Talos Rules 2017-03-09
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-webkit, exploit-kit, file-other, os-linux, policy-other, protocol-dns and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2017-03-09 18:51:31 UTC

Snort Subscriber Rules Update

Date: 2017-03-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41888 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41868 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41870 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41871 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41872 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41873 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41874 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41875 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41876 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41861 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41877 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41878 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41879 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41865 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41864 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41855 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules)
 * 1:41896 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules)
 * 1:41856 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41905 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41857 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41860 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41858 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41862 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41859 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41850 <-> DISABLED <-> SERVER-WEBAPP Apache Struts URL validator denial of service attempt (server-webapp.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 1:41880 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41849 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41848 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41846 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41847 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41844 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41881 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41845 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection via CSRF attempt (server-webapp.rules)
 * 1:41842 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41843 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41840 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules)
 * 1:41882 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC heap buffer overflow attempt (server-other.rules)
 * 1:41841 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41839 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules)
 * 1:41883 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41884 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41885 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41867 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41886 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41887 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41854 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules)
 * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41866 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41904 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41863 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41903 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41869 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41895 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules)
 * 1:41908 <-> DISABLED <-> EXPLOIT-KIT Exploit kit Pseudo-Darkleech Gate redirection attempt (exploit-kit.rules)
 * 1:41852 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)

Modified Rules:


 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:41823 <-> DISABLED <-> SERVER-OTHER Nagios Core privilege escalation attempt (server-other.rules)
 * 1:38609 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection attempt (server-webapp.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:40008 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:38288 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:35983 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:34880 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:34882 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34883 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34881 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34878 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34879 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)

2017-03-09 18:51:31 UTC

Snort Subscriber Rules Update

Date: 2017-03-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41903 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41886 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41885 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41884 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41883 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41882 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC heap buffer overflow attempt (server-other.rules)
 * 1:41881 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41880 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41879 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41878 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41877 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41876 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41874 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41875 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41872 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41873 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41870 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41871 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41869 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41866 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41867 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41863 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41862 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41868 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41839 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules)
 * 1:41840 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules)
 * 1:41841 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41842 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41843 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41844 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41845 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection via CSRF attempt (server-webapp.rules)
 * 1:41846 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41847 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41848 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41849 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41850 <-> DISABLED <-> SERVER-WEBAPP Apache Struts URL validator denial of service attempt (server-webapp.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 1:41852 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules)
 * 1:41854 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules)
 * 1:41855 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules)
 * 1:41856 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41857 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41858 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41859 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41860 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41861 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41887 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41888 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41895 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules)
 * 1:41896 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41864 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41865 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41908 <-> DISABLED <-> EXPLOIT-KIT Exploit kit Pseudo-Darkleech Gate redirection attempt (exploit-kit.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41904 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41905 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)

Modified Rules:


 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:41823 <-> DISABLED <-> SERVER-OTHER Nagios Core privilege escalation attempt (server-other.rules)
 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:40008 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:38609 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection attempt (server-webapp.rules)
 * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:38288 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:35983 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:34882 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34883 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34880 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34881 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34878 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34879 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)

2017-03-09 18:51:31 UTC

Snort Subscriber Rules Update

Date: 2017-03-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41908 <-> DISABLED <-> EXPLOIT-KIT Exploit kit Pseudo-Darkleech Gate redirection attempt (exploit-kit.rules)
 * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules)
 * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules)
 * 1:41905 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41904 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41903 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules)
 * 1:41896 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules)
 * 1:41895 <-> DISABLED <-> BROWSER-IE Microsoft Internet explorer frameset null pointer dereference attempt (browser-ie.rules)
 * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules)
 * 1:41888 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41887 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41886 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41885 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41884 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41883 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules)
 * 1:41882 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC heap buffer overflow attempt (server-other.rules)
 * 1:41881 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41880 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41879 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41878 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41877 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41876 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41875 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41874 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41873 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41872 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41871 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41870 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41869 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41868 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41867 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41866 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41865 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41864 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41863 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41862 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41861 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41860 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41859 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41858 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41857 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41856 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules)
 * 1:41855 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules)
 * 1:41854 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules)
 * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules)
 * 1:41852 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules)
 * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules)
 * 1:41850 <-> DISABLED <-> SERVER-WEBAPP Apache Struts URL validator denial of service attempt (server-webapp.rules)
 * 1:41849 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41848 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41847 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41846 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:41845 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection via CSRF attempt (server-webapp.rules)
 * 1:41844 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41843 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41842 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41841 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules)
 * 1:41840 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules)
 * 1:41839 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules)

Modified Rules:


 * 1:34878 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34879 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34880 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules)
 * 1:34881 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34882 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:34883 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules)
 * 1:35983 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:38286 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules)
 * 1:38287 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules)
 * 1:38288 <-> ENABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules)
 * 1:38609 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection attempt (server-webapp.rules)
 * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules)
 * 1:40008 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules)
 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules)
 * 1:41823 <-> DISABLED <-> SERVER-OTHER Nagios Core privilege escalation attempt (server-other.rules)