Talos Rules 2017-01-05
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, file-flash, file-office, file-other, file-pdf, indicator-obfuscation, protocol-dns, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2017-01-05 16:01:46 UTC

Snort Subscriber Rules Update

Date: 2017-01-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41115 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41112 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41113 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41114 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41117 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules)
 * 1:41116 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:39340 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules)
 * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39339 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules)
 * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:41004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules)
 * 1:41005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules)
 * 1:39338 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules)
 * 1:39337 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules)
 * 1:39873 <-> DISABLED <-> FILE-OTHER Microsoft Windows PDF parsing invalid JPEG2000 SIZ marker attempt (file-other.rules)
 * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules)
 * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules)
 * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules)
 * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35847 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca server directory traversal attempt (server-webapp.rules)
 * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join attempt (indicator-obfuscation.rules)
 * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules)
 * 1:36632 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules)
 * 1:36633 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules)
 * 1:36952 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36953 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36993 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:38312 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules)
 * 1:38791 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:36996 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:36994 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:37525 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules)
 * 1:37526 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules)
 * 1:37606 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules)
 * 1:37607 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules)
 * 1:38313 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules)
 * 1:38489 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules)
 * 1:38790 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:39333 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules)
 * 1:38889 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules)
 * 1:39331 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules)
 * 1:36995 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:38789 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:37283 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules)
 * 1:39332 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules)
 * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39336 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules)
 * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39334 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules)
 * 1:39335 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules)
 * 1:38490 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules)
 * 3:40922 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules)
 * 3:40921 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules)

2017-01-05 16:01:46 UTC

Snort Subscriber Rules Update

Date: 2017-01-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41115 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41113 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41112 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41114 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules)
 * 1:41117 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41116 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules)
 * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules)
 * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules)
 * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35847 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca server directory traversal attempt (server-webapp.rules)
 * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join attempt (indicator-obfuscation.rules)
 * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules)
 * 1:36632 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules)
 * 1:36633 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules)
 * 1:36952 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36953 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36993 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:36994 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:36995 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:36996 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:37283 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules)
 * 1:37525 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules)
 * 1:37526 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules)
 * 1:37606 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules)
 * 1:37607 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules)
 * 1:38312 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules)
 * 1:38313 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules)
 * 1:38489 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules)
 * 1:38490 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules)
 * 1:38789 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:38790 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:38791 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:38889 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules)
 * 1:39339 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules)
 * 1:39336 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules)
 * 1:39331 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules)
 * 1:39332 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules)
 * 1:39333 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules)
 * 1:41005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules)
 * 1:41004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules)
 * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39340 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules)
 * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39335 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules)
 * 1:39334 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules)
 * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39337 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules)
 * 1:39338 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules)
 * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39873 <-> DISABLED <-> FILE-OTHER Microsoft Windows PDF parsing invalid JPEG2000 SIZ marker attempt (file-other.rules)
 * 3:40921 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules)
 * 3:40922 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules)

2017-01-05 16:01:46 UTC

Snort Subscriber Rules Update

Date: 2017-01-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules)
 * 1:41117 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41116 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41115 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41114 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41113 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41112 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:41005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules)
 * 1:41004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules)
 * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39873 <-> DISABLED <-> FILE-OTHER Microsoft Windows PDF parsing invalid JPEG2000 SIZ marker attempt (file-other.rules)
 * 1:39340 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules)
 * 1:39339 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules)
 * 1:39338 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules)
 * 1:39337 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules)
 * 1:39336 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules)
 * 1:39335 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules)
 * 1:39334 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules)
 * 1:39333 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules)
 * 1:39332 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules)
 * 1:39331 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules)
 * 1:38889 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules)
 * 1:38791 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:38790 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:38789 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules)
 * 1:38490 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules)
 * 1:38489 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules)
 * 1:38313 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules)
 * 1:38312 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules)
 * 1:37607 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules)
 * 1:37606 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules)
 * 1:37526 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules)
 * 1:37525 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules)
 * 1:37283 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules)
 * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:36996 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:36995 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:36994 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:36993 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:36953 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36952 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36633 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules)
 * 1:36632 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules)
 * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules)
 * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join attempt (indicator-obfuscation.rules)
 * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35847 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca server directory traversal attempt (server-webapp.rules)
 * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules)
 * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules)
 * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Excel malicious cce value following a PtgMemFunc token (file-office.rules)
 * 3:40921 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules)
 * 3:40922 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2016-0212 attack attempt (file-pdf.rules)