABLED <-> FILE-JAVA Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (file-java.rules)
 * 1:17782 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers from external source (protocol-scada.rules)
 * 1:17783 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single register from external source (protocol-scada.rules)
 * 1:17784 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil from external source (protocol-scada.rules)
 * 1:17785 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils from external source (protocol-scada.rules)
 * 1:17786 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record from external source (protocol-scada.rules)
 * 1:17788 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coils from external source (protocol-scada.rules)
 * 1:17789 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register from external source (protocol-scada.rules)
 * 1:17790 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers from external source (protocol-scada.rules)
 * 1:17791 <-> DISABLED <-> PROTOCOL-SCADA Modbus read/write multiple registers from external source (protocol-scada.rules)
 * 1:17792 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo queue from external source (protocol-scada.rules)
 * 1:17793 <-> DISABLED <-> PROTOCOL-SCADA Modbus read file record from external source (protocol-scada.rules)
 * 1:17794 <-> DISABLED <-> PROTOCOL-SCADA Modbus read exception status from external source (protocol-scada.rules)
 * 1:17795 <-> DISABLED <-> PROTOCOL-SCADA Modbus initiate diagnostic from external source (protocol-scada.rules)
 * 1:17796 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event counter from external source (protocol-scada.rules)
 * 1:17797 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event log from external source (protocol-scada.rules)
 * 1:17798 <-> DISABLED <-> PROTOCOL-SCADA Modbus report slave id from external source (protocol-scada.rules)
 * 1:17799 <-> DISABLED <-> PROTOCOL-SCADA Modbus read device identification from external source (protocol-scada.rules)
 * 1:17800 <-> DISABLED <-> PROTOCOL-SCADA Modbus mask write register from external source (protocol-scada.rules)
 * 1:1792 <-> DISABLED <-> PROTOCOL-NNTP return code buffer overflow attempt (protocol-nntp.rules)
 * 1:18179 <-> DISABLED <-> INDICATOR-SCAN Proxyfire.net anonymous proxy scan (indicator-scan.rules)
 * 1:18244 <-> ENABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules)
 * 1:1840 <-> DISABLED <-> FILE-JAVA Oracle Javascript document.domain attempt (file-java.rules)
 * 1:1841 <-> DISABLED <-> FILE-JAVA Oracle Javascript URL host spoofing attempt (file-java.rules)
 * 1:18557 <-> ENABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18558 <-> ENABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18605 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService path overflow attempt (protocol-scada.rules)
 * 1:18606 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file access attempt (protocol-scada.rules)
 * 1:18607 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file information access attempt (protocol-scada.rules)
 * 1:18610 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe opcode 9 or 10 string parsing overflow attempt (protocol-scada.rules)
 * 1:18614 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe file access attempt (protocol-scada.rules)
 * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules)
 * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules)
 * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules)
 * 1:18652 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template operation overflow attempt (protocol-scada.rules)
 * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules)
 * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules)
 * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules)
 * 1:18658 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CONNECT_FCS_LOGIN overflow attempt (protocol-scada.rules)
 * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules)
 * 1:18721 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules)
 * 1:18722 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules)
 * 1:18725 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (protocol-scada.rules)
 * 1:18726 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (protocol-scada.rules)
 * 1:18727 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (protocol-scada.rules)
 * 1:18728 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (protocol-scada.rules)
 * 1:18729 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (protocol-scada.rules)
 * 1:18730 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (protocol-scada.rules)
 * 1:18731 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (protocol-scada.rules)
 * 1:18732 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18733 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18734 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18735 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18736 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18737 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules)
 * 1:18738 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (protocol-scada.rules)
 * 1:18746 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules)
 * 1:18748 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (protocol-scada.rules)
 * 1:18749 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules)
 * 1:18750 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (protocol-scada.rules)
 * 1:18752 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (protocol-scada.rules)
 * 1:18767 <-> DISABLED <-> PROTOCOL-TFTP Multiple TFTP product buffer overflow attempt (protocol-tftp.rules)
 * 1:18778 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules)
 * 1:18779 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules)
 * 1:18780 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules)
 * 1:18781 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules)
 * 1:18783 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (protocol-scada.rules)
 * 1:18784 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (protocol-scada.rules)
 * 1:18785 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (protocol-scada.rules)
 * 1:22009 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:22010 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:22011 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:22012 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:2255 <-> DISABLED <-> PROTOCOL-RPC sadmind query with root credentials attempt TCP (protocol-rpc.rules)
 * 1:2256 <-> ENABLED <-> PROTOCOL-RPC sadmind query with root credentials attempt UDP (protocol-rpc.rules)
 * 1:23004 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:23005 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:23006 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:23007 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:23173 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan command and control channel traffic (os-mobile.rules)
 * 1:23240 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:23243 <-> ENABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules)
 * 1:23273 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:23274 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:23275 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:23276 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:23277 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules)
 * 1:2337 <-> DISABLED <-> PROTOCOL-TFTP PUT filename overflow attempt (protocol-tftp.rules)
 * 1:2339 <-> DISABLED <-> PROTOCOL-TFTP NULL command attempt (protocol-tftp.rules)
 * 1:23492 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound communication (malware-cnc.rules)
 * 1:23560 <-> ENABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules)
 * 1:23601 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan default agent string (indicator-scan.rules)
 * 1:23602 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan Firefox agent string (indicator-scan.rules)
 * 1:23603 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan MSIE agent string (indicator-scan.rules)
 * 1:23604 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan iPhone agent string (indicator-scan.rules)
 * 1:23614 <-> ENABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules)
 * 1:23954 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download attempt (os-mobile.rules)
 * 1:23964 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules)
 * 1:23965 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules)
 * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules)
 * 1:23973 <-> DISABLED <-> MALWARE-CNC W32.Trojan.Vampols variant inbound connection (malware-cnc.rules)
 * 1:24020 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24021 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24022 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24023 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24024 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24025 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24026 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24027 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24028 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24036 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24037 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24038 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24055 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24057 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:2406 <-> DISABLED <-> PROTOCOL-TELNET APC SmartSlot default admin account attempt (protocol-telnet.rules)
 * 1:24063 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24064 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24065 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24066 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24084 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24125 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24201 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:24202 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:2424 <-> DISABLED <-> PROTOCOL-NNTP sendsys overflow attempt (protocol-nntp.rules)
 * 1:2425 <-> DISABLED <-> PROTOCOL-NNTP senduuname overflow attempt (protocol-nntp.rules)
 * 1:24251 <-> DISABLED <-> OS-MOBILE Android/Fakelash.A!tr.spy trojan command and control channel traffic (os-mobile.rules)
 * 1:2426 <-> DISABLED <-> PROTOCOL-NNTP version overflow attempt (protocol-nntp.rules)
 * 1:2427 <-> DISABLED <-> PROTOCOL-NNTP checkgroups overflow attempt (protocol-nntp.rules)
 * 1:2428 <-> DISABLED <-> PROTOCOL-NNTP ihave overflow attempt (protocol-nntp.rules)
 * 1:2429 <-> DISABLED <-> PROTOCOL-NNTP sendme overflow attempt (protocol-nntp.rules)
 * 1:2430 <-> DISABLED <-> PROTOCOL-NNTP newgroup overflow attempt (protocol-nntp.rules)
 * 1:2431 <-> DISABLED <-> PROTOCOL-NNTP rmgroup overflow attempt (protocol-nntp.rules)
 * 1:2432 <-> DISABLED <-> PROTOCOL-NNTP article post without path attempt (protocol-nntp.rules)
 * 1:24421 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules)
 * 1:24422 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules)
 * 1:24423 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules)
 * 1:24424 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules)
 * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules)
 * 1:24476 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules)
 * 1:24477 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules)
 * 1:24478 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules)
 * 1:24479 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules)
 * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules)
 * 1:24481 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules)
 * 1:24498 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:24499 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24510 <-> ENABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules)
 * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24583 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24584 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 3:15976 <-> ENABLED <-> WEB-CLIENT OpenOffice TIFF file in big endian format parsing integer overflow attempt (web-client.rules)
 * 3:15975 <-> ENABLED <-> WEB-CLIENT OpenOffice TIFF file in little endian format parsing integer overflow attempt (web-client.rules)