Talos Rules 2017-05-30
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-flash, file-image, file-pdf, malware-cnc, os-windows, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-05-30 22:45:06 UTC

Snort Subscriber Rules Update

Date: 2017-05-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:43013 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43012 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43011 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43014 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43010 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43017 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43018 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43006 <-> DISABLED <-> SERVER-WEBAPP MailStore Server cross site scripting attempt (server-webapp.rules)
 * 1:43007 <-> DISABLED <-> SERVER-OTHER HP Operations Orchestration unauthorized serialized object attempt (server-other.rules)
 * 1:43019 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43008 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43020 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43021 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43022 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43023 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43024 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43025 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43026 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43027 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43028 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43029 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43030 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43031 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43032 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43033 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43034 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43035 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43036 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager OPM_BVNAME SQL injection attempt (server-webapp.rules)
 * 1:43037 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager OPM_BVNAME SQL injection attempt (server-webapp.rules)
 * 1:43038 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager Search query SQL injection attempt (server-webapp.rules)
 * 1:43039 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager Search query SQL injection attempt (server-webapp.rules)
 * 1:43040 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager probeName SQL injection attempt (server-webapp.rules)
 * 1:43042 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON strigify double free attempt (browser-ie.rules)
 * 1:43041 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager probeName SQL injection attempt (server-webapp.rules)
 * 1:43043 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON strigify double free attempt (browser-ie.rules)
 * 1:43044 <-> DISABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules)
 * 1:43045 <-> ENABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules)
 * 1:43046 <-> DISABLED <-> BROWSER-PLUGINS ICONICS SCADA WebHMI ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43009 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43015 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43047 <-> DISABLED <-> BROWSER-PLUGINS ICONICS SCADA WebHMI ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43063 <-> ENABLED <-> MALWARE-CNC Trojan KABOB outbound connection attempt (malware-cnc.rules)
 * 1:43062 <-> DISABLED <-> SERVER-WEBAPP Cogent Datahub EvalExpresssion remote code execution attempt (server-webapp.rules)
 * 1:43059 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules)
 * 1:43058 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules)
 * 1:43057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules)
 * 1:43056 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules)
 * 1:43055 <-> DISABLED <-> SERVER-OTHER Veritas Netbackup bprd remote code execution attempt (server-other.rules)
 * 1:43054 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IIS buffer overflow attempt (os-windows.rules)
 * 1:43016 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43053 <-> DISABLED <-> SERVER-SAMBA Samba LDAP modify dnsRecord buffer overflow attempt (server-samba.rules)
 * 1:43052 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:43050 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric ClearSCADA information disclosure attempt (server-webapp.rules)
 * 1:43051 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:43049 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection attempt (malware-cnc.rules)
 * 3:43061 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0352 attack attempt (server-webapp.rules)
 * 3:43005 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0353 attack attempt (server-webapp.rules)
 * 3:43060 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0355 attack attempt (server-other.rules)

Modified Rules:


 * 1:38934 <-> ENABLED <-> SERVER-WEBAPP Oracle Application Testing Suite actionservlet directory traversal attempt (server-webapp.rules)
 * 1:29518 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:2570 <-> DISABLED <-> SERVER-WEBAPP Invalid HTTP Version String (server-webapp.rules)
 * 1:34796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 1:34794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 1:39588 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules)
 * 1:39589 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules)
 * 1:39812 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules)
 * 1:41810 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file upload attempt (server-other.rules)
 * 1:39813 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules)
 * 1:41811 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file delete attempt (server-other.rules)
 * 1:41812 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file move attempt (server-other.rules)
 * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42878 <-> DISABLED <-> SERVER-WEBAPP Apache TomEE java deserialization attempt (server-webapp.rules)
 * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)

2017-05-30 22:45:06 UTC

Snort Subscriber Rules Update

Date: 2017-05-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43063 <-> ENABLED <-> MALWARE-CNC Trojan KABOB outbound connection attempt (malware-cnc.rules)
 * 1:43062 <-> DISABLED <-> SERVER-WEBAPP Cogent Datahub EvalExpresssion remote code execution attempt (server-webapp.rules)
 * 1:43059 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules)
 * 1:43058 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules)
 * 1:43057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules)
 * 1:43056 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules)
 * 1:43055 <-> DISABLED <-> SERVER-OTHER Veritas Netbackup bprd remote code execution attempt (server-other.rules)
 * 1:43054 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IIS buffer overflow attempt (os-windows.rules)
 * 1:43053 <-> DISABLED <-> SERVER-SAMBA Samba LDAP modify dnsRecord buffer overflow attempt (server-samba.rules)
 * 1:43052 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:43051 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:43050 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric ClearSCADA information disclosure attempt (server-webapp.rules)
 * 1:43049 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection attempt (malware-cnc.rules)
 * 1:43048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:43047 <-> DISABLED <-> BROWSER-PLUGINS ICONICS SCADA WebHMI ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43046 <-> DISABLED <-> BROWSER-PLUGINS ICONICS SCADA WebHMI ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43045 <-> ENABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules)
 * 1:43044 <-> DISABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules)
 * 1:43043 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON strigify double free attempt (browser-ie.rules)
 * 1:43042 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON strigify double free attempt (browser-ie.rules)
 * 1:43041 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager probeName SQL injection attempt (server-webapp.rules)
 * 1:43040 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager probeName SQL injection attempt (server-webapp.rules)
 * 1:43039 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager Search query SQL injection attempt (server-webapp.rules)
 * 1:43038 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager Search query SQL injection attempt (server-webapp.rules)
 * 1:43037 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager OPM_BVNAME SQL injection attempt (server-webapp.rules)
 * 1:43036 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager OPM_BVNAME SQL injection attempt (server-webapp.rules)
 * 1:43035 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43034 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43033 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43032 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43031 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43030 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43029 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43028 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43027 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43026 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43025 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43024 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43023 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43022 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43021 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43020 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43019 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43018 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43017 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43016 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43015 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43014 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43013 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43012 <-> DISABLED <-> BROWSER-PLUGINS  Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43011 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43010 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43009 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43008 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43007 <-> DISABLED <-> SERVER-OTHER HP Operations Orchestration unauthorized serialized object attempt (server-other.rules)
 * 1:43006 <-> DISABLED <-> SERVER-WEBAPP MailStore Server cross site scripting attempt (server-webapp.rules)
 * 3:43005 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0353 attack attempt (server-webapp.rules)
 * 3:43061 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0352 attack attempt (server-webapp.rules)
 * 3:43060 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0355 attack attempt (server-other.rules)

Modified Rules:


 * 1:29518 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:2570 <-> DISABLED <-> SERVER-WEBAPP Invalid HTTP Version String (server-webapp.rules)
 * 1:34794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 1:38934 <-> ENABLED <-> SERVER-WEBAPP Oracle Application Testing Suite actionservlet directory traversal attempt (server-webapp.rules)
 * 1:39588 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules)
 * 1:39589 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules)
 * 1:39812 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules)
 * 1:39813 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules)
 * 1:41810 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file upload attempt (server-other.rules)
 * 1:41811 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file delete attempt (server-other.rules)
 * 1:41812 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file move attempt (server-other.rules)
 * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42878 <-> DISABLED <-> SERVER-WEBAPP Apache TomEE java deserialization attempt (server-webapp.rules)
 * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)