Talos Rules 2015-05-19
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, exploit-kit, file-executable, file-flash, file-pdf, indicator-compromise, malware-cnc, malware-tools and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2015-05-19 16:12:05 UTC

Snort Subscriber Rules Update

Date: 2015-05-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34488 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34487 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34486 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34485 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34484 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34483 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34482 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34481 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34480 <-> ENABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules)
 * 1:34479 <-> ENABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules)
 * 1:34478 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:34477 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:34476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection attempt (malware-cnc.rules)
 * 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (server-webapp.rules)
 * 1:34474 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader WillSave action use after free attempt (file-pdf.rules)
 * 1:34473 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader WillSave action use after free attempt (file-pdf.rules)
 * 1:34472 <-> DISABLED <-> SERVER-WEBAPP Symantec Critical System Protection SQL injection attempt (server-webapp.rules)
 * 1:34471 <-> ENABLED <-> SERVER-WEBAPP Symantec Critical System Protection directory traversal attempt (server-webapp.rules)
 * 1:34470 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection attempt (malware-cnc.rules)
 * 1:34469 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection attempt (malware-cnc.rules)
 * 1:34468 <-> ENABLED <-> BLACKLIST DNS request for known malware domain legendastar.ru - Win.Backdoor.Nirunte (blacklist.rules)
 * 1:34467 <-> ENABLED <-> FILE-EXECUTABLE Adobe Reader AcroBroker registry value out of bounds attempt (file-executable.rules)
 * 1:34466 <-> ENABLED <-> FILE-EXECUTABLE Adobe Reader AcroBroker registry value out of bounds attempt (file-executable.rules)
 * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (indicator-compromise.rules)

Modified Rules:


 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:33539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:33540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:5894 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - smb (malware-tools.rules)
 * 1:5896 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - tcp port 407 (malware-tools.rules)
 * 1:5897 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - udp port 407 (malware-tools.rules)

2015-05-19 16:12:05 UTC

Snort Subscriber Rules Update

Date: 2015-05-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34466 <-> ENABLED <-> FILE-EXECUTABLE Adobe Reader AcroBroker registry value out of bounds attempt (file-executable.rules)
 * 1:34468 <-> ENABLED <-> BLACKLIST DNS request for known malware domain legendastar.ru - Win.Backdoor.Nirunte (blacklist.rules)
 * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (indicator-compromise.rules)
 * 1:34469 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection attempt (malware-cnc.rules)
 * 1:34470 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection attempt (malware-cnc.rules)
 * 1:34471 <-> ENABLED <-> SERVER-WEBAPP Symantec Critical System Protection directory traversal attempt (server-webapp.rules)
 * 1:34472 <-> DISABLED <-> SERVER-WEBAPP Symantec Critical System Protection SQL injection attempt (server-webapp.rules)
 * 1:34473 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader WillSave action use after free attempt (file-pdf.rules)
 * 1:34474 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader WillSave action use after free attempt (file-pdf.rules)
 * 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (server-webapp.rules)
 * 1:34476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection attempt (malware-cnc.rules)
 * 1:34477 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:34479 <-> ENABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules)
 * 1:34478 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:34480 <-> ENABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules)
 * 1:34481 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34482 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34467 <-> ENABLED <-> FILE-EXECUTABLE Adobe Reader AcroBroker registry value out of bounds attempt (file-executable.rules)
 * 1:34488 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34486 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34487 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34485 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34484 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34483 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)

Modified Rules:


 * 1:5896 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - tcp port 407 (malware-tools.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:33539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:5894 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - smb (malware-tools.rules)
 * 1:33540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:5897 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - udp port 407 (malware-tools.rules)

2015-05-19 16:12:05 UTC

Snort Subscriber Rules Update

Date: 2015-05-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34469 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection attempt (malware-cnc.rules)
 * 1:34467 <-> ENABLED <-> FILE-EXECUTABLE Adobe Reader AcroBroker registry value out of bounds attempt (file-executable.rules)
 * 1:34473 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader WillSave action use after free attempt (file-pdf.rules)
 * 1:34468 <-> ENABLED <-> BLACKLIST DNS request for known malware domain legendastar.ru - Win.Backdoor.Nirunte (blacklist.rules)
 * 1:34484 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34482 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34481 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (server-webapp.rules)
 * 1:34478 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:34479 <-> ENABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules)
 * 1:34485 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34480 <-> ENABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules)
 * 1:34486 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34487 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34488 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34477 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:34476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection attempt (malware-cnc.rules)
 * 1:34472 <-> DISABLED <-> SERVER-WEBAPP Symantec Critical System Protection SQL injection attempt (server-webapp.rules)
 * 1:34474 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader WillSave action use after free attempt (file-pdf.rules)
 * 1:34471 <-> ENABLED <-> SERVER-WEBAPP Symantec Critical System Protection directory traversal attempt (server-webapp.rules)
 * 1:34483 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (indicator-compromise.rules)
 * 1:34466 <-> ENABLED <-> FILE-EXECUTABLE Adobe Reader AcroBroker registry value out of bounds attempt (file-executable.rules)
 * 1:34470 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:16209 <-> DISABLED <-> SERVER-OTHER FreeRADIUS RADIUS server rad_decode remote denial of service attempt (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16214 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules)
 * 1:16215 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server Portal cross site scripting attempt (server-oracle.rules)
 * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules)
 * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16231 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules)
 * 1:16283 <-> DISABLED <-> SERVER-WEBAPP Borland StarTeam Multicast Service buffer overflow attempt (server-webapp.rules)
 * 1:16284 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules)
 * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules)
 * 1:16288 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules)
 * 1:16291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Network Security Services regexp heap overflow attempt (browser-firefox.rules)
 * 1:16292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla CSS value counter overflow attempt (browser-firefox.rules)
 * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:16300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules)
 * 1:16301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules)
 * 1:16310 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules)
 * 1:16311 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules)
 * 1:16318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules)
 * 1:16319 <-> DISABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat attempt (browser-ie.rules)
 * 1:16331 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules)
 * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules)
 * 1:16333 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:16334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:16339 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt - obfuscated (browser-ie.rules)
 * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules)
 * 1:16341 <-> DISABLED <-> SERVER-OTHER IBM DB2 Database Server invalid data stream denial of service attempt (server-other.rules)
 * 1:16342 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile truncated media file processing memory corruption attempt (file-multimedia.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:16351 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules)
 * 1:16352 <-> DISABLED <-> OS-LINUX Linux Kernel NFSD Subsystem overflow attempt (os-linux.rules)
 * 1:16353 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg OGV file format memory corruption attempt (file-multimedia.rules)
 * 1:16359 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules)
 * 1:16360 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Image Description Atom sign extension memory corruption attempt (file-multimedia.rules)
 * 1:16367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules)
 * 1:16369 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt - public exploit (browser-ie.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:16376 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules)
 * 1:16377 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules)
 * 1:16378 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (browser-ie.rules)
 * 1:16382 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML+TIME animatemotion property memory corruption attempt (browser-ie.rules)
 * 1:16383 <-> DISABLED <-> SERVER-ORACLE MDSYS drop table trigger injection attempt (server-oracle.rules)
 * 1:16384 <-> DISABLED <-> SERVER-OTHER VMware Server ISAPI Extension remote denial of service attempt (server-other.rules)
 * 1:16392 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0u7 authorization digest heap overflow (server-webapp.rules)
 * 1:16393 <-> DISABLED <-> SERVER-OTHER PostgreSQL bit substring buffer overflow attempt (server-other.rules)
 * 1:16397 <-> DISABLED <-> OS-WINDOWS SMB andx invalid server name share access (os-windows.rules)
 * 1:16398 <-> DISABLED <-> OS-WINDOWS SMB invalid server name share access (os-windows.rules)
 * 1:16399 <-> DISABLED <-> OS-WINDOWS SMB unicode andx invalid server name share access (os-windows.rules)
 * 1:16400 <-> DISABLED <-> OS-WINDOWS SMB unicode invalid server name share access (os-windows.rules)
 * 1:16401 <-> DISABLED <-> OS-WINDOWS SMB andx invalid server name share access (os-windows.rules)
 * 1:16402 <-> DISABLED <-> OS-WINDOWS SMB invalid server name share access (os-windows.rules)
 * 1:16403 <-> DISABLED <-> OS-WINDOWS SMB unicode andx invalid server name share access (os-windows.rules)
 * 1:16404 <-> DISABLED <-> OS-WINDOWS SMB unicode invalid server name share access (os-windows.rules)
 * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16409 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules)
 * 1:16411 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:16412 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (file-office.rules)
 * 1:16414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules)
 * 1:16416 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record attempt (file-office.rules)
 * 1:16417 <-> DISABLED <-> OS-WINDOWS SMB Negotiate Protocol Response overflow attempt (os-windows.rules)
 * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules)
 * 1:16421 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:16422 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field (file-image.rules)
 * 1:16423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect attempt (browser-ie.rules)
 * 1:16424 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Script Host Shell Object ActiveX clsid access (browser-plugins.rules)
 * 1:16425 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules)
 * 1:16428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express and Windows Mail NNTP handling buffer overflow attempt (file-office.rules)
 * 1:16435 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules)
 * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules)
 * 1:1644 <-> DISABLED <-> SERVER-WEBAPP test-cgi attempt (server-webapp.rules)
 * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules)
 * 1:16445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 ack response denial of service attempt (protocol-voip.rules)
 * 1:16447 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin request attempt (protocol-rpc.rules)
 * 1:16452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer .hlp samba share download attempt (browser-ie.rules)
 * 1:16461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules)
 * 1:16462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 formulas from records parsing code execution attempt (file-office.rules)
 * 1:16463 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 formulas from records parsing code execution attempt (file-office.rules)
 * 1:16464 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 heap overflow attempt (file-office.rules)
 * 1:16465 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (file-office.rules)
 * 1:16466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel uninitialized stack variable code execution attempt (file-office.rules)
 * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 1 (file-office.rules)
 * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 2 (file-office.rules)
 * 1:10011 <-> DISABLED <-> SERVER-MAIL Novell NetMail APPEND command buffer overflow attempt (server-mail.rules)
 * 1:10015 <-> DISABLED <-> BROWSER-PLUGINS Oracle ORADC ActiveX clsid access (browser-plugins.rules)
 * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules)
 * 1:10024 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules)
 * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules)
 * 1:10036 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor ASRemotePFC overflow attempt (netbios.rules)
 * 1:10050 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 ASDBLoginToComputer overflow attempt (netbios.rules)
 * 1:10116 <-> DISABLED <-> POLICY-SOCIAL AIM GoChat URL access attempt (policy-social.rules)
 * 1:10117 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGCBHandleFromGroupName overflow attempt (netbios.rules)
 * 1:10126 <-> DISABLED <-> FILE-IMAGE Apple QuickTime JPEG Huffman Table integer underflow attempt (file-image.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
 * 1:10132 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules)
 * 1:10133 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules)
 * 1:10135 <-> DISABLED <-> SERVER-OTHER Squid proxy FTP denial of service attempt (server-other.rules)
 * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules)
 * 1:10192 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX clsid access (browser-plugins.rules)
 * 1:10193 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (browser-plugins.rules)
 * 1:10194 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (browser-plugins.rules)
 * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules)
 * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules)
 * 1:1028 <-> DISABLED <-> SERVER-IIS query.asp access (server-iis.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules)
 * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules)
 * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules)
 * 1:10482 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp request (protocol-rpc.rules)
 * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 15,16,17 attempt (netbios.rules)
 * 1:10504 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:10505 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules)
 * 1:11000 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:11176 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office PowerPoint Viewer ActiveX clsid access (browser-plugins.rules)
 * 1:11180 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie ftyp buffer underflow (file-multimedia.rules)
 * 1:11181 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Viewer ActiveX clsid access (browser-plugins.rules)
 * 1:11185 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos via username attempt (server-other.rules)
 * 1:11187 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Word Viewer ActiveX clsid access (browser-plugins.rules)
 * 1:11192 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules)
 * 1:11199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer ActiveX clsid access (browser-plugins.rules)
 * 1:11204 <-> DISABLED <-> SERVER-ORACLE Oracle Database DBMS_AQADM_SYS package GRANT_TYPE_ACCESS procedure SQL injection attempt (server-oracle.rules)
 * 1:11228 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX clsid access (browser-plugins.rules)
 * 1:11258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Named Graph Information unicode overflow attempt (file-office.rules)
 * 1:11267 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop PNG file handling stack buffer overflow attempt (file-image.rules)
 * 1:11288 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp request (protocol-rpc.rules)
 * 1:11289 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp zero-length payload denial of service attempt (protocol-rpc.rules)
 * 1:11290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed named graph information ascii overflow attempt (file-office.rules)
 * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:1147 <-> DISABLED <-> SERVER-WEBAPP cat_ access (server-webapp.rules)
 * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules)
 * 1:11679 <-> DISABLED <-> SERVER-APACHE Apache mod_rewrite buffer overflow attempt (server-apache.rules)
 * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules)
 * 1:11687 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules)
 * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (browser-plugins.rules)
 * 1:11826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Voice Control Recognition ActiveX clsid access (browser-plugins.rules)
 * 1:11830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Direct Speech Recognition ActiveX clsid access (browser-plugins.rules)
 * 1:11834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer navcancl.htm url spoofing attempt (browser-ie.rules)
 * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:11836 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules)
 * 1:11838 <-> DISABLED <-> OS-WINDOWS Microsoft Windows API res buffer overflow attempt (os-windows.rules)
 * 1:11947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows schannel security package (os-windows.rules)
 * 1:11966 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS tag memory corruption attempt (browser-ie.rules)
 * 1:11970 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules)
 * 1:12027 <-> ENABLED <-> SQL Ingres Database uuid_from_char buffer overflow attempt (sql.rules)
 * 1:12046 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind RPC Library unix authentication buffer overflow attempt (protocol-rpc.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed version field (file-office.rules)
 * 1:12075 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules)
 * 1:12076 <-> DISABLED <-> SERVER-OTHER Ipswitch WS_FTP log server long unicode string (server-other.rules)
 * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer Heap buffer overflow (server-other.rules)
 * 1:12081 <-> DISABLED <-> SERVER-OTHER BakBone NetVault server heap overflow attempt (server-other.rules)
 * 1:12099 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWindow1 record handling arbitrary code execution attempt (file-office.rules)
 * 1:12100 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23 overflow attempt (netbios.rules)
 * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:12183 <-> DISABLED <-> FILE-FLASH Adobe FLV long string script data buffer overflow attempt (file-flash.rules)
 * 1:12184 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel workbook workspace designation handling arbitrary code execution attempt (file-office.rules)
 * 1:12187 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp rename_principal attempt (protocol-rpc.rules)
 * 1:12193 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX clsid access (browser-plugins.rules)
 * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12199 <-> DISABLED <-> SERVER-OTHER RIM BlackBerry SRP negative string size (server-other.rules)
 * 1:12202 <-> DISABLED <-> SERVER-OTHER Ingres long message heap buffer overflow attempt (server-other.rules)
 * 1:12203 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX clsid access (browser-plugins.rules)
 * 1:12213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search date command buffer overflow attempt (server-mail.rules)
 * 1:12216 <-> DISABLED <-> SERVER-OTHER Borland interbase Create Request opcode string length buffer overflow attempt (server-other.rules)
 * 1:12218 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules)
 * 1:12219 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL wallclock parsing buffer overflow (file-multimedia.rules)
 * 1:12222 <-> DISABLED <-> SERVER-OTHER Squid proxy long WCCP packet (server-other.rules)
 * 1:12223 <-> DISABLED <-> SERVER-OTHER Novell WebAdmin long user name (server-other.rules)
 * 1:12250 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access (browser-plugins.rules)
 * 1:12256 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules)
 * 1:1226 <-> DISABLED <-> X11 xopen (x11.rules)
 * 1:12269 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TLIApplication ActiveX clsid access (browser-plugins.rules)
 * 1:12278 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules)
 * 1:12279 <-> DISABLED <-> OS-WINDOWS Microsoft XML substringData integer overflow attempt (os-windows.rules)
 * 1:12280 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules)
 * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:12284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (file-office.rules)
 * 1:12286 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules)
 * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules)
 * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules)
 * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules)
 * 1:12358 <-> DISABLED <-> SERVER-OTHER Helix DNA Server RTSP require tag heap overflow attempt (server-other.rules)
 * 1:12392 <-> DISABLED <-> SERVER-MAIL GNU Mailutils request tag format string vulnerability attempt (server-mail.rules)
 * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules)
 * 1:12448 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX clsid access (browser-plugins.rules)
 * 1:12454 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:12455 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules)
 * 1:12456 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules)
 * 1:12459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:12489 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrWkstaGetInfo attempt (netbios.rules)
 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules)
 * 1:12592 <-> DISABLED <-> SERVER-MAIL Recipient arbitrary command injection attempt (server-mail.rules)
 * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:12618 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic VBP file reference overflow attempt (file-other.rules)
 * 1:12629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules)
 * 1:12630 <-> DISABLED <-> INDICATOR-SHELLCODE unescape unicode encoded shellcode (indicator-shellcode.rules)
 * 1:12635 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials attempt (os-windows.rules)
 * 1:12641 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules)
 * 1:12665 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGSever username buffer overflow attempt (server-other.rules)
 * 1:12666 <-> DISABLED <-> SERVER-OTHER HP OpenView OVTrace buffer overflow attempt (server-other.rules)
 * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules)
 * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules)
 * 1:12706 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement data overflow (server-mail.rules)
 * 1:12707 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer lyrics heap overflow attempt (file-multimedia.rules)
 * 1:12713 <-> DISABLED <-> SERVER-ORACLE pitrig_dropmetadata buffer overflow attempt (server-oracle.rules)
 * 1:12728 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks SMIL wallclock stack overflow attempt (file-multimedia.rules)
 * 1:12729 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules)
 * 1:12741 <-> DISABLED <-> SERVER-OTHER Apple Quicktime TCP RTSP sdp type buffer overflow attempt (server-other.rules)
 * 1:12743 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture description metadata buffer overflow attempt (file-multimedia.rules)
 * 1:12744 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC VORBIS string buffer overflow attempt (file-multimedia.rules)
 * 1:12745 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture metadata buffer overflow attempt (file-multimedia.rules)
 * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD atom overflow attempt (file-multimedia.rules)
 * 1:12757 <-> DISABLED <-> FILE-IMAGE Apple QuickTime uncompressed PICT stack overflow attempt (file-image.rules)
 * 1:12766 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX clsid access (browser-plugins.rules)
 * 1:12767 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12770 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows obfuscated RDS.Dataspace ActiveX exploit attempt (browser-plugins.rules)
 * 1:1279 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request UDP (protocol-rpc.rules)
 * 1:12798 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules)
 * 1:12799 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules)
 * 1:12800 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules)
 * 1:12802 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules)
 * 1:12807 <-> DISABLED <-> FILE-IDENTIFY Lotus 123 file attachment (file-identify.rules)
 * 1:12904 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules)
 * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules)
 * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules)
 * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules)
 * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules)
 * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12971 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules)
 * 1:12972 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules)
 * 1:12977 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules)
 * 1:12978 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules)
 * 1:12983 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (file-multimedia.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13210 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules)
 * 1:13211 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules)
 * 1:13219 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX clsid access (browser-plugins.rules)
 * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13224 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX clsid access (browser-plugins.rules)
 * 1:13249 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 10/8 address detected (protocol-dns.rules)
 * 1:1325 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow filler (indicator-shellcode.rules)
 * 1:13252 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 4 attempt (protocol-rpc.rules)
 * 1:13258 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX clsid access (browser-plugins.rules)
 * 1:13260 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX function call access (browser-plugins.rules)
 * 1:13262 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX clsid access (browser-plugins.rules)
 * 1:13264 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX function call access (browser-plugins.rules)
 * 1:13288 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote kernel tcp/ip icmp vulnerability exploit attempt (os-windows.rules)
 * 1:13291 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules)
 * 1:13292 <-> DISABLED <-> PUA-OTHER Skype skype4com URI handler memory corruption attempt (pua-other.rules)
 * 1:13293 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules)
 * 1:13294 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules)
 * 1:13296 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules)
 * 1:13300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules)
 * 1:13302 <-> DISABLED <-> SERVER-APACHE Apache mod_imagemap cross site scripting attempt (server-apache.rules)
 * 1:13303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX clsid access (browser-plugins.rules)
 * 1:13317 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing nam buffer overflow attempt (file-multimedia.rules)
 * 1:13321 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX clsid access (browser-plugins.rules)
 * 1:13356 <-> ENABLED <-> SQL SAP MaxDB shell command injection attempt (sql.rules)
 * 1:13361 <-> DISABLED <-> FILE-OTHER ClamAV MEW PE file integer overflow attempt (file-other.rules)
 * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules)
 * 1:13364 <-> DISABLED <-> SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow (server-mail.rules)
 * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules)
 * 1:13366 <-> DISABLED <-> SERVER-ORACLE Oracle database SYS.LT.FINDRICSET SQL injection attempt (server-oracle.rules)
 * 1:13419 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX clsid access (browser-plugins.rules)
 * 1:13449 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt (os-windows.rules)
 * 1:13455 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call access (browser-ie.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:13465 <-> DISABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules)
 * 1:13466 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section length headers memory corruption attempt (file-office.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:13472 <-> DISABLED <-> FILE-OFFICE Microsoft Works invalid chunk size (file-office.rules)
 * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules)
 * 1:13513 <-> DISABLED <-> SQL generic sql insert injection attempt - GET parameter (sql.rules)
 * 1:13515 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules)
 * 1:13516 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime HTTP error response buffer overflow (file-multimedia.rules)
 * 1:13517 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime malformed idsc atom (file-multimedia.rules)
 * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules)
 * 1:13523 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13525 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13539 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX clsid access (browser-plugins.rules)
 * 1:13551 <-> DISABLED <-> SERVER-ORACLE Oracle XDB.XDB_PITRIG_PKG sql injection attempt (server-oracle.rules)
 * 1:13552 <-> DISABLED <-> SERVER-OTHER Symantec VERITAS Storage Foundation Suite buffer overflow attempt (server-other.rules)
 * 1:13553 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink username string buffer overflow (server-other.rules)
 * 1:13569 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules)
 * 1:13570 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel cf record arbitrary code excecution attempt (file-office.rules)
 * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code excecution attempt (file-office.rules)
 * 1:13572 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules)
 * 1:13573 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook arbitrary command line attempt (file-office.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:13603 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Download Handler ActiveX function call access (browser-plugins.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:13621 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX clsid access (browser-plugins.rules)
 * 1:13626 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules)
 * 1:13631 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services log handling format string attempt (server-other.rules)
 * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules)
 * 1:13663 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon IMAP Server FETCH command buffer overflow attempt (server-mail.rules)
 * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:13665 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules)
 * 1:13672 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control 2 ActiveX clsid access (browser-plugins.rules)
 * 1:13677 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer data stream memory corruption attempt (browser-ie.rules)
 * 1:13693 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules)
 * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules)
 * 1:13714 <-> DISABLED <-> SERVER-MYSQL yaSSL SSLv3 Client Hello Message Cipher Specs Buffer Overflow attempt (server-mysql.rules)
 * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules)
 * 1:13734 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 10 ActiveX clsid access (browser-plugins.rules)
 * 1:13800 <-> DISABLED <-> SERVER-OTHER ARCServe LGServer service data overflow attempt (server-other.rules)
 * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules)
 * 1:13807 <-> DISABLED <-> FILE-IMAGE Microsoft Windows metafile SetPaletteEntries heap overflow attempt (file-image.rules)
 * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules)
 * 1:13820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules)
 * 1:13827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PGM denial of service attempt (os-windows.rules)
 * 1:13834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer request header overwrite (browser-ie.rules)
 * 1:13838 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules)
 * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules)
 * 1:1384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules)
 * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules)
 * 1:13846 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules)
 * 1:13865 <-> DISABLED <-> FILE-IMAGE BMP image handler buffer overflow attempt (file-image.rules)
 * 1:13893 <-> DISABLED <-> FILE-OTHER Microsoft malformed saved search heap corruption attempt (file-other.rules)
 * 1:13894 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access From field cross-site scripting attempt  (server-mail.rules)
 * 1:13895 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access invalid CSS escape sequence script execution attempt  (server-mail.rules)
 * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules)
 * 1:1390 <-> DISABLED <-> INDICATOR-SHELLCODE x86 inc ebx NOOP (indicator-shellcode.rules)
 * 1:13901 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules)
 * 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules)
 * 1:13905 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules)
 * 1:13911 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules)
 * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX function call access (browser-plugins.rules)
 * 1:13916 <-> DISABLED <-> SERVER-WEBAPP Alt-N SecurityGateway username buffer overflow attempt (server-webapp.rules)
 * 1:13917 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules)
 * 1:13919 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules)
 * 1:13920 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules)
 * 1:13925 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (protocol-ftp.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:13928 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp r0 SQL injection attempt (server-webapp.rules)
 * 1:13929 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt (server-webapp.rules)
 * 1:13949 <-> DISABLED <-> PROTOCOL-DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (protocol-dns.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:13951 <-> DISABLED <-> SERVER-WEBAPP Oracle Database Server buffer overflow attempt (server-webapp.rules)
 * 1:13971 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules)
 * 1:13972 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules)
 * 1:13980 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer http status response memory corruption vulnerability (browser-ie.rules)
 * 1:13981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed chart arbitrary code execution attempt (file-office.rules)
 * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules)
 * 1:14013 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX clsid access (browser-plugins.rules)
 * 1:14015 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX function call access (browser-plugins.rules)
 * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules)
 * 1:14018 <-> DISABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules)
 * 1:14021 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX clsid access (browser-plugins.rules)
 * 1:14025 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:14037 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:14039 <-> DISABLED <-> FILE-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (file-other.rules)
 * 1:14255 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX clsid access (browser-plugins.rules)
 * 1:14261 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI VML gradient size heap overflow attempt (os-windows.rules)
 * 1:14262 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote iframe caller exploit attempt (file-office.rules)
 * 1:14264 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:14641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:14642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules)
 * 1:14643 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location and location.href cross domain security bypass vulnerability (browser-ie.rules)
 * 1:14644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain unfocusable HTML element (browser-ie.rules)
 * 1:14645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain setExpression exploit attempt (browser-ie.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14657 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain componentFromPoint memory corruption attempt (browser-ie.rules)
 * 1:14710 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14743 <-> DISABLED <-> PROTOCOL-FTP RNTO directory traversal attempt (protocol-ftp.rules)
 * 1:14748 <-> DISABLED <-> BROWSER-PLUGINS Autodesk LiveUpdate ActiveX clsid access (browser-plugins.rules)
 * 1:14756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX clsid access (browser-plugins.rules)
 * 1:14760 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules)
 * 1:14764 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX clsid access attempt (browser-plugins.rules)
 * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules)
 * 1:14769 <-> ENABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules)
 * 1:14770 <-> DISABLED <-> PROTOCOL-FTP Ipswitch WS_FTP client format string attempt (protocol-ftp.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:14782 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14986 <-> DISABLED <-> INDICATOR-SHELLCODE x86 fldz get eip shellcode (indicator-shellcode.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:14991 <-> ENABLED <-> SQL IBM DB2 Universal Database xmlquery buffer overflow attempt (sql.rules)
 * 1:14992 <-> DISABLED <-> SERVER-WEBAPP Openwsman HTTP basic authentication buffer overflow attempt (server-webapp.rules)
 * 1:1500 <-> DISABLED <-> SERVER-WEBAPP ExAir access (server-webapp.rules)
 * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules)
 * 1:15014 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules)
 * 1:15015 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (os-windows.rules)
 * 1:15078 <-> DISABLED <-> SERVER-OTHER HP Openview Network Node Manager OValarmsrv buffer overflow attempt (server-other.rules)
 * 1:15079 <-> DISABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules)
 * 1:15080 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt (file-multimedia.rules)
 * 1:15081 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start xml encoding buffer overflow attempt (file-java.rules)
 * 1:15082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (file-office.rules)
 * 1:15098 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX function call access (browser-plugins.rules)
 * 1:15100 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX clsid access (browser-plugins.rules)
 * 1:15104 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules)
 * 1:15105 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules)
 * 1:15106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules)
 * 1:15107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file stylesheet buffer overflow attempt (file-office.rules)
 * 1:15108 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server elevation of privilege exploit attempt (server-webapp.rules)
 * 1:15114 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer embed src buffer overflow attempt (browser-ie.rules)
 * 1:15116 <-> DISABLED <-> OS-WINDOWS Microsoft Windows search protocol remote command injection attempt (os-windows.rules)
 * 1:15122 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX clsid access (browser-plugins.rules)
 * 1:15126 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules)
 * 1:15143 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin unicode vulnerable function attempt (server-mssql.rules)
 * 1:15145 <-> DISABLED <-> SERVER-OTHER Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt (server-other.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:15153 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup Authentication bypass attempt (pua-other.rules)
 * 1:15157 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules)
 * 1:15158 <-> DISABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules)
 * 1:15163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Object Header Buffer Overflow attempt (file-office.rules)
 * 1:15164 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG Layout Engine Index Parameter memory corruption attempt (browser-firefox.rules)
 * 1:15166 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player RealText buffer overflow attempt (file-multimedia.rules)
 * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules)
 * 1:15190 <-> DISABLED <-> SERVER-WEBAPP Youngzsoft CCProxy CONNECT Request buffer overflow attempt (server-webapp.rules)
 * 1:15192 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX clsid access (browser-plugins.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15230 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer 2 ActiveX clsid access (browser-plugins.rules)
 * 1:15236 <-> DISABLED <-> FILE-IMAGE ACD Systems ACDSee XPM file format overflow attempt (file-image.rules)
 * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules)
 * 1:15238 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime for Java toQTPointer function memory corruption attempt (file-multimedia.rules)
 * 1:15239 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15240 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:15241 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (file-multimedia.rules)
 * 1:15243 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX clsid access (browser-plugins.rules)
 * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15264 <-> DISABLED <-> SERVER-WEBAPP Oracle TimesTen In-Memory Database evtdump CGI module format string exploit attempt (server-webapp.rules)
 * 1:15266 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode ActiveX clsid access (browser-plugins.rules)
 * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules)
 * 1:15302 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange System Attendant denial of service attempt (server-mail.rules)
 * 1:15304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules)
 * 1:15305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules)
 * 1:15306 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable binary file magic detected (file-executable.rules)
 * 1:15311 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX clsid access (browser-plugins.rules)
 * 1:15357 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules)
 * 1:15364 <-> DISABLED <-> SERVER-OTHER Ganglia Meta Daemon process_path stack buffer overflow attempt (server-other.rules)
 * 1:15367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook web access script injection attempt (file-office.rules)
 * 1:15382 <-> DISABLED <-> SERVER-OTHER X.Org X Font Server QueryXBitmaps and QueryXExtents Handlers integer overflow attempt (server-other.rules)
 * 1:15383 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBL Event Handler Tags Removal memory corruption attempt (browser-firefox.rules)
 * 1:15384 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules)
 * 1:15385 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules)
 * 1:15386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request  (os-windows.rules)
 * 1:15387 <-> DISABLED <-> OS-WINDOWS udp WINS WPAD registration attempt (os-windows.rules)
 * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:15431 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules)
 * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules)
 * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules)
 * 1:15443 <-> DISABLED <-> SERVER-MYSQL XML Functions UpdateXML Scalar XPath denial of service attempt (server-mysql.rules)
 * 1:15445 <-> DISABLED <-> SERVER-ORACLE Application Server BPEL module cross site scripting attempt (server-oracle.rules)
 * 1:15446 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory management console Accept-Language buffer overflow attempt (server-webapp.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules)
 * 1:15466 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad WordPerfect 6.x converter buffer overflow attempt (file-office.rules)
 * 1:15467 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters PlcPcd aCP buffer overflow attempt (file-office.rules)
 * 1:15468 <-> DISABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules)
 * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (file-multimedia.rules)
 * 1:15473 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules)
 * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules)
 * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules)
 * 1:15485 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules)
 * 1:15488 <-> DISABLED <-> SERVER-ORACLE Oracle Database Application Express Component APEX password hash disclosure attempt (server-oracle.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:15492 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules)
 * 1:15493 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules)
 * 1:15499 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules)
 * 1:15500 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint LinkedSlide memory corruption (file-office.rules)
 * 1:15504 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules)
 * 1:15505 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules)
 * 1:15506 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules)
 * 1:15509 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server CONNECT denial of service attempt (server-other.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:15514 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP Daemon Autokey stack buffer overflow attempt (server-other.rules)
 * 1:15515 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server RollbackWorkspace SQL injection attempt (server-oracle.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15517 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (file-multimedia.rules)
 * 1:15518 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules)
 * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules)
 * 1:15539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Formula record remote code execution attempt (file-office.rules)
 * 1:15540 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM memory corruption attempt (browser-ie.rules)
 * 1:15541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record remote code execution attempt (file-office.rules)
 * 1:15542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules)
 * 1:15555 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System Intel Alert Originator Service buffer overflow attempt (server-other.rules)
 * 1:15559 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules)
 * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules)
 * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules)
 * 1:15575 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules)
 * 1:15580 <-> DISABLED <-> SERVER-OTHER Squid oversized reply header handling exploit attempt (server-other.rules)
 * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules)
 * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:15670 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX clsid access (browser-plugins.rules)
 * 1:15672 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 7 ActiveX clsid access (browser-plugins.rules)
 * 1:15681 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 file format arbitrary code execution attempt (file-office.rules)
 * 1:15682 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption attempt (file-multimedia.rules)
 * 1:15685 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX clsid access (browser-plugins.rules)
 * 1:15693 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (file-other.rules)
 * 1:15694 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules)
 * 1:15697 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules)
 * 1:15698 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules)
 * 1:15702 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules)
 * 1:15707 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITPC protocol handler stack buffer overflow attempt (file-multimedia.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules)
 * 1:15710 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x3B null strings attempt (netbios.rules)
 * 1:15711 <-> DISABLED <-> PUA-OTHER mIRC PRIVMSG message processing overflow attempt (pua-other.rules)
 * 1:15722 <-> DISABLED <-> SERVER-ORACLE Oracle database server Workspace Manager multiple SQL injection attempt (server-oracle.rules)
 * 1:15723 <-> DISABLED <-> SERVER-ORACLE Oracle database server CompressWorkspaceTree SQL injection attempt (server-oracle.rules)
 * 1:15724 <-> DISABLED <-> SERVER-ORACLE Oracle database server MergeWorkspace SQL injection attempt (server-oracle.rules)
 * 1:15725 <-> DISABLED <-> SERVER-ORACLE Oracle database server RemoveWorkspace SQL injection attempt (server-oracle.rules)
 * 1:15727 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules)
 * 1:15731 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript deleted reference arbitrary code execution attempt (browser-ie.rules)
 * 1:15732 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS handling memory corruption attempt (browser-ie.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15850 <-> DISABLED <-> OS-WINDOWS Remote Desktop orderType remote code execution attempt (os-windows.rules)
 * 1:15854 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file processing memory corruption attempt (file-multimedia.rules)
 * 1:15858 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Spreadsheet ActiveX clsid access (browser-plugins.rules)
 * 1:15860 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrGetJoinInformation attempt (os-windows.rules)
 * 1:15861 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX clsid access (browser-plugins.rules)
 * 1:15863 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX function call access (browser-plugins.rules)
 * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:15867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF font processing memory corruption attempt (file-pdf.rules)
 * 1:15868 <-> DISABLED <-> SQL Borland InterBase username buffer overflow (sql.rules)
 * 1:15869 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules)
 * 1:15870 <-> DISABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules)
 * 1:15871 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg 4xm processing memory corruption attempt (file-multimedia.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:15896 <-> DISABLED <-> SERVER-OTHER Firebird SQL op_connect_request denial of service attempt (server-other.rules)
 * 1:15900 <-> DISABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:15902 <-> DISABLED <-> INDICATOR-SHELLCODE x86 win2k-2k3 decoder base shellcode (indicator-shellcode.rules)
 * 1:15906 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules)
 * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules)
 * 1:15909 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules)
 * 1:15910 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption attempt (browser-ie.rules)
 * 1:15921 <-> DISABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules)
 * 1:15922 <-> DISABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules)
 * 1:15940 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer Multiple Products RA file processing overflow attempt (file-multimedia.rules)
 * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules)
 * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules)
 * 1:15944 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory crafted LDAP request denial of service attempt (os-windows.rules)
 * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules)
 * 1:15946 <-> DISABLED <-> FILE-OTHER Microsoft Windows Vista Feed Headlines Gagdet code execution attempt (file-other.rules)
 * 1:15947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Web Access Cross-Site Scripting attempt (file-office.rules)
 * 1:15948 <-> DISABLED <-> SERVER-OTHER CA License Software invalid command overflow attempt (server-other.rules)
 * 1:15950 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules)
 * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules)
 * 1:15954 <-> DISABLED <-> SERVER-MAIL SpamAssassin malformed email header DoS attempt (server-mail.rules)
 * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules)
 * 1:15956 <-> DISABLED <-> SERVER-ORACLE http Server mod_access restriction bypass attempt (server-oracle.rules)
 * 1:15957 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus zip file handling DoS attempt (file-other.rules)
 * 1:15958 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules)
 * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules)
 * 1:15961 <-> DISABLED <-> SERVER-OTHER 3Com Network Supervisor directory traversal attempt (server-other.rules)
 * 1:15962 <-> DISABLED <-> SERVER-WEBAPP Sybase EAServer WebConsole overflow attempt (server-webapp.rules)
 * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules)
 * 1:15990 <-> DISABLED <-> SERVER-WEBAPP Multiple Vendor server file disclosure attempt (server-webapp.rules)
 * 1:15993 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript intrf_count integer overflow attempt (file-flash.rules)
 * 1:15994 <-> DISABLED <-> SERVER-OTHER Squid strListGetItem denial of service attempt (server-other.rules)
 * 1:15995 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed avi file mjpeg compression arbitrary code execution attempt (file-multimedia.rules)
 * 1:15997 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JIT escape function memory corruption attempt (browser-firefox.rules)
 * 1:15998 <-> DISABLED <-> SERVER-OTHER HP OpenView Client Configuration Manager Radia Notify Daemon code execution attempt (server-other.rules)
 * 1:15999 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules)
 * 1:16000 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:16004 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules)
 * 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules)
 * 1:16006 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime color table id memory corruption attempt (file-multimedia.rules)
 * 1:16007 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (browser-ie.rules)
 * 1:16008 <-> DISABLED <-> OS-WINDOWS Multiple Products excessive HTTP 304 Not Modified responses exploit attempt (os-windows.rules)
 * 1:16009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products overflow event handling memory corruption attempt (browser-firefox.rules)
 * 1:16010 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Javascript Page update race condition attempt (browser-ie.rules)
 * 1:16011 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules)
 * 1:16013 <-> DISABLED <-> SERVER-OTHER IBM solidDB logging function format string exploit attempt (server-other.rules)
 * 1:16014 <-> DISABLED <-> SERVER-OTHER Novell eDirectory HTTP headers denial of service attempt (server-other.rules)
 * 1:16016 <-> DISABLED <-> OS-WINDOWS Microsoft client for netware overflow attempt (os-windows.rules)
 * 1:16017 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server invalid DN message buffer overflow attempt (server-other.rules)
 * 1:16018 <-> DISABLED <-> SERVER-OTHER HP OpenView network node manager buffer overflow (server-other.rules)
 * 1:16019 <-> DISABLED <-> SERVER-OTHER Novell Distributed Print Services integer overflow attempt (server-other.rules)
 * 1:16020 <-> DISABLED <-> SERVER-MYSQL login handshake information disclosure attempt (server-mysql.rules)
 * 1:16021 <-> DISABLED <-> SERVER-APACHE Apache http Server mod_tcl format string attempt (server-apache.rules)
 * 1:16022 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules)
 * 1:16027 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp midi file header overflow attempt (file-multimedia.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:16031 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested object tag memory corruption attempt (browser-ie.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:16033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed content attempt (browser-ie.rules)
 * 1:16035 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules)
 * 1:16036 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products QueryInterface method memory corruption attempt (browser-firefox.rules)
 * 1:16037 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products graphics and XML features integer overflows attempt (browser-firefox.rules)
 * 1:16039 <-> DISABLED <-> SERVER-OTHER EMC Dantz Retrospect Backup Agent denial of service attempt (server-other.rules)
 * 1:16041 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime FLIC animation file buffer overflow attempt (file-multimedia.rules)
 * 1:16042 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers CSS moz-binding cross domain scripting attempt (browser-firefox.rules)
 * 1:16045 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules)
 * 1:16046 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia file format processing heap corruption attempt (file-multimedia.rules)
 * 1:16047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox layout frame constructor memory corruption attempt (browser-firefox.rules)
 * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16052 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules)
 * 1:16054 <-> DISABLED <-> FILE-IMAGE Apple QuickTime bitmap multiple header overflow (file-image.rules)
 * 1:16055 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes AAC file handling integer overflow attempt (file-multimedia.rules)
 * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules)
 * 1:16059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules)
 * 1:16060 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server memory exception attempt (server-other.rules)
 * 1:16061 <-> DISABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules)
 * 1:16063 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isindex buffer overflow attempt (browser-ie.rules)
 * 1:16064 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onBeforeUnload address bar spoofing attempt (browser-ie.rules)
 * 1:16065 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location.replace memory corruption attempt (browser-ie.rules)
 * 1:16066 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server driver crafted SMB data denial of service (os-windows.rules)
 * 1:16067 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules)
 * 1:16069 <-> DISABLED <-> SERVER-OTHER IBM Informix server argument processing overflow attempt (server-other.rules)
 * 1:16070 <-> DISABLED <-> FILE-OTHER X.org PCF parsing buffer overflow attempt (file-other.rules)
 * 1:16071 <-> DISABLED <-> SERVER-OTHER CA ARCServe Backup Discovery Service denial of service attempt (server-other.rules)
 * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules)
 * 1:16075 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules)
 * 1:16079 <-> DISABLED <-> SERVER-WEBAPP uselang code injection (server-webapp.rules)
 * 1:16083 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp request (protocol-rpc.rules)
 * 1:16087 <-> DISABLED <-> FILE-OTHER Multiple vendor AV gateway virus detection bypass attempt (file-other.rules)
 * 1:16089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules)
 * 1:16090 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Core XML core services XMLHTTP control open method code execution attempt (browser-plugins.rules)
 * 1:16091 <-> DISABLED <-> SERVER-OTHER Macromedia Flash Media Server administration service denial of service attempt (server-other.rules)
 * 1:16142 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PKCS11 module installation code execution attempt (browser-firefox.rules)
 * 1:16143 <-> DISABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:16145 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules)
 * 1:16147 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS malformed URL .dll denial of service attempt (server-iis.rules)
 * 1:16148 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime and iTunes heap memory corruption attempt (file-multimedia.rules)
 * 1:16169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules)
 * 1:16187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules)
 * 1:16188 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules)
 * 1:16189 <-> DISABLED <-> SERVER-ORACLE Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection attempt (server-oracle.rules)
 * 1:16190 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server property_box.php command injection attempt (server-oracle.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)
 * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules)
 * 1:16197 <-> DISABLED <-> SERVER-OTHER OpenLDAP ber_get_next BER decoding denial of service attempt (server-other.rules)
 * 1:16199 <-> DISABLED <-> SERVER-MAIL SpamAssassin long message header denial of service attempt (server-mail.rules)
 * 1:16200 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox command line URL shell command injection attempt (browser-firefox.rules)
 * 1:16201 <-> DISABLED <-> SERVER-MAIL Ipswitch Collaboration Suite SMTP format string exploit attempt (server-mail.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules)
 * 1:16206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS server spoofing attempt (os-windows.rules)
 * 1:16207 <-> DISABLED <-> SERVER-WEBAPP MIT Kerberos V% KAdminD klog_vsyslog server overflow attempt (server-webapp.rules)
 * 1:16208 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Distributed Management Objects overflow attempt (server-mssql.rules)
 * 1:17534 <-> DISABLED <-> SERVER-OTHER IPP Application Content (server-other.rules)
 * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules)
 * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules)
 * 1:17538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules)
 * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules)
 * 1:17541 <-> DISABLED <-> FILE-OTHER Avast Antivirus Engine Remote LHA buffer overflow attempt (file-other.rules)
 * 1:17542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules)
 * 1:17543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Column record handling memory corruption attempt (file-office.rules)
 * 1:17544 <-> DISABLED <-> SERVER-OTHER Wireshark LWRES Dissector getaddrsbyname buffer overflow attempt (server-other.rules)
 * 1:17545 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules)
 * 1:17547 <-> DISABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules)
 * 1:17548 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL File Handling Integer Overflow attempt (file-multimedia.rules)
 * 1:17550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Font Parsing Buffer Overflow attempt (file-office.rules)
 * 1:17551 <-> DISABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules)
 * 1:17552 <-> DISABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules)
 * 1:17553 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Font Name Buffer Overflow attempt (file-other.rules)
 * 1:17555 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX exploit attempt (browser-plugins.rules)
 * 1:17556 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:17558 <-> DISABLED <-> FILE-IMAGE CUPS Gif Decoding Routine Buffer Overflow attempt (file-image.rules)
 * 1:17559 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (file-other.rules)
 * 1:17560 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules)
 * 1:17561 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR Overly Long Filename Code Execution attempt (file-multimedia.rules)
 * 1:17562 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt (file-java.rules)
 * 1:17563 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow (file-java.rules)
 * 1:17564 <-> DISABLED <-> SERVER-IIS WebDAV Request Directory Security Bypass attempt (server-iis.rules)
 * 1:17565 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 File Handling Memory Corruption attempt (file-office.rules)
 * 1:17566 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handler memory corruption attempt (browser-ie.rules)
 * 1:17567 <-> DISABLED <-> SERVER-OTHER LANDesk Management Suite Alerting Service buffer overflow attempt (server-other.rules)
 * 1:17569 <-> DISABLED <-> SERVER-OTHER BEA Weblogic Admin Console Cross Site Scripting Vulnerability attempt (server-other.rules)
 * 1:17571 <-> DISABLED <-> BROWSER-PLUGINS obfuscated instantiation of ActiveX object - likely malicious (browser-plugins.rules)
 * 1:17572 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services cross-site information disclosure attempt (os-windows.rules)
 * 1:17573 <-> DISABLED <-> FILE-MULTIMEDIA ffdshow codec URL parsing buffer overflow attempt (file-multimedia.rules)
 * 1:17574 <-> DISABLED <-> FILE-OFFICE Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (file-office.rules)
 * 1:17575 <-> DISABLED <-> BROWSER-PLUGINS SizerOne 2 ActiveX clsid access (browser-plugins.rules)
 * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules)
 * 1:17578 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules)
 * 1:17579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing Record msofbtOPT Code Execution attempt (file-office.rules)
 * 1:17580 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules)
 * 1:17581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules)
 * 1:17582 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton AntiVirus CcErrDisp ActiveX function call access (browser-plugins.rules)
 * 1:17584 <-> DISABLED <-> SERVER-ORACLE UTL_FILE directory traversal attempt (server-oracle.rules)
 * 1:17585 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer possible javascript onunload event memory corruption (browser-ie.rules)
 * 1:17586 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start malicious parameter value (file-java.rules)
 * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:17590 <-> DISABLED <-> SERVER-ORACLE DBMS_ASSERT.simple_sql_name double quote SQL injection attempt (server-oracle.rules)
 * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules)
 * 1:17596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft ciodm.dll ActiveX clsid access (browser-plugins.rules)
 * 1:17597 <-> DISABLED <-> SERVER-WEBAPP TikiWiki jhot.php script file upload attempt (server-webapp.rules)
 * 1:17598 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules)
 * 1:17599 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database rdbname denial of service attempt (server-other.rules)
 * 1:17600 <-> DISABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules)
 * 1:17601 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules)
 * 1:17602 <-> DISABLED <-> FILE-OTHER ClamAV antivirus CHM file handling DOS (file-other.rules)
 * 1:17603 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules)
 * 1:17604 <-> DISABLED <-> SERVER-OTHER Oracle Java AWT ConvolveOp memory corruption attempt (server-other.rules)
 * 1:17605 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules)
 * 1:17606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules)
 * 1:17607 <-> DISABLED <-> SERVER-OTHER Xi Software Net Transport eDonkey Protocol Buffer Overflow attempt (server-other.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:17610 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules)
 * 1:17611 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules)
 * 1:17612 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules)
 * 1:17613 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:17614 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX clsid access (browser-plugins.rules)
 * 1:17616 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX function call access (browser-plugins.rules)
 * 1:17618 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hraphics engine EMF rendering vulnerability (os-windows.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:17620 <-> ENABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules)
 * 1:17622 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object reference memory corruption attempt (browser-ie.rules)
 * 1:17623 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules)
 * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules)
 * 1:17629 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules)
 * 1:17630 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products CSSValue array memory corruption attempt (browser-firefox.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:17633 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-other.rules)
 * 1:17635 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian overflow attempt (netbios.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:17639 <-> DISABLED <-> SERVER-SAMBA Samba Root File System access bypass attempt (server-samba.rules)
 * 1:17640 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opnum 43 overflow attempt (netbios.rules)
 * 1:17641 <-> DISABLED <-> FILE-PDF CUPS and Xpdf JBIG2 symbol dictionary buffer overflow attempt (file-pdf.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:17645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS strings parsing memory corruption attempt (browser-ie.rules)
 * 1:17649 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word array data handling buffer overflow attempt (file-office.rules)
 * 1:16469 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules)
 * 1:16470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules)
 * 1:16471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules)
 * 1:16473 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules)
 * 1:16474 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:16482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules)
 * 1:16490 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:16492 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari inline text box use after free attempt (browser-webkit.rules)
 * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt - TrueType (browser-firefox.rules)
 * 1:16502 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt - CFF-based (browser-firefox.rules)
 * 1:16503 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules)
 * 1:16506 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (browser-ie.rules)
 * 1:16507 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt (browser-ie.rules)
 * 1:16508 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 non-IE8 compatibility mode htmltime remote code execution attempt (browser-ie.rules)
 * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules)
 * 1:16511 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by ProgID (browser-plugins.rules)
 * 1:16512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed span/div html document heap corruption attempt (browser-ie.rules)
 * 1:16514 <-> DISABLED <-> PUA-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (pua-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16516 <-> DISABLED <-> SERVER-ORACLE Database sys.olapimpl_t package odcitablestart overflow attempt (server-oracle.rules)
 * 1:16517 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules)
 * 1:16518 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules)
 * 1:16519 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules)
 * 1:16520 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules)
 * 1:16522 <-> DISABLED <-> SERVER-OTHER Novell QuickFinder server cross-site-scripting attempt (server-other.rules)
 * 1:16524 <-> DISABLED <-> PROTOCOL-FTP ProFTPD username sql injection attempt (protocol-ftp.rules)
 * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:16537 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (browser-plugins.rules)
 * 1:16540 <-> DISABLED <-> OS-WINDOWS SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:16541 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Service stack overflow attempt (os-windows.rules)
 * 1:16542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:16543 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player codec code execution attempt (file-multimedia.rules)
 * 1:16545 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules)
 * 1:16549 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - npruntime-scriptable-plugin (file-other.rules)
 * 1:16554 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules)
 * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules)
 * 1:16560 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS attempt (server-webapp.rules)
 * 1:16574 <-> DISABLED <-> BROWSER-PLUGINS obfuscated ActiveX object instantiation via fromCharCode (browser-plugins.rules)
 * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules)
 * 1:16589 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules)
 * 1:16593 <-> DISABLED <-> FILE-OFFICE Microsoft VBE6.dll stack corruption attempt (file-office.rules)
 * 1:16595 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail remote code execution attempt (server-mail.rules)
 * 1:16596 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari information disclosure and remote code execution attempt (browser-webkit.rules)
 * 1:16597 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent Email address processing buffer overflow attempt (server-mail.rules)
 * 1:16603 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Linux malformed U3D mesh deceleration block exploit attempt (file-pdf.rules)
 * 1:16605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested SPAN tag memory corruption attempt (browser-ie.rules)
 * 1:16606 <-> DISABLED <-> SERVER-ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (server-oracle.rules)
 * 1:16631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after remove attempt (browser-webkit.rules)
 * 1:16632 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after reparent attempt (browser-webkit.rules)
 * 1:16633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader File containing Flash use-after-free attack attempt (file-pdf.rules)
 * 1:16634 <-> DISABLED <-> FILE-FLASH Adobe Flash use-after-free attack attempt (file-flash.rules)
 * 1:16635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules)
 * 1:16637 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer security zone restriction bypass attempt (browser-ie.rules)
 * 1:16638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules)
 * 1:16639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules)
 * 1:16640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules)
 * 1:16641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules)
 * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules)
 * 1:16643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules)
 * 1:16644 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules)
 * 1:16645 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules)
 * 1:16646 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record stack buffer overflow attempt (file-office.rules)
 * 1:16647 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 2 (file-office.rules)
 * 1:16648 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 1 (file-office.rules)
 * 1:16650 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 1 (file-office.rules)
 * 1:16651 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (file-office.rules)
 * 1:16652 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (file-office.rules)
 * 1:16653 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (file-office.rules)
 * 1:16654 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules)
 * 1:16656 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 ExternSheet record stack overflow attempt (file-office.rules)
 * 1:16657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DBQueryExt record memory corruption attempt (file-office.rules)
 * 1:16659 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style sheet array memory corruption attempt (browser-ie.rules)
 * 1:16660 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt (server-webapp.rules)
 * 1:16661 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules)
 * 1:16664 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader authplay.dll vulnerability exploit attempt (file-pdf.rules)
 * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules)
 * 1:16666 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari window.parent.close unspecified remote code execution vulnerability (browser-webkit.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16671 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access ActiveX exploit attempt (browser-plugins.rules)
 * 1:16672 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX control buffer overflow attempt (browser-plugins.rules)
 * 1:16673 <-> DISABLED <-> FILE-OTHER Adobe Shockwave DIR file PAMI chunk code execution attempt (file-other.rules)
 * 1:16674 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:16675 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX control access (browser-plugins.rules)
 * 1:16676 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules)
 * 1:16677 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules)
 * 1:16683 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp CAF file processing integer overflow attempt (file-multimedia.rules)
 * 1:16684 <-> DISABLED <-> SERVER-SAMBA Samba smbd Session Setup AndX security blob length dos attempt (server-samba.rules)
 * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules)
 * 1:16688 <-> DISABLED <-> SERVER-OTHER iscsi target format string code execution attempt (server-other.rules)
 * 1:16694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP request denial of service attempt (server-other.rules)
 * 1:16699 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules)
 * 1:16700 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules)
 * 1:16701 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules)
 * 1:16702 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules)
 * 1:16703 <-> DISABLED <-> SERVER-MYSQL Database COM_FIELD_LIST Buffer Overflow attempt (server-mysql.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16709 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETERS empty DataConvertBuffer header denial of service attempt (server-other.rules)
 * 1:16710 <-> DISABLED <-> SERVER-OTHER Oracle BEA Weblogic server console-help.portal cross-site scripting attempt (server-other.rules)
 * 1:16716 <-> DISABLED <-> FILE-IMAGE Oracle Java Web Start Splashscreen PNG processing buffer overflow attempt (file-image.rules)
 * 1:16717 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Enterprise Search search_p_groups cross-site scripting attempt (server-oracle.rules)
 * 1:16719 <-> DISABLED <-> FILE-OTHER CA multiple product AV engine CAB header parsing stack overflow attempt (file-other.rules)
 * 1:1672 <-> DISABLED <-> PROTOCOL-FTP CWD ~ attempt (protocol-ftp.rules)
 * 1:16720 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player TY processing buffer overflow attempt (file-multimedia.rules)
 * 1:16721 <-> DISABLED <-> FILE-OTHER Orbital Viewer .orb stack buffer overflow attempt (file-other.rules)
 * 1:16722 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules)
 * 1:16723 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules)
 * 1:16724 <-> DISABLED <-> OS-LINUX Linux kernel sctp_process_unk_param SCTPChunkInit buffer overflow attempt (os-linux.rules)
 * 1:16746 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX clsid access (browser-plugins.rules)
 * 1:16752 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules)
 * 1:16753 <-> DISABLED <-> SERVER-WEBAPP VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (server-webapp.rules)
 * 1:16754 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules)
 * 1:16755 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules)
 * 1:16756 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules)
 * 1:16757 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules)
 * 1:16763 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX attempt (netbios.rules)
 * 1:16765 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode attempt (netbios.rules)
 * 1:16772 <-> ENABLED <-> BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX clsid access (browser-plugins.rules)
 * 1:16788 <-> DISABLED <-> SERVER-OTHER RealVNC VNC Server ClientCutText message memory corruption attempt (server-other.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules)
 * 1:16800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:17034 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt  (file-office.rules)
 * 1:17035 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt  (file-office.rules)
 * 1:17036 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt  (file-office.rules)
 * 1:17037 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Access multiple control instantiation memory corruption attempt (browser-plugins.rules)
 * 1:17038 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 1 (file-office.rules)
 * 1:17039 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 2 (file-office.rules)
 * 1:17042 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules)
 * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17051 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access (browser-plugins.rules)
 * 1:17055 <-> DISABLED <-> SERVER-ORACLE Oracle Database DBMS TNS Listener denial of service attempt (server-oracle.rules)
 * 1:17056 <-> DISABLED <-> NETBIOS Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (netbios.rules)
 * 1:17057 <-> DISABLED <-> NETBIOS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (netbios.rules)
 * 1:17092 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX clsid access (browser-plugins.rules)
 * 1:17094 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX function call access (browser-plugins.rules)
 * 1:17103 <-> DISABLED <-> SERVER-IIS IIS 5.1 alternate data stream authentication bypass attempt (server-iis.rules)
 * 1:17107 <-> DISABLED <-> SERVER-APACHE Apache Tomcat JK Web Server Connector long URL stack overflow attempt - 1 (server-apache.rules)
 * 1:17111 <-> DISABLED <-> INDICATOR-OBFUSCATION known JavaScript obfuscation routine (indicator-obfuscation.rules)
 * 1:17113 <-> ENABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource redefine flowbit (os-windows.rules)
 * 1:17114 <-> DISABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource remote code execution attempt (os-windows.rules)
 * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules)
 * 1:17117 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-multimedia.rules)
 * 1:17119 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority SPRM overflow attempt (file-office.rules)
 * 1:17120 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules)
 * 1:17121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules)
 * 1:17122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules)
 * 1:17123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format invalid field size memory corruption attempt (file-office.rules)
 * 1:17124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed table record memory corruption attempt (file-office.rules)
 * 1:17128 <-> DISABLED <-> FILE-MULTIMEDIA Cinepak Codec VIDC decompression remote code execution attempt (file-multimedia.rules)
 * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules)
 * 1:17130 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer boundElements arbitrary code execution (browser-ie.rules)
 * 1:17131 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (browser-ie.rules)
 * 1:17132 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access attempt (browser-ie.rules)
 * 1:17133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules)
 * 1:17134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules)
 * 1:17135 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules)
 * 1:17137 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center information disclosure attempt (server-webapp.rules)
 * 1:17138 <-> DISABLED <-> SERVER-OTHER iSCSI target multiple implementations iSNS stack buffer overflow attempt (server-other.rules)
 * 1:17139 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System HNDLRSVC arbitrary command execution attempt (server-other.rules)
 * 1:17140 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules)
 * 1:17143 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1 (file-image.rules)
 * 1:17144 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (file-image.rules)
 * 1:17145 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ASL file processing buffer overflow attempt (file-image.rules)
 * 1:17146 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 GRD file processing buffer overflow attempt (file-image.rules)
 * 1:17147 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt (file-image.rules)
 * 1:17148 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 1 (file-multimedia.rules)
 * 1:17149 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 2 (file-multimedia.rules)
 * 1:17150 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 3 (file-multimedia.rules)
 * 1:17151 <-> DISABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules)
 * 1:17152 <-> DISABLED <-> SERVER-SAMBA Samba smbd flags2 header parsing denial of service attempt (server-samba.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:17155 <-> DISABLED <-> SERVER-OTHER Multiple vendors OPIE off-by-one stack buffer overflow attempt (server-other.rules)
 * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules)
 * 1:17157 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 1 (server-webapp.rules)
 * 1:17158 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 2 (server-webapp.rules)
 * 1:17159 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 3 (server-webapp.rules)
 * 1:17160 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio LtXmlComHelp8.dll ActiveX OpenFile buffer overflow attempt (browser-plugins.rules)
 * 1:17161 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX clsid access (browser-plugins.rules)
 * 1:17163 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX function call access (browser-plugins.rules)
 * 1:17165 <-> DISABLED <-> BROWSER-OTHER Opera browser document writing uninitialized memory access attempt (browser-other.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules)
 * 1:17191 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules)
 * 1:17194 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC tag exploit attempt (file-other.rules)
 * 1:17202 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules)
 * 1:17207 <-> DISABLED <-> SERVER-OTHER IBM Cognos Server backdoor account remote code execution attempt (server-other.rules)
 * 1:17208 <-> DISABLED <-> SERVER-OTHER Squid Proxy HTCP packet processing denial of service attempt (server-other.rules)
 * 1:17209 <-> ENABLED <-> SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow (sql.rules)
 * 1:17210 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file load from SMB share attempt (file-executable.rules)
 * 1:17211 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime marshaled punk remote code execution (file-multimedia.rules)
 * 1:17212 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript eval arbitrary code execution attempt (browser-firefox.rules)
 * 1:17214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:17215 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:17219 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules)
 * 1:17223 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToURL cross-site scripting attempt (file-flash.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17225 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon WorldClient invalid user (server-other.rules)
 * 1:17227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules)
 * 1:17229 <-> DISABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:17231 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules)
 * 1:17232 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules)
 * 1:17233 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:17238 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XBM file handling buffer overflow attempt (file-other.rules)
 * 1:17239 <-> ENABLED <-> SERVER-MAIL Multiple IMAP server CREATE command buffer overflow attempt (server-mail.rules)
 * 1:17241 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules)
 * 1:17243 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 krb5_recvauth double free attempt (server-other.rules)
 * 1:17244 <-> DISABLED <-> FILE-OTHER Antivirus ACE file handling buffer overflow attempt (file-other.rules)
 * 1:17245 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox image dragging exploit attempt (browser-firefox.rules)
 * 1:17250 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules)
 * 1:17252 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler arbitrary file write attempt (os-windows.rules)
 * 1:17254 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules)
 * 1:17256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows uniscribe fonts parsing memory corruption attempt (os-windows.rules)
 * 1:17258 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree element code execution attempt (browser-firefox.rules)
 * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules)
 * 1:17260 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules)
 * 1:17261 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules)
 * 1:17264 <-> DISABLED <-> SERVER-ORACLE Permission declaration exploit attempt (server-oracle.rules)
 * 1:17265 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin access control bypass attempt (browser-firefox.rules)
 * 1:17266 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules)
 * 1:17268 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sidebar panel arbitrary code execution attempt (browser-firefox.rules)
 * 1:17270 <-> DISABLED <-> SERVER-ORACLE DBMS_METADATA Package SQL Injection attempt (server-oracle.rules)
 * 1:17271 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Web View script injection attempt (file-office.rules)
 * 1:17273 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules)
 * 1:17274 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules)
 * 1:17275 <-> DISABLED <-> SERVER-MAIL Symantec Brightmail AntiSpam nested Zip handling denial of service attempt (server-mail.rules)
 * 1:17276 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules)
 * 1:17279 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules)
 * 1:17281 <-> DISABLED <-> FILE-OTHER Panda Antivirus ZOO archive decompression buffer overflow attempt (file-other.rules)
 * 1:17282 <-> DISABLED <-> SERVER-OTHER Panda Antivirus ZOO archive decompression buffer overflow attempt (server-other.rules)
 * 1:17283 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules)
 * 1:17284 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed routing slip code execution attempt (file-office.rules)
 * 1:17285 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PPT file parsing memory corruption attempt (file-office.rules)
 * 1:17286 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic for Applications document properties overflow attempt (file-other.rules)
 * 1:17287 <-> DISABLED <-> SERVER-WEBAPP Cisco IOS HTTP service HTML injection attempt (server-webapp.rules)
 * 1:17289 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules)
 * 1:17291 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded uri data object found (indicator-obfuscation.rules)
 * 1:17292 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed data record code execution attempt (file-office.rules)
 * 1:17293 <-> DISABLED <-> SERVER-ORACLE sdo_lrs.convert_to_lrs_layer buffer overflow attempt (server-oracle.rules)
 * 1:17294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NAT Helper DNS query denial of service attempt (os-windows.rules)
 * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules)
 * 1:17297 <-> DISABLED <-> SERVER-OTHER McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt (server-other.rules)
 * 1:17298 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Monitoring Express Universal Agent Buffer Overflow (server-other.rules)
 * 1:17299 <-> DISABLED <-> SERVER-OTHER ISC BIND RRSIG query denial of service attempt (server-other.rules)
 * 1:17301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules)
 * 1:17302 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules)
 * 1:17303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clone object memory corruption attempt (browser-ie.rules)
 * 1:17304 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section header index table stack overflow attempt (file-office.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:17306 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine file processing denial of service attempt (os-windows.rules)
 * 1:17307 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server INSERT Statement Buffer Overflow attempt (server-mssql.rules)
 * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:17309 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules)
 * 1:17310 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules)
 * 1:17312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (browser-ie.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules)
 * 1:17315 <-> DISABLED <-> FILE-OFFICE OpenOffice OLE file stream buffer overflow attempt (file-office.rules)
 * 1:17317 <-> DISABLED <-> SERVER-OTHER OpenSSH sshd identical blocks DoS attempt (server-other.rules)
 * 1:17318 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules)
 * 1:17321 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters name overflow attempt (netbios.rules)
 * 1:17322 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder (indicator-shellcode.rules)
 * 1:17324 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Linux reverse connect shellcode (indicator-shellcode.rules)
 * 1:17325 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder variant (indicator-shellcode.rules)
 * 1:17326 <-> DISABLED <-> SERVER-OTHER Citrix Program Neighborhood Client buffer overflow attempt (server-other.rules)
 * 1:17327 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules)
 * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules)
 * 1:17329 <-> DISABLED <-> PROTOCOL-FTP EPRT overflow attempt (protocol-ftp.rules)
 * 1:17330 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GRE WMF Handling Memory Read Exception attempt (file-image.rules)
 * 1:17331 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML Speed Reader Long URL buffer overflow attempt (server-mail.rules)
 * 1:17332 <-> DISABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules)
 * 1:17333 <-> DISABLED <-> SERVER-MAIL Lotus Notes Attachment Viewer UUE file buffer overflow attempt (server-mail.rules)
 * 1:17334 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules)
 * 1:17335 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip byte xor decoder (indicator-shellcode.rules)
 * 1:17336 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic call geteip byte xor decoder (indicator-shellcode.rules)
 * 1:17337 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Win32 export table enumeration variant (indicator-shellcode.rules)
 * 1:17338 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Windows 32-bit SEH get EIP technique (indicator-shellcode.rules)
 * 1:17339 <-> DISABLED <-> INDICATOR-SHELLCODE x86 generic OS alpha numeric mixed case decoder (indicator-shellcode.rules)
 * 1:1734 <-> DISABLED <-> PROTOCOL-FTP USER overflow attempt (protocol-ftp.rules)
 * 1:17340 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder (indicator-shellcode.rules)
 * 1:17341 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha UTF8 tolower avoidance decoder (indicator-shellcode.rules)
 * 1:17342 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed case decoder (indicator-shellcode.rules)
 * 1:17343 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode upper case decoder (indicator-shellcode.rules)
 * 1:17344 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic xor dword decoder (indicator-shellcode.rules)
 * 1:17345 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic dword additive feedback decoder (indicator-shellcode.rules)
 * 1:17346 <-> DISABLED <-> SERVER-OTHER IBM Lotus Notes Cross Site Scripting attempt (server-other.rules)
 * 1:17347 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules)
 * 1:17350 <-> DISABLED <-> SERVER-ORACLE Application Server Forms Arbitrary System Command Execution Attempt (server-oracle.rules)
 * 1:17351 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp ID3v2 Tag Handling Buffer Overflow attempt (file-other.rules)
 * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules)
 * 1:17353 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd Daemon Arbitrary File Deletion attempt (os-solaris.rules)
 * 1:17354 <-> DISABLED <-> SERVER-APACHE Apache Byte-Range Filter denial of service attempt (server-apache.rules)
 * 1:17356 <-> DISABLED <-> FILE-OTHER NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow attempt (file-other.rules)
 * 1:17357 <-> DISABLED <-> PUA-OTHER AOL GAIM AIM-ICQ Protocol Handling buffer overflow attempt (pua-other.rules)
 * 1:17358 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Buffer Overflow attempt (file-executable.rules)
 * 1:17359 <-> DISABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules)
 * 1:17360 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBM image processing buffer overflow attempt (browser-firefox.rules)
 * 1:17361 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF Catalog Handling denial of service attempt (file-pdf.rules)
 * 1:17362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel IMDATA buffer overflow attempt (file-office.rules)
 * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:17364 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules)
 * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules)
 * 1:17366 <-> DISABLED <-> FILE-OTHER Microsoft Help Workshop HPJ OPTIONS section buffer overflow attempt (file-other.rules)
 * 1:17368 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document stream handling code execution attempt (file-office.rules)
 * 1:17369 <-> DISABLED <-> SERVER-MAIL MailEnable service APPEND command handling buffer overflow attempt (server-mail.rules)
 * 1:17370 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules)
 * 1:17372 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom parsing heap overflow vulnerability (file-multimedia.rules)
 * 1:17373 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules)
 * 1:17376 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Expeditor cai URI handler command execution attempt (server-webapp.rules)
 * 1:17377 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17380 <-> DISABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules)
 * 1:17381 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime PDAT Atom parsing buffer overflow attempt (file-multimedia.rules)
 * 1:17382 <-> DISABLED <-> FILE-OTHER Microsoft Project Invalid Memory Pointer Code Execution attempt (file-other.rules)
 * 1:17383 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Object Handler Validation Code Execution attempted (file-office.rules)
 * 1:17387 <-> DISABLED <-> SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt (server-apache.rules)
 * 1:17389 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMNodeRemoved attack attempt (browser-firefox.rules)
 * 1:17390 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules)
 * 1:17391 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform backslash directory traversal (server-apache.rules)
 * 1:17392 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var shellcode (indicator-shellcode.rules)
 * 1:17393 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var heapspray (indicator-shellcode.rules)
 * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules)
 * 1:17395 <-> DISABLED <-> FILE-IMAGE Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt (file-image.rules)
 * 1:17396 <-> DISABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17400 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules)
 * 1:17401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt - unescaped (browser-ie.rules)
 * 1:17402 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules)
 * 1:17403 <-> DISABLED <-> FILE-OFFICE OpenOffice RTF File parsing heap buffer overflow attempt (file-office.rules)
 * 1:17404 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules)
 * 1:17407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules)
 * 1:17408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Targa image file heap overflow attempt (os-windows.rules)
 * 1:17409 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products IDN Spoofing Vulnerability Attempt (browser-firefox.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:17411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDF cross-domain scripting attempt (browser-ie.rules)
 * 1:17412 <-> DISABLED <-> SERVER-MYSQL create function mysql.func arbitrary library injection attempt (server-mysql.rules)
 * 1:17414 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules)
 * 1:17416 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules)
 * 1:17418 <-> DISABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules)
 * 1:17419 <-> DISABLED <-> SERVER-ORACLE Oracle database SQL compiler read-only join auth bypass attempt (server-oracle.rules)
 * 1:17420 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Arbitrary Shortcut Creation attempt (server-webapp.rules)
 * 1:17421 <-> DISABLED <-> FILE-OFFICE Microsoft OLE automation string manipulation overflow attempt (file-office.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:17423 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Buffer Overflow attempt (server-webapp.rules)
 * 1:17424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IconURL Arbitrary Javascript Execution attempt (browser-firefox.rules)
 * 1:17425 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer ActiveX Import playlist name buffer overflow attempt (browser-plugins.rules)
 * 1:17426 <-> DISABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules)
 * 1:17427 <-> DISABLED <-> SERVER-ORACLE Oracle database DBMS_Scheduler privilege escalation attempt (server-oracle.rules)
 * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules)
 * 1:17429 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules)
 * 1:17430 <-> DISABLED <-> FILE-PDF BitDefender Antivirus PDF processing memory corruption attempt (file-pdf.rules)
 * 1:17431 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS SChannel improper certificate verification (server-iis.rules)
 * 1:17432 <-> DISABLED <-> SERVER-WEBAPP Squid Gopher protocol handling buffer overflow attempt (server-webapp.rules)
 * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules)
 * 1:17434 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Unicode sequence handling stack corruption attempt (browser-firefox.rules)
 * 1:17435 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules)
 * 1:17436 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules)
 * 1:17437 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules)
 * 1:17438 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules)
 * 1:17439 <-> DISABLED <-> OS-WINDOWS Microsoft Distributed Transaction Controller TIP DoS attempt (os-windows.rules)
 * 1:17441 <-> DISABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules)
 * 1:17442 <-> DISABLED <-> FILE-OTHER Microsoft Windows download of .lnk file that executes cmd.exe detected (file-other.rules)
 * 1:17443 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft DirectShow AVI decoder buffer overflow attempt (file-multimedia.rules)
 * 1:17444 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules)
 * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:17448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability (browser-ie.rules)
 * 1:17449 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks patch management SQL injection attempt (server-webapp.rules)
 * 1:17450 <-> DISABLED <-> SERVER-WEBAPP CommuniGate Systems CommuniGate Pro LDAP Server buffer overflow attempt (server-webapp.rules)
 * 1:17457 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules)
 * 1:17458 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:17462 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer marquee object handling memory corruption attempt (browser-ie.rules)
 * 1:17463 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer File Download Dialog Box Manipulation (browser-ie.rules)
 * 1:17466 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX exploit attempt (browser-plugins.rules)
 * 1:17469 <-> DISABLED <-> FILE-MULTIMEDIA Mplayer Real Demuxer stream_read heap overflow attempt (file-multimedia.rules)
 * 1:17470 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules)
 * 1:17473 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.EXTEND_WINDOW arbitrary command execution attempt (server-oracle.rules)
 * 1:17481 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange and Outlook TNEF Decoding Integer Overflow attempt (server-mail.rules)
 * 1:17482 <-> DISABLED <-> BROWSER-FIREFOX Mozilla NNTP URL Handling Buffer Overflow attempt (browser-firefox.rules)
 * 1:17483 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns A record response denial of service attempt (protocol-dns.rules)
 * 1:17484 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns PTR record response denial of service attempt (protocol-dns.rules)
 * 1:17485 <-> DISABLED <-> PROTOCOL-DNS Symantec Gateway products DNS cache poisoning attempt (protocol-dns.rules)
 * 1:17486 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Chunked overflow attempt (server-webapp.rules)
 * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules)
 * 1:17488 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules)
 * 1:17490 <-> DISABLED <-> FILE-OTHER Microsoft Windows itss.dll CHM File Handling Heap Corruption attempt (file-other.rules)
 * 1:17491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word mso.dll LsCreateLine memory corruption attempt (file-office.rules)
 * 1:17492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules)
 * 1:17493 <-> DISABLED <-> FILE-OTHER ClamAV UPX FileHandling Heap overflow attempt (file-other.rules)
 * 1:17496 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules)
 * 1:17497 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules)
 * 1:17504 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Asset Management buffer overflow attempt (server-other.rules)
 * 1:17506 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules)
 * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules)
 * 1:17510 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Deploy file download request (file-identify.rules)
 * 1:17511 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Graphic Code Execution (file-office.rules)
 * 1:17515 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules)
 * 1:17517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:17520 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup DB Engine Denial of Service (server-other.rules)
 * 1:17521 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP processing buffer overflow attempt (server-other.rules)
 * 1:17522 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow (file-java.rules)
 * 1:17523 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime H.264 Movie File Buffer Overflow (file-multimedia.rules)
 * 1:17524 <-> DISABLED <-> SERVER-OTHER Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow (server-other.rules)
 * 1:17525 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 5.0 WebDav Request Directory Security Bypass (server-iis.rules)
 * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:17527 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow (file-multimedia.rules)
 * 1:17528 <-> DISABLED <-> SERVER-WEBAPP nginx URI parsing buffer overflow attempt (server-webapp.rules)
 * 1:17529 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp Server Arbitrary File Upload and Execute (server-webapp.rules)
 * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules)
 * 1:17531 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file JVTCompEncodeFrame heap overflow attempt (file-multimedia.rules)
 * 1:17532 <-> DISABLED <-> FILE-OFFICE Micrsoft Office Excel TXO and OBJ Records Parsing Stack Memory Corruption (file-office.rules)
 * 1:17533 <-> DISABLED <-> SERVER-APACHE Apache Struts Information Disclosure Attempt (server-apache.rules)
 * 1:19112 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D stucture heap overflow (file-other.rules)
 * 1:19113 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 81 overflow attempt (file-other.rules)
 * 1:19114 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 45 overflow attempt (file-other.rules)
 * 1:19115 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 89 overflow attempt (file-other.rules)
 * 1:19116 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules)
 * 1:19117 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D integer overflow (file-pdf.rules)
 * 1:19118 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader script injection vulnerability (file-pdf.rules)
 * 1:19119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver remote code execution attempt (os-windows.rules)
 * 1:19120 <-> DISABLED <-> SERVER-OTHER IBM Informix DBINFO stack buffer overflow (server-other.rules)
 * 1:19121 <-> DISABLED <-> SERVER-OTHER IBM Informix EXPLAIN stack buffer overflow attempt (server-other.rules)
 * 1:19124 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules)
 * 1:19126 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules)
 * 1:19127 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules)
 * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:19130 <-> DISABLED <-> FILE-IMAGE Microsoft Windows MSPaint jpeg with malformed SOFx field exploit attempt (file-image.rules)
 * 1:19131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules)
 * 1:19132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules)
 * 1:19133 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules)
 * 1:19134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules)
 * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules)
 * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules)
 * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:19141 <-> DISABLED <-> FILE-OFFICE Microsoft Access Wizard control memory corruption ActiveX clsid access (file-office.rules)
 * 1:19142 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager IMAdminScheduleReport.asp SQL injection attempt (server-webapp.rules)
 * 1:19143 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules)
 * 1:19144 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules)
 * 1:19145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules)
 * 1:19146 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules)
 * 1:19147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules)
 * 1:19148 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player SWF file MP4 data parsing memory corruption attempt (file-multimedia.rules)
 * 1:19149 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules)
 * 1:19150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules)
 * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules)
 * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules)
 * 1:19153 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed index code execution attempt (file-office.rules)
 * 1:19154 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray parsing attempt (file-office.rules)
 * 1:19155 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector Media Operations SignInName Parameter overflow attempt (server-webapp.rules)
 * 1:19156 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules)
 * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules)
 * 1:19159 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager RDS attempt (server-other.rules)
 * 1:19160 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules)
 * 1:19161 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules)
 * 1:19162 <-> DISABLED <-> SERVER-ORACLE get_domain_index_metadata privilege escalation attempt (server-oracle.rules)
 * 1:19163 <-> DISABLED <-> SERVER-ORACLE get_v2_domain_index_tables privilege escalation attempt (server-oracle.rules)
 * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:19167 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk UDPTL processing overflow attempt (protocol-voip.rules)
 * 1:19168 <-> DISABLED <-> SERVER-WEBAPP Oracle GoldenGate Veridata Server soap request overflow attempt (server-webapp.rules)
 * 1:19169 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt (file-multimedia.rules)
 * 1:1917 <-> DISABLED <-> INDICATOR-SCAN UPnP service discover attempt (indicator-scan.rules)
 * 1:19170 <-> ENABLED <-> FILE-OTHER Microsoft Windows .NET Framework XAML browser applications stack corruption (file-other.rules)
 * 1:19171 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules)
 * 1:19172 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules)
 * 1:19173 <-> ENABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19174 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista feed headlines cross-site scripting attack attempt (os-windows.rules)
 * 1:19180 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules)
 * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules)
 * 1:19182 <-> DISABLED <-> SERVER-OTHER strongSwan Certificate and Identification payload overflow attempt (server-other.rules)
 * 1:19183 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules)
 * 1:19184 <-> ENABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules)
 * 1:19186 <-> DISABLED <-> OS-WINDOWS Microsoft Certification service XSS attempt (os-windows.rules)
 * 1:19192 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules)
 * 1:19193 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX clsid access (browser-plugins.rules)
 * 1:19194 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules)
 * 1:19195 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules)
 * 1:19196 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ATMFD Adobe font driver remote code execution attempt (os-windows.rules)
 * 1:19197 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX clsid access (browser-plugins.rules)
 * 1:19198 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules)
 * 1:19201 <-> DISABLED <-> SQL waitfor delay function - possible SQL injection attempt (sql.rules)
 * 1:19202 <-> DISABLED <-> SQL declare varchar - possible SQL injection attempt (sql.rules)
 * 1:19203 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules)
 * 1:19204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules)
 * 1:19205 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules)
 * 1:19206 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules)
 * 1:19207 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System AMSSendAlertAck stack buffer overflow attempt (server-other.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19209 <-> ENABLED <-> SERVER-WEBAPP Symantec Alert Management System modem string buffer overflow attempt (server-webapp.rules)
 * 1:19210 <-> ENABLED <-> SERVER-OTHER IBM Informix Dynamic Server set environment buffer overflow attempt (server-other.rules)
 * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules)
 * 1:19213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server Mailing List Message Subject buffer overflow (server-mail.rules)
 * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules)
 * 1:19216 <-> ENABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19217 <-> ENABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:17650 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Key Strings Stack Buffer Overflow attempt (file-other.rules)
 * 1:17651 <-> DISABLED <-> FILE-OTHER Multiple AV vendor invalid archive checksum bypass attempt (file-other.rules)
 * 1:17653 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules)
 * 1:17655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed formula parsing code execution attempt (file-office.rules)
 * 1:17656 <-> DISABLED <-> SERVER-APACHE Apache HTTP server mod_rewrite module LDAP scheme handling buffer overflow attempt (server-apache.rules)
 * 1:17657 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup BPCD Daemon exploit attempt (server-other.rules)
 * 1:17658 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules)
 * 1:17659 <-> DISABLED <-> SERVER-ORACLE xdb.dbms_xmlschema buffer overflow attempt (server-oracle.rules)
 * 1:17660 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start arbitrary command execution attempt (server-other.rules)
 * 1:17661 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules)
 * 1:17662 <-> DISABLED <-> SERVER-OTHER VMware Workstation DHCP service integer overflow attempt (server-other.rules)
 * 1:17666 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer invalid chunk size heap overflow attempt (file-multimedia.rules)
 * 1:17668 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules)
 * 1:17669 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:17679 <-> DISABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:17680 <-> DISABLED <-> SERVER-OTHER ISC BIND DNSSEC Validation Multiple RRsets DoS (server-other.rules)
 * 1:17685 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules)
 * 1:17686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules)
 * 1:17687 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules)
 * 1:17688 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules)
 * 1:17689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules)
 * 1:17690 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:17692 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ExecWB security zone bypass attempt (browser-ie.rules)
 * 1:17698 <-> DISABLED <-> SERVER-MAIL RealNetworks RealPlayer wav chunk string overflow attempt in email (server-mail.rules)
 * 1:17701 <-> DISABLED <-> BROWSER-PLUGINS Office Viewer ActiveX arbitrary command execution attempt (browser-plugins.rules)
 * 1:17702 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrDfsCreateExitPoint dos attempt (os-windows.rules)
 * 1:17703 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup title bar spoofing attempt (browser-ie.rules)
 * 1:17704 <-> DISABLED <-> FILE-OTHER McAfee LHA file parsing buffer overflow attempt (file-other.rules)
 * 1:17705 <-> DISABLED <-> SERVER-IIS web agent chunked encoding overflow attempt (server-iis.rules)
 * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules)
 * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules)
 * 1:17708 <-> DISABLED <-> SERVER-OTHER VNC password request URL buffer overflow attempt (server-other.rules)
 * 1:17709 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules)
 * 1:17710 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules)
 * 1:17711 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASF parsing memory corruption attempt (os-windows.rules)
 * 1:17712 <-> DISABLED <-> OS-WINDOWS TFTP PUT Microsoft RIS filename overwrite attempt (os-windows.rules)
 * 1:17713 <-> DISABLED <-> SERVER-OTHER Novell NetMail NMAP STOR buffer overflow attempt (server-other.rules)
 * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules)
 * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules)
 * 1:17716 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules)
 * 1:17717 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML input tag buffer overflow attempt (server-mail.rules)
 * 1:17718 <-> DISABLED <-> SERVER-ORACLE Oracle MDSYS drop table trigger injection attempt (server-oracle.rules)
 * 1:17719 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules)
 * 1:17720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules)
 * 1:17721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules)
 * 1:17722 <-> DISABLED <-> SERVER-ORACLE XDB.XDB_PITRIG_PKG buffer overflow attempt (server-oracle.rules)
 * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules)
 * 1:17724 <-> DISABLED <-> OS-WINDOWS malicious ASP file upload attempt (os-windows.rules)
 * 1:17725 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules)
 * 1:17726 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules)
 * 1:17727 <-> DISABLED <-> FILE-OTHER Oracle JDK image parsing library ICC buffer overflow attempt (file-other.rules)
 * 1:17729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules)
 * 1:17730 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules)
 * 1:17731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request  (os-windows.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules)
 * 1:17734 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel REPT integer underflow attempt (file-office.rules)
 * 1:17738 <-> DISABLED <-> SERVER-OTHER Linux Kernel SNMP Netfilter Memory Corruption attempt (server-other.rules)
 * 1:17739 <-> DISABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules)
 * 1:17740 <-> DISABLED <-> FILE-IMAGE Apple Quicktime FlashPix processing overflow attempt (file-image.rules)
 * 1:17742 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules)
 * 1:17743 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF parsing memory corruption (file-office.rules)
 * 1:17746 <-> DISABLED <-> OS-WINDOWS SMB client TRANS response Find_First2 filename overflow attempt (os-windows.rules)
 * 1:17747 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed HDMX font processing integer overflow attempt (browser-ie.rules)
 * 1:17749 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v4 CAP_MKNOD security bypass attempt (protocol-rpc.rules)
 * 1:17750 <-> DISABLED <-> SERVER-IIS Microsoft IIS 7.5 client verify null pointer attempt (server-iis.rules)
 * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules)
 * 1:17753 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player network sharing service RTSP code execution attempt (file-multimedia.rules)
 * 1:17756 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (file-office.rules)
 * 1:17757 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel CrErr record integer overflow attempt (file-office.rules)
 * 1:17758 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules)
 * 1:17759 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid SerAr object exploit attempt (file-office.rules)
 * 1:17760 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules)
 * 1:17764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules)
 * 1:17766 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 XSS in toStaticHTML API attempt (browser-ie.rules)
 * 1:17767 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability (browser-ie.rules)
 * 1:17768 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 object event handler use after free exploit attempt (browser-ie.rules)
 * 1:17769 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 CSS invalid mapping exploit attempt (browser-ie.rules)
 * 1:17770 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules)
 * 1:17771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain information disclosure attempt (browser-ie.rules)
 * 1:17772 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet Component ActiveX clsid access (browser-plugins.rules)
 * 1:17777 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow (server-mail.rules)
 * 1:17778 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17803 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules)
 * 1:17804 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules)
 * 1:17806 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules)
 * 1:17807 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules)
 * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules)
 * 1:18065 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules)
 * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules)
 * 1:18067 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:18068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules)
 * 1:18069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Art drawing invalid shape identifier attempt (file-office.rules)
 * 1:18076 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG URL XSS alternate attempt (os-windows.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:18102 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules)
 * 1:18103 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 5yvod.net (blacklist.rules)
 * 1:18104 <-> DISABLED <-> BLACKLIST DNS request for known malware domain b.9s3.info (blacklist.rules)
 * 1:18106 <-> DISABLED <-> BLACKLIST DNS request for known malware domain e.msssm.com (blacklist.rules)
 * 1:18108 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phoroshop.es (blacklist.rules)
 * 1:18114 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.5fqq.com (blacklist.rules)
 * 1:18115 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajs2002.com (blacklist.rules)
 * 1:18116 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.bnbsoft.co.kr (blacklist.rules)
 * 1:18117 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cineseoul.com (blacklist.rules)
 * 1:18118 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.hao1345.com (blacklist.rules)
 * 1:18119 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ilbondrama.net (blacklist.rules)
 * 1:18120 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.iwebdy.net (blacklist.rules)
 * 1:18121 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.linzhiling123.com (blacklist.rules)
 * 1:18122 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.opusgame.com (blacklist.rules)
 * 1:18123 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.phoroshop.es (blacklist.rules)
 * 1:18124 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.sijianfeng.com (blacklist.rules)
 * 1:18125 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.tpydb.com (blacklist.rules)
 * 1:18127 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.univus.co.kr (blacklist.rules)
 * 1:18128 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.uwonderfull.com (blacklist.rules)
 * 1:18129 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.w22rt.com (blacklist.rules)
 * 1:18130 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.wwmei.com (blacklist.rules)
 * 1:18133 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.001zs.com (blacklist.rules)
 * 1:18134 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.551sf.com (blacklist.rules)
 * 1:18135 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.555hd.com (blacklist.rules)
 * 1:18136 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.66xihu.com (blacklist.rules)
 * 1:18137 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.9292cs.cn (blacklist.rules)
 * 1:18138 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.chateaulegend.com (blacklist.rules)
 * 1:18139 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.china-aoben.com (blacklist.rules)
 * 1:18140 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cqtjg.com (blacklist.rules)
 * 1:18141 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.dspenter.com (blacklist.rules)
 * 1:18142 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.eastadmin.com (blacklist.rules)
 * 1:18143 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp0755.cn (blacklist.rules)
 * 1:18144 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp0769.com (blacklist.rules)
 * 1:18145 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp360.net (blacklist.rules)
 * 1:18146 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.gdfp365.cn (blacklist.rules)
 * 1:18147 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.gev.cn (blacklist.rules)
 * 1:18148 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.haoleyou.com (blacklist.rules)
 * 1:18149 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.haosf08.com (blacklist.rules)
 * 1:18150 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.jxbaike.com (blacklist.rules)
 * 1:18151 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.kingsoftduba2009.com (blacklist.rules)
 * 1:18152 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.mainhu.com (blacklist.rules)
 * 1:18154 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.nc57.com (blacklist.rules)
 * 1:18155 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.pplog.cn (blacklist.rules)
 * 1:18156 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.pxflm.com (blacklist.rules)
 * 1:18157 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.quyou365.com (blacklist.rules)
 * 1:18158 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.shzhaotian.cn (blacklist.rules)
 * 1:18159 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.soanala.com (blacklist.rules)
 * 1:18160 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.stony-skunk.com (blacklist.rules)
 * 1:18161 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.street08.com (blacklist.rules)
 * 1:18162 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.weilingcy.com (blacklist.rules)
 * 1:18163 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.yisaa.com (blacklist.rules)
 * 1:18164 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.yx240.com (blacklist.rules)
 * 1:18165 <-> DISABLED <-> BLACKLIST DNS request for known malware domain e.mssm.com (blacklist.rules)
 * 1:18167 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules)
 * 1:18168 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules)
 * 1:18184 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnf.gametime.co.kr (blacklist.rules)
 * 1:18185 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.dd0415.net (blacklist.rules)
 * 1:18196 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules)
 * 1:18197 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules)
 * 1:18198 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules)
 * 1:18199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules)
 * 1:18200 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules)
 * 1:18204 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (os-windows.rules)
 * 1:18205 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (os-windows.rules)
 * 1:18206 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (os-windows.rules)
 * 1:18207 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (os-windows.rules)
 * 1:18212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher tyo.oty field heap overflow attempt (file-office.rules)
 * 1:18216 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6 #default#anim attempt (browser-ie.rules)
 * 1:18217 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer select element memory corruption attempt (browser-ie.rules)
 * 1:18218 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer time element memory corruption attempt (browser-ie.rules)
 * 1:18219 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver remote code execution attempt (file-other.rules)
 * 1:18221 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table remote code execution attempt (browser-ie.rules)
 * 1:18233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Adobe Font Driver code execution attempt (file-office.rules)
 * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:18235 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules)
 * 1:18237 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Flashpix graphics filter fpx32.flt remote code execution attempt (file-image.rules)
 * 1:18238 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint document conversion remote code excution attempt (server-webapp.rules)
 * 1:18239 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious JavaScript decryption routine (indicator-obfuscation.rules)
 * 1:18240 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules)
 * 1:18241 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules)
 * 1:18242 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules)
 * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:18265 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules)
 * 1:18269 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnf.6bom.com (blacklist.rules)
 * 1:18270 <-> DISABLED <-> BLACKLIST DNS request for known malware domain koonol.com (blacklist.rules)
 * 1:18272 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.886.com (blacklist.rules)
 * 1:18277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (os-windows.rules)
 * 1:18278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (os-windows.rules)
 * 1:18280 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer oversize recordset object cache size exploit attempt (browser-ie.rules)
 * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules)
 * 1:18297 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules)
 * 1:18308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules)
 * 1:18309 <-> DISABLED <-> OS-WINDOWS Microsoft Vector Markup Language fill method overflow attempt (os-windows.rules)
 * 1:18310 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules)
 * 1:18329 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules)
 * 1:18331 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules)
 * 1:18335 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MHTML XSS attempt (os-windows.rules)
 * 1:18398 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules)
 * 1:18399 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules)
 * 1:18401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Base64 encoded script overflow attempt (browser-ie.rules)
 * 1:18402 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD Adobe font driver remote code execution attempt (file-other.rules)
 * 1:18403 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Data Source Object memory corruption attempt (browser-ie.rules)
 * 1:18404 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer document.insertBefore memory corruption attempt (browser-ie.rules)
 * 1:18416 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules)
 * 1:18417 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules)
 * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules)
 * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules)
 * 1:18450 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed BMP RGBQUAD attempt (file-pdf.rules)
 * 1:18451 <-> ENABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules)
 * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:18454 <-> ENABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:18457 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules)
 * 1:18460 <-> ENABLED <-> SERVER-WEBAPP Symantec Alert Management System pin number buffer overflow attempt (server-webapp.rules)
 * 1:18461 <-> DISABLED <-> SERVER-MAIL IBM Lotus Domino nrouter.exe iCalendar MAILTO stack buffer overflow attempt (server-mail.rules)
 * 1:18463 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules)
 * 1:18464 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion locale directory traversal attempt (server-webapp.rules)
 * 1:18465 <-> DISABLED <-> SERVER-WEBAPP FreePBX recording interface file upload code execution attempt (server-webapp.rules)
 * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer History.go method double free corruption attempt (browser-ie.rules)
 * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules)
 * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:18496 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (os-windows.rules)
 * 1:18497 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (os-windows.rules)
 * 1:18498 <-> ENABLED <-> FILE-OTHER Microsoft Media Player dvr-ms file parsing remote code execution attempt (file-other.rules)
 * 1:18499 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules)
 * 1:18500 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules)
 * 1:18506 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules)
 * 1:18507 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules)
 * 1:18510 <-> DISABLED <-> FILE-IMAGE Apple QuickTime FlashPix Movie file integer overflow attempt (file-image.rules)
 * 1:18511 <-> DISABLED <-> SERVER-OTHER Sourcefire Snort packet fragmentation reassembly denial of service attempt (server-other.rules)
 * 1:18513 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message Buffer Overflow attempt (server-mysql.rules)
 * 1:18514 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules)
 * 1:18515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules)
 * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules)
 * 1:18519 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules)
 * 1:18524 <-> DISABLED <-> SERVER-OTHER Multiple vendor anti-virus extended ASCII filename scan bypass attempt (server-other.rules)
 * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules)
 * 1:18528 <-> DISABLED <-> SERVER-ORACLE Oracle TimesTen In-Memory Database HTTP request denial of service attempt (server-oracle.rules)
 * 1:18533 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules)
 * 1:18534 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules)
 * 1:18535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (file-office.rules)
 * 1:18536 <-> DISABLED <-> FILE-OFFICE OpenOffice.org Microsoft Office Word file processing integer underflow attempt (file-office.rules)
 * 1:18537 <-> DISABLED <-> FILE-OTHER OpenOffice.org XPM file processing integer overflow attempt (file-other.rules)
 * 1:18538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules)
 * 1:18539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules)
 * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 3 (file-office.rules)
 * 1:18542 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (browser-plugins.rules)
 * 1:18543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:18544 <-> ENABLED <-> FILE-FLASH embedded Shockwave dropper in email attachment (file-flash.rules)
 * 1:18545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file transfer (file-office.rules)
 * 1:18546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file transfer (file-office.rules)
 * 1:18547 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file transfer (file-office.rules)
 * 1:18548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment (file-office.rules)
 * 1:18549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file attachment (file-office.rules)
 * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules)
 * 1:18556 <-> DISABLED <-> SERVER-WEBAPP Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (server-webapp.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18559 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules)
 * 1:18560 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules)
 * 1:18561 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules)
 * 1:18575 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules)
 * 1:18578 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL cdda URI overflow attempt (browser-plugins.rules)
 * 1:18583 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules)
 * 1:18585 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules)
 * 1:18588 <-> DISABLED <-> PROTOCOL-FTP Ipswitch Ws_ftp XCRC overflow attempt (protocol-ftp.rules)
 * 1:18589 <-> DISABLED <-> NETBIOS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (netbios.rules)
 * 1:18590 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules)
 * 1:18592 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules)
 * 1:18593 <-> DISABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules)
 * 1:18594 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules)
 * 1:18595 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules)
 * 1:18596 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules)
 * 1:18597 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules)
 * 1:18599 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules)
 * 1:18601 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Common Controls Animation Object ActiveX clsid access (browser-plugins.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18615 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules)
 * 1:18632 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules)
 * 1:18638 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules)
 * 1:18643 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules)
 * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules)
 * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules)
 * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules)
 * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules)
 * 1:18655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt  (os-windows.rules)
 * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules)
 * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules)
 * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules)
 * 1:1866 <-> DISABLED <-> PROTOCOL-POP USER overflow attempt (protocol-pop.rules)
 * 1:18668 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Messenger ActiveX clsid access (browser-plugins.rules)
 * 1:18670 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules)
 * 1:18671 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules)
 * 1:18675 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:18679 <-> ENABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:18680 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18681 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript object detected (file-pdf.rules)
 * 1:18682 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules)
 * 1:18710 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (server-other.rules)
 * 1:18713 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules)
 * 1:18714 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules)
 * 1:18740 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules)
 * 1:18753 <-> DISABLED <-> SERVER-OTHER Zend Server Java Bridge remote code execution attempt (server-other.rules)
 * 1:18754 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules)
 * 1:18755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio Data Type Memory Corruption (file-office.rules)
 * 1:18756 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows 7/Server 2008R2 (indicator-compromise.rules)
 * 1:18757 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows Vista (indicator-compromise.rules)
 * 1:18759 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules)
 * 1:18760 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules)
 * 1:18764 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules)
 * 1:18766 <-> DISABLED <-> SERVER-OTHER OpenSSL CMS structure OriginatorInfo memory corruption attempt (server-other.rules)
 * 1:18767 <-> DISABLED <-> PROTOCOL-TFTP Multiple TFTP product buffer overflow attempt (protocol-tftp.rules)
 * 1:18768 <-> ENABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18770 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit range object remote code execution attempt (browser-webkit.rules)
 * 1:18776 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director pamm chunk memory corruption attempt (file-other.rules)
 * 1:18777 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules)
 * 1:18790 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe overflow attempt (server-other.rules)
 * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules)
 * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules)
 * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules)
 * 1:18794 <-> DISABLED <-> SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX authentication bypass attempt (server-webapp.rules)
 * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules)
 * 1:18796 <-> DISABLED <-> SERVER-WEBAPP Novell iManager ClassName handling overflow attempt (server-webapp.rules)
 * 1:18797 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration property_box.php other variable command execution attempt (server-webapp.rules)
 * 1:18798 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules)
 * 1:18799 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules)
 * 1:18801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules)
 * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules)
 * 1:18803 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Runtime CMM readMabCurveData buffer overflow attempt (server-webapp.rules)
 * 1:18804 <-> DISABLED <-> SERVER-WEBAPP OpenLDAP Modrdn utf-8 string code execution attempt (server-webapp.rules)
 * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules)
 * 1:18807 <-> DISABLED <-> SERVER-OTHER OpenLDAP Modrdn RDN NULL string denial of service attempt (server-other.rules)
 * 1:18808 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server List Mailer Reply-To address buffer overflow attempt (server-mail.rules)
 * 1:18809 <-> DISABLED <-> BROWSER-FIREFOX Mozilla EnsureCachedAttrParamArrays integer overflow attempt (browser-firefox.rules)
 * 1:1882 <-> DISABLED <-> INDICATOR-COMPROMISE id check returned userid (indicator-compromise.rules)
 * 1:18901 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC Ticket validation double free memory corruption attempt (server-other.rules)
 * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules)
 * 1:18903 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Rendering Counter Code Execution (browser-webkit.rules)
 * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules)
 * 1:18928 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules)
 * 1:18929 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration objectname variable command injection attempt (server-oracle.rules)
 * 1:18930 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules)
 * 1:18935 <-> DISABLED <-> SERVER-OTHER ISC DHCP server zero length client ID denial of service attempt (server-other.rules)
 * 1:18948 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules)
 * 1:18951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules)
 * 1:18952 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules)
 * 1:18953 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules)
 * 1:18954 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18959 <-> DISABLED <-> SERVER-WEBAPP VMware SpringSource Spring Framework class.classloader remote code execution attempt (server-webapp.rules)
 * 1:18960 <-> ENABLED <-> SERVER-WEBAPP Novell GroupWise agents HTTP request remote code execution attempt (server-webapp.rules)
 * 1:18961 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules)
 * 1:18972 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration selector variable command injection attempt (server-oracle.rules)
 * 1:18973 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules)
 * 1:18974 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call attempt (browser-plugins.rules)
 * 1:18975 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call access (browser-plugins.rules)
 * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:18986 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18987 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18988 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18989 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18990 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18991 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18995 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit removeAllRanges use-after-free attempt (browser-webkit.rules)
 * 1:18996 <-> DISABLED <-> SERVER-ORACLE DBMS_JAVA.SET_OUTPUT_TO_JAVA privilege escalation attempt (server-oracle.rules)
 * 1:18997 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules)
 * 1:18998 <-> ENABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules)
 * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules)
 * 1:19000 <-> DISABLED <-> SERVER-MYSQL Database CASE NULL argument denial of service attempt (server-mysql.rules)
 * 1:19001 <-> DISABLED <-> SERVER-MYSQL IN NULL argument denial of service attempt (server-mysql.rules)
 * 1:19002 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer FLV parsing two integer overflow vulnerabilities (file-flash.rules)
 * 1:19003 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules)
 * 1:19004 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules)
 * 1:19005 <-> DISABLED <-> BROWSER-CHROME Apple Safari/Google Chrome Webkit memory corruption attempt (browser-chrome.rules)
 * 1:19006 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express DtbClsLogin buffer overflow attempt (server-other.rules)
 * 1:19007 <-> DISABLED <-> SERVER-SAMBA Samba SID parsing overflow attempt (server-samba.rules)
 * 1:19008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point conversion memory corruption attempt (browser-webkit.rules)
 * 1:19009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules)
 * 1:19010 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules)
 * 1:19011 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules)
 * 1:19012 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules)
 * 1:19013 <-> ENABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19063 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules)
 * 1:19064 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font index remote code execution attempt (file-other.rules)
 * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules)
 * 1:19071 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules)
 * 1:19073 <-> DISABLED <-> SERVER-OTHER Squid Proxy Expect header null pointer denial of service attempt (server-other.rules)
 * 1:19074 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded noop sled attempt (indicator-obfuscation.rules)
 * 1:19078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules)
 * 1:19080 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:19081 <-> DISABLED <-> INDICATOR-OBFUSCATION known suspicious decryption routine (indicator-obfuscation.rules)
 * 1:19082 <-> ENABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules)
 * 1:19083 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:19084 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules)
 * 1:19085 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX clsid access (browser-plugins.rules)
 * 1:19086 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX function call (browser-plugins.rules)
 * 1:19091 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules)
 * 1:19092 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules)
 * 1:19093 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules)
 * 1:19094 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules)
 * 1:19095 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules)
 * 1:19096 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules)
 * 1:19097 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code execution attempt (browser-webkit.rules)
 * 1:19098 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code exeuction attempt (browser-webkit.rules)
 * 1:19099 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari CSS font format corruption attempt (browser-webkit.rules)
 * 1:19100 <-> DISABLED <-> FILE-JAVA Oracle Java Soundbank resource name overflow attempt (file-java.rules)
 * 1:19101 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Server Admin Server denial of service attempt (server-oracle.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules)
 * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules)
 * 1:19107 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer code execution attempt (server-apache.rules)
 * 1:19108 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX clsid access (browser-plugins.rules)
 * 1:19109 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX function call access (browser-plugins.rules)
 * 1:19110 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Quality Manager and Test Lab Manager policy bypass attempt (server-webapp.rules)
 * 1:19111 <-> DISABLED <-> FILE-FLASH Adobe Flash Media Server memory exhaustion (file-flash.rules)
 * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:21159 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:21167 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:21170 <-> ENABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules)
 * 1:21174 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules)
 * 1:2118 <-> DISABLED <-> PROTOCOL-IMAP list overflow attempt (protocol-imap.rules)
 * 1:21190 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules)
 * 1:21191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules)
 * 1:21214 <-> DISABLED <-> SERVER-APACHE Apache server mod_proxy reverse proxy bypass attempt (server-apache.rules)
 * 1:2123 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner (indicator-compromise.rules)
 * 1:21243 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules)
 * 1:21253 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:21258 <-> DISABLED <-> INDICATOR-SHELLCODE Feng-Shui heap grooming using Oleaut32 (indicator-shellcode.rules)
 * 1:21260 <-> DISABLED <-> SERVER-APACHE Apache Byte-Range Filter denial of service attempt (server-apache.rules)
 * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules)
 * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules)
 * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules)
 * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules)
 * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules)
 * 1:21292 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules)
 * 1:21299 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight privilege escalation attempt (browser-plugins.rules)
 * 1:21300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules)
 * 1:21301 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules)
 * 1:21302 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_OLEChunk code execution attempt (file-office.rules)
 * 1:21305 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules)
 * 1:21307 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules)
 * 1:21308 <-> ENABLED <-> FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (file-other.rules)
 * 1:21316 <-> ENABLED <-> FILE-OTHER Adobe shockwave director tSAC string termination memory corruption attempt (file-other.rules)
 * 1:21336 <-> ENABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules)
 * 1:21338 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules)
 * 1:21339 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom auth field attempt (file-multimedia.rules)
 * 1:21340 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom titl field attempt (file-multimedia.rules)
 * 1:21341 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom 'dscp' field attempt (file-multimedia.rules)
 * 1:21342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom cprt field attempt (file-multimedia.rules)
 * 1:21371 <-> ENABLED <-> FILE-OTHER Adobe Shockwave Director KEY chunk buffer overflow attempt (file-other.rules)
 * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules)
 * 1:21392 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer writing-mode property memory corruption attempt (browser-ie.rules)
 * 1:21405 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules)
 * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules)
 * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules)
 * 1:21415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules)
 * 1:21422 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:21423 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules)
 * 1:21447 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject function call (browser-chrome.rules)
 * 1:21457 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules)
 * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules)
 * 1:21478 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules)
 * 1:21479 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules)
 * 1:21480 <-> DISABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:21498 <-> DISABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules)
 * 1:21504 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules)
 * 1:21505 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules)
 * 1:21506 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules)
 * 1:21507 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules)
 * 1:21508 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules)
 * 1:21516 <-> DISABLED <-> SERVER-WEBAPP JBoss JMX console access attempt (server-webapp.rules)
 * 1:21522 <-> DISABLED <-> SERVER-APACHE Apache Struts parameters interceptor remote code execution attempt (server-apache.rules)
 * 1:21568 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP RST denial of service attempt (os-windows.rules)
 * 1:21570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RemoteDesktop new session flood attempt (os-windows.rules)
 * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules)
 * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules)
 * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules)
 * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules)
 * 1:21620 <-> DISABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules)
 * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules)
 * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules)
 * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules)
 * 1:19218 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules)
 * 1:19219 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules)
 * 1:19220 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules)
 * 1:19221 <-> ENABLED <-> OS-WINDOWS SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules)
 * 1:19222 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules)
 * 1:19223 <-> DISABLED <-> SERVER-OTHER SAP Crystal Reports 2008 directory traversal attempt (server-other.rules)
 * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules)
 * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules)
 * 1:19226 <-> ENABLED <-> FILE-OTHER Cisco Webex Player .wrf stack buffer overflow (file-other.rules)
 * 1:19227 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Scenario heap memory overflow (file-office.rules)
 * 1:19228 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration preauth variable command injection attempt (server-webapp.rules)
 * 1:19237 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules)
 * 1:19241 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules)
 * 1:19242 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules)
 * 1:19243 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules)
 * 1:19245 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules)
 * 1:19246 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS expression defined to empty selection attempt (browser-ie.rules)
 * 1:19258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules)
 * 1:19259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules)
 * 1:19260 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules)
 * 1:19262 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules)
 * 1:19263 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules)
 * 1:19265 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules)
 * 1:19266 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules)
 * 1:19268 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules)
 * 1:19269 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules)
 * 1:19281 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single-byte xor countodwn encoder (indicator-shellcode.rules)
 * 1:19282 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic cpuid-based context keyed encoder (indicator-shellcode.rules)
 * 1:19283 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic stat-based context keyed encoder (indicator-shellcode.rules)
 * 1:19284 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic time-based context keyed encoder (indicator-shellcode.rules)
 * 1:19285 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic non-alpha/non-upper encoder (indicator-shellcode.rules)
 * 1:19286 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode uppercase encoder (indicator-shellcode.rules)
 * 1:19287 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed encoder (indicator-shellcode.rules)
 * 1:19288 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode tolower encoder (indicator-shellcode.rules)
 * 1:19290 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitary dll load attempt (file-other.rules)
 * 1:19294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules)
 * 1:19295 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules)
 * 1:19296 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules)
 * 1:19303 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules)
 * 1:19304 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX clsid access (browser-plugins.rules)
 * 1:19305 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX function call access (browser-plugins.rules)
 * 1:19306 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher pubconv.dll corruption attempt (file-office.rules)
 * 1:19308 <-> DISABLED <-> FILE-OTHER Microsoft Windows embedded OpenType EOT font integer overflow attempt (file-other.rules)
 * 1:19313 <-> ENABLED <-> SERVER-OTHER Symantec Antivirus Intel Service DoS Attempt (server-other.rules)
 * 1:19314 <-> DISABLED <-> OS-WINDOWS Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules)
 * 1:19315 <-> DISABLED <-> OS-WINDOWS Microsoft Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules)
 * 1:19317 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmTDiagLine80 record parsing stack buffer overflow attempt (file-office.rules)
 * 1:19320 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules)
 * 1:19321 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products nsCSSValue Array Index Integer Overflow (browser-firefox.rules)
 * 1:19322 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer and SharePoint toStaticHTML information disclosure attempt (browser-ie.rules)
 * 1:19403 <-> DISABLED <-> FILE-MULTIMEDIA Cinepak Codec VIDC decompression remote code execution attempt (file-multimedia.rules)
 * 1:19405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:19406 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:19407 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:19408 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption exploit attempt (file-flash.rules)
 * 1:1941 <-> DISABLED <-> PROTOCOL-TFTP GET filename overflow attempt (protocol-tftp.rules)
 * 1:19411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Cross-Domain information disclosure attempt (browser-ie.rules)
 * 1:19412 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record parsing memory corruption (file-office.rules)
 * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:19414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:19420 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules)
 * 1:19421 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules)
 * 1:19422 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:19423 <-> DISABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules)
 * 1:19424 <-> DISABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules)
 * 1:19425 <-> DISABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules)
 * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules)
 * 1:19431 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules)
 * 1:19432 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules)
 * 1:19436 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt (browser-ie.rules)
 * 1:19438 <-> ENABLED <-> SQL url ending in comment characters - possible sql injection attempt (sql.rules)
 * 1:19441 <-> DISABLED <-> SERVER-WEBAPP Oracle Virtual Server Agent command injection attempt (server-webapp.rules)
 * 1:19442 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:19444 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media sample duration header RCE attempt (file-multimedia.rules)
 * 1:19445 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Timecode header RCE attempt (file-multimedia.rules)
 * 1:19446 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media file name header RCE attempt (file-multimedia.rules)
 * 1:19447 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media content type header RCE attempt (file-multimedia.rules)
 * 1:19448 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media pixel aspect ratio header RCE attempt (file-multimedia.rules)
 * 1:19449 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules)
 * 1:19450 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules)
 * 1:19451 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules)
 * 1:19452 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules)
 * 1:19458 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules)
 * 1:19459 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules)
 * 1:1952 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount request (protocol-rpc.rules)
 * 1:19552 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules)
 * 1:19600 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_SET_SOLVE_ID SQL Injection attempt (server-oracle.rules)
 * 1:19645 <-> DISABLED <-> SERVER-WEBAPP cross-site scripting attempt via form data attempt (server-webapp.rules)
 * 1:19649 <-> ENABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19650 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX clsid access (browser-plugins.rules)
 * 1:19668 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules)
 * 1:19670 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules)
 * 1:19671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules)
 * 1:19672 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer stylesheet dynamic access memory corruption attempt (browser-ie.rules)
 * 1:19675 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLString data length exploit attempt (file-office.rules)
 * 1:19687 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionStoreRegister instruction length invalidation attempt (file-flash.rules)
 * 1:19707 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules)
 * 1:19708 <-> DISABLED <-> SERVER-MAIL Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption (server-mail.rules)
 * 1:19710 <-> DISABLED <-> BROWSER-CHROME Google Chrome float rendering corruption attempt (browser-chrome.rules)
 * 1:19713 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:1972 <-> DISABLED <-> PROTOCOL-FTP PASS overflow attempt (protocol-ftp.rules)
 * 1:1973 <-> DISABLED <-> PROTOCOL-FTP MKD overflow attempt (protocol-ftp.rules)
 * 1:1975 <-> DISABLED <-> PROTOCOL-FTP DELE overflow attempt (protocol-ftp.rules)
 * 1:1976 <-> DISABLED <-> PROTOCOL-FTP RMD overflow attempt (protocol-ftp.rules)
 * 1:19803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos.FH variant outbound connection (malware-cnc.rules)
 * 1:19808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules)
 * 1:19809 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules)
 * 1:19810 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportTemplate SQL injection attempt (server-other.rules)
 * 1:19812 <-> ENABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:19813 <-> ENABLED <-> SERVER-WEBAPP Novell File Reporter Agent XMLK parsing stack bugger overflow attempt (server-webapp.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:19818 <-> DISABLED <-> OS-WINDOWS Microsoft XML core services cross-domain information disclosure attempt (os-windows.rules)
 * 1:19825 <-> DISABLED <-> SERVER-APACHE Apache Killer denial of service tool exploit attempt (server-apache.rules)
 * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules)
 * 1:19867 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules)
 * 1:19871 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML buffer overflow attempt (browser-ie.rules)
 * 1:19872 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC remote code execution attempt (browser-ie.rules)
 * 1:19873 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules)
 * 1:19884 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules)
 * 1:19885 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer daxctle.ocx spline method buffer overflow attempt (browser-ie.rules)
 * 1:19887 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:19888 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:19889 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded data object found (indicator-obfuscation.rules)
 * 1:19890 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP CA Arcserve Backup directory traversal attempt (netbios.rules)
 * 1:19893 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Tabular Control ActiveX overflow by CLSID / param tag (browser-plugins.rules)
 * 1:19894 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (file-office.rules)
 * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:19909 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX clsid access (browser-plugins.rules)
 * 1:19910 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:19911 <-> ENABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules)
 * 1:19926 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules)
 * 1:1993 <-> DISABLED <-> PROTOCOL-IMAP login literal buffer overflow attempt (protocol-imap.rules)
 * 1:19932 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 pointer dereference attempt (file-office.rules)
 * 1:19937 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules)
 * 1:19938 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules)
 * 1:19943 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules)
 * 1:19956 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules)
 * 1:19972 <-> DISABLED <-> OS-WINDOWS SMB client TRANS response paramcount overflow attempt (os-windows.rules)
 * 1:20029 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules)
 * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules)
 * 1:20031 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules)
 * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules)
 * 1:20034 <-> DISABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules)
 * 1:20061 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23,40, and 41 overflow attempt (netbios.rules)
 * 1:20062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel File Importing Code Execution (file-office.rules)
 * 1:20072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:20073 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:20124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules)
 * 1:20127 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Conditional Formatting record vulnerability (file-office.rules)
 * 1:20128 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules)
 * 1:20131 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20134 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector buffer overflow attempt (server-webapp.rules)
 * 1:20137 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible generic javascript heap spray attempt (indicator-obfuscation.rules)
 * 1:20139 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules)
 * 1:20140 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules)
 * 1:20141 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules)
 * 1:20154 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules)
 * 1:20155 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules)
 * 1:20158 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish Server default credentials login attempt (server-webapp.rules)
 * 1:20175 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX clsid access (browser-plugins.rules)
 * 1:20188 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_config_method request/response attempt (indicator-shellcode.rules)
 * 1:20191 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_net_method request/response attempt (indicator-shellcode.rules)
 * 1:20210 <-> ENABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules)
 * 1:20214 <-> ENABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules)
 * 1:20215 <-> ENABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules)
 * 1:20216 <-> DISABLED <-> PROTOCOL-SCADA Beckhoff TwinCAT DoS (protocol-scada.rules)
 * 1:20223 <-> DISABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules)
 * 1:20246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:20247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:20255 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight inheritance restriction bypass (browser-plugins.rules)
 * 1:20259 <-> ENABLED <-> FILE-OTHER Microsoft Agent Helper Malicious JAR download attempt (file-other.rules)
 * 1:20261 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows win32k.sys kernel mode null pointer dereference attempt (file-executable.rules)
 * 1:20262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:20263 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlfile null attribute access attempt (browser-ie.rules)
 * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:20265 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer null attribute DoS attempt (browser-ie.rules)
 * 1:20266 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Javascript negative option index attack attempt (browser-ie.rules)
 * 1:20267 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer circular reference exploit attempt (browser-ie.rules)
 * 1:20268 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules)
 * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules)
 * 1:20276 <-> DISABLED <-> INDICATOR-OBFUSCATION standard ASCII encoded with UTF-8 possible evasion detected (indicator-obfuscation.rules)
 * 1:20282 <-> DISABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules)
 * 1:20283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC ModPlug ReadS3M overflow attempt (file-multimedia.rules)
 * 1:20284 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC ModPlug ReadS3M overflow attempt (file-multimedia.rules)
 * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules)
 * 1:20288 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer QCP parsing buffer overflow attempt (file-multimedia.rules)
 * 1:20294 <-> DISABLED <-> FILE-IMAGE Adobe Reader and Acrobat Libtiff TIFFFetchShortPair stack buffer overflow attempt (file-image.rules)
 * 1:20295 <-> DISABLED <-> FILE-IMAGE Public LibTiff Exploit (file-image.rules)
 * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules)
 * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules)
 * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules)
 * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules)
 * 1:2045 <-> DISABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt UDP (protocol-rpc.rules)
 * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:20460 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:20472 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:20478 <-> DISABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:20481 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:20514 <-> DISABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules)
 * 1:20521 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:20522 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:20528 <-> DISABLED <-> SERVER-APACHE Apache mod_proxy reverse proxy information disclosure attempt (server-apache.rules)
 * 1:20530 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector directory traversal attempt (server-webapp.rules)
 * 1:20531 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector directory traversal attempt (server-webapp.rules)
 * 1:20532 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20554 <-> DISABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules)
 * 1:20577 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules)
 * 1:20579 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules)
 * 1:20591 <-> DISABLED <-> BROWSER-PLUGINS Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX clsid access (browser-plugins.rules)
 * 1:20592 <-> DISABLED <-> BROWSER-PLUGINS Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX function call access (browser-plugins.rules)
 * 1:20593 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:20600 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:20607 <-> ENABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules)
 * 1:20622 <-> ENABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules)
 * 1:20628 <-> ENABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules)
 * 1:20634 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:20635 <-> ENABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules)
 * 1:20636 <-> ENABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules)
 * 1:20637 <-> ENABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules)
 * 1:20659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20700 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules)
 * 1:20701 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules)
 * 1:20702 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules)
 * 1:20703 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules)
 * 1:20704 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer defaulttime behavior attack attempt (browser-plugins.rules)
 * 1:20708 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules)
 * 1:20709 <-> ENABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access (browser-plugins.rules)
 * 1:20720 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules)
 * 1:20722 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules)
 * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules)
 * 1:20724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules)
 * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules)
 * 1:20734 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player digital video recording buffer overflow attempt (file-multimedia.rules)
 * 1:20749 <-> DISABLED <-> SERVER-OTHER EMC Retrospect client crafted packet buffer overflow attempt (server-other.rules)
 * 1:20764 <-> DISABLED <-> SERVER-WEBAPP SyBase MBusiness xml closing tag overflow attempt (server-webapp.rules)
 * 1:20766 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules)
 * 1:20767 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20778 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20779 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules)
 * 1:20783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules)
 * 1:20784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules)
 * 1:20785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20786 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules)
 * 1:20787 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules)
 * 1:20788 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules)
 * 1:20789 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules)
 * 1:20790 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules)
 * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules)
 * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules)
 * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules)
 * 1:20803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:20804 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules)
 * 1:20805 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules)
 * 1:20806 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules)
 * 1:20807 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules)
 * 1:20808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules)
 * 1:20809 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules)
 * 1:20810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules)
 * 1:20811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules)
 * 1:20822 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt malicious string (browser-ie.rules)
 * 1:20824 <-> DISABLED <-> OS-WINDOWS generic web server hashing collision attack (os-windows.rules)
 * 1:20828 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS aspx login ReturnURL arbitrary redirect attempt (server-iis.rules)
 * 1:20829 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules)
 * 1:20834 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX clsid access (browser-plugins.rules)
 * 1:20835 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX function call access (browser-plugins.rules)
 * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules)
 * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules)
 * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules)
 * 1:20842 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20843 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules)
 * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules)
 * 1:20874 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:20884 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules)
 * 1:20900 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:20903 <-> ENABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules)
 * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules)
 * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules)
 * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules)
 * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules)
 * 1:20924 <-> DISABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules)
 * 1:20928 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules)
 * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules)
 * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules)
 * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules)
 * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules)
 * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:20960 <-> DISABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules)
 * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules)
 * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules)
 * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules)
 * 1:20964 <-> DISABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules)
 * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules)
 * 1:20968 <-> DISABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules)
 * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules)
 * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules)
 * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules)
 * 1:20972 <-> DISABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules)
 * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules)
 * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules)
 * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules)
 * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules)
 * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules)
 * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules)
 * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules)
 * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules)
 * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules)
 * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:20992 <-> DISABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:20993 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow (server-other.rules)
 * 1:20994 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow (server-other.rules)
 * 1:20999 <-> ENABLED <-> BROWSER-WEBKIT Microsoft Windows 7 x64 Apple Safari abnormally long iframe exploit attempt (browser-webkit.rules)
 * 1:21002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules)
 * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules)
 * 1:21037 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules)
 * 1:21038 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules)
 * 1:21039 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules)
 * 1:21050 <-> ENABLED <-> SERVER-OTHER HP Diagnostics Server magentservice.exe stack overflow attempt (server-other.rules)
 * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:21060 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Administrator console site injection attempt (server-webapp.rules)
 * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21063 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules)
 * 1:21064 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules)
 * 1:21072 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (server-apache.rules)
 * 1:21073 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules)
 * 1:21074 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules)
 * 1:21076 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules)
 * 1:21077 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call (browser-plugins.rules)
 * 1:21086 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption (browser-ie.rules)
 * 1:21101 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules)
 * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules)
 * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules)
 * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules)
 * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:21116 <-> ENABLED <-> FILE-OTHER Cisco Webex selector and size2 subrecords corruption attempt (file-other.rules)
 * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules)
 * 1:23838 <-> ENABLED <-> OS-WINDOWS SMB NetServerEnum response host format string exploit attempt (os-windows.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:23842 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules)
 * 1:23844 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules)
 * 1:23853 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23854 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:23855 <-> DISABLED <-> FILE-FLASH string heapspray flash file - likely attack (file-flash.rules)
 * 1:23856 <-> DISABLED <-> FILE-FLASH string heapspray flash file - likely attack (file-flash.rules)
 * 1:23857 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - ASCII (indicator-shellcode.rules)
 * 1:23858 <-> DISABLED <-> FILE-OTHER heapspray characters detected - binary (file-other.rules)
 * 1:23859 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - hexadecimal encoding (indicator-shellcode.rules)
 * 1:23860 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - ASCII (indicator-shellcode.rules)
 * 1:23861 <-> DISABLED <-> FILE-OTHER heapspray characters detected - binary (file-other.rules)
 * 1:23862 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - hexadecimal encoding (indicator-shellcode.rules)
 * 1:23878 <-> DISABLED <-> BROWSER-PLUGINS Oracle JRE Deployment Toolkit ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules)
 * 1:23880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules)
 * 1:23889 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:2389 <-> DISABLED <-> PROTOCOL-FTP RNTO overflow attempt (protocol-ftp.rules)
 * 1:23890 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23897 <-> DISABLED <-> FILE-PDF Sending of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules)
 * 1:23904 <-> DISABLED <-> BLACKLIST DNS request for known malware domain publicnews.mooo.com - Backdoor.Briba (blacklist.rules)
 * 1:2392 <-> DISABLED <-> PROTOCOL-FTP RETR overflow attempt (protocol-ftp.rules)
 * 1:23934 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway blocked.php blind sql injection attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23957 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules)
 * 1:23958 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:23959 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:23960 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:23961 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:23967 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules)
 * 1:23985 <-> ENABLED <-> BROWSER-PLUGINS Apple Quicktime plugin SetLanguage buffer overflow attempt (browser-plugins.rules)
 * 1:23986 <-> ENABLED <-> BROWSER-PLUGINS Apple Quicktime plugin SetLanguage buffer overflow attempt (browser-plugins.rules)
 * 1:23989 <-> ENABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules)
 * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules)
 * 1:23996 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23999 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:24000 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:24001 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:24002 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:24003 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules)
 * 1:24006 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules)
 * 1:24007 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:24026 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24029 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules)
 * 1:24039 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules)
 * 1:24040 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules)
 * 1:24041 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules)
 * 1:24042 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules)
 * 1:24043 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules)
 * 1:24044 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules)
 * 1:24063 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24074 <-> DISABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules)
 * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules)
 * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules)
 * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules)
 * 1:24091 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SOAP interface command injection attempt (server-webapp.rules)
 * 1:24138 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24139 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24140 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules)
 * 1:24142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:2419 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules)
 * 1:24190 <-> DISABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules)
 * 1:24195 <-> DISABLED <-> SERVER-WEBAPP socket_connect buffer overflow attempt (server-webapp.rules)
 * 1:24196 <-> ENABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24199 <-> ENABLED <-> SERVER-MAIL IBM Lotus Notes URI handler command execution attempt (server-mail.rules)
 * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules)
 * 1:24201 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:24202 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules)
 * 1:24207 <-> ENABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules)
 * 1:24208 <-> ENABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules)
 * 1:24210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use-after-free attempt (browser-ie.rules)
 * 1:24212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use-after-free attempt (browser-ie.rules)
 * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24218 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:24219 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:2422 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules)
 * 1:2423 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules)
 * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules)
 * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules)
 * 1:21664 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules)
 * 1:21665 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules)
 * 1:21666 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules)
 * 1:21667 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules)
 * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules)
 * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules)
 * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules)
 * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules)
 * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules)
 * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules)
 * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules)
 * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules)
 * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules)
 * 1:21711 <-> DISABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules)
 * 1:21712 <-> DISABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules)
 * 1:21715 <-> DISABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules)
 * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules)
 * 1:21718 <-> DISABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules)
 * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules)
 * 1:21721 <-> DISABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules)
 * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules)
 * 1:21724 <-> DISABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules)
 * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules)
 * 1:21727 <-> DISABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules)
 * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules)
 * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules)
 * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules)
 * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules)
 * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules)
 * 1:21748 <-> DISABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules)
 * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules)
 * 1:21751 <-> DISABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:21752 <-> ENABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules)
 * 1:21753 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules)
 * 1:21776 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange MODPROPS denial of service attempt (server-mail.rules)
 * 1:21792 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (file-executable.rules)
 * 1:21793 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules)
 * 1:21795 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:21796 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:21797 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21798 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21799 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21800 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21801 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules)
 * 1:21807 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules)
 * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules)
 * 1:21810 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:21811 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules)
 * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules)
 * 1:21814 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules)
 * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules)
 * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules)
 * 1:21869 <-> ENABLED <-> FILE-OTHER Java JRE sandbox breach attempt (file-other.rules)
 * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules)
 * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules)
 * 1:21878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:21879 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules)
 * 1:21880 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules)
 * 1:21884 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules)
 * 1:21885 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules)
 * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules)
 * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules)
 * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules)
 * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules)
 * 1:21896 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21897 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21898 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21899 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21900 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21901 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21902 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21904 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21905 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21906 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21908 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules)
 * 1:21909 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules)
 * 1:21913 <-> DISABLED <-> SERVER-OTHER EMC data protection advisor DOS attempt (server-other.rules)
 * 1:21914 <-> ENABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules)
 * 1:21915 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21918 <-> ENABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX clsid access attempt (browser-plugins.rules)
 * 1:21919 <-> ENABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:21922 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules)
 * 1:21927 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:21935 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules)
 * 1:21937 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21944 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Web Reports xss attempt (server-other.rules)
 * 1:21948 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules)
 * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules)
 * 1:22009 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules)
 * 1:22038 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules)
 * 1:22042 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (file-executable.rules)
 * 1:22052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style record overflow attempt (file-office.rules)
 * 1:22066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word ScriptBridge OCX controller attempt (file-office.rules)
 * 1:22069 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22070 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22075 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio IndexDirectorySize greater than ChildrenSize memory access attempt (file-office.rules)
 * 1:22076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:22077 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules)
 * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:22091 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules)
 * 1:22092 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtY memory corruption attempt (file-office.rules)
 * 1:22093 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt (file-office.rules)
 * 1:22094 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt (file-office.rules)
 * 1:22104 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22105 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22106 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22107 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22108 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22109 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP client negative Content-Length attempt (server-webapp.rules)
 * 1:22915 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22916 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules)
 * 1:22938 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:22942 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:22943 <-> DISABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules)
 * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules)
 * 1:22946 <-> DISABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:22947 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules)
 * 1:22950 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt big endian (server-webapp.rules)
 * 1:22952 <-> ENABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules)
 * 1:22954 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules)
 * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules)
 * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules)
 * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules)
 * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules)
 * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules)
 * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules)
 * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules)
 * 1:22999 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules)
 * 1:23009 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules)
 * 1:23011 <-> DISABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules)
 * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules)
 * 1:23014 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules)
 * 1:23015 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari runin handling use after free attempt (browser-chrome.rules)
 * 1:23041 <-> DISABLED <-> FILE-PDF EmbeddedFile contained within a PDF (file-pdf.rules)
 * 1:23046 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules)
 * 1:23047 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules)
 * 1:23056 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules)
 * 1:23059 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules)
 * 1:23060 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules)
 * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules)
 * 1:23097 <-> DISABLED <-> SERVER-OTHER IBM solidDB SELECT statement denial of service attempt (server-other.rules)
 * 1:23098 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules)
 * 1:23099 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceHex denial of service attempt (server-other.rules)
 * 1:23100 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:23101 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:23111 <-> ENABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
 * 1:23112 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher denial of service attempt (server-other.rules)
 * 1:23116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:23117 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 DOM element use after free attempt (browser-ie.rules)
 * 1:23118 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer console object use after free attempt (browser-ie.rules)
 * 1:23121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt (browser-ie.rules)
 * 1:23123 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules)
 * 1:23124 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules)
 * 1:23125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules)
 * 1:23136 <-> DISABLED <-> BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt (browser-ie.rules)
 * 1:23137 <-> DISABLED <-> BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt (browser-ie.rules)
 * 1:23151 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel zero-width worksheet code execution attempt (file-office.rules)
 * 1:23152 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules)
 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23170 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules)
 * 1:23175 <-> ENABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules)
 * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules)
 * 1:23186 <-> DISABLED <-> BROWSER-PLUGINS Dell CrazyTalk.DLL ActiveX clsid access (browser-plugins.rules)
 * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules)
 * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules)
 * 1:23208 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules)
 * 1:23209 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules)
 * 1:23210 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules)
 * 1:23212 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:23213 <-> DISABLED <-> SQL Ruby on rails SQL injection attempt (sql.rules)
 * 1:23227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules)
 * 1:23229 <-> DISABLED <-> BROWSER-PLUGINS Oracle Webcenter ActiveX function call access (browser-plugins.rules)
 * 1:23237 <-> DISABLED <-> OS-WINDOWS SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:23238 <-> DISABLED <-> NETBIOS Wireshark console.lua file load exploit attempt (netbios.rules)
 * 1:23241 <-> ENABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23243 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules)
 * 1:23253 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care XMLSimpleAccessor ActiveX function call access attempt (browser-plugins.rules)
 * 1:23256 <-> DISABLED <-> FILE-EXECUTABLE Armadillo v1.71 packer file magic detected (file-executable.rules)
 * 1:23258 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules)
 * 1:23263 <-> DISABLED <-> FILE-PDF Adobe flash player newfunction memory corruption attempt (file-pdf.rules)
 * 1:23264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules)
 * 1:23265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules)
 * 1:23269 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:23271 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules)
 * 1:23273 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:23274 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:23275 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:23276 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:23277 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:23278 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nested list memory corruption attempt (browser-ie.rules)
 * 1:23280 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer corrupted HROW instance write access violation attempt (browser-ie.rules)
 * 1:23284 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX function call attempt (browser-plugins.rules)
 * 1:23285 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:23286 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23305 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:23314 <-> DISABLED <-> OS-WINDOWS SMB invalid character argument injection attempt (os-windows.rules)
 * 1:23346 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules)
 * 1:23347 <-> DISABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules)
 * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules)
 * 1:23352 <-> ENABLED <-> BROWSER-PLUGINS Cisco Linksys PlayerPT ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23354 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules)
 * 1:23355 <-> ENABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:23368 <-> DISABLED <-> PROTOCOL-DNS Tftpd32 DNS server denial of service attempt (protocol-dns.rules)
 * 1:23370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules)
 * 1:2338 <-> DISABLED <-> PROTOCOL-FTP LIST buffer overflow attempt (protocol-ftp.rules)
 * 1:23384 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules)
 * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules)
 * 1:23392 <-> DISABLED <-> SERVER-OTHER IBM SolidDB redundant where clause DoS attempt (server-other.rules)
 * 1:23393 <-> DISABLED <-> SQL IBM SolidDB initial banner (sql.rules)
 * 1:23395 <-> ENABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23398 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules)
 * 1:23400 <-> ENABLED <-> FILE-OTHER Apple Quicktime JPEG2000 length integer underflow attempt (file-other.rules)
 * 1:23401 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish server REST interface cross site request forgery attempt (server-webapp.rules)
 * 1:23414 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23444 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet License Server buffer overflow attempt (server-other.rules)
 * 1:23461 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Transform attribute overflow attempt (file-other.rules)
 * 1:23462 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules)
 * 1:23463 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML sampleData attribute overflow attempt (file-other.rules)
 * 1:23464 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:23465 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules)
 * 1:23504 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules)
 * 1:23577 <-> ENABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules)
 * 1:23580 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules)
 * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23609 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules)
 * 1:23614 <-> ENABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules)
 * 1:23626 <-> DISABLED <-> SERVER-IIS cmd.exe access (server-iis.rules)
 * 1:23632 <-> ENABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules)
 * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules)
 * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules)
 * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules)
 * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules)
 * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules)
 * 1:23648 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules)
 * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules)
 * 1:23659 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:23664 <-> DISABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules)
 * 1:23666 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules)
 * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules)
 * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules)
 * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules)
 * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules)
 * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules)
 * 1:23691 <-> DISABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules)
 * 1:23695 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules)
 * 1:23696 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules)
 * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules)
 * 1:23698 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules)
 * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules)
 * 1:23703 <-> DISABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules)
 * 1:23707 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules)
 * 1:23709 <-> DISABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules)
 * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules)
 * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules)
 * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules)
 * 1:23714 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules)
 * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules)
 * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules)
 * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules)
 * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules)
 * 1:23728 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules)
 * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules)
 * 1:23732 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules)
 * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules)
 * 1:23736 <-> DISABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules)
 * 1:23737 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules)
 * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules)
 * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules)
 * 1:23749 <-> DISABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules)
 * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules)
 * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules)
 * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules)
 * 1:23757 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules)
 * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules)
 * 1:23760 <-> DISABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules)
 * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules)
 * 1:23762 <-> DISABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules)
 * 1:23763 <-> DISABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules)
 * 1:23764 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules)
 * 1:23765 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules)
 * 1:23774 <-> DISABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules)
 * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules)
 * 1:23783 <-> ENABLED <-> SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt (server-webapp.rules)
 * 1:23789 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Multiple Products table frames memory corruption attempt (browser-firefox.rules)
 * 1:23805 <-> ENABLED <-> BROWSER-WEBKIT WebKit button column memory corruption attempt (browser-webkit.rules)
 * 1:23806 <-> DISABLED <-> FILE-OTHER Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt (file-other.rules)
 * 1:23807 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23810 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23813 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23816 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23819 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules)
 * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules)
 * 1:23822 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23823 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules)
 * 1:23834 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules)
 * 1:23835 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules)
 * 1:23836 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules)
 * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules)
 * 1:27028 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules)
 * 1:27029 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules)
 * 1:27030 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules)
 * 1:27036 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager modifyAccounts policy bypass attempt (server-other.rules)
 * 1:27075 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager ldapagnt_eval remote code execution attempt (server-other.rules)
 * 1:27076 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules)
 * 1:27077 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules)
 * 1:27104 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules)
 * 1:27105 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules)
 * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:27122 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 buffer overflow attempt (server-other.rules)
 * 1:27123 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules)
 * 1:27124 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1092 buffer overflow attempt (server-other.rules)
 * 1:27125 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules)
 * 1:27150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27151 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27152 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27153 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27170 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 buffer overflow attempt (server-other.rules)
 * 1:27171 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27172 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules)
 * 1:27188 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules)
 * 1:27189 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules)
 * 1:27190 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules)
 * 1:27191 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules)
 * 1:27211 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules)
 * 1:27217 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 260 buffer overflow attempt (server-other.rules)
 * 1:27232 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules)
 * 1:27233 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules)
 * 1:27245 <-> ENABLED <-> SERVER-APACHE Apache Struts2 remote code execution attempt (server-apache.rules)
 * 1:27261 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 215 buffer overflow attempt (server-other.rules)
 * 1:27262 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 263 buffer overflow attempt (server-other.rules)
 * 1:27264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt (server-other.rules)
 * 1:27539 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 234 buffer overflow attempt (server-other.rules)
 * 1:27568 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules)
 * 1:27571 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 235 buffer overflow attempt (server-other.rules)
 * 1:27582 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27583 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27615 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:27616 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:27617 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 264 buffer overflow attempt (server-other.rules)
 * 1:27621 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27672 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27674 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27676 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27691 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:27750 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:27769 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 207 buffer overflow attempt (server-other.rules)
 * 1:27770 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 210 buffer overflow attempt (server-other.rules)
 * 1:27771 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 236 buffer overflow attempt (server-other.rules)
 * 1:27772 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 243 buffer overflow attempt (server-other.rules)
 * 1:27773 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 265 buffer overflow attempt (server-other.rules)
 * 1:27781 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX clsid access (browser-plugins.rules)
 * 1:27782 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX function call access (browser-plugins.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:27816 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit jar file download attempt (exploit-kit.rules)
 * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:27837 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules)
 * 1:27838 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules)
 * 1:27843 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use-after-free attempt (browser-ie.rules)
 * 1:27844 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use-after-free attempt (browser-ie.rules)
 * 1:27862 <-> ENABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules)
 * 1:27869 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27870 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27921 <-> DISABLED <-> SERVER-ORACLE Oracle Endeca Server createDataStore remote command injection attempt (server-oracle.rules)
 * 1:27937 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateCertificatesServlet directory traversal attempt (server-other.rules)
 * 1:27941 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateDomainControllerServlet directory traversal attempt (server-other.rules)
 * 1:27943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules)
 * 1:27944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules)
 * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules)
 * 1:24239 <-> ENABLED <-> SERVER-WEBAPP Novell GroupWise Internet Agent content-length integer overflow attempt (server-webapp.rules)
 * 1:24244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:24252 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use embedded within javascript tags (browser-ie.rules)
 * 1:24263 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules)
 * 1:24267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules)
 * 1:24268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules)
 * 1:24269 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules)
 * 1:24281 <-> ENABLED <-> BROWSER-PLUGINS Cisco Secure Desktop CSDWebInstaller ActiveX clsid access (browser-plugins.rules)
 * 1:24284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules)
 * 1:24291 <-> ENABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules)
 * 1:24292 <-> ENABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules)
 * 1:24293 <-> DISABLED <-> SERVER-OTHER EMC NetWorker SunRPC buffer overflow attempt (server-other.rules)
 * 1:24303 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor add attempt (protocol-icmp.rules)
 * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules)
 * 1:24315 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24316 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24317 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24318 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24319 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24320 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24321 <-> DISABLED <-> SERVER-OTHER HP StorageWorks File Migration Agent buffer overflow attempt (server-other.rules)
 * 1:24329 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24335 <-> DISABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in buffer overflow attempt (browser-plugins.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24337 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules)
 * 1:24338 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules)
 * 1:24339 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules)
 * 1:2435 <-> ENABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules)
 * 1:24351 <-> ENABLED <-> FILE-OFFICE Microsoft Works 9 use-after-free attempt (file-office.rules)
 * 1:24352 <-> ENABLED <-> FILE-OFFICE Microsoft Works 9 use-after-free attempt (file-office.rules)
 * 1:24353 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF malformed listid attempt (file-office.rules)
 * 1:24354 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF malformed listid attempt (file-office.rules)
 * 1:24357 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rgfc value overflow attempt (file-office.rules)
 * 1:24358 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rgfc value overflow attempt (file-office.rules)
 * 1:2436 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules)
 * 1:2438 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist file URL overflow attempt (file-multimedia.rules)
 * 1:2439 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist http URL overflow attempt (file-multimedia.rules)
 * 1:2440 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist rtsp URL overflow attempt (file-multimedia.rules)
 * 1:24428 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24435 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Asset Management default admin credentials function call attempt (server-webapp.rules)
 * 1:24436 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Asset Management default admin credentials function call attempt (server-webapp.rules)
 * 1:24446 <-> ENABLED <-> SERVER-OTHER EMC NetWorker SunRPC format string exploit attempt (server-other.rules)
 * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules)
 * 1:24465 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules)
 * 1:24480 <-> ENABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules)
 * 1:24483 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24484 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
 * 1:24485 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules)
 * 1:24486 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules)
 * 1:24487 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:24520 <-> ENABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules)
 * 1:24549 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules)
 * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules)
 * 1:24559 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX clsid access (browser-plugins.rules)
 * 1:24560 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX function call access (browser-plugins.rules)
 * 1:24570 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24571 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24572 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24573 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24574 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24587 <-> ENABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules)
 * 1:24588 <-> ENABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules)
 * 1:24599 <-> DISABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules)
 * 1:24639 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 122 invalid function call attempt (protocol-rpc.rules)
 * 1:24640 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules)
 * 1:24645 <-> ENABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules)
 * 1:24646 <-> ENABLED <-> BROWSER-PLUGINS Tom Sawyer GET exetension ActiveX clsid access (browser-plugins.rules)
 * 1:24675 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:24676 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24677 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix server open PDU denial of service attempt (server-other.rules)
 * 1:24678 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24679 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24680 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24686 <-> DISABLED <-> SERVER-OTHER HP StorageWorks file migration agent buffer overflow attempt (server-other.rules)
 * 1:24687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:24688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:24693 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:24694 <-> ENABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules)
 * 1:24696 <-> ENABLED <-> PROTOCOL-RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (protocol-rpc.rules)
 * 1:24697 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules)
 * 1:24698 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules)
 * 1:24700 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules)
 * 1:24701 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules)
 * 1:24702 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24704 <-> ENABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules)
 * 1:24705 <-> ENABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules)
 * 1:24706 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules)
 * 1:24708 <-> DISABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules)
 * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24711 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules)
 * 1:24712 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules)
 * 1:24713 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules)
 * 1:24714 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules)
 * 1:24715 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules)
 * 1:24716 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules)
 * 1:24717 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules)
 * 1:24718 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules)
 * 1:24719 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules)
 * 1:24720 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP keypad button message denial of service attempt (protocol-voip.rules)
 * 1:24723 <-> ENABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24738 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules)
 * 1:24739 <-> DISABLED <-> SERVER-OTHER Gimp Script-Fu server buffer overflow attempt (server-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24761 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24768 <-> DISABLED <-> SERVER-OTHER RealPlayer Helix rn5auth credential overflow attempt (server-other.rules)
 * 1:24769 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24773 <-> ENABLED <-> BROWSER-PLUGINS IBM Lotus iNotes buffer overflow ActiveX clsid access (browser-plugins.rules)
 * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules)
 * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules)
 * 1:24801 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager Express asset.getmimetype sql injection attempt (server-webapp.rules)
 * 1:24802 <-> ENABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24803 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Real-Time Information Portal directory traversal attempt (protocol-scada.rules)
 * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
 * 1:24818 <-> DISABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24819 <-> DISABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules)
 * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules)
 * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules)
 * 1:24824 <-> DISABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules)
 * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules)
 * 1:24827 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24828 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24829 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24830 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24831 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24832 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24833 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24834 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24835 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24836 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules)
 * 1:24869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules)
 * 1:24870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules)
 * 1:24871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules)
 * 1:24872 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules)
 * 1:24874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24876 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24877 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24898 <-> ENABLED <-> SERVER-OTHER ABB Multiple Product RobNetScanHost.exe buffer overflow attempt (server-other.rules)
 * 1:24901 <-> DISABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules)
 * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules)
 * 1:24911 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules)
 * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules)
 * 1:24957 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24958 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24959 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24960 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24961 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24962 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24963 <-> ENABLED <-> BROWSER-PLUGINS Microsoft DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24964 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:24965 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:24966 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:24967 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:24968 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:24969 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:24970 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:24974 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf invalid listoverridecount value attempt (file-office.rules)
 * 1:24975 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf invalid listoverridecount value attempt (file-office.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules)
 * 1:24994 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:24995 <-> DISABLED <-> SERVER-OTHER Free Software Foundation GnuTLS record application integer overflow attempt (server-other.rules)
 * 1:24998 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:25003 <-> ENABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25005 <-> ENABLED <-> BROWSER-PLUGINS ClearQuest session stack corruption attempt (browser-plugins.rules)
 * 1:25006 <-> ENABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules)
 * 1:25019 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules)
 * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules)
 * 1:25035 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight inheritance restriction bypass (browser-plugins.rules)
 * 1:25036 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit form elements virtual function DoS attempt (browser-webkit.rules)
 * 1:25037 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules)
 * 1:25038 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules)
 * 1:25061 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Software Installer MSI binary file magic detected (file-executable.rules)
 * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25063 <-> DISABLED <-> SERVER-WEBAPP PHP htmlspecialchars htmlentities function buffer overflow attempt (server-webapp.rules)
 * 1:25078 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer sign extension vulnerability exploitation attempt (browser-ie.rules)
 * 1:2508 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (os-windows.rules)
 * 1:25111 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX clsid access attempt (browser-plugins.rules)
 * 1:25112 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:25113 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:25114 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:25115 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX clsid access attempt (browser-plugins.rules)
 * 1:25116 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:25117 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:25118 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:25122 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:25123 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:25225 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules)
 * 1:25226 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules)
 * 1:25250 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules)
 * 1:25252 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules)
 * 1:25253 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules)
 * 1:25287 <-> DISABLED <-> SERVER-OTHER Rails XML parameter parsing vulnerability exploitation attempt (server-other.rules)
 * 1:25288 <-> DISABLED <-> SERVER-OTHER Rails XML parameter parsing vulnerability exploitation attempt (server-other.rules)
 * 1:25293 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules)
 * 1:25297 <-> ENABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules)
 * 1:25299 <-> ENABLED <-> BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (browser-plugins.rules)
 * 1:25300 <-> ENABLED <-> BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (browser-plugins.rules)
 * 1:25303 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF memory corruption attempt (file-other.rules)
 * 1:25304 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF memory corruption attempt (file-other.rules)
 * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules)
 * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules)
 * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules)
 * 1:25309 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules)
 * 1:25310 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules)
 * 1:25312 <-> ENABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules)
 * 1:25314 <-> DISABLED <-> OS-LINUX Linux kernel IGMP queries denial of service attempt (os-linux.rules)
 * 1:25315 <-> DISABLED <-> SERVER-ORACLE Oracle TNS listener service registration (server-oracle.rules)
 * 1:25316 <-> ENABLED <-> BROWSER-PLUGINS InduSoft ISSymbol InternationalSeparator heap overflow attempt (browser-plugins.rules)
 * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules)
 * 1:25318 <-> ENABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules)
 * 1:25319 <-> ENABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules)
 * 1:25320 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules)
 * 1:25321 <-> DISABLED <-> SERVER-ORACLE Oracle Database tablefunc_asown buffer overflow attempt (server-oracle.rules)
 * 1:25329 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules)
 * 1:25330 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules)
 * 1:25331 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules)
 * 1:25332 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file tkrm stack buffer overflow attempt (file-other.rules)
 * 1:25333 <-> DISABLED <-> PROTOCOL-DNS Exim DKIM decoding buffer overflow attempt (protocol-dns.rules)
 * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules)
 * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules)
 * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules)
 * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules)
 * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules)
 * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules)
 * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules)
 * 1:25341 <-> ENABLED <-> FILE-OTHER Cisco WebEx player remote code execution attempt (file-other.rules)
 * 1:25342 <-> DISABLED <-> SERVER-OTHER ISC dhcpd bootp request missing options field DOS attempt (server-other.rules)
 * 1:25343 <-> ENABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules)
 * 1:25344 <-> ENABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules)
 * 1:25345 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Web interface arbitrary command execution attempt (server-webapp.rules)
 * 1:25346 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules)
 * 1:25347 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules)
 * 1:25348 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules)
 * 1:25352 <-> DISABLED <-> SERVER-OTHER HP HP Intelligent Management Center syslog remote code execution attempt (server-other.rules)
 * 1:25353 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules)
 * 1:25354 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules)
 * 1:25355 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules)
 * 1:25356 <-> DISABLED <-> SERVER-OTHER Squid Gopher response processing buffer overflow attempt (server-other.rules)
 * 1:25357 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:25366 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:25367 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:25380 <-> DISABLED <-> SERVER-OTHER EMC AutoStart domain name logging stack buffer overflow attempt (server-other.rules)
 * 1:25472 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:25513 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules)
 * 1:25514 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules)
 * 1:25515 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules)
 * 1:25516 <-> DISABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules)
 * 1:25517 <-> DISABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules)
 * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules)
 * 1:25535 <-> ENABLED <-> PROTOCOL-SERVICES Cisco Prime Lan Management rsh command execution attempt (protocol-services.rules)
 * 1:25542 <-> ENABLED <-> PROTOCOL-RPC EMC NetWorker nsrindexd service buffer overflow attempt (protocol-rpc.rules)
 * 1:25562 <-> DISABLED <-> FILE-JAVA Oracle Java obfuscated jar file download attempt (file-java.rules)
 * 1:25582 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules)
 * 1:25586 <-> DISABLED <-> SERVER-WEBAPP Nagios Core get_history buffer overflow attempt (server-webapp.rules)
 * 1:25634 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoder shellcode (indicator-shellcode.rules)
 * 1:25636 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25639 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25640 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:25644 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25645 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25646 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25647 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25648 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules)
 * 1:25659 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - spam_bot (blacklist.rules)
 * 1:25676 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25677 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25678 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25679 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:25681 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules)
 * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules)
 * 1:2570 <-> DISABLED <-> SERVER-WEBAPP Invalid HTTP Version String (server-webapp.rules)
 * 1:25803 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit jar file dropped (exploit-kit.rules)
 * 1:25810 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules)
 * 1:25811 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules)
 * 1:25817 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bolsilloner.es (blacklist.rules)
 * 1:25818 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules)
 * 1:25819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules)
 * 1:25830 <-> ENABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules)
 * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules)
 * 1:25850 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules)
 * 1:25851 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules)
 * 1:25852 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules)
 * 1:25984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules)
 * 1:25985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules)
 * 1:25986 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules)
 * 1:26021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XML Java used in app.setTimeOut (file-pdf.rules)
 * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules)
 * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules)
 * 1:26076 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules)
 * 1:26077 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript object detected (file-pdf.rules)
 * 1:26078 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules)
 * 1:26103 <-> ENABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra ping request buffer overflow attempt (server-other.rules)
 * 1:26105 <-> ENABLED <-> SERVER-OTHER BigAnt IM Server buffer overflow attempt (server-other.rules)
 * 1:2611 <-> DISABLED <-> SERVER-ORACLE LINK metadata buffer overflow attempt (server-oracle.rules)
 * 1:26110 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:26111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:26112 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:26113 <-> ENABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules)
 * 1:26193 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules)
 * 1:26231 <-> DISABLED <-> FILE-PDF PDF version 1.1 with FlateDecode embedded - seen in exploit kits (file-pdf.rules)
 * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules)
 * 1:26263 <-> DISABLED <-> SERVER-WEBAPP Wordpress wp-banners-lite plugin cross site scripting attempt (server-webapp.rules)
 * 1:26264 <-> ENABLED <-> MALWARE-CNC Dapato banking Trojan variant outbound connection (malware-cnc.rules)
 * 1:26265 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mercury.yori.pl - Kazy Trojan (blacklist.rules)
 * 1:26280 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules)
 * 1:26281 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules)
 * 1:26282 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules)
 * 1:26283 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules)
 * 1:26355 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26356 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26357 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26358 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26359 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26360 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26361 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26362 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26363 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26364 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26365 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules)
 * 1:26374 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules)
 * 1:26392 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules)
 * 1:26414 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server executable file upload attempt (protocol-scada.rules)
 * 1:26415 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules)
 * 1:26416 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules)
 * 1:26417 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules)
 * 1:26418 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules)
 * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules)
 * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules)
 * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules)
 * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules)
 * 1:26479 <-> DISABLED <-> SERVER-OTHER ActFax LPD Server data field buffer overflow attempt (server-other.rules)
 * 1:26488 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules)
 * 1:26491 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules)
 * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules)
 * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules)
 * 1:26495 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26496 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26501 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DDNF request stack buffer overflow attempt (server-other.rules)
 * 1:26502 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules)
 * 1:26503 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules)
 * 1:26504 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules)
 * 1:26513 <-> DISABLED <-> FILE-PDF PDF with large embedded JavaScript - JS string attempt (file-pdf.rules)
 * 1:26547 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin preg_replace remote code execution attempt (server-webapp.rules)
 * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules)
 * 1:26573 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules)
 * 1:26584 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules)
 * 1:26587 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules)
 * 1:26588 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules)
 * 1:26595 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript hex character extraction routine detected (indicator-obfuscation.rules)
 * 1:26596 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript fromCharCode xor decryption routine detected (indicator-obfuscation.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:26664 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules)
 * 1:26704 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules)
 * 1:26761 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules)
 * 1:26786 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:26787 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:26790 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:26791 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:26824 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules)
 * 1:26825 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules)
 * 1:26848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 emulation via meta tag (browser-ie.rules)
 * 1:26854 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (file-image.rules)
 * 1:26855 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (file-image.rules)
 * 1:26860 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (file-image.rules)
 * 1:26879 <-> DISABLED <-> BROWSER-OTHER local loopback address in html (browser-other.rules)
 * 1:26927 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:26973 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules)
 * 1:26976 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules)
 * 1:26977 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules)
 * 1:26979 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules)
 * 1:26980 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix snmp master agent denial of service attempt (server-other.rules)
 * 1:27018 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules)
 * 1:27019 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules)
 * 1:27020 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules)
 * 1:30264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules)
 * 1:30265 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules)
 * 1:30266 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules)
 * 1:30267 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules)
 * 1:30268 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules)
 * 1:30503 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules)
 * 1:30504 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules)
 * 1:30505 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules)
 * 1:30506 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules)
 * 1:30528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:30529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:30533 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules)
 * 1:30534 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules)
 * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules)
 * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules)
 * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules)
 * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules)
 * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP status overflow attempt (protocol-imap.rules)
 * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules)
 * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules)
 * 1:3079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ANI file parsing buffer overflow attempt (browser-ie.rules)
 * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules)
 * 1:31308 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules)
 * 1:31309 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules)
 * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31320 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31321 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31322 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31323 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31324 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31325 <-> ENABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31366 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules)
 * 1:31367 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules)
 * 1:3143 <-> DISABLED <-> OS-WINDOWS SMB Trans2 FIND_FIRST2 command response overflow attempt (os-windows.rules)
 * 1:3144 <-> DISABLED <-> OS-WINDOWS SMB Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules)
 * 1:3145 <-> DISABLED <-> OS-WINDOWS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (os-windows.rules)
 * 1:3146 <-> DISABLED <-> OS-WINDOWS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules)
 * 1:31540 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:31694 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules)
 * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules)
 * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules)
 * 1:31877 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules)
 * 1:31878 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules)
 * 1:31879 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules)
 * 1:31880 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules)
 * 1:31881 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules)
 * 1:31882 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules)
 * 1:31889 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules)
 * 1:31890 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules)
 * 1:31901 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Oracle Java encoded shellcode detected (exploit-kit.rules)
 * 1:32102 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules)
 * 1:32103 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules)
 * 1:32104 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules)
 * 1:32105 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules)
 * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules)
 * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules)
 * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules)
 * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules)
 * 1:32232 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules)
 * 1:32233 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules)
 * 1:32234 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules)
 * 1:32235 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules)
 * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules)
 * 1:32359 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:32364 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules)
 * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules)
 * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules)
 * 1:32762 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt  (browser-ie.rules)
 * 1:32763 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt  (browser-ie.rules)
 * 1:32971 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules)
 * 1:32991 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules)
 * 1:32992 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules)
 * 1:32993 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt (browser-firefox.rules)
 * 1:28135 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules)
 * 1:28136 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules)
 * 1:28207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules)
 * 1:28208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules)
 * 1:28227 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules)
 * 1:28252 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:28256 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules)
 * 1:28257 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ICC remote memory corruption attempt (file-pdf.rules)
 * 1:28258 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules)
 * 1:28259 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules)
 * 1:28260 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ICC remote memory corruption attempt (file-pdf.rules)
 * 1:28261 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules)
 * 1:28262 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules)
 * 1:28266 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules)
 * 1:28267 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules)
 * 1:28268 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules)
 * 1:28269 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules)
 * 1:28270 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules)
 * 1:28271 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlfile null attribute access attempt (browser-ie.rules)
 * 1:28272 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer htmlfile ActiveX object access attempt (browser-plugins.rules)
 * 1:28276 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:28278 <-> ENABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules)
 * 1:28287 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (browser-ie.rules)
 * 1:28303 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:28306 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS expression defined to empty selection attempt (browser-ie.rules)
 * 1:28309 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules)
 * 1:28315 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules)
 * 1:28331 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28332 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28333 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28334 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28335 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28336 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28337 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28338 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28339 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28340 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28341 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28342 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28343 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules)
 * 1:28349 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules)
 * 1:28350 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules)
 * 1:28351 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules)
 * 1:28352 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules)
 * 1:28353 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules)
 * 1:28354 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules)
 * 1:28355 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules)
 * 1:28356 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules)
 * 1:28357 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules)
 * 1:28358 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules)
 * 1:28359 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules)
 * 1:28360 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules)
 * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:28363 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:28364 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:28374 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28375 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28376 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28380 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28381 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Temvice outbound communication attempt (malware-other.rules)
 * 1:28388 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules)
 * 1:28389 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules)
 * 1:28394 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules)
 * 1:28395 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules)
 * 1:28396 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules)
 * 1:28397 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules)
 * 1:28398 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules)
 * 1:28407 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS UploadServlet arbitrary file upload attempt (server-webapp.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:28426 <-> ENABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:28427 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:28435 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules)
 * 1:28436 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules)
 * 1:28437 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access (browser-plugins.rules)
 * 1:28438 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access (browser-plugins.rules)
 * 1:28447 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules)
 * 1:28451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:28452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:28453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:28454 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:28464 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28465 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28466 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28467 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28468 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28469 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28470 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28471 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28472 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28473 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28474 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit outbound plugin detection response - generic detection (exploit-kit.rules)
 * 1:28489 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules)
 * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules)
 * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules)
 * 1:28525 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28526 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules)
 * 1:28579 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:28580 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:28581 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:28582 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:28583 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:28584 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:28585 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader OTF font head table size overflow attempt (file-pdf.rules)
 * 1:28586 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader OTF font head table size overflow attempt (file-pdf.rules)
 * 1:28619 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:28620 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:28621 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:28622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:28625 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules)
 * 1:28626 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta Buffer Overflow (file-pdf.rules)
 * 1:28627 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:28628 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:28629 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules)
 * 1:28630 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules)
 * 1:28631 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules)
 * 1:28632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules)
 * 1:28633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules)
 * 1:28634 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules)
 * 1:28635 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules)
 * 1:28636 <-> DISABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules)
 * 1:28637 <-> DISABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules)
 * 1:28638 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules)
 * 1:28639 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules)
 * 1:28640 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-flash.rules)
 * 1:28641 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-flash.rules)
 * 1:28642 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules)
 * 1:28643 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules)
 * 1:28644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28646 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28647 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28648 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28649 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28651 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28652 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28653 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28654 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28655 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28656 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28657 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:28658 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XML Java used in app.setTimeOut (file-pdf.rules)
 * 1:28659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules)
 * 1:28660 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:28661 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:28662 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules)
 * 1:28663 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules)
 * 1:28664 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules)
 * 1:28665 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules)
 * 1:28666 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules)
 * 1:28667 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules)
 * 1:28668 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules)
 * 1:28669 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules)
 * 1:28670 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules)
 * 1:28671 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules)
 * 1:28672 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules)
 * 1:28673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules)
 * 1:28674 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules)
 * 1:28675 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules)
 * 1:28676 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules)
 * 1:28679 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules)
 * 1:28680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules)
 * 1:28681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules)
 * 1:28682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules)
 * 1:28683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules)
 * 1:28684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules)
 * 1:28685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules)
 * 1:28687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:28688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:28689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:28690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:28691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:28692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:28693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:28694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:28695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:28696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:28697 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:28698 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
 * 1:28699 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:28700 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:28701 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:28702 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:28703 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28704 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28705 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:28706 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:28707 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:28708 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules)
 * 1:28709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules)
 * 1:28710 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28711 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28712 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28713 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28714 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28715 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compact font format memory corruption attempt (file-pdf.rules)
 * 1:28717 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compact font format memory corruption attempt (file-pdf.rules)
 * 1:28718 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules)
 * 1:28719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules)
 * 1:28720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules)
 * 1:28721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules)
 * 1:28722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules)
 * 1:28723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules)
 * 1:28725 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules)
 * 1:28726 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules)
 * 1:28727 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules)
 * 1:28728 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28729 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28730 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28731 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28732 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28733 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28734 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28735 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28736 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28737 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28738 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28739 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28740 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28741 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28742 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28743 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules)
 * 1:28744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:28745 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules)
 * 1:28746 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SXPG_CALL_SYSTEM remote code execution attempt (server-webapp.rules)
 * 1:28747 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:28748 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules)
 * 1:28749 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28750 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28751 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28752 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28753 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28754 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28755 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28756 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28757 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28758 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28759 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28760 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28761 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28762 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28763 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28764 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28765 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28766 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28767 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28768 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28769 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28770 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28771 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28772 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28773 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28774 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28775 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28776 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28777 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28778 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28779 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28780 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28781 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28782 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28783 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28784 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28785 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28786 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28787 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28788 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28789 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules)
 * 1:28790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D stream memory corruption attempt (file-pdf.rules)
 * 1:28843 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:28845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:28851 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager EJBInvokerServlet remote code execution attempt (server-other.rules)
 * 1:28875 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules)
 * 1:28876 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules)
 * 1:28877 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules)
 * 1:28878 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules)
 * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules)
 * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
 * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
 * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
 * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules)
 * 1:28915 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules)
 * 1:28916 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules)
 * 1:28937 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope issuesiebelcmd soap request code execution attempt (server-webapp.rules)
 * 1:28961 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules)
 * 1:28962 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules)
 * 1:29017 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules)
 * 1:29018 <-> DISABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL injection attempt (server-webapp.rules)
 * 1:29019 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules)
 * 1:29027 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules)
 * 1:29034 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules)
 * 1:29035 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules)
 * 1:29040 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules)
 * 1:29041 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules)
 * 1:29042 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules)
 * 1:29059 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX clsid access (browser-plugins.rules)
 * 1:29060 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX function call access (browser-plugins.rules)
 * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules)
 * 1:29141 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules)
 * 1:29142 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules)
 * 1:29192 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules)
 * 1:29193 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules)
 * 1:29270 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29271 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29272 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29273 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules)
 * 1:29277 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules)
 * 1:29278 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules)
 * 1:29279 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules)
 * 1:29280 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules)
 * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules)
 * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules)
 * 1:29390 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules)
 * 1:29391 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules)
 * 1:29392 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules)
 * 1:29394 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit QuickTime plugin content-type http header buffer overflow attempt (browser-webkit.rules)
 * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules)
 * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules)
 * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules)
 * 1:29443 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit outbound connection attempt (exploit-kit.rules)
 * 1:29465 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules)
 * 1:29466 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules)
 * 1:29467 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules)
 * 1:29468 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules)
 * 1:29485 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules)
 * 1:29486 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules)
 * 1:29487 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules)
 * 1:29488 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules)
 * 1:29509 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple character encodings detected (indicator-obfuscation.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:29518 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules)
 * 1:29519 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join (indicator-obfuscation.rules)
 * 1:29549 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure test_li_connection.php command injection (server-webapp.rules)
 * 1:29570 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29571 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29572 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29573 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29574 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29575 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29576 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29577 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules)
 * 1:29615 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger outbound communication (malware-cnc.rules)
 * 1:29616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger inbound communication (malware-cnc.rules)
 * 1:29631 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:29632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:29633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:29634 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:29647 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules)
 * 1:29648 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules)
 * 1:29649 <-> DISABLED <-> SERVER-APACHE Apache Roller allowStaticMethodAccess invocation attempt (server-apache.rules)
 * 1:29650 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:29651 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:29656 <-> ENABLED <-> BLACKLIST DNS request for known malware domain javaupdate.flashserv.net - Adobe 0day C&C (blacklist.rules)
 * 1:29657 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sales.eu5.org - Adobe 0day C&C (blacklist.rules)
 * 1:29658 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thirdbase.bugs3.com - Adobe 0day C&C (blacklist.rules)
 * 1:29659 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.mobilitysvc.com - Adobe 0day C&C (blacklist.rules)
 * 1:29733 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules)
 * 1:29734 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules)
 * 1:29735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free (browser-ie.rules)
 * 1:29736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free (browser-ie.rules)
 * 1:29743 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules)
 * 1:29744 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules)
 * 1:29747 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules)
 * 1:29748 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules)
 * 1:29756 <-> ENABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules)
 * 1:29801 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules)
 * 1:29819 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules)
 * 1:29820 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules)
 * 1:29821 <-> ENABLED <-> INDICATOR-COMPROMISE Windows Internet Explorer EMET check and garbage collection (indicator-compromise.rules)
 * 1:29822 <-> ENABLED <-> INDICATOR-COMPROMISE Windows Internet Explorer EMET check and garbage collection (indicator-compromise.rules)
 * 1:29859 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:29909 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager JMXInvokerServlet remote code execution attempt (server-other.rules)
 * 1:29928 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:29929 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:29930 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:29931 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:29946 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules)
 * 1:29947 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules)
 * 1:29948 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules)
 * 1:29979 <-> ENABLED <-> SERVER-WEBAPP Symantec Endpoint Protection Manager Unauthenticated XML External Entity Injection attempt (server-webapp.rules)
 * 1:30014 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules)
 * 1:30017 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules)
 * 1:30018 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules)
 * 1:30019 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:30020 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:30021 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:30022 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:30023 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:30024 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:30025 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:30026 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:30027 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:30028 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:30029 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:30030 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules)
 * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules)
 * 1:30106 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules)
 * 1:30107 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules)
 * 1:30263 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules)
 * 1:32994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt (browser-firefox.rules)
 * 1:32997 <-> DISABLED <-> SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (server-other.rules)
 * 1:32998 <-> DISABLED <-> SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (server-other.rules)
 * 1:32999 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules)
 * 1:33000 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules)
 * 1:33001 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules)
 * 1:33002 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules)
 * 1:33003 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33004 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33005 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules)
 * 1:33006 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules)
 * 1:33007 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules)
 * 1:33008 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules)
 * 1:33009 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules)
 * 1:33010 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules)
 * 1:33011 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules)
 * 1:33012 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules)
 * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33015 <-> DISABLED <-> PROTOCOL-SCADA ABB MicroSCADA wserver.exe EXECUTE remote code execution attempt (protocol-scada.rules)
 * 1:33018 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules)
 * 1:33019 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules)
 * 1:33020 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules)
 * 1:33021 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules)
 * 1:33022 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid atom length buffer overflow attempt (file-other.rules)
 * 1:33023 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid atom length buffer overflow attempt (file-other.rules)
 * 1:33024 <-> DISABLED <-> SERVER-WEBAPP Cisco Security Agent Management Center code execution attempt (server-webapp.rules)
 * 1:33025 <-> DISABLED <-> SERVER-WEBAPP Cisco Security Agent Management Center code execution attempt (server-webapp.rules)
 * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules)
 * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules)
 * 1:33029 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33030 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33031 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33032 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33033 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33034 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33035 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33036 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33037 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33040 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33085 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules)
 * 1:33086 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules)
 * 1:33087 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules)
 * 1:33088 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules)
 * 1:33089 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules)
 * 1:33090 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules)
 * 1:33093 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules)
 * 1:33094 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules)
 * 1:33095 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules)
 * 1:33096 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules)
 * 1:33097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules)
 * 1:33098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules)
 * 1:33099 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules)
 * 1:335 <-> DISABLED <-> PROTOCOL-FTP .rhosts (protocol-ftp.rules)
 * 1:33539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:33540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:3441 <-> DISABLED <-> PROTOCOL-FTP PORT bounce attempt (protocol-ftp.rules)
 * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules)
 * 1:3461 <-> DISABLED <-> SERVER-MAIL Content-Type overflow attempt (server-mail.rules)
 * 1:3473 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL file overflow attempt (file-multimedia.rules)
 * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules)
 * 1:3520 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR NETWORK overflow attempt (server-other.rules)
 * 1:3522 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG server overflow attempt (server-other.rules)
 * 1:3528 <-> DISABLED <-> SERVER-MYSQL create function access attempt (server-mysql.rules)
 * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules)
 * 1:3534 <-> DISABLED <-> FILE-IMAGE Mozilla GIF single packet heap overflow - NETSCAPE2.0 (file-image.rules)
 * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules)
 * 1:3550 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML http/https scheme hostname overflow attempt (browser-ie.rules)
 * 1:3551 <-> DISABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules)
 * 1:3552 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3627 <-> DISABLED <-> SERVER-MAIL X-LINK2STATE CHUNK command attempt (server-mail.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3658 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 little endian buffer overflow attempt (server-other.rules)
 * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules)
 * 1:3686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Content Advisor memory corruption attempt (browser-ie.rules)
 * 1:3693 <-> DISABLED <-> SERVER-WEBAPP IBM WebSphere j_security_check overflow attempt (server-webapp.rules)
 * 1:3694 <-> DISABLED <-> SERVER-WEBAPP Squid content length cache poisoning attempt (server-webapp.rules)
 * 1:3695 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules)
 * 1:3696 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent DoS attempt (server-other.rules)
 * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules)
 * 1:3814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javaprxy.dll COM access (browser-ie.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:3819 <-> DISABLED <-> FILE-IDENTIFY CHM file download request (file-identify.rules)
 * 1:3820 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules)
 * 1:3823 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer realtext file bad version buffer overflow attempt (file-multimedia.rules)
 * 1:3824 <-> DISABLED <-> SERVER-MAIL AUTH user overflow attempt (server-mail.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:402 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Port Unreachable (protocol-icmp.rules)
 * 1:404 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Protocol Unreachable (protocol-icmp.rules)
 * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules)
 * 1:4127 <-> DISABLED <-> SERVER-OTHER Novell eDirectory Server iMonitor overflow attempt (server-other.rules)
 * 1:4130 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent buffer overflow Attempt (server-other.rules)
 * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules)
 * 1:4135 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules)
 * 1:4142 <-> DISABLED <-> SERVER-ORACLE reports servlet command execution attempt (server-oracle.rules)
 * 1:4143 <-> DISABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules)
 * 1:4144 <-> ENABLED <-> OS-SOLARIS Oracle Solaris lpd control file upload attempt (os-solaris.rules)
 * 1:4148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer  DHTML Editing ActiveX clsid access (browser-plugins.rules)
 * 1:4155 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer htmlfile ActiveX object access attempt (browser-plugins.rules)
 * 1:4170 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access (browser-plugins.rules)
 * 1:4177 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:4196 <-> DISABLED <-> FILE-IDENTIFY CBO CBL CBM file transfer attempt (file-identify.rules)
 * 1:4334 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules)
 * 1:4358 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules)
 * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:4643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file buffer overflow attempt (os-windows.rules)
 * 1:4644 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules)
 * 1:4647 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload overflow attempt (browser-ie.rules)
 * 1:4677 <-> DISABLED <-> SERVER-ORACLE Enterprise Manager Application Server Control GET parameter overflow attempt (server-oracle.rules)
 * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules)
 * 1:489 <-> DISABLED <-> PROTOCOL-FTP no password (protocol-ftp.rules)
 * 1:4899 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ISupportErrorInfo Interface ActiveX object access (browser-plugins.rules)
 * 1:4916 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload document.write obfuscation overflow attempt (browser-ie.rules)
 * 1:4917 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload prompt obfuscation overflow attempt (browser-ie.rules)
 * 1:4918 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt (os-windows.rules)
 * 1:4985 <-> DISABLED <-> SERVER-WEBAPP Twiki rdiff rev command injection attempt (server-webapp.rules)
 * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules)
 * 1:5318 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows wmf file arbitrary code execution attempt (file-multimedia.rules)
 * 1:569 <-> DISABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt TCP (protocol-rpc.rules)
 * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules)
 * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules)
 * 1:5710 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (os-windows.rules)
 * 1:5712 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player invalid data offset bitmap heap overflow attempt (file-image.rules)
 * 1:5894 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - smb (malware-tools.rules)
 * 1:5896 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - tcp port 407 (malware-tools.rules)
 * 1:5897 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - udp port 407 (malware-tools.rules)
 * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules)
 * 1:593 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request TCP (protocol-rpc.rules)
 * 1:598 <-> DISABLED <-> PROTOCOL-RPC portmap listing TCP 111 (protocol-rpc.rules)
 * 1:6009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDS.Dataspace ActiveX object access (browser-plugins.rules)
 * 1:6011 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup vnetd buffer overflow attempt (server-other.rules)
 * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules)
 * 1:6404 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules)
 * 1:6405 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager overflow attempt (server-other.rules)
 * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules)
 * 1:6419 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid uuid size attempt (os-windows.rules)
 * 1:6420 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid uuid size attempt (os-windows.rules)
 * 1:6431 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid second uuid size attempt (os-windows.rules)
 * 1:6432 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid second uuid size attempt (os-windows.rules)
 * 1:6469 <-> DISABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules)
 * 1:6470 <-> DISABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules)
 * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules)
 * 1:648 <-> DISABLED <-> INDICATOR-SHELLCODE x86 NOOP (indicator-shellcode.rules)
 * 1:6504 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus CAB file overflow attempt (file-other.rules)
 * 1:6505 <-> DISABLED <-> FILE-IMAGE Apple QuickTime fpx file SectNumMiniFAT overflow attempt (file-image.rules)
 * 1:6506 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom overflow attempt (file-multimedia.rules)
 * 1:6509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml uri href buffer overflow attempt (browser-ie.rules)
 * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6584 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (os-windows.rules)
 * 1:6689 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (file-image.rules)
 * 1:6692 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (file-image.rules)
 * 1:6695 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (file-image.rules)
 * 1:7002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules)
 * 1:7004 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Internet.HHCtrl.1 ActiveX function call access (browser-plugins.rules)
 * 1:7009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows DirectAnimation.StructuredGraphicsControl ActiveX function call access (browser-plugins.rules)
 * 1:7020 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled function buffer overflow (browser-ie.rules)
 * 1:7021 <-> DISABLED <-> OS-LINUX kernel SCTP chunkless packet denial of service attempt (os-linux.rules)
 * 1:7022 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer invalid url file overflow attempt (os-windows.rules)
 * 1:7025 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules)
 * 1:7026 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDS.Dataspace ActiveX function call access (browser-plugins.rules)
 * 1:7027 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules)
 * 1:7048 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object record overflow attempt (file-office.rules)
 * 1:7197 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MSO.DLL malformed string parsing single byte buffer over attempt (file-office.rules)
 * 1:7202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules)
 * 1:7203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word information string overflow attempt (file-office.rules)
 * 1:7204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object ftCmo overflow attempt (file-office.rules)
 * 1:7205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules)
 * 1:7209 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt (os-windows.rules)
 * 1:7435 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dynamic Casts ActiveX clsid access (browser-plugins.rules)
 * 1:7864 <-> DISABLED <-> BROWSER-PLUGINS McSubMgr ActiveX CLSID access (browser-plugins.rules)
 * 1:7872 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX clsid access (browser-plugins.rules)
 * 1:7876 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 10.0 ActiveX clsid access (browser-plugins.rules)
 * 1:7904 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CDL Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules)
 * 1:7985 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Explorer WebViewFolderIcon.WebViewFolderIcon.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8053 <-> DISABLED <-> BROWSER-PLUGINS DirectAnimation.PathControl ActiveX clsid access (browser-plugins.rules)
 * 1:8055 <-> DISABLED <-> BROWSER-PLUGINS DirectAnimation.PathControl ActiveX function call access (browser-plugins.rules)
 * 1:8056 <-> DISABLED <-> SERVER-OTHER ISC DHCP server 2 client_id length denial of service attempt (server-other.rules)
 * 1:8057 <-> DISABLED <-> SERVER-MYSQL Date_Format denial of service attempt (server-mysql.rules)
 * 1:8058 <-> DISABLED <-> BROWSER-FIREFOX Mozilla javascript navigator object access (browser-firefox.rules)
 * 1:8059 <-> DISABLED <-> SERVER-ORACLE SYS.KUPW-WORKER sql injection attempt (server-oracle.rules)
 * 1:8063 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ADODB.Stream ActiveX function call access (browser-plugins.rules)
 * 1:8068 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access (browser-plugins.rules)
 * 1:8085 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules)
 * 1:8086 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules)
 * 1:8087 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules)
 * 1:8088 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules)
 * 1:8089 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules)
 * 1:8090 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules)
 * 1:8091 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer error message format string vulnerability attempt (file-multimedia.rules)
 * 1:835 <-> DISABLED <-> SERVER-WEBAPP test-cgi access (server-webapp.rules)
 * 1:8369 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8414 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules)
 * 1:8416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language fill method overflow attempt (os-windows.rules)
 * 1:8419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Explorer WebViewFolderIcon.WebViewFolderIcon.1 ActiveX function call (browser-plugins.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules)
 * 1:8443 <-> DISABLED <-> BROWSER-FIREFOX Mozilla regular expression heap corruption attempt (browser-firefox.rules)
 * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules)
 * 1:8448 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel colinfo XF record overflow attempt (file-office.rules)
 * 1:8449 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:8450 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type attempt (os-windows.rules)
 * 1:8451 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:8452 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:8453 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:8454 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type attempt (os-windows.rules)
 * 1:8455 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:8456 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:8457 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:8458 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type attempt (os-windows.rules)
 * 1:8459 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:8460 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:8478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules)
 * 1:8480 <-> DISABLED <-> PROTOCOL-FTP PORT overflow attempt (protocol-ftp.rules)
 * 1:8541 <-> DISABLED <-> SERVER-ORACLE sdo_cs.transform_layer buffer overflow attempt (server-oracle.rules)
 * 1:857 <-> DISABLED <-> SERVER-WEBAPP faxsurvey access (server-webapp.rules)
 * 1:8711 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory HTTP redirection buffer overflow attempt (server-webapp.rules)
 * 1:8723 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 11.0 ActiveX clsid access (browser-plugins.rules)
 * 1:8727 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer XMLHTTP 4.0 ActiveX clsid access (browser-plugins.rules)
 * 1:8738 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX clsid access (browser-plugins.rules)
 * 1:8741 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8743 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX function call access (browser-plugins.rules)
 * 1:8744 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8746 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX function call access (browser-plugins.rules)
 * 1:8747 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8749 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX function call access (browser-plugins.rules)
 * 1:8750 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8752 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX function call access (browser-plugins.rules)
 * 1:8753 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8755 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX function call access (browser-plugins.rules)
 * 1:8756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX clsid access (browser-plugins.rules)
 * 1:8758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX function call access (browser-plugins.rules)
 * 1:8759 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX clsid access (browser-plugins.rules)
 * 1:8761 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX function call access (browser-plugins.rules)
 * 1:8762 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.Sequence ActiveX clsid access (browser-plugins.rules)
 * 1:8764 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.Sequence ActiveX function call access (browser-plugins.rules)
 * 1:8765 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8767 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX function call access (browser-plugins.rules)
 * 1:8768 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8770 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX function call access (browser-plugins.rules)
 * 1:8771 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8773 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX function call access (browser-plugins.rules)
 * 1:8774 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8776 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX function call access (browser-plugins.rules)
 * 1:8777 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8779 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX function call access (browser-plugins.rules)
 * 1:8780 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8782 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX function call access (browser-plugins.rules)
 * 1:8783 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8785 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX function call access (browser-plugins.rules)
 * 1:8786 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8788 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX function call access (browser-plugins.rules)
 * 1:8789 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8791 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX function call access (browser-plugins.rules)
 * 1:8792 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8794 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX function call access (browser-plugins.rules)
 * 1:8795 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8797 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX function call access (browser-plugins.rules)
 * 1:8798 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8800 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX function call access (browser-plugins.rules)
 * 1:8801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8803 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX function call access (browser-plugins.rules)
 * 1:8804 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8806 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX function call access (browser-plugins.rules)
 * 1:8807 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8809 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX function call access (browser-plugins.rules)
 * 1:8810 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8812 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX function call access (browser-plugins.rules)
 * 1:8813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8815 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX function call access (browser-plugins.rules)
 * 1:8816 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8818 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX function call access (browser-plugins.rules)
 * 1:8819 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8821 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX function call access (browser-plugins.rules)
 * 1:8822 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8824 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX function call access (browser-plugins.rules)
 * 1:8825 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8827 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX function call access (browser-plugins.rules)
 * 1:8828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX function call access (browser-plugins.rules)
 * 1:8831 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8833 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX function call access (browser-plugins.rules)
 * 1:8834 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8836 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX function call access (browser-plugins.rules)
 * 1:8837 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8839 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX function call access (browser-plugins.rules)
 * 1:8840 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8842 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX function call access (browser-plugins.rules)
 * 1:8843 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8845 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX function call access (browser-plugins.rules)
 * 1:886 <-> DISABLED <-> SERVER-WEBAPP phf access (server-webapp.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9129 <-> DISABLED <-> BROWSER-PLUGINS WinZip FileView 6.1 ActiveX clsid access (browser-plugins.rules)
 * 1:9325 <-> DISABLED <-> SERVER-OTHER Citrix IMA DOS event data length denial of service attempt (server-other.rules)
 * 1:9430 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie link file URI security bypass attempt (file-multimedia.rules)
 * 1:9431 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express NNTP response overflow attempt (file-office.rules)
 * 1:9434 <-> DISABLED <-> FILE-OTHER Ultravox-Max-Msg header integer overflow attempt (file-other.rules)
 * 1:9626 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access (browser-plugins.rules)
 * 1:9629 <-> DISABLED <-> BROWSER-PLUGINS Citrix.ICAClient ActiveX clsid access (browser-plugins.rules)
 * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules)
 * 1:9633 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt TCP (server-other.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manger dm.ini stack overflow attempt (file-other.rules)
 * 1:9638 <-> DISABLED <-> PROTOCOL-TFTP PUT Microsoft RIS filename overwrite attempt (protocol-tftp.rules)
 * 1:9640 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows ADODB.Connection ActiveX function call access (browser-plugins.rules)
 * 1:971 <-> DISABLED <-> SERVER-IIS ISAPI .printer access (server-iis.rules)
 * 1:974 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS directory traversal attempt (server-iis.rules)
 * 1:9813 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup connect_options buffer overflow attempt (server-other.rules)
 * 1:9814 <-> DISABLED <-> BROWSER-PLUGINS ICQPhone.SipxPhoneManager ActiveX clsid access (browser-plugins.rules)
 * 1:9816 <-> DISABLED <-> BROWSER-PLUGINS ICQPhone.SipxPhoneManager ActiveX function call access (browser-plugins.rules)
 * 1:9823 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime RTSP URI overflow attempt (file-multimedia.rules)
 * 1:9840 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime HREF Track Detected (file-multimedia.rules)
 * 1:9841 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook VEVENT overflow attempt (server-mail.rules)
 * 1:9843 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin JavaScript parameter double free attempt (file-pdf.rules)
 * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules)
 * 1:9849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (os-windows.rules)

2015-05-19 16:12:05 UTC

Snort Subscriber Rules Update

Date: 2015-05-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34483 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34478 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (server-webapp.rules)
 * 1:34486 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34466 <-> ENABLED <-> FILE-EXECUTABLE Adobe Reader AcroBroker registry value out of bounds attempt (file-executable.rules)
 * 1:34481 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34484 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34480 <-> ENABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules)
 * 1:34477 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (indicator-compromise.rules)
 * 1:34470 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection attempt (malware-cnc.rules)
 * 1:34474 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader WillSave action use after free attempt (file-pdf.rules)
 * 1:34468 <-> ENABLED <-> BLACKLIST DNS request for known malware domain legendastar.ru - Win.Backdoor.Nirunte (blacklist.rules)
 * 1:34473 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader WillSave action use after free attempt (file-pdf.rules)
 * 1:34476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection attempt (malware-cnc.rules)
 * 1:34479 <-> ENABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules)
 * 1:34472 <-> DISABLED <-> SERVER-WEBAPP Symantec Critical System Protection SQL injection attempt (server-webapp.rules)
 * 1:34487 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34469 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection attempt (malware-cnc.rules)
 * 1:34485 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34467 <-> ENABLED <-> FILE-EXECUTABLE Adobe Reader AcroBroker registry value out of bounds attempt (file-executable.rules)
 * 1:34471 <-> ENABLED <-> SERVER-WEBAPP Symantec Critical System Protection directory traversal attempt (server-webapp.rules)
 * 1:34488 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)
 * 1:34482 <-> ENABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules)

Modified Rules:


 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:5894 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - smb (malware-tools.rules)
 * 1:5897 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - udp port 407 (malware-tools.rules)
 * 1:33540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:33539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules)
 * 1:5896 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - tcp port 407 (malware-tools.rules)