Talos Rules 2018-01-30
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-flash, file-identify, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-scan, malware-cnc, malware-other, os-mobile, os-other, os-solaris, os-windows, policy-other, protocol-dns, protocol-other, protocol-scada, pua-other, server-other, server-samba and sql rule sets to provide coverage for emerging threats from these technologies.

Change logs

2018-01-30 15:24:40 UTC

Snort Subscriber Rules Update

Date: 2018-01-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45563 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules)
 * 1:45562 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45561 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45560 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45559 <-> DISABLED <-> FILE-OTHER Multiple products XML Import Command buffer overflow attempt (file-other.rules)
 * 1:45558 <-> DISABLED <-> FILE-OTHER Multiple products XML Import Command buffer overflow attempt (file-other.rules)
 * 1:45557 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:45556 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:45555 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS jsproxy readPostData memory corruption attempt (server-webapp.rules)
 * 1:45554 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules)
 * 1:45553 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules)
 * 1:45552 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45551 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (pua-other.rules)
 * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules)
 * 1:45569 <-> DISABLED <-> SERVER-WEBAPP Squid host header cache poisoning attempt (server-webapp.rules)
 * 1:45568 <-> DISABLED <-> SERVER-SAMBA Samba LDAP Server libldb denial of service attempt (server-samba.rules)
 * 1:45567 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45566 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (malware-other.rules)
 * 1:45564 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:30033 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense webConfigurator invalid input attempt (server-webapp.rules)
 * 1:30013 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules)
 * 1:30012 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules)
 * 1:29992 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT120N tmUnblock.cgi TM_Block_URL parameter fprintf stack buffer overflow attempt (server-webapp.rules)
 * 1:29831 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules)
 * 1:31342 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31341 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31340 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31339 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31300 <-> ENABLED <-> SERVER-OTHER Xerox DocuShare SQL injection attempt (server-other.rules)
 * 1:31289 <-> ENABLED <-> SERVER-WEBAPP /etc/passwd file access attempt (server-webapp.rules)
 * 1:31214 <-> ENABLED <-> INDICATOR-COMPROMISE connection to zeus malware sinkhole (indicator-compromise.rules)
 * 1:31161 <-> ENABLED <-> SERVER-OTHER AuraCMS LFI attempt (server-other.rules)
 * 1:31094 <-> ENABLED <-> SERVER-WEBAPP Web Terria remote command execution attempt (server-webapp.rules)
 * 1:31001 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .pdf.exe within .zip file (indicator-compromise.rules)
 * 1:31000 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .jpg.exe within .zip file (indicator-compromise.rules)
 * 1:30999 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .jpeg.exe within .zip file (indicator-compromise.rules)
 * 1:30998 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .gif.exe within .zip file (indicator-compromise.rules)
 * 1:30997 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .doc.exe within .zip file (indicator-compromise.rules)
 * 1:30996 <-> ENABLED <-> SERVER-OTHER CMSimple remote file inclusion attempt (server-other.rules)
 * 1:31499 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31531 <-> ENABLED <-> INDICATOR-COMPROMISE MinerDeploy monitor request attempt (indicator-compromise.rules)
 * 1:31503 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31502 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31501 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31500 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell upload attempt (indicator-compromise.rules)
 * 1:31892 <-> DISABLED <-> SERVER-WEBAPP HybridAuth install.php code injection attempt (server-webapp.rules)
 * 1:31874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Active Directory kerberos encryption type downgrade attempt (os-windows.rules)
 * 1:31830 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31711 <-> DISABLED <-> INDICATOR-COMPROMISE Keylog string over FTP detected (indicator-compromise.rules)
 * 1:32488 <-> DISABLED <-> INDICATOR-COMPROMISE .com- potentially malicious hostname (indicator-compromise.rules)
 * 1:32508 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules)
 * 1:32509 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules)
 * 1:32562 <-> ENABLED <-> FILE-OTHER Oracle Java awt_setPixels out-of-bounds read attempt (file-other.rules)
 * 1:32646 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - _pdf.exe within .zip file (indicator-compromise.rules)
 * 1:33188 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Trojan.Bedep variant outbound connection (indicator-compromise.rules)
 * 1:32888 <-> ENABLED <-> INDICATOR-COMPROMISE Potential Redirect from Compromised WordPress site to Fedex - Spammed Malware Download attempt (indicator-compromise.rules)
 * 1:32775 <-> DISABLED <-> SERVER-OTHER Siemens Simatic S7-300 PLC remote memory dump (server-other.rules)
 * 1:32774 <-> DISABLED <-> SERVER-OTHER Siemens Simatic S7-300 PLC backdoor login attempt (server-other.rules)
 * 1:32761 <-> DISABLED <-> SERVER-WEBAPP dBlog CMS m parameter SQL injection attempt (server-webapp.rules)
 * 1:33277 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:33276 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:33190 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules)
 * 1:33189 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules)
 * 1:33887 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler xen_hotfix object parameter command injection attempt (server-webapp.rules)
 * 1:33278 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34179 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34178 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:33890 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules)
 * 1:33889 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules)
 * 1:33888 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler xen_hotfix object parameter command injection attempt (server-webapp.rules)
 * 1:34616 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34615 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:35279 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:35246 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35245 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35244 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35243 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35222 <-> ENABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - Win.Trojan.Dridex (indicator-compromise.rules)
 * 1:35091 <-> ENABLED <-> OS-MOBILE iOS lockdownd plist object buffer overflow attempt (os-mobile.rules)
 * 1:35090 <-> ENABLED <-> OS-MOBILE iOS lockdownd plist object buffer overflow attempt (os-mobile.rules)
 * 1:35079 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35078 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35077 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35026 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:35025 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:35024 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:34825 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34824 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34648 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34647 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34646 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34618 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34617 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules)
 * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules)
 * 1:35573 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS compose.php SQL injection attempt (server-webapp.rules)
 * 1:35535 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35534 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35533 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35429 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35428 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35427 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35359 <-> DISABLED <-> SERVER-WEBAPP Cacti selected_items SQL injection attempt (server-webapp.rules)
 * 1:35281 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:35280 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt  (server-other.rules)
 * 1:35896 <-> ENABLED <-> SERVER-OTHER GE Proficy CIMPLICITY Marquee Manager stack buffer overflow attempt  (server-other.rules)
 * 1:35893 <-> DISABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 1:35892 <-> DISABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 1:35888 <-> DISABLED <-> PROTOCOL-SCADA SCADA Engine OPC Server arbitrary file upload attempt (protocol-scada.rules)
 * 1:35875 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35874 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35873 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35872 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt  (browser-ie.rules)
 * 1:35866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt  (browser-ie.rules)
 * 1:35865 <-> ENABLED <-> BROWSER-IE Internet Explorer DataSource recordset remote code execution attempt  (browser-ie.rules)
 * 1:35745 <-> ENABLED <-> INDICATOR-COMPROMISE Wild Neutron potential exploit attempt (indicator-compromise.rules)
 * 1:35738 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35737 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35736 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35735 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35706 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35705 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:36053 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA snmp JSON interface command injection attempt (server-webapp.rules)
 * 1:36052 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA JSON interface hidden credentials authentication attempt (server-webapp.rules)
 * 1:36051 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36050 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36049 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36043 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36042 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36041 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36033 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36032 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36031 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:28811 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28806 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware download - single digit .exe file download (indicator-compromise.rules)
 * 1:28557 <-> DISABLED <-> PROTOCOL-DNS Malformed DNS query with HTTP content (protocol-dns.rules)
 * 1:28556 <-> DISABLED <-> PROTOCOL-DNS DNS query amplification attempt (protocol-dns.rules)
 * 1:28422 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:29046 <-> DISABLED <-> SERVER-WEBAPP WhatsUp Gold ExportViewer.asp diretory traversal attempt (server-webapp.rules)
 * 1:28941 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28893 <-> DISABLED <-> BROWSER-OTHER known revoked certificate for Tresor CA (browser-other.rules)
 * 1:29090 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious test for public IP - iframe.ip138.com (indicator-compromise.rules)
 * 1:29157 <-> DISABLED <-> SERVER-WEBAPP NagiosQL hostdependencies.php cross site scripting attempt (server-webapp.rules)
 * 1:29158 <-> DISABLED <-> SERVER-WEBAPP NagiosQL hostdependencies.php cross site scripting attempt (server-webapp.rules)
 * 1:29510 <-> ENABLED <-> INDICATOR-OBFUSCATION Multiple character encodings detected (indicator-obfuscation.rules)
 * 1:29401 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi parameter code execution attempt (server-webapp.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:29190 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in Nuclear exploit kit (indicator-obfuscation.rules)
 * 1:29170 <-> DISABLED <-> SERVER-WEBAPP NetWeaver internet sales module directory traversal attempt (server-webapp.rules)
 * 1:29160 <-> DISABLED <-> SERVER-WEBAPP The Bug Genie openid_identifier cross site scripting attempt (server-webapp.rules)
 * 1:29159 <-> DISABLED <-> SERVER-WEBAPP The Bug Genie openid_identifier cross site scripting attempt (server-webapp.rules)
 * 1:29462 <-> ENABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent The Mole (indicator-scan.rules)
 * 1:29403 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi cross site scripting attempt (server-webapp.rules)
 * 1:29402 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi parameter code execution attempt (server-webapp.rules)
 * 1:29608 <-> DISABLED <-> SERVER-WEBAPP McAfee ePO showRegisteredTypeDetails.do sql injection attempt (server-webapp.rules)
 * 1:29609 <-> DISABLED <-> SERVER-WEBAPP McAfee ePO DisplayMSAPropsDetail.do sql injection attempt (server-webapp.rules)
 * 1:29815 <-> DISABLED <-> SERVER-WEBAPP Kloxo webcommand.php SQL injection attempt (server-webapp.rules)
 * 1:29830 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:29829 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:30959 <-> DISABLED <-> BROWSER-OTHER suspicious srcElement child element removal - possible use after free attempt (browser-other.rules)
 * 1:30958 <-> DISABLED <-> BROWSER-OTHER suspicious srcElement child element removal - possible use after free attempt (browser-other.rules)
 * 1:30928 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver dir content listing attempt (server-other.rules)
 * 1:30908 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules)
 * 1:30905 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules)
 * 1:30880 <-> ENABLED <-> OS-MOBILE Android Andr.Trojan.Waller information disclosure attempt (os-mobile.rules)
 * 1:30769 <-> ENABLED <-> SERVER-OTHER Wordpress linenity theme LFI attempt (server-other.rules)
 * 1:30274 <-> ENABLED <-> SERVER-WEBAPP LifeSize UVC remote code execution attempt (server-webapp.rules)
 * 1:30249 <-> ENABLED <-> SERVER-WEBAPP Embedded php in Exif data upload attempt (server-webapp.rules)
 * 1:30230 <-> ENABLED <-> INDICATOR-COMPROMISE suspicious test for public IP - www.dawhois.com (indicator-compromise.rules)
 * 1:30101 <-> ENABLED <-> FILE-OTHER ftpchk3.php malicious script upload attempt (file-other.rules)
 * 1:30100 <-> ENABLED <-> FILE-OTHER ftpchk3.php malicious script upload attempt (file-other.rules)
 * 1:30066 <-> ENABLED <-> INDICATOR-COMPROMISE ZenCart malicious redirect attempt detected (indicator-compromise.rules)
 * 1:30065 <-> ENABLED <-> INDICATOR-COMPROMISE ZenCart compromise attempt detected (indicator-compromise.rules)
 * 1:30041 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:30040 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:36030 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36024 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:36023 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:36022 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:35920 <-> ENABLED <-> SERVER-OTHER General Electric Proficy memory leakage request attempt  (server-other.rules)
 * 1:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt  (server-other.rules)
 * 1:36101 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules)
 * 1:36102 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules)
 * 1:36104 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA configdb_file.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:36795 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:36794 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:36793 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:36544 <-> DISABLED <-> SERVER-WEBAPP pChart script parameter directory traversal attempt (server-webapp.rules)
 * 1:36380 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev SaveContentServiceImpl servlet directory traversal attempt (server-webapp.rules)
 * 1:36285 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36284 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36283 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36282 <-> ENABLED <-> POLICY-OTHER Cisco router Security Device Manager default banner (policy-other.rules)
 * 1:36270 <-> DISABLED <-> SERVER-WEBAPP Centreon main.php command injection attempt (server-webapp.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:37292 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37290 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37289 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37287 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37286 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37285 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37244 <-> DISABLED <-> INDICATOR-COMPROMISE download of a Office document with embedded PowerShell (indicator-compromise.rules)
 * 1:37243 <-> DISABLED <-> INDICATOR-COMPROMISE download of a Office document with embedded PowerShell (indicator-compromise.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37324 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox dsl_control stack buffer overflow attempt (server-webapp.rules)
 * 1:37443 <-> DISABLED <-> SQL use of sleep function with select - likely SQL injection (sql.rules)
 * 1:37413 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS kill.php command injection attempt (server-webapp.rules)
 * 1:37412 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS kill.php command injection attempt (server-webapp.rules)
 * 1:37411 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS hidden credentials authentication attempt (server-webapp.rules)
 * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (server-other.rules)
 * 1:37537 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37538 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37544 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37543 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37542 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37541 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37540 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37539 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:38383 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules)
 * 1:38269 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_system command injection attempt (server-webapp.rules)
 * 1:37624 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:37623 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:37622 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:38579 <-> DISABLED <-> SERVER-WEBAPP Atvise denial of service attempt (server-webapp.rules)
 * 1:38535 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38534 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38532 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38389 <-> DISABLED <-> SERVER-WEBAPP HID door command injection attempt (server-webapp.rules)
 * 1:38384 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules)
 * 1:38632 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38631 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38630 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38629 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38619 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (indicator-compromise.rules)
 * 1:38633 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38640 <-> ENABLED <-> FILE-OFFICE Microsoft Office document with auto-start VBA macro detected (file-office.rules)
 * 1:38639 <-> ENABLED <-> FILE-OFFICE Microsoft Office document with auto-start VBA macro detected (file-office.rules)
 * 1:38636 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38635 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38634 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38648 <-> DISABLED <-> SERVER-OTHER Trend Micro remote debugging URL handling remote code execution attempt (server-other.rules)
 * 1:38649 <-> DISABLED <-> SERVER-OTHER Trend Micro remote debugging URL handling remote code execution attempt (server-other.rules)
 * 1:38993 <-> ENABLED <-> SQL use of sleep function in HTTP header - likely SQL injection attempt (sql.rules)
 * 1:38796 <-> DISABLED <-> SERVER-OTHER Adroit denial of service attempt (server-other.rules)
 * 1:39469 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39468 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39350 <-> ENABLED <-> SERVER-WEBAPP Wordpress Mobile Detector Plugin remote file upload attempt (server-webapp.rules)
 * 1:39349 <-> ENABLED <-> SERVER-WEBAPP Wordpress Mobile Detector Plugin remote file upload attempt (server-webapp.rules)
 * 1:39330 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39329 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39328 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39268 <-> DISABLED <-> SERVER-WEBAPP Joomla PayPlans Extension com_payplans group_id SQL injection attempt (server-webapp.rules)
 * 1:39198 <-> DISABLED <-> SERVER-WEBAPP D-Link authentication bypass attempt (server-webapp.rules)
 * 1:39192 <-> ENABLED <-> SERVER-WEBAPP D-Link router unauthorised DNS change attempt (server-webapp.rules)
 * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules)
 * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules)
 * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39070 <-> ENABLED <-> SERVER-WEBAPP Dlink local file disclosure attempt (server-webapp.rules)
 * 1:39044 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39043 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39039 <-> DISABLED <-> BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39038 <-> DISABLED <-> BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39869 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters msofbtCLSID stack buffer overflow attempt (file-office.rules)
 * 1:39868 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters msofbtCLSID stack buffer overflow attempt (file-office.rules)
 * 1:39867 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .tk dns query (indicator-compromise.rules)
 * 1:39866 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ml dns query (indicator-compromise.rules)
 * 1:39851 <-> ENABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules)
 * 1:39743 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC method command injection attempt (server-webapp.rules)
 * 1:39742 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS set_dns XMLRPC method command injection attempt (server-webapp.rules)
 * 1:39641 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39640 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39639 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39477 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler port_config SQL injection attempt (server-webapp.rules)
 * 1:39476 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler export_report SQL injection attempt (server-webapp.rules)
 * 1:39475 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler algorithm_settings SQL injection attempt (server-webapp.rules)
 * 1:39474 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler REST API login SQL injection attempt (server-webapp.rules)
 * 1:39471 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39470 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39871 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters wSectorShift heap buffer overflow attempt (file-office.rules)
 * 1:40032 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40031 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40030 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:39973 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39972 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39971 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39970 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39962 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39961 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39960 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39959 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39945 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39944 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39943 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39942 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39935 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39934 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39933 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39932 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39930 <-> ENABLED <-> SERVER-WEBAPP Siemens IP-Camera credential disclosure attempt (server-webapp.rules)
 * 1:39872 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters wSectorShift heap buffer overflow attempt (file-office.rules)
 * 1:40590 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40589 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40524 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync JSON API ad_sync_now command injection attempt (server-webapp.rules)
 * 1:40448 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (server-webapp.rules)
 * 1:40447 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (server-webapp.rules)
 * 1:40446 <-> ENABLED <-> SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (server-webapp.rules)
 * 1:40382 <-> DISABLED <-> SERVER-OTHER Easy File Sharing Server remote code execution attempt (server-other.rules)
 * 1:40283 <-> DISABLED <-> SERVER-WEBAPP Kaltura redirectWidgetCmd PHP object injection attempt (server-webapp.rules)
 * 1:40255 <-> DISABLED <-> SERVER-WEBAPP FreePBX Music Module ajax.php command injection attempt (server-webapp.rules)
 * 1:40150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML IDispatch use after free attempt (browser-ie.rules)
 * 1:40149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML IDispatch use after free attempt (browser-ie.rules)
 * 1:40071 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System latest.php SQL injection attempt (server-webapp.rules)
 * 1:40070 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System latest.php SQL injection attempt (server-webapp.rules)
 * 1:40069 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System jsrpc.php SQL injection attempt (server-webapp.rules)
 * 1:40068 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System jsrpc.php SQL injection attempt (server-webapp.rules)
 * 1:40047 <-> ENABLED <-> SERVER-WEBAPP Belkin F9K1122 webpage buffer overflow attempt (server-webapp.rules)
 * 1:40033 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40786 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules)
 * 1:40785 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules)
 * 1:40784 <-> ENABLED <-> SERVER-WEBAPP ZyXEL TR-064 SetNTPServers command injection attempt (server-webapp.rules)
 * 1:40755 <-> DISABLED <-> FILE-FLASH Adobe Flash EnableDebugger2 obfuscation attempt (file-flash.rules)
 * 1:40592 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS notificationsBatchDetails.php SQL injection attempt (server-webapp.rules)
 * 1:40591 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40905 <-> ENABLED <-> SERVER-WEBAPP Oracle Weblogic default credentials login attempt (server-webapp.rules)
 * 1:40866 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP SET_CONFIG type buffer overflow attempt (protocol-other.rules)
 * 1:40904 <-> ENABLED <-> SERVER-WEBAPP Oracle Weblogic default credentials login attempt (server-webapp.rules)
 * 1:41421 <-> ENABLED <-> SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (server-webapp.rules)
 * 1:41420 <-> ENABLED <-> SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (server-webapp.rules)
 * 1:41402 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router tools_time.asp command injection attempt (server-webapp.rules)
 * 1:41401 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router adv_remotelog.asp command injection attempt (server-webapp.rules)
 * 1:41390 <-> ENABLED <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt (server-webapp.rules)
 * 1:41388 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt (server-webapp.rules)
 * 1:41387 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router logset.asp command injection attempt (server-webapp.rules)
 * 1:41364 <-> DISABLED <-> PROTOCOL-OTHER ARM mbed TLS x509 invalid public key remote code execution attempt (protocol-other.rules)
 * 1:41349 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41348 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41347 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41346 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41117 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41116 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41115 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41114 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41113 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41112 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:40994 <-> DISABLED <-> SERVER-WEBAPP Sony IPELA IP Cameras prima-factory.cgi telnet backdoor access attempt (server-webapp.rules)
 * 1:40933 <-> DISABLED <-> SERVER-WEBAPP Reference Design Kit ajax_network_diagnostic_tools.php command injection attempt (server-webapp.rules)
 * 1:40907 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP Get_config configuration leak attempt (protocol-other.rules)
 * 1:41722 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol backup config command attempt (server-other.rules)
 * 1:41710 <-> DISABLED <-> INDICATOR-COMPROMISE Binary file download request from internationalized domain name using Microsoft BITS (indicator-compromise.rules)
 * 1:41697 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (server-webapp.rules)
 * 1:41696 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera cloudsetup.cgi command execution attempt (server-webapp.rules)
 * 1:41695 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera pwdgrp.cgi command injection attempt (server-webapp.rules)
 * 1:41694 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera pwdgrp.cgi command injection attempt (server-webapp.rules)
 * 1:41693 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera adcommand.cgi command execution attempt (server-webapp.rules)
 * 1:41646 <-> DISABLED <-> PROTOCOL-SCADA BB-Elec ethernet gateway DOS attempt (protocol-scada.rules)
 * 1:41642 <-> DISABLED <-> SERVER-WEBAPP TP-LINK AC750 ping diagnostic command injection attempt (server-webapp.rules)
 * 1:41520 <-> DISABLED <-> SERVER-OTHER Ge Fanuc Proficy WebView DOS attempt (server-other.rules)
 * 1:41515 <-> ENABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41497 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41496 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41495 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41488 <-> DISABLED <-> SERVER-WEBAPP GitHub Enterprise pre-receive-hooks SQL injection attempt (server-webapp.rules)
 * 1:41449 <-> DISABLED <-> SQL use of sleep function with and - likely SQL injection (sql.rules)
 * 1:42426 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42132 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42131 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42119 <-> DISABLED <-> SERVER-WEBAPP pfSense openvpn_wizard PHP code injection attempt (server-webapp.rules)
 * 1:42016 <-> ENABLED <-> PROTOCOL-SCADA Moxa discovery packet information disclosure attempt (protocol-scada.rules)
 * 1:42005 <-> DISABLED <-> SERVER-WEBAPP Logsign JSON API validate_file command injection attempt (server-webapp.rules)
 * 1:41917 <-> ENABLED <-> SERVER-WEBAPP Carel PlantVisorPRO default login attempt (server-webapp.rules)
 * 1:41815 <-> DISABLED <-> SERVER-WEBAPP NetGain Enterprise Manager arbitrary command execution attempt (server-webapp.rules)
 * 1:41814 <-> DISABLED <-> SERVER-WEBAPP NetGain Enterprise Manager arbitrary command execution attempt (server-webapp.rules)
 * 1:41793 <-> ENABLED <-> INDICATOR-SCAN Cisco Smart Install Protocol scan TFTP response (indicator-scan.rules)
 * 1:41782 <-> ENABLED <-> SERVER-WEBAPP carel plantvisorpro3 directory traversal attempt (server-webapp.rules)
 * 1:41781 <-> ENABLED <-> SERVER-WEBAPP carel plantvisorpro3 directory traversal attempt (server-webapp.rules)
 * 1:41770 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN Gallery SQL injection attempt (server-webapp.rules)
 * 1:41752 <-> DISABLED <-> PROTOCOL-SCADA PowerNet Twin Client DOS attempt (protocol-scada.rules)
 * 1:41743 <-> DISABLED <-> PROTOCOL-SCADA TwinCAT PLC DOS attempt (protocol-scada.rules)
 * 1:41735 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41734 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41733 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules)
 * 1:41724 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download image command attempt (server-other.rules)
 * 1:41723 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download config command attempt (server-other.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42411 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG session id check bypass attempt (server-webapp.rules)
 * 1:42410 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdtool backdoor login attempt (server-webapp.rules)
 * 1:42409 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42408 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42407 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42406 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG admin backdoor login attempt (server-webapp.rules)
 * 1:42372 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42340 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt (os-windows.rules)
 * 1:42338 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB large NT RENAME transaction request memory leak attempt (os-windows.rules)
 * 1:42291 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM API get_host_fqdn host_ip command injection attempt (server-webapp.rules)
 * 1:42254 <-> ENABLED <-> OS-SOLARIS Solaris dtappgather local privilege escalation attempt (os-solaris.rules)
 * 1:42253 <-> ENABLED <-> OS-SOLARIS Solaris dtappgather local privilege escalation attempt (os-solaris.rules)
 * 1:42232 <-> ENABLED <-> SERVER-OTHER TopSec Firewall cookie header command injection attempt (server-other.rules)
 * 1:42211 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules)
 * 1:42210 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules)
 * 1:42427 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:43316 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42908 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42907 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42906 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42905 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS file containing embedded PE (file-office.rules)
 * 1:42901 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS file containing embedded PE (file-office.rules)
 * 1:42891 <-> ENABLED <-> FILE-OTHER AfterMidnight post exploitation tool aftermidnight.dll dll-load exploit attempt (file-other.rules)
 * 1:42890 <-> ENABLED <-> FILE-OTHER AfterMidnight post exploitation tool aftermidnight.dll dll-load exploit attempt (file-other.rules)
 * 1:42854 <-> DISABLED <-> SERVER-WEBAPP Serviio Media Server checkStreamUrl command injection attempt (server-webapp.rules)
 * 1:42853 <-> DISABLED <-> SERVER-WEBAPP Serviio Media Server checkStreamUrl command injection attempt (server-webapp.rules)
 * 1:42852 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42851 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42850 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:42840 <-> DISABLED <-> SERVER-WEBAPP Crypttech CryptoLog logshares_ajax.php command injection attempt (server-webapp.rules)
 * 1:42839 <-> DISABLED <-> SERVER-WEBAPP Crypttech CryptoLog login.php SQL injection attempt (server-webapp.rules)
 * 1:27287 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:19440 <-> ENABLED <-> SQL 1 = 0 - possible sql injection attempt (sql.rules)
 * 1:19439 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:18683 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded PDF object (file-office.rules)
 * 1:16431 <-> ENABLED <-> SQL generic sql with comments injection attempt - GET parameter (sql.rules)
 * 1:15877 <-> DISABLED <-> SQL generic sql exec injection attempt - POST parameter (sql.rules)
 * 1:15875 <-> DISABLED <-> SQL generic sql insert injection attempt - POST parameter (sql.rules)
 * 1:15874 <-> DISABLED <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules)
 * 1:15584 <-> DISABLED <-> SQL char and sysobjects - possible sql injection recon attempt (sql.rules)
 * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules)
 * 1:13514 <-> DISABLED <-> SQL generic sql update injection attempt - GET parameter (sql.rules)
 * 1:13512 <-> DISABLED <-> SQL generic sql exec injection attempt - GET parameter (sql.rules)
 * 1:27272 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:27074 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated getElementsByTagName string - seen in exploit kits (indicator-obfuscation.rules)
 * 1:27073 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated getElementsByTagName string - seen in exploit kits (indicator-obfuscation.rules)
 * 1:26929 <-> ENABLED <-> SERVER-WEBAPP SAP ConfigServlet command execution attempt (server-webapp.rules)
 * 1:26925 <-> DISABLED <-> SQL generic convert injection attempt - GET parameter (sql.rules)
 * 1:26829 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules)
 * 1:26441 <-> ENABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules)
 * 1:26352 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated portable executable - seen in exploit kits (indicator-obfuscation.rules)
 * 1:26101 <-> ENABLED <-> INDICATOR-OBFUSCATION String.fromCharCode concatenation (indicator-obfuscation.rules)
 * 1:26092 <-> ENABLED <-> INDICATOR-OBFUSCATION fromCharCode seen in exploit kit landing pages (indicator-obfuscation.rules)
 * 1:25592 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated document command - used in IFRAMEr tool injection (indicator-obfuscation.rules)
 * 1:24647 <-> DISABLED <-> SERVER-WEBAPP D-Link Wireless Router CAPTCHA data processing buffer overflow attempt (server-webapp.rules)
 * 1:23182 <-> ENABLED <-> SERVER-OTHER Joomla com_maqmahelpdesk task parameter local file inclusion attempt (server-other.rules)
 * 1:23018 <-> DISABLED <-> INDICATOR-OBFUSCATION eval of base64-encoded data (indicator-obfuscation.rules)
 * 1:21778 <-> DISABLED <-> SQL parameter ending in comment characters - possible sql injection attempt - POST (sql.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:27288 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:27592 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:27735 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - document - seen in IFRAMEr Tool usage (indicator-obfuscation.rules)
 * 1:27920 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:27736 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28024 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28023 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - document - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28025 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28288 <-> ENABLED <-> SERVER-WEBAPP WebTester install2.php arbitrary command execution attempt (server-webapp.rules)
 * 1:28039 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .pw dns query (indicator-compromise.rules)
 * 1:28284 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .nl.ai dns query (indicator-compromise.rules)
 * 1:28345 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28290 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R iwpriv remote code execution attempt (server-webapp.rules)
 * 1:28289 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R root remote code execution attempt (server-webapp.rules)
 * 1:28346 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28401 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx APK file download attempt (os-mobile.rules)
 * 1:28420 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - createElement - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28409 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker neoclassic skin arbitrary code execution attempt (server-webapp.rules)
 * 1:28408 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker neoclassic skin arbitrary code execution attempt (server-webapp.rules)
 * 1:28403 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx information disclosure attempt (os-mobile.rules)
 * 1:28402 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx APK file download attempt (os-mobile.rules)
 * 1:28421 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28812 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:42768 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (os-windows.rules)
 * 1:42767 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (os-windows.rules)
 * 1:42430 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42429 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42428 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:43315 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43314 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43313 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43312 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43311 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43310 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43309 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43308 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43251 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA LogSettingHandler command injection attempt (server-webapp.rules)
 * 1:43237 <-> ENABLED <-> SERVER-WEBAPP SysAid Enterprise auth bypass and remote file upload attempt  (server-webapp.rules)
 * 1:43180 <-> ENABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules)
 * 1:43179 <-> ENABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules)
 * 1:43178 <-> DISABLED <-> SERVER-WEBAPP VICIdial user_authorization command injection attempt (server-webapp.rules)
 * 1:43045 <-> ENABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules)
 * 1:42920 <-> DISABLED <-> SERVER-WEBAPP LogRhythm Network Monitor JSON configuration API command injection attempt (server-webapp.rules)
 * 1:42909 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:43878 <-> ENABLED <-> FILE-PDF Acrobat Reader PDFDocEncoding object WinAnsiEncoding memory corruption attempt (file-pdf.rules)
 * 1:43876 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF with malformed embedded JPEG memory corruption attempt (file-other.rules)
 * 1:43875 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF with malformed embedded JPEG memory corruption attempt (file-other.rules)
 * 1:43711 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43710 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43709 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43687 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .top dns query (indicator-compromise.rules)
 * 1:43554 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43553 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43552 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43549 <-> DISABLED <-> SERVER-WEBAPP AlienVault Unified Security Manager authentication bypass attempt (server-webapp.rules)
 * 1:43495 <-> DISABLED <-> SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling paypal (server-webapp.rules)
 * 1:43494 <-> DISABLED <-> SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling appleid (server-webapp.rules)
 * 1:43451 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:43323 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43322 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43321 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43320 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43319 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43318 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43317 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:43901 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:43900 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:43898 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43897 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43896 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43895 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43894 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF LZW coding table memory corruption attempt (file-other.rules)
 * 1:43893 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF LZW coding table memory corruption attempt (file-other.rules)
 * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BLTBIT record out of bounds access attempt (file-multimedia.rules)
 * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BLTBIT record out of bounds access attempt (file-multimedia.rules)
 * 1:43887 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules)
 * 1:43886 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules)
 * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:43882 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)
 * 1:43881 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)
 * 1:43984 <-> DISABLED <-> FILE-OTHER Adobe Professional JPEG APP1 memory corruption attempt (file-other.rules)
 * 1:43940 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:43939 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station synotheme_upload.php session forgery attempt (server-webapp.rules)
 * 1:43938 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:43937 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:43936 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:43935 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station PixlrEditorHandler.php directory traversal attempt (server-webapp.rules)
 * 1:43934 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station PixlrEditorHandler.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:43925 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader duplicate U3D header memory corruption attempt (file-pdf.rules)
 * 1:43924 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader duplicate U3D header memory corruption attempt (file-pdf.rules)
 * 1:43917 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF sub-block memory corruption attempt (file-other.rules)
 * 1:43916 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF sub-block memory corruption attempt (file-other.rules)
 * 1:43913 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:43912 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:43911 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43910 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43909 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43908 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43907 <-> ENABLED <-> FILE-PDF Adobe Reader XFA loadXML use after free attempt (file-pdf.rules)
 * 1:43906 <-> ENABLED <-> FILE-PDF Adobe Reader XFA loadXML use after free attempt (file-pdf.rules)
 * 1:43905 <-> ENABLED <-> FILE-PDF Adobe Reader execMenuItem buffer overflow attempt (file-pdf.rules)
 * 1:43904 <-> ENABLED <-> FILE-PDF Adobe Reader execMenuItem buffer overflow attempt (file-pdf.rules)
 * 1:43983 <-> DISABLED <-> FILE-OTHER Adobe Professional JPEG APP1 memory corruption attempt (file-other.rules)
 * 1:43980 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43979 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43978 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43977 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:43968 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules)
 * 1:43967 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules)
 * 1:43964 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file kerning data memory corruption attempt (file-other.rules)
 * 1:43963 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file kerning data memory corruption attempt (file-other.rules)
 * 1:43962 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:43961 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:43949 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine heap memory corruption attempt (file-pdf.rules)
 * 1:43948 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine heap memory corruption attempt (file-pdf.rules)
 * 1:43941 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:43993 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43991 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43992 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43994 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43997 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed TrueType font memory corruption attempt (file-pdf.rules)
 * 1:43998 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed TrueType font memory corruption attempt (file-pdf.rules)
 * 1:43999 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed brush object attempt (file-multimedia.rules)
 * 1:44000 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed brush object attempt (file-multimedia.rules)
 * 1:44005 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44006 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44007 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44008 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44037 <-> ENABLED <-> INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry (indicator-compromise.rules)
 * 1:44053 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:44054 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:44076 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .trade dns query (indicator-compromise.rules)
 * 1:44077 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .win dns query (indicator-compromise.rules)
 * 1:44083 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA field initialization memory corruption attempt (file-pdf.rules)
 * 1:44084 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA field initialization memory corruption attempt (file-pdf.rules)
 * 1:44086 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF line segments memory corruption attempt (file-other.rules)
 * 1:44087 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF line segments memory corruption attempt (file-other.rules)
 * 1:44094 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record memory corruption attempt (file-multimedia.rules)
 * 1:44095 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record memory corruption attempt (file-multimedia.rules)
 * 1:44099 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record out of bounds access attempt (file-multimedia.rules)
 * 1:44100 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record out of bounds access attempt (file-multimedia.rules)
 * 1:44144 <-> ENABLED <-> FILE-PDF Adobe Reader XFA event use after free attempt (file-pdf.rules)
 * 1:44145 <-> ENABLED <-> FILE-PDF Adobe Reader XFA event use after free attempt (file-pdf.rules)
 * 1:44169 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG ICC profile heap overflow attempt (file-pdf.rules)
 * 1:44170 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG ICC profile heap overflow attempt (file-pdf.rules)
 * 1:44232 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:44233 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:45278 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44234 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:44300 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem authentication bypass attempt (server-webapp.rules)
 * 1:44321 <-> DISABLED <-> SERVER-WEBAPP NEC Express Cluster DeleteWorkDirectory.js command injection attempt (server-webapp.rules)
 * 1:44322 <-> DISABLED <-> SERVER-WEBAPP NEC Express Cluster DeleteWorkDirectory.js command injection attempt (server-webapp.rules)
 * 1:44383 <-> DISABLED <-> SERVER-WEBAPP D-Link router firmware update attempt (server-webapp.rules)
 * 1:44384 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44385 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44386 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44387 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44388 <-> ENABLED <-> SERVER-WEBAPP D-Link getcfg.php credential disclosure attempt (server-webapp.rules)
 * 1:44430 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44431 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44432 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44433 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44435 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF authentication token disclosure attempt (server-webapp.rules)
 * 1:44436 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF tail.php command injection attempt (server-webapp.rules)
 * 1:44437 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF tail.php command injection attempt (server-webapp.rules)
 * 1:44453 <-> ENABLED <-> SERVER-WEBAPP D-Link hedwig.cgi NTP service configuration command injection attempt (server-webapp.rules)
 * 1:44454 <-> ENABLED <-> SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt (server-webapp.rules)
 * 1:44465 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:44466 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:44467 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:44471 <-> ENABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (server-webapp.rules)
 * 1:44472 <-> ENABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (server-webapp.rules)
 * 1:44490 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:44491 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:44492 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:44494 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:44495 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:45279 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44496 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:44497 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras information disclosure attempt (server-webapp.rules)
 * 1:44550 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF memory corruption attempt (file-image.rules)
 * 1:44551 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF memory corruption attempt (file-image.rules)
 * 1:44579 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44580 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44582 <-> ENABLED <-> SERVER-WEBAPP Trend Micro widget system authentication bypass attempt (server-webapp.rules)
 * 1:44587 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan server side request forgery attempt (server-webapp.rules)
 * 1:44588 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan server side request forgery attempt (server-webapp.rules)
 * 1:44682 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:44683 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules)
 * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules)
 * 1:44728 <-> DISABLED <-> INDICATOR-COMPROMISE Meterpreter payload download attempt (indicator-compromise.rules)
 * 1:44792 <-> DISABLED <-> SERVER-WEBAPP Node.js V8 Debugging Protocol command injection attempt (server-webapp.rules)
 * 1:44793 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 codestream memory corruption attempt (file-pdf.rules)
 * 1:44794 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 codestream memory corruption attempt (file-pdf.rules)
 * 1:44875 <-> ENABLED <-> INDICATOR-COMPROMISE Malicious VBA script detected (indicator-compromise.rules)
 * 1:45060 <-> DISABLED <-> SERVER-WEBAPP pfSense system_groupmanager.php command injection attempt (server-webapp.rules)
 * 1:45128 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:45129 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:45136 <-> ENABLED <-> INDICATOR-COMPROMISE Metasploit PowerShell CLI Download and Run attempt (indicator-compromise.rules)
 * 1:45137 <-> ENABLED <-> INDICATOR-COMPROMISE Metasploit run hidden powershell attempt (indicator-compromise.rules)
 * 1:45214 <-> DISABLED <-> FILE-OTHER Microsoft Word DDEauto code execution attempt (file-other.rules)
 * 1:45215 <-> DISABLED <-> FILE-OTHER Microsoft Word DDEauto code execution attempt (file-other.rules)
 * 1:45237 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules)
 * 1:45238 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules)
 * 1:45240 <-> DISABLED <-> SERVER-WEBAPP OpenEMR fax_dispatch.php command injection attempt (server-webapp.rules)
 * 1:45250 <-> ENABLED <-> SERVER-WEBAPP Delta IEM DIAEnergie file upload attempt (server-webapp.rules)
 * 1:45254 <-> DISABLED <-> SERVER-OTHER Polycom HDX Series remote code execution attempt (server-other.rules)
 * 1:45261 <-> DISABLED <-> SERVER-WEBAPP Vivotek IP Cameras remote stack buffer overflow attempt (server-webapp.rules)
 * 1:45270 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45271 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45272 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45273 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45274 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45275 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45276 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45277 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45280 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45281 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45282 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45283 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45284 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45285 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45286 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45287 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45288 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45289 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45290 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45291 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45292 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45293 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45294 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45295 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45296 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45297 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45298 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45299 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45300 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45301 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45312 <-> DISABLED <-> SERVER-WEBAPP Vicon Security and Infinova filterIp command injection attempt (server-webapp.rules)
 * 1:45313 <-> DISABLED <-> SERVER-WEBAPP Vicon Security and Infinova filterIp command injection attempt (server-webapp.rules)
 * 1:45370 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules)
 * 1:45371 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules)
 * 1:45407 <-> ENABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi backdoor account access attempt (server-webapp.rules)
 * 1:45408 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45409 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45410 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45549 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency mining pool connection attempt (pua-other.rules)

2018-01-30 15:24:40 UTC

Snort Subscriber Rules Update

Date: 2018-01-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45554 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules)
 * 1:45562 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45568 <-> DISABLED <-> SERVER-SAMBA Samba LDAP Server libldb denial of service attempt (server-samba.rules)
 * 1:45561 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45564 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules)
 * 1:45557 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (pua-other.rules)
 * 1:45555 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS jsproxy readPostData memory corruption attempt (server-webapp.rules)
 * 1:45567 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45558 <-> DISABLED <-> FILE-OTHER Multiple products XML Import Command buffer overflow attempt (file-other.rules)
 * 1:45553 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules)
 * 1:45560 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45559 <-> DISABLED <-> FILE-OTHER Multiple products XML Import Command buffer overflow attempt (file-other.rules)
 * 1:45552 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45569 <-> DISABLED <-> SERVER-WEBAPP Squid host header cache poisoning attempt (server-webapp.rules)
 * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules)
 * 1:45556 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:45566 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (malware-other.rules)
 * 1:45563 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules)
 * 1:45551 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)

Modified Rules:


 * 1:38649 <-> DISABLED <-> SERVER-OTHER Trend Micro remote debugging URL handling remote code execution attempt (server-other.rules)
 * 1:38796 <-> DISABLED <-> SERVER-OTHER Adroit denial of service attempt (server-other.rules)
 * 1:13512 <-> DISABLED <-> SQL generic sql exec injection attempt - GET parameter (sql.rules)
 * 1:13514 <-> DISABLED <-> SQL generic sql update injection attempt - GET parameter (sql.rules)
 * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules)
 * 1:15584 <-> DISABLED <-> SQL char and sysobjects - possible sql injection recon attempt (sql.rules)
 * 1:15874 <-> DISABLED <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules)
 * 1:15875 <-> DISABLED <-> SQL generic sql insert injection attempt - POST parameter (sql.rules)
 * 1:15877 <-> DISABLED <-> SQL generic sql exec injection attempt - POST parameter (sql.rules)
 * 1:16431 <-> ENABLED <-> SQL generic sql with comments injection attempt - GET parameter (sql.rules)
 * 1:18683 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded PDF object (file-office.rules)
 * 1:19439 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:19440 <-> ENABLED <-> SQL 1 = 0 - possible sql injection attempt (sql.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21778 <-> DISABLED <-> SQL parameter ending in comment characters - possible sql injection attempt - POST (sql.rules)
 * 1:23018 <-> DISABLED <-> INDICATOR-OBFUSCATION eval of base64-encoded data (indicator-obfuscation.rules)
 * 1:23182 <-> ENABLED <-> SERVER-OTHER Joomla com_maqmahelpdesk task parameter local file inclusion attempt (server-other.rules)
 * 1:24647 <-> DISABLED <-> SERVER-WEBAPP D-Link Wireless Router CAPTCHA data processing buffer overflow attempt (server-webapp.rules)
 * 1:26092 <-> ENABLED <-> INDICATOR-OBFUSCATION fromCharCode seen in exploit kit landing pages (indicator-obfuscation.rules)
 * 1:26101 <-> ENABLED <-> INDICATOR-OBFUSCATION String.fromCharCode concatenation (indicator-obfuscation.rules)
 * 1:26352 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated portable executable - seen in exploit kits (indicator-obfuscation.rules)
 * 1:26441 <-> ENABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules)
 * 1:26829 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules)
 * 1:26925 <-> DISABLED <-> SQL generic convert injection attempt - GET parameter (sql.rules)
 * 1:26929 <-> ENABLED <-> SERVER-WEBAPP SAP ConfigServlet command execution attempt (server-webapp.rules)
 * 1:27073 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated getElementsByTagName string - seen in exploit kits (indicator-obfuscation.rules)
 * 1:27074 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated getElementsByTagName string - seen in exploit kits (indicator-obfuscation.rules)
 * 1:27272 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:25592 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated document command - used in IFRAMEr tool injection (indicator-obfuscation.rules)
 * 1:28023 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - document - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:27287 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:27288 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:27592 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:27735 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - document - seen in IFRAMEr Tool usage (indicator-obfuscation.rules)
 * 1:27736 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:27920 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28039 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .pw dns query (indicator-compromise.rules)
 * 1:28284 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .nl.ai dns query (indicator-compromise.rules)
 * 1:28288 <-> ENABLED <-> SERVER-WEBAPP WebTester install2.php arbitrary command execution attempt (server-webapp.rules)
 * 1:28289 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R root remote code execution attempt (server-webapp.rules)
 * 1:28290 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R iwpriv remote code execution attempt (server-webapp.rules)
 * 1:28024 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28346 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28401 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx APK file download attempt (os-mobile.rules)
 * 1:28402 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx APK file download attempt (os-mobile.rules)
 * 1:28403 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx information disclosure attempt (os-mobile.rules)
 * 1:28025 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28409 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker neoclassic skin arbitrary code execution attempt (server-webapp.rules)
 * 1:28420 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - createElement - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28421 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28422 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28556 <-> DISABLED <-> PROTOCOL-DNS DNS query amplification attempt (protocol-dns.rules)
 * 1:28345 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28806 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware download - single digit .exe file download (indicator-compromise.rules)
 * 1:28811 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28812 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28893 <-> DISABLED <-> BROWSER-OTHER known revoked certificate for Tresor CA (browser-other.rules)
 * 1:28408 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker neoclassic skin arbitrary code execution attempt (server-webapp.rules)
 * 1:28557 <-> DISABLED <-> PROTOCOL-DNS Malformed DNS query with HTTP content (protocol-dns.rules)
 * 1:29090 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious test for public IP - iframe.ip138.com (indicator-compromise.rules)
 * 1:29157 <-> DISABLED <-> SERVER-WEBAPP NagiosQL hostdependencies.php cross site scripting attempt (server-webapp.rules)
 * 1:29158 <-> DISABLED <-> SERVER-WEBAPP NagiosQL hostdependencies.php cross site scripting attempt (server-webapp.rules)
 * 1:29159 <-> DISABLED <-> SERVER-WEBAPP The Bug Genie openid_identifier cross site scripting attempt (server-webapp.rules)
 * 1:28941 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:29046 <-> DISABLED <-> SERVER-WEBAPP WhatsUp Gold ExportViewer.asp diretory traversal attempt (server-webapp.rules)
 * 1:29160 <-> DISABLED <-> SERVER-WEBAPP The Bug Genie openid_identifier cross site scripting attempt (server-webapp.rules)
 * 1:29170 <-> DISABLED <-> SERVER-WEBAPP NetWeaver internet sales module directory traversal attempt (server-webapp.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:30230 <-> ENABLED <-> INDICATOR-COMPROMISE suspicious test for public IP - www.dawhois.com (indicator-compromise.rules)
 * 1:29402 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi parameter code execution attempt (server-webapp.rules)
 * 1:29403 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi cross site scripting attempt (server-webapp.rules)
 * 1:29462 <-> ENABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent The Mole (indicator-scan.rules)
 * 1:29510 <-> ENABLED <-> INDICATOR-OBFUSCATION Multiple character encodings detected (indicator-obfuscation.rules)
 * 1:29608 <-> DISABLED <-> SERVER-WEBAPP McAfee ePO showRegisteredTypeDetails.do sql injection attempt (server-webapp.rules)
 * 1:29609 <-> DISABLED <-> SERVER-WEBAPP McAfee ePO DisplayMSAPropsDetail.do sql injection attempt (server-webapp.rules)
 * 1:29815 <-> DISABLED <-> SERVER-WEBAPP Kloxo webcommand.php SQL injection attempt (server-webapp.rules)
 * 1:29829 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:29830 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:29831 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:29992 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT120N tmUnblock.cgi TM_Block_URL parameter fprintf stack buffer overflow attempt (server-webapp.rules)
 * 1:30012 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules)
 * 1:30013 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules)
 * 1:30033 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense webConfigurator invalid input attempt (server-webapp.rules)
 * 1:30040 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:30041 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:30065 <-> ENABLED <-> INDICATOR-COMPROMISE ZenCart compromise attempt detected (indicator-compromise.rules)
 * 1:30066 <-> ENABLED <-> INDICATOR-COMPROMISE ZenCart malicious redirect attempt detected (indicator-compromise.rules)
 * 1:30100 <-> ENABLED <-> FILE-OTHER ftpchk3.php malicious script upload attempt (file-other.rules)
 * 1:30101 <-> ENABLED <-> FILE-OTHER ftpchk3.php malicious script upload attempt (file-other.rules)
 * 1:29190 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in Nuclear exploit kit (indicator-obfuscation.rules)
 * 1:30249 <-> ENABLED <-> SERVER-WEBAPP Embedded php in Exif data upload attempt (server-webapp.rules)
 * 1:30274 <-> ENABLED <-> SERVER-WEBAPP LifeSize UVC remote code execution attempt (server-webapp.rules)
 * 1:30769 <-> ENABLED <-> SERVER-OTHER Wordpress linenity theme LFI attempt (server-other.rules)
 * 1:30880 <-> ENABLED <-> OS-MOBILE Android Andr.Trojan.Waller information disclosure attempt (os-mobile.rules)
 * 1:30905 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules)
 * 1:30908 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules)
 * 1:30928 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver dir content listing attempt (server-other.rules)
 * 1:30958 <-> DISABLED <-> BROWSER-OTHER suspicious srcElement child element removal - possible use after free attempt (browser-other.rules)
 * 1:30959 <-> DISABLED <-> BROWSER-OTHER suspicious srcElement child element removal - possible use after free attempt (browser-other.rules)
 * 1:30996 <-> ENABLED <-> SERVER-OTHER CMSimple remote file inclusion attempt (server-other.rules)
 * 1:30997 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .doc.exe within .zip file (indicator-compromise.rules)
 * 1:30998 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .gif.exe within .zip file (indicator-compromise.rules)
 * 1:30999 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .jpeg.exe within .zip file (indicator-compromise.rules)
 * 1:31000 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .jpg.exe within .zip file (indicator-compromise.rules)
 * 1:31001 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .pdf.exe within .zip file (indicator-compromise.rules)
 * 1:29401 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi parameter code execution attempt (server-webapp.rules)
 * 1:31094 <-> ENABLED <-> SERVER-WEBAPP Web Terria remote command execution attempt (server-webapp.rules)
 * 1:31161 <-> ENABLED <-> SERVER-OTHER AuraCMS LFI attempt (server-other.rules)
 * 1:31214 <-> ENABLED <-> INDICATOR-COMPROMISE connection to zeus malware sinkhole (indicator-compromise.rules)
 * 1:31289 <-> ENABLED <-> SERVER-WEBAPP /etc/passwd file access attempt (server-webapp.rules)
 * 1:31300 <-> ENABLED <-> SERVER-OTHER Xerox DocuShare SQL injection attempt (server-other.rules)
 * 1:31339 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31340 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31341 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31342 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules)
 * 1:31499 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31500 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell upload attempt (indicator-compromise.rules)
 * 1:31501 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31502 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31503 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31531 <-> ENABLED <-> INDICATOR-COMPROMISE MinerDeploy monitor request attempt (indicator-compromise.rules)
 * 1:31711 <-> DISABLED <-> INDICATOR-COMPROMISE Keylog string over FTP detected (indicator-compromise.rules)
 * 1:31830 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Active Directory kerberos encryption type downgrade attempt (os-windows.rules)
 * 1:31892 <-> DISABLED <-> SERVER-WEBAPP HybridAuth install.php code injection attempt (server-webapp.rules)
 * 1:32488 <-> DISABLED <-> INDICATOR-COMPROMISE .com- potentially malicious hostname (indicator-compromise.rules)
 * 1:32508 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules)
 * 1:32562 <-> ENABLED <-> FILE-OTHER Oracle Java awt_setPixels out-of-bounds read attempt (file-other.rules)
 * 1:32646 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - _pdf.exe within .zip file (indicator-compromise.rules)
 * 1:32761 <-> DISABLED <-> SERVER-WEBAPP dBlog CMS m parameter SQL injection attempt (server-webapp.rules)
 * 1:32774 <-> DISABLED <-> SERVER-OTHER Siemens Simatic S7-300 PLC backdoor login attempt (server-other.rules)
 * 1:32775 <-> DISABLED <-> SERVER-OTHER Siemens Simatic S7-300 PLC remote memory dump (server-other.rules)
 * 1:32888 <-> ENABLED <-> INDICATOR-COMPROMISE Potential Redirect from Compromised WordPress site to Fedex - Spammed Malware Download attempt (indicator-compromise.rules)
 * 1:33188 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Trojan.Bedep variant outbound connection (indicator-compromise.rules)
 * 1:33189 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules)
 * 1:33190 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules)
 * 1:33276 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:33277 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:33278 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:33887 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler xen_hotfix object parameter command injection attempt (server-webapp.rules)
 * 1:33888 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler xen_hotfix object parameter command injection attempt (server-webapp.rules)
 * 1:33889 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules)
 * 1:33890 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules)
 * 1:34179 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34615 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:32509 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules)
 * 1:34178 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34617 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34618 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:35359 <-> DISABLED <-> SERVER-WEBAPP Cacti selected_items SQL injection attempt (server-webapp.rules)
 * 1:34647 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34648 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34824 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34825 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:35024 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:35025 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:35026 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:43898 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43901 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:43900 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:35077 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35078 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35079 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35090 <-> ENABLED <-> OS-MOBILE iOS lockdownd plist object buffer overflow attempt (os-mobile.rules)
 * 1:35091 <-> ENABLED <-> OS-MOBILE iOS lockdownd plist object buffer overflow attempt (os-mobile.rules)
 * 1:35222 <-> ENABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - Win.Trojan.Dridex (indicator-compromise.rules)
 * 1:35243 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35244 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35245 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35246 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35279 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:35280 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:35281 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:34616 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:35427 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35428 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35429 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35533 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35534 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35535 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35573 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS compose.php SQL injection attempt (server-webapp.rules)
 * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules)
 * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules)
 * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:34646 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:35706 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35735 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35736 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35737 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35738 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35745 <-> ENABLED <-> INDICATOR-COMPROMISE Wild Neutron potential exploit attempt (indicator-compromise.rules)
 * 1:35865 <-> ENABLED <-> BROWSER-IE Internet Explorer DataSource recordset remote code execution attempt  (browser-ie.rules)
 * 1:35866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt  (browser-ie.rules)
 * 1:35867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt  (browser-ie.rules)
 * 1:35872 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35873 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35874 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35875 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35888 <-> DISABLED <-> PROTOCOL-SCADA SCADA Engine OPC Server arbitrary file upload attempt (protocol-scada.rules)
 * 1:35892 <-> DISABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 1:35893 <-> DISABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 1:35896 <-> ENABLED <-> SERVER-OTHER GE Proficy CIMPLICITY Marquee Manager stack buffer overflow attempt  (server-other.rules)
 * 1:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt  (server-other.rules)
 * 1:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt  (server-other.rules)
 * 1:35920 <-> ENABLED <-> SERVER-OTHER General Electric Proficy memory leakage request attempt  (server-other.rules)
 * 1:36022 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:36023 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:36024 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:36030 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36031 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36032 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36033 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36041 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36042 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36043 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36049 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36050 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36051 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36052 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA JSON interface hidden credentials authentication attempt (server-webapp.rules)
 * 1:36053 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA snmp JSON interface command injection attempt (server-webapp.rules)
 * 1:36101 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules)
 * 1:36102 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules)
 * 1:35705 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:36104 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA configdb_file.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:36270 <-> DISABLED <-> SERVER-WEBAPP Centreon main.php command injection attempt (server-webapp.rules)
 * 1:36282 <-> ENABLED <-> POLICY-OTHER Cisco router Security Device Manager default banner (policy-other.rules)
 * 1:36283 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36284 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36285 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36380 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev SaveContentServiceImpl servlet directory traversal attempt (server-webapp.rules)
 * 1:36544 <-> DISABLED <-> SERVER-WEBAPP pChart script parameter directory traversal attempt (server-webapp.rules)
 * 1:36793 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:36794 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:36795 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37243 <-> DISABLED <-> INDICATOR-COMPROMISE download of a Office document with embedded PowerShell (indicator-compromise.rules)
 * 1:37244 <-> DISABLED <-> INDICATOR-COMPROMISE download of a Office document with embedded PowerShell (indicator-compromise.rules)
 * 1:37285 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37286 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37287 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37289 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37290 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37292 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37324 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox dsl_control stack buffer overflow attempt (server-webapp.rules)
 * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (server-other.rules)
 * 1:37411 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS hidden credentials authentication attempt (server-webapp.rules)
 * 1:37412 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS kill.php command injection attempt (server-webapp.rules)
 * 1:37413 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS kill.php command injection attempt (server-webapp.rules)
 * 1:37443 <-> DISABLED <-> SQL use of sleep function with select - likely SQL injection (sql.rules)
 * 1:37537 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37538 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37539 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37540 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37541 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37542 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37543 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37544 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37622 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:37623 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37624 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:38269 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_system command injection attempt (server-webapp.rules)
 * 1:38383 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules)
 * 1:38389 <-> DISABLED <-> SERVER-WEBAPP HID door command injection attempt (server-webapp.rules)
 * 1:38384 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules)
 * 1:38534 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38532 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38535 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38619 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (indicator-compromise.rules)
 * 1:38629 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38579 <-> DISABLED <-> SERVER-WEBAPP Atvise denial of service attempt (server-webapp.rules)
 * 1:38631 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38632 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38633 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38630 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38634 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38635 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38636 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38639 <-> ENABLED <-> FILE-OFFICE Microsoft Office document with auto-start VBA macro detected (file-office.rules)
 * 1:38640 <-> ENABLED <-> FILE-OFFICE Microsoft Office document with auto-start VBA macro detected (file-office.rules)
 * 1:38648 <-> DISABLED <-> SERVER-OTHER Trend Micro remote debugging URL handling remote code execution attempt (server-other.rules)
 * 1:38993 <-> ENABLED <-> SQL use of sleep function in HTTP header - likely SQL injection attempt (sql.rules)
 * 1:39038 <-> DISABLED <-> BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39039 <-> DISABLED <-> BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39043 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39044 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39070 <-> ENABLED <-> SERVER-WEBAPP Dlink local file disclosure attempt (server-webapp.rules)
 * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules)
 * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules)
 * 1:39192 <-> ENABLED <-> SERVER-WEBAPP D-Link router unauthorised DNS change attempt (server-webapp.rules)
 * 1:39198 <-> DISABLED <-> SERVER-WEBAPP D-Link authentication bypass attempt (server-webapp.rules)
 * 1:39268 <-> DISABLED <-> SERVER-WEBAPP Joomla PayPlans Extension com_payplans group_id SQL injection attempt (server-webapp.rules)
 * 1:39328 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39329 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39330 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39349 <-> ENABLED <-> SERVER-WEBAPP Wordpress Mobile Detector Plugin remote file upload attempt (server-webapp.rules)
 * 1:39350 <-> ENABLED <-> SERVER-WEBAPP Wordpress Mobile Detector Plugin remote file upload attempt (server-webapp.rules)
 * 1:39468 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39469 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:39471 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39474 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler REST API login SQL injection attempt (server-webapp.rules)
 * 1:39475 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler algorithm_settings SQL injection attempt (server-webapp.rules)
 * 1:39476 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler export_report SQL injection attempt (server-webapp.rules)
 * 1:39477 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler port_config SQL injection attempt (server-webapp.rules)
 * 1:39639 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39640 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39641 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39742 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS set_dns XMLRPC method command injection attempt (server-webapp.rules)
 * 1:39743 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC method command injection attempt (server-webapp.rules)
 * 1:39851 <-> ENABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules)
 * 1:39866 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ml dns query (indicator-compromise.rules)
 * 1:39867 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .tk dns query (indicator-compromise.rules)
 * 1:39868 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters msofbtCLSID stack buffer overflow attempt (file-office.rules)
 * 1:39869 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters msofbtCLSID stack buffer overflow attempt (file-office.rules)
 * 1:39871 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters wSectorShift heap buffer overflow attempt (file-office.rules)
 * 1:39872 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters wSectorShift heap buffer overflow attempt (file-office.rules)
 * 1:39930 <-> ENABLED <-> SERVER-WEBAPP Siemens IP-Camera credential disclosure attempt (server-webapp.rules)
 * 1:39932 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39933 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39934 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39935 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39942 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39943 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39944 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39945 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39959 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39960 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39961 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39962 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39970 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39971 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39972 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39973 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40030 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40031 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40032 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:39470 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:40047 <-> ENABLED <-> SERVER-WEBAPP Belkin F9K1122 webpage buffer overflow attempt (server-webapp.rules)
 * 1:40068 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System jsrpc.php SQL injection attempt (server-webapp.rules)
 * 1:40069 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System jsrpc.php SQL injection attempt (server-webapp.rules)
 * 1:40070 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System latest.php SQL injection attempt (server-webapp.rules)
 * 1:40071 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System latest.php SQL injection attempt (server-webapp.rules)
 * 1:40149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML IDispatch use after free attempt (browser-ie.rules)
 * 1:40150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML IDispatch use after free attempt (browser-ie.rules)
 * 1:40255 <-> DISABLED <-> SERVER-WEBAPP FreePBX Music Module ajax.php command injection attempt (server-webapp.rules)
 * 1:40283 <-> DISABLED <-> SERVER-WEBAPP Kaltura redirectWidgetCmd PHP object injection attempt (server-webapp.rules)
 * 1:40382 <-> DISABLED <-> SERVER-OTHER Easy File Sharing Server remote code execution attempt (server-other.rules)
 * 1:40446 <-> ENABLED <-> SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (server-webapp.rules)
 * 1:40447 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (server-webapp.rules)
 * 1:40448 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (server-webapp.rules)
 * 1:40524 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync JSON API ad_sync_now command injection attempt (server-webapp.rules)
 * 1:40589 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40590 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40591 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40592 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS notificationsBatchDetails.php SQL injection attempt (server-webapp.rules)
 * 1:40755 <-> DISABLED <-> FILE-FLASH Adobe Flash EnableDebugger2 obfuscation attempt (file-flash.rules)
 * 1:40784 <-> ENABLED <-> SERVER-WEBAPP ZyXEL TR-064 SetNTPServers command injection attempt (server-webapp.rules)
 * 1:40785 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules)
 * 1:40786 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules)
 * 1:40866 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP SET_CONFIG type buffer overflow attempt (protocol-other.rules)
 * 1:40904 <-> ENABLED <-> SERVER-WEBAPP Oracle Weblogic default credentials login attempt (server-webapp.rules)
 * 1:40905 <-> ENABLED <-> SERVER-WEBAPP Oracle Weblogic default credentials login attempt (server-webapp.rules)
 * 1:40907 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP Get_config configuration leak attempt (protocol-other.rules)
 * 1:40933 <-> DISABLED <-> SERVER-WEBAPP Reference Design Kit ajax_network_diagnostic_tools.php command injection attempt (server-webapp.rules)
 * 1:40994 <-> DISABLED <-> SERVER-WEBAPP Sony IPELA IP Cameras prima-factory.cgi telnet backdoor access attempt (server-webapp.rules)
 * 1:41112 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41113 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41114 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41115 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41116 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41117 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41346 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41347 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41348 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:40033 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:41364 <-> DISABLED <-> PROTOCOL-OTHER ARM mbed TLS x509 invalid public key remote code execution attempt (protocol-other.rules)
 * 1:41387 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router logset.asp command injection attempt (server-webapp.rules)
 * 1:41390 <-> ENABLED <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt (server-webapp.rules)
 * 1:41349 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41388 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt (server-webapp.rules)
 * 1:41402 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router tools_time.asp command injection attempt (server-webapp.rules)
 * 1:41401 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router adv_remotelog.asp command injection attempt (server-webapp.rules)
 * 1:41449 <-> DISABLED <-> SQL use of sleep function with and - likely SQL injection (sql.rules)
 * 1:41420 <-> ENABLED <-> SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (server-webapp.rules)
 * 1:41421 <-> ENABLED <-> SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (server-webapp.rules)
 * 1:41488 <-> DISABLED <-> SERVER-WEBAPP GitHub Enterprise pre-receive-hooks SQL injection attempt (server-webapp.rules)
 * 1:41495 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41496 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41497 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41515 <-> ENABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41520 <-> DISABLED <-> SERVER-OTHER Ge Fanuc Proficy WebView DOS attempt (server-other.rules)
 * 1:41642 <-> DISABLED <-> SERVER-WEBAPP TP-LINK AC750 ping diagnostic command injection attempt (server-webapp.rules)
 * 1:41646 <-> DISABLED <-> PROTOCOL-SCADA BB-Elec ethernet gateway DOS attempt (protocol-scada.rules)
 * 1:41693 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera adcommand.cgi command execution attempt (server-webapp.rules)
 * 1:41694 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera pwdgrp.cgi command injection attempt (server-webapp.rules)
 * 1:41695 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera pwdgrp.cgi command injection attempt (server-webapp.rules)
 * 1:41696 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera cloudsetup.cgi command execution attempt (server-webapp.rules)
 * 1:41697 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (server-webapp.rules)
 * 1:41710 <-> DISABLED <-> INDICATOR-COMPROMISE Binary file download request from internationalized domain name using Microsoft BITS (indicator-compromise.rules)
 * 1:41722 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol backup config command attempt (server-other.rules)
 * 1:41723 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download config command attempt (server-other.rules)
 * 1:41724 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download image command attempt (server-other.rules)
 * 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules)
 * 1:41732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41733 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41734 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41735 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41743 <-> DISABLED <-> PROTOCOL-SCADA TwinCAT PLC DOS attempt (protocol-scada.rules)
 * 1:41752 <-> DISABLED <-> PROTOCOL-SCADA PowerNet Twin Client DOS attempt (protocol-scada.rules)
 * 1:41781 <-> ENABLED <-> SERVER-WEBAPP carel plantvisorpro3 directory traversal attempt (server-webapp.rules)
 * 1:41782 <-> ENABLED <-> SERVER-WEBAPP carel plantvisorpro3 directory traversal attempt (server-webapp.rules)
 * 1:41793 <-> ENABLED <-> INDICATOR-SCAN Cisco Smart Install Protocol scan TFTP response (indicator-scan.rules)
 * 1:41814 <-> DISABLED <-> SERVER-WEBAPP NetGain Enterprise Manager arbitrary command execution attempt (server-webapp.rules)
 * 1:41815 <-> DISABLED <-> SERVER-WEBAPP NetGain Enterprise Manager arbitrary command execution attempt (server-webapp.rules)
 * 1:41917 <-> ENABLED <-> SERVER-WEBAPP Carel PlantVisorPRO default login attempt (server-webapp.rules)
 * 1:42005 <-> DISABLED <-> SERVER-WEBAPP Logsign JSON API validate_file command injection attempt (server-webapp.rules)
 * 1:42016 <-> ENABLED <-> PROTOCOL-SCADA Moxa discovery packet information disclosure attempt (protocol-scada.rules)
 * 1:42119 <-> DISABLED <-> SERVER-WEBAPP pfSense openvpn_wizard PHP code injection attempt (server-webapp.rules)
 * 1:42131 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42132 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42210 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules)
 * 1:42211 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules)
 * 1:42232 <-> ENABLED <-> SERVER-OTHER TopSec Firewall cookie header command injection attempt (server-other.rules)
 * 1:42253 <-> ENABLED <-> OS-SOLARIS Solaris dtappgather local privilege escalation attempt (os-solaris.rules)
 * 1:42254 <-> ENABLED <-> OS-SOLARIS Solaris dtappgather local privilege escalation attempt (os-solaris.rules)
 * 1:42291 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM API get_host_fqdn host_ip command injection attempt (server-webapp.rules)
 * 1:42338 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB large NT RENAME transaction request memory leak attempt (os-windows.rules)
 * 1:42340 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt (os-windows.rules)
 * 1:42372 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42406 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG admin backdoor login attempt (server-webapp.rules)
 * 1:41770 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN Gallery SQL injection attempt (server-webapp.rules)
 * 1:42407 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42408 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42409 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42410 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdtool backdoor login attempt (server-webapp.rules)
 * 1:42411 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG session id check bypass attempt (server-webapp.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42426 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42427 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42429 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42430 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42767 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (os-windows.rules)
 * 1:42768 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (os-windows.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:42839 <-> DISABLED <-> SERVER-WEBAPP Crypttech CryptoLog login.php SQL injection attempt (server-webapp.rules)
 * 1:42840 <-> DISABLED <-> SERVER-WEBAPP Crypttech CryptoLog logshares_ajax.php command injection attempt (server-webapp.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:42850 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42851 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42852 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42853 <-> DISABLED <-> SERVER-WEBAPP Serviio Media Server checkStreamUrl command injection attempt (server-webapp.rules)
 * 1:42854 <-> DISABLED <-> SERVER-WEBAPP Serviio Media Server checkStreamUrl command injection attempt (server-webapp.rules)
 * 1:42428 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42890 <-> ENABLED <-> FILE-OTHER AfterMidnight post exploitation tool aftermidnight.dll dll-load exploit attempt (file-other.rules)
 * 1:42891 <-> ENABLED <-> FILE-OTHER AfterMidnight post exploitation tool aftermidnight.dll dll-load exploit attempt (file-other.rules)
 * 1:42901 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS file containing embedded PE (file-office.rules)
 * 1:42905 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS file containing embedded PE (file-office.rules)
 * 1:42906 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42907 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42908 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42909 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42920 <-> DISABLED <-> SERVER-WEBAPP LogRhythm Network Monitor JSON configuration API command injection attempt (server-webapp.rules)
 * 1:43045 <-> ENABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules)
 * 1:43178 <-> DISABLED <-> SERVER-WEBAPP VICIdial user_authorization command injection attempt (server-webapp.rules)
 * 1:43179 <-> ENABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules)
 * 1:43180 <-> ENABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules)
 * 1:43237 <-> ENABLED <-> SERVER-WEBAPP SysAid Enterprise auth bypass and remote file upload attempt  (server-webapp.rules)
 * 1:43251 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA LogSettingHandler command injection attempt (server-webapp.rules)
 * 1:43308 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43309 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43310 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43311 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43312 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43313 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43314 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43315 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43316 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43317 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43318 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43319 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43320 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43321 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43322 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43323 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43451 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:43494 <-> DISABLED <-> SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling appleid (server-webapp.rules)
 * 1:43495 <-> DISABLED <-> SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling paypal (server-webapp.rules)
 * 1:43549 <-> DISABLED <-> SERVER-WEBAPP AlienVault Unified Security Manager authentication bypass attempt (server-webapp.rules)
 * 1:43552 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43553 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43554 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43687 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .top dns query (indicator-compromise.rules)
 * 1:43709 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43710 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43711 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43875 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF with malformed embedded JPEG memory corruption attempt (file-other.rules)
 * 1:43876 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF with malformed embedded JPEG memory corruption attempt (file-other.rules)
 * 1:43878 <-> ENABLED <-> FILE-PDF Acrobat Reader PDFDocEncoding object WinAnsiEncoding memory corruption attempt (file-pdf.rules)
 * 1:43881 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)
 * 1:43882 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)
 * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:43886 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules)
 * 1:43887 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules)
 * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BLTBIT record out of bounds access attempt (file-multimedia.rules)
 * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BLTBIT record out of bounds access attempt (file-multimedia.rules)
 * 1:43893 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF LZW coding table memory corruption attempt (file-other.rules)
 * 1:43894 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF LZW coding table memory corruption attempt (file-other.rules)
 * 1:43895 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43896 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43897 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:43904 <-> ENABLED <-> FILE-PDF Adobe Reader execMenuItem buffer overflow attempt (file-pdf.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:43905 <-> ENABLED <-> FILE-PDF Adobe Reader execMenuItem buffer overflow attempt (file-pdf.rules)
 * 1:43906 <-> ENABLED <-> FILE-PDF Adobe Reader XFA loadXML use after free attempt (file-pdf.rules)
 * 1:43907 <-> ENABLED <-> FILE-PDF Adobe Reader XFA loadXML use after free attempt (file-pdf.rules)
 * 1:43908 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43909 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43910 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43911 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43912 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:43913 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:43916 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF sub-block memory corruption attempt (file-other.rules)
 * 1:43917 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF sub-block memory corruption attempt (file-other.rules)
 * 1:43924 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader duplicate U3D header memory corruption attempt (file-pdf.rules)
 * 1:43925 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader duplicate U3D header memory corruption attempt (file-pdf.rules)
 * 1:43934 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station PixlrEditorHandler.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:43935 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station PixlrEditorHandler.php directory traversal attempt (server-webapp.rules)
 * 1:43936 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:43937 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:43938 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:43939 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station synotheme_upload.php session forgery attempt (server-webapp.rules)
 * 1:43940 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:43941 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:43948 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine heap memory corruption attempt (file-pdf.rules)
 * 1:43949 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine heap memory corruption attempt (file-pdf.rules)
 * 1:43961 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:43962 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:43963 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file kerning data memory corruption attempt (file-other.rules)
 * 1:43964 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file kerning data memory corruption attempt (file-other.rules)
 * 1:43967 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules)
 * 1:43968 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:43977 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43978 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43979 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43980 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43983 <-> DISABLED <-> FILE-OTHER Adobe Professional JPEG APP1 memory corruption attempt (file-other.rules)
 * 1:43984 <-> DISABLED <-> FILE-OTHER Adobe Professional JPEG APP1 memory corruption attempt (file-other.rules)
 * 1:43991 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43992 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43993 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43994 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43997 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed TrueType font memory corruption attempt (file-pdf.rules)
 * 1:43998 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed TrueType font memory corruption attempt (file-pdf.rules)
 * 1:43999 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed brush object attempt (file-multimedia.rules)
 * 1:44000 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed brush object attempt (file-multimedia.rules)
 * 1:44005 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44006 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44007 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44008 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44037 <-> ENABLED <-> INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry (indicator-compromise.rules)
 * 1:44053 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:44054 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:44076 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .trade dns query (indicator-compromise.rules)
 * 1:44077 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .win dns query (indicator-compromise.rules)
 * 1:44083 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA field initialization memory corruption attempt (file-pdf.rules)
 * 1:44084 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA field initialization memory corruption attempt (file-pdf.rules)
 * 1:44086 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF line segments memory corruption attempt (file-other.rules)
 * 1:44087 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF line segments memory corruption attempt (file-other.rules)
 * 1:44094 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record memory corruption attempt (file-multimedia.rules)
 * 1:44095 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record memory corruption attempt (file-multimedia.rules)
 * 1:44099 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record out of bounds access attempt (file-multimedia.rules)
 * 1:44100 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record out of bounds access attempt (file-multimedia.rules)
 * 1:44144 <-> ENABLED <-> FILE-PDF Adobe Reader XFA event use after free attempt (file-pdf.rules)
 * 1:44145 <-> ENABLED <-> FILE-PDF Adobe Reader XFA event use after free attempt (file-pdf.rules)
 * 1:44169 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG ICC profile heap overflow attempt (file-pdf.rules)
 * 1:44170 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG ICC profile heap overflow attempt (file-pdf.rules)
 * 1:44232 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:44233 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:44234 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:44300 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem authentication bypass attempt (server-webapp.rules)
 * 1:44321 <-> DISABLED <-> SERVER-WEBAPP NEC Express Cluster DeleteWorkDirectory.js command injection attempt (server-webapp.rules)
 * 1:44322 <-> DISABLED <-> SERVER-WEBAPP NEC Express Cluster DeleteWorkDirectory.js command injection attempt (server-webapp.rules)
 * 1:44383 <-> DISABLED <-> SERVER-WEBAPP D-Link router firmware update attempt (server-webapp.rules)
 * 1:44384 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44385 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44386 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44387 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44388 <-> ENABLED <-> SERVER-WEBAPP D-Link getcfg.php credential disclosure attempt (server-webapp.rules)
 * 1:44430 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44431 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44432 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44433 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44435 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF authentication token disclosure attempt (server-webapp.rules)
 * 1:44436 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF tail.php command injection attempt (server-webapp.rules)
 * 1:44437 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF tail.php command injection attempt (server-webapp.rules)
 * 1:44453 <-> ENABLED <-> SERVER-WEBAPP D-Link hedwig.cgi NTP service configuration command injection attempt (server-webapp.rules)
 * 1:44454 <-> ENABLED <-> SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt (server-webapp.rules)
 * 1:44465 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:44466 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:44467 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:44471 <-> ENABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (server-webapp.rules)
 * 1:44472 <-> ENABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (server-webapp.rules)
 * 1:44490 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:44491 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:44492 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:44494 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:44495 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:44496 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:44497 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras information disclosure attempt (server-webapp.rules)
 * 1:44550 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF memory corruption attempt (file-image.rules)
 * 1:44551 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF memory corruption attempt (file-image.rules)
 * 1:44579 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44580 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44582 <-> ENABLED <-> SERVER-WEBAPP Trend Micro widget system authentication bypass attempt (server-webapp.rules)
 * 1:44587 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan server side request forgery attempt (server-webapp.rules)
 * 1:44588 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan server side request forgery attempt (server-webapp.rules)
 * 1:44682 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:44683 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules)
 * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules)
 * 1:44728 <-> DISABLED <-> INDICATOR-COMPROMISE Meterpreter payload download attempt (indicator-compromise.rules)
 * 1:44792 <-> DISABLED <-> SERVER-WEBAPP Node.js V8 Debugging Protocol command injection attempt (server-webapp.rules)
 * 1:44793 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 codestream memory corruption attempt (file-pdf.rules)
 * 1:44794 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 codestream memory corruption attempt (file-pdf.rules)
 * 1:44875 <-> ENABLED <-> INDICATOR-COMPROMISE Malicious VBA script detected (indicator-compromise.rules)
 * 1:45060 <-> DISABLED <-> SERVER-WEBAPP pfSense system_groupmanager.php command injection attempt (server-webapp.rules)
 * 1:45128 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:45129 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:45136 <-> ENABLED <-> INDICATOR-COMPROMISE Metasploit PowerShell CLI Download and Run attempt (indicator-compromise.rules)
 * 1:45137 <-> ENABLED <-> INDICATOR-COMPROMISE Metasploit run hidden powershell attempt (indicator-compromise.rules)
 * 1:45214 <-> DISABLED <-> FILE-OTHER Microsoft Word DDEauto code execution attempt (file-other.rules)
 * 1:45215 <-> DISABLED <-> FILE-OTHER Microsoft Word DDEauto code execution attempt (file-other.rules)
 * 1:45237 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules)
 * 1:45238 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules)
 * 1:45240 <-> DISABLED <-> SERVER-WEBAPP OpenEMR fax_dispatch.php command injection attempt (server-webapp.rules)
 * 1:45250 <-> ENABLED <-> SERVER-WEBAPP Delta IEM DIAEnergie file upload attempt (server-webapp.rules)
 * 1:45254 <-> DISABLED <-> SERVER-OTHER Polycom HDX Series remote code execution attempt (server-other.rules)
 * 1:45261 <-> DISABLED <-> SERVER-WEBAPP Vivotek IP Cameras remote stack buffer overflow attempt (server-webapp.rules)
 * 1:45270 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45271 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45272 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45273 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45274 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45275 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45276 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45277 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45278 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45279 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45280 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45281 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45282 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45283 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45284 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45285 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45286 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45287 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45288 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45289 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45290 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45291 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45292 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45293 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45294 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45295 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45296 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45297 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45298 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45299 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45300 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45301 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45312 <-> DISABLED <-> SERVER-WEBAPP Vicon Security and Infinova filterIp command injection attempt (server-webapp.rules)
 * 1:45313 <-> DISABLED <-> SERVER-WEBAPP Vicon Security and Infinova filterIp command injection attempt (server-webapp.rules)
 * 1:45370 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules)
 * 1:45371 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules)
 * 1:45407 <-> ENABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi backdoor account access attempt (server-webapp.rules)
 * 1:45408 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45409 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45410 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45549 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency mining pool connection attempt (pua-other.rules)

2018-01-30 15:24:40 UTC

Snort Subscriber Rules Update

Date: 2018-01-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules)
 * 1:45558 <-> DISABLED <-> FILE-OTHER Multiple products XML Import Command buffer overflow attempt (file-other.rules)
 * 1:45569 <-> DISABLED <-> SERVER-WEBAPP Squid host header cache poisoning attempt (server-webapp.rules)
 * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (pua-other.rules)
 * 1:45561 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45562 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45563 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules)
 * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (malware-other.rules)
 * 1:45560 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45552 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45554 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules)
 * 1:45555 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS jsproxy readPostData memory corruption attempt (server-webapp.rules)
 * 1:45556 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:45551 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45568 <-> DISABLED <-> SERVER-SAMBA Samba LDAP Server libldb denial of service attempt (server-samba.rules)
 * 1:45566 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45564 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules)
 * 1:45559 <-> DISABLED <-> FILE-OTHER Multiple products XML Import Command buffer overflow attempt (file-other.rules)
 * 1:45557 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:45553 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules)
 * 1:45567 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:43937 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:43938 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:43983 <-> DISABLED <-> FILE-OTHER Adobe Professional JPEG APP1 memory corruption attempt (file-other.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:43904 <-> ENABLED <-> FILE-PDF Adobe Reader execMenuItem buffer overflow attempt (file-pdf.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:43905 <-> ENABLED <-> FILE-PDF Adobe Reader execMenuItem buffer overflow attempt (file-pdf.rules)
 * 1:43906 <-> ENABLED <-> FILE-PDF Adobe Reader XFA loadXML use after free attempt (file-pdf.rules)
 * 1:43907 <-> ENABLED <-> FILE-PDF Adobe Reader XFA loadXML use after free attempt (file-pdf.rules)
 * 1:43908 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43968 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules)
 * 1:43909 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43910 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43911 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43912 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:43913 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:43916 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF sub-block memory corruption attempt (file-other.rules)
 * 1:43964 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file kerning data memory corruption attempt (file-other.rules)
 * 1:43963 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file kerning data memory corruption attempt (file-other.rules)
 * 1:43962 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:43961 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:43980 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43979 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43939 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station synotheme_upload.php session forgery attempt (server-webapp.rules)
 * 1:43978 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43948 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine heap memory corruption attempt (file-pdf.rules)
 * 1:43941 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:43940 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:43917 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF sub-block memory corruption attempt (file-other.rules)
 * 1:43924 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader duplicate U3D header memory corruption attempt (file-pdf.rules)
 * 1:43925 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader duplicate U3D header memory corruption attempt (file-pdf.rules)
 * 1:43977 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43934 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station PixlrEditorHandler.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:43935 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station PixlrEditorHandler.php directory traversal attempt (server-webapp.rules)
 * 1:43936 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:44053 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:44037 <-> ENABLED <-> INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry (indicator-compromise.rules)
 * 1:44034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44008 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:43967 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules)
 * 1:44007 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44006 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44005 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44000 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed brush object attempt (file-multimedia.rules)
 * 1:43999 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed brush object attempt (file-multimedia.rules)
 * 1:43998 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed TrueType font memory corruption attempt (file-pdf.rules)
 * 1:43997 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed TrueType font memory corruption attempt (file-pdf.rules)
 * 1:43994 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43993 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43992 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43991 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43984 <-> DISABLED <-> FILE-OTHER Adobe Professional JPEG APP1 memory corruption attempt (file-other.rules)
 * 1:44145 <-> ENABLED <-> FILE-PDF Adobe Reader XFA event use after free attempt (file-pdf.rules)
 * 1:44144 <-> ENABLED <-> FILE-PDF Adobe Reader XFA event use after free attempt (file-pdf.rules)
 * 1:44100 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record out of bounds access attempt (file-multimedia.rules)
 * 1:44099 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record out of bounds access attempt (file-multimedia.rules)
 * 1:44095 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record memory corruption attempt (file-multimedia.rules)
 * 1:44094 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record memory corruption attempt (file-multimedia.rules)
 * 1:44087 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF line segments memory corruption attempt (file-other.rules)
 * 1:44086 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF line segments memory corruption attempt (file-other.rules)
 * 1:44084 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA field initialization memory corruption attempt (file-pdf.rules)
 * 1:44083 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA field initialization memory corruption attempt (file-pdf.rules)
 * 1:44077 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .win dns query (indicator-compromise.rules)
 * 1:44076 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .trade dns query (indicator-compromise.rules)
 * 1:44054 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:43900 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:43949 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine heap memory corruption attempt (file-pdf.rules)
 * 1:43901 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:44170 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG ICC profile heap overflow attempt (file-pdf.rules)
 * 1:44169 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG ICC profile heap overflow attempt (file-pdf.rules)
 * 1:44300 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem authentication bypass attempt (server-webapp.rules)
 * 1:44234 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:44233 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:44232 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:13512 <-> DISABLED <-> SQL generic sql exec injection attempt - GET parameter (sql.rules)
 * 1:13514 <-> DISABLED <-> SQL generic sql update injection attempt - GET parameter (sql.rules)
 * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules)
 * 1:15584 <-> DISABLED <-> SQL char and sysobjects - possible sql injection recon attempt (sql.rules)
 * 1:15874 <-> DISABLED <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules)
 * 1:15875 <-> DISABLED <-> SQL generic sql insert injection attempt - POST parameter (sql.rules)
 * 1:15877 <-> DISABLED <-> SQL generic sql exec injection attempt - POST parameter (sql.rules)
 * 1:16431 <-> ENABLED <-> SQL generic sql with comments injection attempt - GET parameter (sql.rules)
 * 1:18683 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded PDF object (file-office.rules)
 * 1:19439 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:19440 <-> ENABLED <-> SQL 1 = 0 - possible sql injection attempt (sql.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21778 <-> DISABLED <-> SQL parameter ending in comment characters - possible sql injection attempt - POST (sql.rules)
 * 1:23018 <-> DISABLED <-> INDICATOR-OBFUSCATION eval of base64-encoded data (indicator-obfuscation.rules)
 * 1:23182 <-> ENABLED <-> SERVER-OTHER Joomla com_maqmahelpdesk task parameter local file inclusion attempt (server-other.rules)
 * 1:24647 <-> DISABLED <-> SERVER-WEBAPP D-Link Wireless Router CAPTCHA data processing buffer overflow attempt (server-webapp.rules)
 * 1:25592 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated document command - used in IFRAMEr tool injection (indicator-obfuscation.rules)
 * 1:26092 <-> ENABLED <-> INDICATOR-OBFUSCATION fromCharCode seen in exploit kit landing pages (indicator-obfuscation.rules)
 * 1:26101 <-> ENABLED <-> INDICATOR-OBFUSCATION String.fromCharCode concatenation (indicator-obfuscation.rules)
 * 1:26352 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated portable executable - seen in exploit kits (indicator-obfuscation.rules)
 * 1:26441 <-> ENABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules)
 * 1:26829 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules)
 * 1:26925 <-> DISABLED <-> SQL generic convert injection attempt - GET parameter (sql.rules)
 * 1:26929 <-> ENABLED <-> SERVER-WEBAPP SAP ConfigServlet command execution attempt (server-webapp.rules)
 * 1:27073 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated getElementsByTagName string - seen in exploit kits (indicator-obfuscation.rules)
 * 1:27074 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated getElementsByTagName string - seen in exploit kits (indicator-obfuscation.rules)
 * 1:27272 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:27287 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:27288 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:27592 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:27735 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - document - seen in IFRAMEr Tool usage (indicator-obfuscation.rules)
 * 1:27736 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:27920 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28023 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - document - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28024 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28025 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28039 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .pw dns query (indicator-compromise.rules)
 * 1:28284 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .nl.ai dns query (indicator-compromise.rules)
 * 1:28288 <-> ENABLED <-> SERVER-WEBAPP WebTester install2.php arbitrary command execution attempt (server-webapp.rules)
 * 1:28289 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R root remote code execution attempt (server-webapp.rules)
 * 1:28290 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R iwpriv remote code execution attempt (server-webapp.rules)
 * 1:28345 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28346 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28401 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx APK file download attempt (os-mobile.rules)
 * 1:28402 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx APK file download attempt (os-mobile.rules)
 * 1:28403 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx information disclosure attempt (os-mobile.rules)
 * 1:28408 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker neoclassic skin arbitrary code execution attempt (server-webapp.rules)
 * 1:28409 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker neoclassic skin arbitrary code execution attempt (server-webapp.rules)
 * 1:28420 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - createElement - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28421 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28422 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28556 <-> DISABLED <-> PROTOCOL-DNS DNS query amplification attempt (protocol-dns.rules)
 * 1:28557 <-> DISABLED <-> PROTOCOL-DNS Malformed DNS query with HTTP content (protocol-dns.rules)
 * 1:28806 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware download - single digit .exe file download (indicator-compromise.rules)
 * 1:28811 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28812 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28893 <-> DISABLED <-> BROWSER-OTHER known revoked certificate for Tresor CA (browser-other.rules)
 * 1:28941 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:29046 <-> DISABLED <-> SERVER-WEBAPP WhatsUp Gold ExportViewer.asp diretory traversal attempt (server-webapp.rules)
 * 1:29090 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious test for public IP - iframe.ip138.com (indicator-compromise.rules)
 * 1:29157 <-> DISABLED <-> SERVER-WEBAPP NagiosQL hostdependencies.php cross site scripting attempt (server-webapp.rules)
 * 1:29158 <-> DISABLED <-> SERVER-WEBAPP NagiosQL hostdependencies.php cross site scripting attempt (server-webapp.rules)
 * 1:29159 <-> DISABLED <-> SERVER-WEBAPP The Bug Genie openid_identifier cross site scripting attempt (server-webapp.rules)
 * 1:29160 <-> DISABLED <-> SERVER-WEBAPP The Bug Genie openid_identifier cross site scripting attempt (server-webapp.rules)
 * 1:29170 <-> DISABLED <-> SERVER-WEBAPP NetWeaver internet sales module directory traversal attempt (server-webapp.rules)
 * 1:29190 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in Nuclear exploit kit (indicator-obfuscation.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:29401 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi parameter code execution attempt (server-webapp.rules)
 * 1:29402 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi parameter code execution attempt (server-webapp.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:44471 <-> ENABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (server-webapp.rules)
 * 1:44467 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:44466 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:44465 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:44454 <-> ENABLED <-> SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt (server-webapp.rules)
 * 1:44453 <-> ENABLED <-> SERVER-WEBAPP D-Link hedwig.cgi NTP service configuration command injection attempt (server-webapp.rules)
 * 1:44437 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF tail.php command injection attempt (server-webapp.rules)
 * 1:44436 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF tail.php command injection attempt (server-webapp.rules)
 * 1:44435 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF authentication token disclosure attempt (server-webapp.rules)
 * 1:44433 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44432 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44431 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44430 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44388 <-> ENABLED <-> SERVER-WEBAPP D-Link getcfg.php credential disclosure attempt (server-webapp.rules)
 * 1:44387 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44386 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44385 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44384 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44383 <-> DISABLED <-> SERVER-WEBAPP D-Link router firmware update attempt (server-webapp.rules)
 * 1:44322 <-> DISABLED <-> SERVER-WEBAPP NEC Express Cluster DeleteWorkDirectory.js command injection attempt (server-webapp.rules)
 * 1:44321 <-> DISABLED <-> SERVER-WEBAPP NEC Express Cluster DeleteWorkDirectory.js command injection attempt (server-webapp.rules)
 * 1:44682 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:44588 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan server side request forgery attempt (server-webapp.rules)
 * 1:44587 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan server side request forgery attempt (server-webapp.rules)
 * 1:44582 <-> ENABLED <-> SERVER-WEBAPP Trend Micro widget system authentication bypass attempt (server-webapp.rules)
 * 1:44580 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44579 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44551 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF memory corruption attempt (file-image.rules)
 * 1:44550 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF memory corruption attempt (file-image.rules)
 * 1:44497 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras information disclosure attempt (server-webapp.rules)
 * 1:44496 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:44495 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:44494 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:44492 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:44491 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:44490 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:44472 <-> ENABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (server-webapp.rules)
 * 1:44683 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:45136 <-> ENABLED <-> INDICATOR-COMPROMISE Metasploit PowerShell CLI Download and Run attempt (indicator-compromise.rules)
 * 1:44794 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 codestream memory corruption attempt (file-pdf.rules)
 * 1:44793 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 codestream memory corruption attempt (file-pdf.rules)
 * 1:44792 <-> DISABLED <-> SERVER-WEBAPP Node.js V8 Debugging Protocol command injection attempt (server-webapp.rules)
 * 1:44728 <-> DISABLED <-> INDICATOR-COMPROMISE Meterpreter payload download attempt (indicator-compromise.rules)
 * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules)
 * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules)
 * 1:45129 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:45128 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:45060 <-> DISABLED <-> SERVER-WEBAPP pfSense system_groupmanager.php command injection attempt (server-webapp.rules)
 * 1:44875 <-> ENABLED <-> INDICATOR-COMPROMISE Malicious VBA script detected (indicator-compromise.rules)
 * 1:45281 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45280 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45279 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45278 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45277 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45276 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45275 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45274 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45273 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45272 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45271 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45270 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45261 <-> DISABLED <-> SERVER-WEBAPP Vivotek IP Cameras remote stack buffer overflow attempt (server-webapp.rules)
 * 1:45254 <-> DISABLED <-> SERVER-OTHER Polycom HDX Series remote code execution attempt (server-other.rules)
 * 1:45250 <-> ENABLED <-> SERVER-WEBAPP Delta IEM DIAEnergie file upload attempt (server-webapp.rules)
 * 1:45240 <-> DISABLED <-> SERVER-WEBAPP OpenEMR fax_dispatch.php command injection attempt (server-webapp.rules)
 * 1:45238 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules)
 * 1:45237 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules)
 * 1:45215 <-> DISABLED <-> FILE-OTHER Microsoft Word DDEauto code execution attempt (file-other.rules)
 * 1:45214 <-> DISABLED <-> FILE-OTHER Microsoft Word DDEauto code execution attempt (file-other.rules)
 * 1:45137 <-> ENABLED <-> INDICATOR-COMPROMISE Metasploit run hidden powershell attempt (indicator-compromise.rules)
 * 1:45297 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45296 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45295 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45294 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45293 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45292 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45291 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45290 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45289 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45288 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45287 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45286 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45285 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45284 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45283 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45282 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45312 <-> DISABLED <-> SERVER-WEBAPP Vicon Security and Infinova filterIp command injection attempt (server-webapp.rules)
 * 1:45301 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45300 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45299 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45298 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45313 <-> DISABLED <-> SERVER-WEBAPP Vicon Security and Infinova filterIp command injection attempt (server-webapp.rules)
 * 1:29403 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi cross site scripting attempt (server-webapp.rules)
 * 1:29462 <-> ENABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent The Mole (indicator-scan.rules)
 * 1:29510 <-> ENABLED <-> INDICATOR-OBFUSCATION Multiple character encodings detected (indicator-obfuscation.rules)
 * 1:29608 <-> DISABLED <-> SERVER-WEBAPP McAfee ePO showRegisteredTypeDetails.do sql injection attempt (server-webapp.rules)
 * 1:29609 <-> DISABLED <-> SERVER-WEBAPP McAfee ePO DisplayMSAPropsDetail.do sql injection attempt (server-webapp.rules)
 * 1:29815 <-> DISABLED <-> SERVER-WEBAPP Kloxo webcommand.php SQL injection attempt (server-webapp.rules)
 * 1:29829 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:29830 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:29831 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:29992 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT120N tmUnblock.cgi TM_Block_URL parameter fprintf stack buffer overflow attempt (server-webapp.rules)
 * 1:30012 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules)
 * 1:45549 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency mining pool connection attempt (pua-other.rules)
 * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45410 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45409 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45408 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45407 <-> ENABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi backdoor account access attempt (server-webapp.rules)
 * 1:45371 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules)
 * 1:45370 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules)
 * 1:30013 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules)
 * 1:30033 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense webConfigurator invalid input attempt (server-webapp.rules)
 * 1:30040 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:30041 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:30065 <-> ENABLED <-> INDICATOR-COMPROMISE ZenCart compromise attempt detected (indicator-compromise.rules)
 * 1:30066 <-> ENABLED <-> INDICATOR-COMPROMISE ZenCart malicious redirect attempt detected (indicator-compromise.rules)
 * 1:30100 <-> ENABLED <-> FILE-OTHER ftpchk3.php malicious script upload attempt (file-other.rules)
 * 1:30101 <-> ENABLED <-> FILE-OTHER ftpchk3.php malicious script upload attempt (file-other.rules)
 * 1:30230 <-> ENABLED <-> INDICATOR-COMPROMISE suspicious test for public IP - www.dawhois.com (indicator-compromise.rules)
 * 1:30249 <-> ENABLED <-> SERVER-WEBAPP Embedded php in Exif data upload attempt (server-webapp.rules)
 * 1:30274 <-> ENABLED <-> SERVER-WEBAPP LifeSize UVC remote code execution attempt (server-webapp.rules)
 * 1:30769 <-> ENABLED <-> SERVER-OTHER Wordpress linenity theme LFI attempt (server-other.rules)
 * 1:30880 <-> ENABLED <-> OS-MOBILE Android Andr.Trojan.Waller information disclosure attempt (os-mobile.rules)
 * 1:30905 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules)
 * 1:30908 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules)
 * 1:30928 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver dir content listing attempt (server-other.rules)
 * 1:30958 <-> DISABLED <-> BROWSER-OTHER suspicious srcElement child element removal - possible use after free attempt (browser-other.rules)
 * 1:30959 <-> DISABLED <-> BROWSER-OTHER suspicious srcElement child element removal - possible use after free attempt (browser-other.rules)
 * 1:30996 <-> ENABLED <-> SERVER-OTHER CMSimple remote file inclusion attempt (server-other.rules)
 * 1:30997 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .doc.exe within .zip file (indicator-compromise.rules)
 * 1:30998 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .gif.exe within .zip file (indicator-compromise.rules)
 * 1:30999 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .jpeg.exe within .zip file (indicator-compromise.rules)
 * 1:31000 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .jpg.exe within .zip file (indicator-compromise.rules)
 * 1:31001 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .pdf.exe within .zip file (indicator-compromise.rules)
 * 1:31094 <-> ENABLED <-> SERVER-WEBAPP Web Terria remote command execution attempt (server-webapp.rules)
 * 1:31161 <-> ENABLED <-> SERVER-OTHER AuraCMS LFI attempt (server-other.rules)
 * 1:31214 <-> ENABLED <-> INDICATOR-COMPROMISE connection to zeus malware sinkhole (indicator-compromise.rules)
 * 1:31289 <-> ENABLED <-> SERVER-WEBAPP /etc/passwd file access attempt (server-webapp.rules)
 * 1:31300 <-> ENABLED <-> SERVER-OTHER Xerox DocuShare SQL injection attempt (server-other.rules)
 * 1:31339 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31340 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31341 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31342 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules)
 * 1:31499 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31500 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell upload attempt (indicator-compromise.rules)
 * 1:31501 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31502 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31503 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31531 <-> ENABLED <-> INDICATOR-COMPROMISE MinerDeploy monitor request attempt (indicator-compromise.rules)
 * 1:31711 <-> DISABLED <-> INDICATOR-COMPROMISE Keylog string over FTP detected (indicator-compromise.rules)
 * 1:31830 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Active Directory kerberos encryption type downgrade attempt (os-windows.rules)
 * 1:31892 <-> DISABLED <-> SERVER-WEBAPP HybridAuth install.php code injection attempt (server-webapp.rules)
 * 1:32488 <-> DISABLED <-> INDICATOR-COMPROMISE .com- potentially malicious hostname (indicator-compromise.rules)
 * 1:32508 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules)
 * 1:32509 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules)
 * 1:32562 <-> ENABLED <-> FILE-OTHER Oracle Java awt_setPixels out-of-bounds read attempt (file-other.rules)
 * 1:32646 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - _pdf.exe within .zip file (indicator-compromise.rules)
 * 1:32761 <-> DISABLED <-> SERVER-WEBAPP dBlog CMS m parameter SQL injection attempt (server-webapp.rules)
 * 1:32774 <-> DISABLED <-> SERVER-OTHER Siemens Simatic S7-300 PLC backdoor login attempt (server-other.rules)
 * 1:32775 <-> DISABLED <-> SERVER-OTHER Siemens Simatic S7-300 PLC remote memory dump (server-other.rules)
 * 1:32888 <-> ENABLED <-> INDICATOR-COMPROMISE Potential Redirect from Compromised WordPress site to Fedex - Spammed Malware Download attempt (indicator-compromise.rules)
 * 1:33188 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Trojan.Bedep variant outbound connection (indicator-compromise.rules)
 * 1:33189 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules)
 * 1:33190 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules)
 * 1:33276 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:33277 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:33278 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:33887 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler xen_hotfix object parameter command injection attempt (server-webapp.rules)
 * 1:33888 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler xen_hotfix object parameter command injection attempt (server-webapp.rules)
 * 1:33889 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules)
 * 1:33890 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules)
 * 1:34178 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34179 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34615 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34616 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34617 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34618 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34646 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34647 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34648 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34824 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34825 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:35024 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:35025 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:35026 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:35077 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35078 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35079 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35090 <-> ENABLED <-> OS-MOBILE iOS lockdownd plist object buffer overflow attempt (os-mobile.rules)
 * 1:35091 <-> ENABLED <-> OS-MOBILE iOS lockdownd plist object buffer overflow attempt (os-mobile.rules)
 * 1:35222 <-> ENABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - Win.Trojan.Dridex (indicator-compromise.rules)
 * 1:35243 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35244 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35245 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35246 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35279 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:35280 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:35281 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:35359 <-> DISABLED <-> SERVER-WEBAPP Cacti selected_items SQL injection attempt (server-webapp.rules)
 * 1:35427 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35428 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35429 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35533 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35534 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35535 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35573 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS compose.php SQL injection attempt (server-webapp.rules)
 * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules)
 * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules)
 * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35705 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35706 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35735 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35736 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35737 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35738 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35745 <-> ENABLED <-> INDICATOR-COMPROMISE Wild Neutron potential exploit attempt (indicator-compromise.rules)
 * 1:35865 <-> ENABLED <-> BROWSER-IE Internet Explorer DataSource recordset remote code execution attempt  (browser-ie.rules)
 * 1:35866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt  (browser-ie.rules)
 * 1:35867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt  (browser-ie.rules)
 * 1:35872 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35873 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35874 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35875 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35888 <-> DISABLED <-> PROTOCOL-SCADA SCADA Engine OPC Server arbitrary file upload attempt (protocol-scada.rules)
 * 1:35892 <-> DISABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 1:35893 <-> DISABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 1:35896 <-> ENABLED <-> SERVER-OTHER GE Proficy CIMPLICITY Marquee Manager stack buffer overflow attempt  (server-other.rules)
 * 1:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt  (server-other.rules)
 * 1:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt  (server-other.rules)
 * 1:35920 <-> ENABLED <-> SERVER-OTHER General Electric Proficy memory leakage request attempt  (server-other.rules)
 * 1:36022 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:36023 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:36024 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:36030 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36031 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36032 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36033 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36041 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36042 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36043 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36049 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36050 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36051 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36052 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA JSON interface hidden credentials authentication attempt (server-webapp.rules)
 * 1:36053 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA snmp JSON interface command injection attempt (server-webapp.rules)
 * 1:36101 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules)
 * 1:36102 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules)
 * 1:36104 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA configdb_file.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:36270 <-> DISABLED <-> SERVER-WEBAPP Centreon main.php command injection attempt (server-webapp.rules)
 * 1:36282 <-> ENABLED <-> POLICY-OTHER Cisco router Security Device Manager default banner (policy-other.rules)
 * 1:36283 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36284 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36285 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36380 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev SaveContentServiceImpl servlet directory traversal attempt (server-webapp.rules)
 * 1:36544 <-> DISABLED <-> SERVER-WEBAPP pChart script parameter directory traversal attempt (server-webapp.rules)
 * 1:36793 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:36794 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:36795 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37243 <-> DISABLED <-> INDICATOR-COMPROMISE download of a Office document with embedded PowerShell (indicator-compromise.rules)
 * 1:37244 <-> DISABLED <-> INDICATOR-COMPROMISE download of a Office document with embedded PowerShell (indicator-compromise.rules)
 * 1:37285 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37286 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37287 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37289 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37290 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37292 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37324 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox dsl_control stack buffer overflow attempt (server-webapp.rules)
 * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (server-other.rules)
 * 1:37411 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS hidden credentials authentication attempt (server-webapp.rules)
 * 1:37412 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS kill.php command injection attempt (server-webapp.rules)
 * 1:37413 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS kill.php command injection attempt (server-webapp.rules)
 * 1:37443 <-> DISABLED <-> SQL use of sleep function with select - likely SQL injection (sql.rules)
 * 1:37537 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37538 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37539 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37540 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37541 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37542 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37543 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37544 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37622 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:37623 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:37624 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:38269 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_system command injection attempt (server-webapp.rules)
 * 1:38383 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules)
 * 1:38384 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules)
 * 1:38389 <-> DISABLED <-> SERVER-WEBAPP HID door command injection attempt (server-webapp.rules)
 * 1:38532 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38534 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38535 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38579 <-> DISABLED <-> SERVER-WEBAPP Atvise denial of service attempt (server-webapp.rules)
 * 1:38619 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (indicator-compromise.rules)
 * 1:38629 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38630 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38631 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38632 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38633 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38634 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38635 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38636 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38639 <-> ENABLED <-> FILE-OFFICE Microsoft Office document with auto-start VBA macro detected (file-office.rules)
 * 1:38640 <-> ENABLED <-> FILE-OFFICE Microsoft Office document with auto-start VBA macro detected (file-office.rules)
 * 1:38648 <-> DISABLED <-> SERVER-OTHER Trend Micro remote debugging URL handling remote code execution attempt (server-other.rules)
 * 1:38649 <-> DISABLED <-> SERVER-OTHER Trend Micro remote debugging URL handling remote code execution attempt (server-other.rules)
 * 1:38796 <-> DISABLED <-> SERVER-OTHER Adroit denial of service attempt (server-other.rules)
 * 1:38993 <-> ENABLED <-> SQL use of sleep function in HTTP header - likely SQL injection attempt (sql.rules)
 * 1:39038 <-> DISABLED <-> BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39039 <-> DISABLED <-> BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39043 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39044 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39070 <-> ENABLED <-> SERVER-WEBAPP Dlink local file disclosure attempt (server-webapp.rules)
 * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules)
 * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules)
 * 1:39192 <-> ENABLED <-> SERVER-WEBAPP D-Link router unauthorised DNS change attempt (server-webapp.rules)
 * 1:39198 <-> DISABLED <-> SERVER-WEBAPP D-Link authentication bypass attempt (server-webapp.rules)
 * 1:39268 <-> DISABLED <-> SERVER-WEBAPP Joomla PayPlans Extension com_payplans group_id SQL injection attempt (server-webapp.rules)
 * 1:39328 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39329 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39330 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39349 <-> ENABLED <-> SERVER-WEBAPP Wordpress Mobile Detector Plugin remote file upload attempt (server-webapp.rules)
 * 1:39350 <-> ENABLED <-> SERVER-WEBAPP Wordpress Mobile Detector Plugin remote file upload attempt (server-webapp.rules)
 * 1:39468 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39469 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39470 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39471 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39474 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler REST API login SQL injection attempt (server-webapp.rules)
 * 1:39475 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler algorithm_settings SQL injection attempt (server-webapp.rules)
 * 1:39476 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler export_report SQL injection attempt (server-webapp.rules)
 * 1:39477 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler port_config SQL injection attempt (server-webapp.rules)
 * 1:39639 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39640 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39641 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39742 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS set_dns XMLRPC method command injection attempt (server-webapp.rules)
 * 1:39743 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC method command injection attempt (server-webapp.rules)
 * 1:39851 <-> ENABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules)
 * 1:39866 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ml dns query (indicator-compromise.rules)
 * 1:39867 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .tk dns query (indicator-compromise.rules)
 * 1:39868 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters msofbtCLSID stack buffer overflow attempt (file-office.rules)
 * 1:39869 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters msofbtCLSID stack buffer overflow attempt (file-office.rules)
 * 1:39871 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters wSectorShift heap buffer overflow attempt (file-office.rules)
 * 1:39872 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters wSectorShift heap buffer overflow attempt (file-office.rules)
 * 1:39930 <-> ENABLED <-> SERVER-WEBAPP Siemens IP-Camera credential disclosure attempt (server-webapp.rules)
 * 1:39932 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39933 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39934 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39935 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39942 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39943 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39944 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39945 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39959 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39960 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39961 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39962 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39970 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39971 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39972 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39973 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40030 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40031 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40032 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40033 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40047 <-> ENABLED <-> SERVER-WEBAPP Belkin F9K1122 webpage buffer overflow attempt (server-webapp.rules)
 * 1:40068 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System jsrpc.php SQL injection attempt (server-webapp.rules)
 * 1:40069 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System jsrpc.php SQL injection attempt (server-webapp.rules)
 * 1:40070 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System latest.php SQL injection attempt (server-webapp.rules)
 * 1:40071 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System latest.php SQL injection attempt (server-webapp.rules)
 * 1:40149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML IDispatch use after free attempt (browser-ie.rules)
 * 1:40150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML IDispatch use after free attempt (browser-ie.rules)
 * 1:40255 <-> DISABLED <-> SERVER-WEBAPP FreePBX Music Module ajax.php command injection attempt (server-webapp.rules)
 * 1:40283 <-> DISABLED <-> SERVER-WEBAPP Kaltura redirectWidgetCmd PHP object injection attempt (server-webapp.rules)
 * 1:40382 <-> DISABLED <-> SERVER-OTHER Easy File Sharing Server remote code execution attempt (server-other.rules)
 * 1:40446 <-> ENABLED <-> SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (server-webapp.rules)
 * 1:40447 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (server-webapp.rules)
 * 1:40448 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (server-webapp.rules)
 * 1:40524 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync JSON API ad_sync_now command injection attempt (server-webapp.rules)
 * 1:40589 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40590 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40591 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40592 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS notificationsBatchDetails.php SQL injection attempt (server-webapp.rules)
 * 1:40755 <-> DISABLED <-> FILE-FLASH Adobe Flash EnableDebugger2 obfuscation attempt (file-flash.rules)
 * 1:40784 <-> ENABLED <-> SERVER-WEBAPP ZyXEL TR-064 SetNTPServers command injection attempt (server-webapp.rules)
 * 1:40785 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules)
 * 1:40786 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules)
 * 1:40866 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP SET_CONFIG type buffer overflow attempt (protocol-other.rules)
 * 1:40904 <-> ENABLED <-> SERVER-WEBAPP Oracle Weblogic default credentials login attempt (server-webapp.rules)
 * 1:40905 <-> ENABLED <-> SERVER-WEBAPP Oracle Weblogic default credentials login attempt (server-webapp.rules)
 * 1:40907 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP Get_config configuration leak attempt (protocol-other.rules)
 * 1:40933 <-> DISABLED <-> SERVER-WEBAPP Reference Design Kit ajax_network_diagnostic_tools.php command injection attempt (server-webapp.rules)
 * 1:40994 <-> DISABLED <-> SERVER-WEBAPP Sony IPELA IP Cameras prima-factory.cgi telnet backdoor access attempt (server-webapp.rules)
 * 1:41112 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41113 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41114 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41115 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41116 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41117 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41346 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41347 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41348 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41349 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41364 <-> DISABLED <-> PROTOCOL-OTHER ARM mbed TLS x509 invalid public key remote code execution attempt (protocol-other.rules)
 * 1:41387 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router logset.asp command injection attempt (server-webapp.rules)
 * 1:41388 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt (server-webapp.rules)
 * 1:41390 <-> ENABLED <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt (server-webapp.rules)
 * 1:41401 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router adv_remotelog.asp command injection attempt (server-webapp.rules)
 * 1:41402 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router tools_time.asp command injection attempt (server-webapp.rules)
 * 1:41420 <-> ENABLED <-> SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (server-webapp.rules)
 * 1:41421 <-> ENABLED <-> SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (server-webapp.rules)
 * 1:41449 <-> DISABLED <-> SQL use of sleep function with and - likely SQL injection (sql.rules)
 * 1:41488 <-> DISABLED <-> SERVER-WEBAPP GitHub Enterprise pre-receive-hooks SQL injection attempt (server-webapp.rules)
 * 1:41495 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41496 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41497 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41515 <-> ENABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41520 <-> DISABLED <-> SERVER-OTHER Ge Fanuc Proficy WebView DOS attempt (server-other.rules)
 * 1:41642 <-> DISABLED <-> SERVER-WEBAPP TP-LINK AC750 ping diagnostic command injection attempt (server-webapp.rules)
 * 1:41646 <-> DISABLED <-> PROTOCOL-SCADA BB-Elec ethernet gateway DOS attempt (protocol-scada.rules)
 * 1:41693 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera adcommand.cgi command execution attempt (server-webapp.rules)
 * 1:41694 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera pwdgrp.cgi command injection attempt (server-webapp.rules)
 * 1:41695 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera pwdgrp.cgi command injection attempt (server-webapp.rules)
 * 1:41696 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera cloudsetup.cgi command execution attempt (server-webapp.rules)
 * 1:41697 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (server-webapp.rules)
 * 1:41710 <-> DISABLED <-> INDICATOR-COMPROMISE Binary file download request from internationalized domain name using Microsoft BITS (indicator-compromise.rules)
 * 1:41722 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol backup config command attempt (server-other.rules)
 * 1:41723 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download config command attempt (server-other.rules)
 * 1:41724 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download image command attempt (server-other.rules)
 * 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules)
 * 1:41732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41733 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41734 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41735 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41743 <-> DISABLED <-> PROTOCOL-SCADA TwinCAT PLC DOS attempt (protocol-scada.rules)
 * 1:41752 <-> DISABLED <-> PROTOCOL-SCADA PowerNet Twin Client DOS attempt (protocol-scada.rules)
 * 1:41770 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN Gallery SQL injection attempt (server-webapp.rules)
 * 1:41781 <-> ENABLED <-> SERVER-WEBAPP carel plantvisorpro3 directory traversal attempt (server-webapp.rules)
 * 1:41782 <-> ENABLED <-> SERVER-WEBAPP carel plantvisorpro3 directory traversal attempt (server-webapp.rules)
 * 1:41793 <-> ENABLED <-> INDICATOR-SCAN Cisco Smart Install Protocol scan TFTP response (indicator-scan.rules)
 * 1:41814 <-> DISABLED <-> SERVER-WEBAPP NetGain Enterprise Manager arbitrary command execution attempt (server-webapp.rules)
 * 1:41815 <-> DISABLED <-> SERVER-WEBAPP NetGain Enterprise Manager arbitrary command execution attempt (server-webapp.rules)
 * 1:41917 <-> ENABLED <-> SERVER-WEBAPP Carel PlantVisorPRO default login attempt (server-webapp.rules)
 * 1:42005 <-> DISABLED <-> SERVER-WEBAPP Logsign JSON API validate_file command injection attempt (server-webapp.rules)
 * 1:42016 <-> ENABLED <-> PROTOCOL-SCADA Moxa discovery packet information disclosure attempt (protocol-scada.rules)
 * 1:42119 <-> DISABLED <-> SERVER-WEBAPP pfSense openvpn_wizard PHP code injection attempt (server-webapp.rules)
 * 1:42131 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42132 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42210 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules)
 * 1:42211 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules)
 * 1:42232 <-> ENABLED <-> SERVER-OTHER TopSec Firewall cookie header command injection attempt (server-other.rules)
 * 1:42253 <-> ENABLED <-> OS-SOLARIS Solaris dtappgather local privilege escalation attempt (os-solaris.rules)
 * 1:42254 <-> ENABLED <-> OS-SOLARIS Solaris dtappgather local privilege escalation attempt (os-solaris.rules)
 * 1:42291 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM API get_host_fqdn host_ip command injection attempt (server-webapp.rules)
 * 1:42338 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB large NT RENAME transaction request memory leak attempt (os-windows.rules)
 * 1:42340 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt (os-windows.rules)
 * 1:42372 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42406 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG admin backdoor login attempt (server-webapp.rules)
 * 1:42407 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42408 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42409 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42410 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdtool backdoor login attempt (server-webapp.rules)
 * 1:42411 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG session id check bypass attempt (server-webapp.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42426 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42427 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42428 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42429 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42430 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42767 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (os-windows.rules)
 * 1:42768 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (os-windows.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:42839 <-> DISABLED <-> SERVER-WEBAPP Crypttech CryptoLog login.php SQL injection attempt (server-webapp.rules)
 * 1:42840 <-> DISABLED <-> SERVER-WEBAPP Crypttech CryptoLog logshares_ajax.php command injection attempt (server-webapp.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:42850 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42851 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42852 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42853 <-> DISABLED <-> SERVER-WEBAPP Serviio Media Server checkStreamUrl command injection attempt (server-webapp.rules)
 * 1:42854 <-> DISABLED <-> SERVER-WEBAPP Serviio Media Server checkStreamUrl command injection attempt (server-webapp.rules)
 * 1:42890 <-> ENABLED <-> FILE-OTHER AfterMidnight post exploitation tool aftermidnight.dll dll-load exploit attempt (file-other.rules)
 * 1:42891 <-> ENABLED <-> FILE-OTHER AfterMidnight post exploitation tool aftermidnight.dll dll-load exploit attempt (file-other.rules)
 * 1:42901 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS file containing embedded PE (file-office.rules)
 * 1:42905 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS file containing embedded PE (file-office.rules)
 * 1:42906 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42907 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42908 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42909 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42920 <-> DISABLED <-> SERVER-WEBAPP LogRhythm Network Monitor JSON configuration API command injection attempt (server-webapp.rules)
 * 1:43045 <-> ENABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules)
 * 1:43178 <-> DISABLED <-> SERVER-WEBAPP VICIdial user_authorization command injection attempt (server-webapp.rules)
 * 1:43179 <-> ENABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules)
 * 1:43180 <-> ENABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules)
 * 1:43237 <-> ENABLED <-> SERVER-WEBAPP SysAid Enterprise auth bypass and remote file upload attempt  (server-webapp.rules)
 * 1:43251 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA LogSettingHandler command injection attempt (server-webapp.rules)
 * 1:43308 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43309 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43310 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43311 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43312 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43313 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43314 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43315 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43316 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43317 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43318 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43319 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43320 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43321 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43322 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43323 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43451 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:43494 <-> DISABLED <-> SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling appleid (server-webapp.rules)
 * 1:43495 <-> DISABLED <-> SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling paypal (server-webapp.rules)
 * 1:43549 <-> DISABLED <-> SERVER-WEBAPP AlienVault Unified Security Manager authentication bypass attempt (server-webapp.rules)
 * 1:43552 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43553 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43554 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43687 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .top dns query (indicator-compromise.rules)
 * 1:43709 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43710 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43711 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43875 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF with malformed embedded JPEG memory corruption attempt (file-other.rules)
 * 1:43876 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF with malformed embedded JPEG memory corruption attempt (file-other.rules)
 * 1:43878 <-> ENABLED <-> FILE-PDF Acrobat Reader PDFDocEncoding object WinAnsiEncoding memory corruption attempt (file-pdf.rules)
 * 1:43881 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)
 * 1:43882 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)
 * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:43886 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules)
 * 1:43887 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules)
 * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BLTBIT record out of bounds access attempt (file-multimedia.rules)
 * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BLTBIT record out of bounds access attempt (file-multimedia.rules)
 * 1:43893 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF LZW coding table memory corruption attempt (file-other.rules)
 * 1:43894 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF LZW coding table memory corruption attempt (file-other.rules)
 * 1:43895 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43896 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43897 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43898 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)

2018-01-30 15:24:40 UTC

Snort Subscriber Rules Update

Date: 2018-01-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45554 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules)
 * 1:45551 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45563 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules)
 * 1:45560 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45558 <-> DISABLED <-> FILE-OTHER Multiple products XML Import Command buffer overflow attempt (file-other.rules)
 * 1:45569 <-> DISABLED <-> SERVER-WEBAPP Squid host header cache poisoning attempt (server-webapp.rules)
 * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (pua-other.rules)
 * 1:45553 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules)
 * 1:45567 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45568 <-> DISABLED <-> SERVER-SAMBA Samba LDAP Server libldb denial of service attempt (server-samba.rules)
 * 1:45555 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS jsproxy readPostData memory corruption attempt (server-webapp.rules)
 * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules)
 * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (malware-other.rules)
 * 1:45552 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45559 <-> DISABLED <-> FILE-OTHER Multiple products XML Import Command buffer overflow attempt (file-other.rules)
 * 1:45562 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45561 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45557 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:45564 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules)
 * 1:45556 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 1:45566 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:45296 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45295 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45290 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45300 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45301 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45312 <-> DISABLED <-> SERVER-WEBAPP Vicon Security and Infinova filterIp command injection attempt (server-webapp.rules)
 * 1:45313 <-> DISABLED <-> SERVER-WEBAPP Vicon Security and Infinova filterIp command injection attempt (server-webapp.rules)
 * 1:45370 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules)
 * 1:45371 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules)
 * 1:45407 <-> ENABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi backdoor account access attempt (server-webapp.rules)
 * 1:45408 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45409 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45410 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules)
 * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45549 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency mining pool connection attempt (pua-other.rules)
 * 1:45291 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45271 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45298 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45299 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45292 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45297 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44682 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:45293 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45129 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:44490 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:44006 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44385 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:43934 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station PixlrEditorHandler.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:44234 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:45289 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules)
 * 1:44793 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 codestream memory corruption attempt (file-pdf.rules)
 * 1:43904 <-> ENABLED <-> FILE-PDF Adobe Reader execMenuItem buffer overflow attempt (file-pdf.rules)
 * 1:44454 <-> ENABLED <-> SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt (server-webapp.rules)
 * 1:44466 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:45060 <-> DISABLED <-> SERVER-WEBAPP pfSense system_groupmanager.php command injection attempt (server-webapp.rules)
 * 1:44387 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:45237 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules)
 * 1:44037 <-> ENABLED <-> INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry (indicator-compromise.rules)
 * 1:44551 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF memory corruption attempt (file-image.rules)
 * 1:43936 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:44794 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 codestream memory corruption attempt (file-pdf.rules)
 * 1:43938 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:44495 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:44386 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:44099 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record out of bounds access attempt (file-multimedia.rules)
 * 1:45261 <-> DISABLED <-> SERVER-WEBAPP Vivotek IP Cameras remote stack buffer overflow attempt (server-webapp.rules)
 * 1:45281 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44728 <-> DISABLED <-> INDICATOR-COMPROMISE Meterpreter payload download attempt (indicator-compromise.rules)
 * 1:45254 <-> DISABLED <-> SERVER-OTHER Polycom HDX Series remote code execution attempt (server-other.rules)
 * 1:43937 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules)
 * 1:44087 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF line segments memory corruption attempt (file-other.rules)
 * 1:44471 <-> ENABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (server-webapp.rules)
 * 1:45128 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:43909 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:44388 <-> ENABLED <-> SERVER-WEBAPP D-Link getcfg.php credential disclosure attempt (server-webapp.rules)
 * 1:44472 <-> ENABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (server-webapp.rules)
 * 1:45279 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44497 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras information disclosure attempt (server-webapp.rules)
 * 1:44433 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:43912 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:44233 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:44007 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:44008 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:43908 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:43993 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:44588 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan server side request forgery attempt (server-webapp.rules)
 * 1:43911 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:44000 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed brush object attempt (file-multimedia.rules)
 * 1:43941 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:45272 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44550 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF memory corruption attempt (file-image.rules)
 * 1:43949 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine heap memory corruption attempt (file-pdf.rules)
 * 1:43939 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station synotheme_upload.php session forgery attempt (server-webapp.rules)
 * 1:45278 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44144 <-> ENABLED <-> FILE-PDF Adobe Reader XFA event use after free attempt (file-pdf.rules)
 * 1:43984 <-> DISABLED <-> FILE-OTHER Adobe Professional JPEG APP1 memory corruption attempt (file-other.rules)
 * 1:44054 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:43962 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:43907 <-> ENABLED <-> FILE-PDF Adobe Reader XFA loadXML use after free attempt (file-pdf.rules)
 * 1:43992 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43977 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43925 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader duplicate U3D header memory corruption attempt (file-pdf.rules)
 * 1:44587 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan server side request forgery attempt (server-webapp.rules)
 * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:44467 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:43980 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:45274 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:43964 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file kerning data memory corruption attempt (file-other.rules)
 * 1:43961 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:44170 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG ICC profile heap overflow attempt (file-pdf.rules)
 * 1:45283 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44496 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:45282 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45214 <-> DISABLED <-> FILE-OTHER Microsoft Word DDEauto code execution attempt (file-other.rules)
 * 1:44077 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .win dns query (indicator-compromise.rules)
 * 1:43991 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:45288 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44435 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF authentication token disclosure attempt (server-webapp.rules)
 * 1:45250 <-> ENABLED <-> SERVER-WEBAPP Delta IEM DIAEnergie file upload attempt (server-webapp.rules)
 * 1:44582 <-> ENABLED <-> SERVER-WEBAPP Trend Micro widget system authentication bypass attempt (server-webapp.rules)
 * 1:44086 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF line segments memory corruption attempt (file-other.rules)
 * 1:45238 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules)
 * 1:43968 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules)
 * 1:43967 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules)
 * 1:44169 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG ICC profile heap overflow attempt (file-pdf.rules)
 * 1:43917 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF sub-block memory corruption attempt (file-other.rules)
 * 1:43978 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43998 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed TrueType font memory corruption attempt (file-pdf.rules)
 * 1:44095 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record memory corruption attempt (file-multimedia.rules)
 * 1:45277 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44875 <-> ENABLED <-> INDICATOR-COMPROMISE Malicious VBA script detected (indicator-compromise.rules)
 * 1:44430 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44492 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:45275 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44683 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:45136 <-> ENABLED <-> INDICATOR-COMPROMISE Metasploit PowerShell CLI Download and Run attempt (indicator-compromise.rules)
 * 1:44083 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA field initialization memory corruption attempt (file-pdf.rules)
 * 1:43999 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed brush object attempt (file-multimedia.rules)
 * 1:45137 <-> ENABLED <-> INDICATOR-COMPROMISE Metasploit run hidden powershell attempt (indicator-compromise.rules)
 * 1:43994 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:45294 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45286 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44232 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules)
 * 1:45285 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44145 <-> ENABLED <-> FILE-PDF Adobe Reader XFA event use after free attempt (file-pdf.rules)
 * 1:45280 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45276 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43940 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:45270 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43948 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine heap memory corruption attempt (file-pdf.rules)
 * 1:44084 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA field initialization memory corruption attempt (file-pdf.rules)
 * 1:43983 <-> DISABLED <-> FILE-OTHER Adobe Professional JPEG APP1 memory corruption attempt (file-other.rules)
 * 1:43913 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:44491 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules)
 * 1:44053 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules)
 * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:44076 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .trade dns query (indicator-compromise.rules)
 * 1:44436 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF tail.php command injection attempt (server-webapp.rules)
 * 1:44300 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem authentication bypass attempt (server-webapp.rules)
 * 1:44580 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:43924 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader duplicate U3D header memory corruption attempt (file-pdf.rules)
 * 1:44094 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record memory corruption attempt (file-multimedia.rules)
 * 1:44033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules)
 * 1:43905 <-> ENABLED <-> FILE-PDF Adobe Reader execMenuItem buffer overflow attempt (file-pdf.rules)
 * 1:43979 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules)
 * 1:43963 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file kerning data memory corruption attempt (file-other.rules)
 * 1:44437 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF tail.php command injection attempt (server-webapp.rules)
 * 1:44465 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules)
 * 1:44432 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44322 <-> DISABLED <-> SERVER-WEBAPP NEC Express Cluster DeleteWorkDirectory.js command injection attempt (server-webapp.rules)
 * 1:44494 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules)
 * 1:45215 <-> DISABLED <-> FILE-OTHER Microsoft Word DDEauto code execution attempt (file-other.rules)
 * 1:44005 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules)
 * 1:43906 <-> ENABLED <-> FILE-PDF Adobe Reader XFA loadXML use after free attempt (file-pdf.rules)
 * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules)
 * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules)
 * 1:45240 <-> DISABLED <-> SERVER-WEBAPP OpenEMR fax_dispatch.php command injection attempt (server-webapp.rules)
 * 1:45284 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:45287 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44453 <-> ENABLED <-> SERVER-WEBAPP D-Link hedwig.cgi NTP service configuration command injection attempt (server-webapp.rules)
 * 1:44384 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules)
 * 1:43997 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed TrueType font memory corruption attempt (file-pdf.rules)
 * 1:43910 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules)
 * 1:44431 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt  (file-office.rules)
 * 1:44792 <-> DISABLED <-> SERVER-WEBAPP Node.js V8 Debugging Protocol command injection attempt (server-webapp.rules)
 * 1:43935 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station PixlrEditorHandler.php directory traversal attempt (server-webapp.rules)
 * 1:44383 <-> DISABLED <-> SERVER-WEBAPP D-Link router firmware update attempt (server-webapp.rules)
 * 1:44321 <-> DISABLED <-> SERVER-WEBAPP NEC Express Cluster DeleteWorkDirectory.js command injection attempt (server-webapp.rules)
 * 1:43916 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF sub-block memory corruption attempt (file-other.rules)
 * 1:44100 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record out of bounds access attempt (file-multimedia.rules)
 * 1:45273 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44579 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:43901 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:43900 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules)
 * 1:13512 <-> DISABLED <-> SQL generic sql exec injection attempt - GET parameter (sql.rules)
 * 1:13514 <-> DISABLED <-> SQL generic sql update injection attempt - GET parameter (sql.rules)
 * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules)
 * 1:15584 <-> DISABLED <-> SQL char and sysobjects - possible sql injection recon attempt (sql.rules)
 * 1:15874 <-> DISABLED <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules)
 * 1:15875 <-> DISABLED <-> SQL generic sql insert injection attempt - POST parameter (sql.rules)
 * 1:15877 <-> DISABLED <-> SQL generic sql exec injection attempt - POST parameter (sql.rules)
 * 1:16431 <-> ENABLED <-> SQL generic sql with comments injection attempt - GET parameter (sql.rules)
 * 1:18683 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded PDF object (file-office.rules)
 * 1:19439 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:19440 <-> ENABLED <-> SQL 1 = 0 - possible sql injection attempt (sql.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21778 <-> DISABLED <-> SQL parameter ending in comment characters - possible sql injection attempt - POST (sql.rules)
 * 1:23018 <-> DISABLED <-> INDICATOR-OBFUSCATION eval of base64-encoded data (indicator-obfuscation.rules)
 * 1:23182 <-> ENABLED <-> SERVER-OTHER Joomla com_maqmahelpdesk task parameter local file inclusion attempt (server-other.rules)
 * 1:24647 <-> DISABLED <-> SERVER-WEBAPP D-Link Wireless Router CAPTCHA data processing buffer overflow attempt (server-webapp.rules)
 * 1:25592 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated document command - used in IFRAMEr tool injection (indicator-obfuscation.rules)
 * 1:26092 <-> ENABLED <-> INDICATOR-OBFUSCATION fromCharCode seen in exploit kit landing pages (indicator-obfuscation.rules)
 * 1:26101 <-> ENABLED <-> INDICATOR-OBFUSCATION String.fromCharCode concatenation (indicator-obfuscation.rules)
 * 1:26352 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated portable executable - seen in exploit kits (indicator-obfuscation.rules)
 * 1:26441 <-> ENABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules)
 * 1:26829 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules)
 * 1:26925 <-> DISABLED <-> SQL generic convert injection attempt - GET parameter (sql.rules)
 * 1:26929 <-> ENABLED <-> SERVER-WEBAPP SAP ConfigServlet command execution attempt (server-webapp.rules)
 * 1:27073 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated getElementsByTagName string - seen in exploit kits (indicator-obfuscation.rules)
 * 1:27074 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated getElementsByTagName string - seen in exploit kits (indicator-obfuscation.rules)
 * 1:27272 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules)
 * 1:27287 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:27288 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:27592 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:27735 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - document - seen in IFRAMEr Tool usage (indicator-obfuscation.rules)
 * 1:27736 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:27920 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28023 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - document - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28024 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28025 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28039 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .pw dns query (indicator-compromise.rules)
 * 1:28284 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .nl.ai dns query (indicator-compromise.rules)
 * 1:28288 <-> ENABLED <-> SERVER-WEBAPP WebTester install2.php arbitrary command execution attempt (server-webapp.rules)
 * 1:28289 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R root remote code execution attempt (server-webapp.rules)
 * 1:28290 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R iwpriv remote code execution attempt (server-webapp.rules)
 * 1:28345 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28346 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28401 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx APK file download attempt (os-mobile.rules)
 * 1:28402 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx APK file download attempt (os-mobile.rules)
 * 1:28403 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx information disclosure attempt (os-mobile.rules)
 * 1:28408 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker neoclassic skin arbitrary code execution attempt (server-webapp.rules)
 * 1:28409 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker neoclassic skin arbitrary code execution attempt (server-webapp.rules)
 * 1:28420 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - createElement - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28421 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28422 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28556 <-> DISABLED <-> PROTOCOL-DNS DNS query amplification attempt (protocol-dns.rules)
 * 1:28557 <-> DISABLED <-> PROTOCOL-DNS Malformed DNS query with HTTP content (protocol-dns.rules)
 * 1:28806 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware download - single digit .exe file download (indicator-compromise.rules)
 * 1:28811 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28812 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:28893 <-> DISABLED <-> BROWSER-OTHER known revoked certificate for Tresor CA (browser-other.rules)
 * 1:28941 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules)
 * 1:29046 <-> DISABLED <-> SERVER-WEBAPP WhatsUp Gold ExportViewer.asp diretory traversal attempt (server-webapp.rules)
 * 1:29090 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious test for public IP - iframe.ip138.com (indicator-compromise.rules)
 * 1:29157 <-> DISABLED <-> SERVER-WEBAPP NagiosQL hostdependencies.php cross site scripting attempt (server-webapp.rules)
 * 1:29158 <-> DISABLED <-> SERVER-WEBAPP NagiosQL hostdependencies.php cross site scripting attempt (server-webapp.rules)
 * 1:29159 <-> DISABLED <-> SERVER-WEBAPP The Bug Genie openid_identifier cross site scripting attempt (server-webapp.rules)
 * 1:29160 <-> DISABLED <-> SERVER-WEBAPP The Bug Genie openid_identifier cross site scripting attempt (server-webapp.rules)
 * 1:29170 <-> DISABLED <-> SERVER-WEBAPP NetWeaver internet sales module directory traversal attempt (server-webapp.rules)
 * 1:29190 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in Nuclear exploit kit (indicator-obfuscation.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:29401 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi parameter code execution attempt (server-webapp.rules)
 * 1:29402 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi parameter code execution attempt (server-webapp.rules)
 * 1:29403 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi cross site scripting attempt (server-webapp.rules)
 * 1:29462 <-> ENABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent The Mole (indicator-scan.rules)
 * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules)
 * 1:29510 <-> ENABLED <-> INDICATOR-OBFUSCATION Multiple character encodings detected (indicator-obfuscation.rules)
 * 1:29608 <-> DISABLED <-> SERVER-WEBAPP McAfee ePO showRegisteredTypeDetails.do sql injection attempt (server-webapp.rules)
 * 1:29609 <-> DISABLED <-> SERVER-WEBAPP McAfee ePO DisplayMSAPropsDetail.do sql injection attempt (server-webapp.rules)
 * 1:29815 <-> DISABLED <-> SERVER-WEBAPP Kloxo webcommand.php SQL injection attempt (server-webapp.rules)
 * 1:29829 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:29830 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:29831 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules)
 * 1:29992 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT120N tmUnblock.cgi TM_Block_URL parameter fprintf stack buffer overflow attempt (server-webapp.rules)
 * 1:30012 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules)
 * 1:30013 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules)
 * 1:30033 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense webConfigurator invalid input attempt (server-webapp.rules)
 * 1:30040 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:30041 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:30065 <-> ENABLED <-> INDICATOR-COMPROMISE ZenCart compromise attempt detected (indicator-compromise.rules)
 * 1:30066 <-> ENABLED <-> INDICATOR-COMPROMISE ZenCart malicious redirect attempt detected (indicator-compromise.rules)
 * 1:30100 <-> ENABLED <-> FILE-OTHER ftpchk3.php malicious script upload attempt (file-other.rules)
 * 1:30101 <-> ENABLED <-> FILE-OTHER ftpchk3.php malicious script upload attempt (file-other.rules)
 * 1:30230 <-> ENABLED <-> INDICATOR-COMPROMISE suspicious test for public IP - www.dawhois.com (indicator-compromise.rules)
 * 1:30249 <-> ENABLED <-> SERVER-WEBAPP Embedded php in Exif data upload attempt (server-webapp.rules)
 * 1:30274 <-> ENABLED <-> SERVER-WEBAPP LifeSize UVC remote code execution attempt (server-webapp.rules)
 * 1:30769 <-> ENABLED <-> SERVER-OTHER Wordpress linenity theme LFI attempt (server-other.rules)
 * 1:30880 <-> ENABLED <-> OS-MOBILE Android Andr.Trojan.Waller information disclosure attempt (os-mobile.rules)
 * 1:30905 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules)
 * 1:30908 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules)
 * 1:30928 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver dir content listing attempt (server-other.rules)
 * 1:30958 <-> DISABLED <-> BROWSER-OTHER suspicious srcElement child element removal - possible use after free attempt (browser-other.rules)
 * 1:30959 <-> DISABLED <-> BROWSER-OTHER suspicious srcElement child element removal - possible use after free attempt (browser-other.rules)
 * 1:30996 <-> ENABLED <-> SERVER-OTHER CMSimple remote file inclusion attempt (server-other.rules)
 * 1:30997 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .doc.exe within .zip file (indicator-compromise.rules)
 * 1:30998 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .gif.exe within .zip file (indicator-compromise.rules)
 * 1:30999 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .jpeg.exe within .zip file (indicator-compromise.rules)
 * 1:31000 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .jpg.exe within .zip file (indicator-compromise.rules)
 * 1:31001 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .pdf.exe within .zip file (indicator-compromise.rules)
 * 1:31094 <-> ENABLED <-> SERVER-WEBAPP Web Terria remote command execution attempt (server-webapp.rules)
 * 1:31161 <-> ENABLED <-> SERVER-OTHER AuraCMS LFI attempt (server-other.rules)
 * 1:31214 <-> ENABLED <-> INDICATOR-COMPROMISE connection to zeus malware sinkhole (indicator-compromise.rules)
 * 1:31289 <-> ENABLED <-> SERVER-WEBAPP /etc/passwd file access attempt (server-webapp.rules)
 * 1:31300 <-> ENABLED <-> SERVER-OTHER Xerox DocuShare SQL injection attempt (server-other.rules)
 * 1:31339 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31340 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31341 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31342 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules)
 * 1:31499 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31500 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell upload attempt (indicator-compromise.rules)
 * 1:31501 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31502 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules)
 * 1:31503 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules)
 * 1:31531 <-> ENABLED <-> INDICATOR-COMPROMISE MinerDeploy monitor request attempt (indicator-compromise.rules)
 * 1:31711 <-> DISABLED <-> INDICATOR-COMPROMISE Keylog string over FTP detected (indicator-compromise.rules)
 * 1:31830 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules)
 * 1:31874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Active Directory kerberos encryption type downgrade attempt (os-windows.rules)
 * 1:31892 <-> DISABLED <-> SERVER-WEBAPP HybridAuth install.php code injection attempt (server-webapp.rules)
 * 1:32488 <-> DISABLED <-> INDICATOR-COMPROMISE .com- potentially malicious hostname (indicator-compromise.rules)
 * 1:32508 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules)
 * 1:32509 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules)
 * 1:32562 <-> ENABLED <-> FILE-OTHER Oracle Java awt_setPixels out-of-bounds read attempt (file-other.rules)
 * 1:32646 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - _pdf.exe within .zip file (indicator-compromise.rules)
 * 1:32761 <-> DISABLED <-> SERVER-WEBAPP dBlog CMS m parameter SQL injection attempt (server-webapp.rules)
 * 1:32774 <-> DISABLED <-> SERVER-OTHER Siemens Simatic S7-300 PLC backdoor login attempt (server-other.rules)
 * 1:32775 <-> DISABLED <-> SERVER-OTHER Siemens Simatic S7-300 PLC remote memory dump (server-other.rules)
 * 1:32888 <-> ENABLED <-> INDICATOR-COMPROMISE Potential Redirect from Compromised WordPress site to Fedex - Spammed Malware Download attempt (indicator-compromise.rules)
 * 1:33188 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Trojan.Bedep variant outbound connection (indicator-compromise.rules)
 * 1:33189 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules)
 * 1:33190 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules)
 * 1:33276 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:33277 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:33278 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules)
 * 1:33887 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler xen_hotfix object parameter command injection attempt (server-webapp.rules)
 * 1:33888 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler xen_hotfix object parameter command injection attempt (server-webapp.rules)
 * 1:33889 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules)
 * 1:33890 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules)
 * 1:34178 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34179 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34615 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34616 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34617 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34618 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules)
 * 1:34646 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34647 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34648 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34824 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34825 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:35024 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:35025 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:35026 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules)
 * 1:35077 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35078 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35079 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules)
 * 1:35090 <-> ENABLED <-> OS-MOBILE iOS lockdownd plist object buffer overflow attempt (os-mobile.rules)
 * 1:35091 <-> ENABLED <-> OS-MOBILE iOS lockdownd plist object buffer overflow attempt (os-mobile.rules)
 * 1:35222 <-> ENABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - Win.Trojan.Dridex (indicator-compromise.rules)
 * 1:35243 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35244 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35245 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35246 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules)
 * 1:35279 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:35280 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:35281 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules)
 * 1:35359 <-> DISABLED <-> SERVER-WEBAPP Cacti selected_items SQL injection attempt (server-webapp.rules)
 * 1:35427 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35428 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35429 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules)
 * 1:35533 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35534 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35535 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules)
 * 1:35573 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS compose.php SQL injection attempt (server-webapp.rules)
 * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules)
 * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules)
 * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35705 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35706 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35735 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35736 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35737 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35738 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35745 <-> ENABLED <-> INDICATOR-COMPROMISE Wild Neutron potential exploit attempt (indicator-compromise.rules)
 * 1:35865 <-> ENABLED <-> BROWSER-IE Internet Explorer DataSource recordset remote code execution attempt  (browser-ie.rules)
 * 1:35866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt  (browser-ie.rules)
 * 1:35867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt  (browser-ie.rules)
 * 1:35872 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35873 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35874 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35875 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules)
 * 1:35888 <-> DISABLED <-> PROTOCOL-SCADA SCADA Engine OPC Server arbitrary file upload attempt (protocol-scada.rules)
 * 1:35892 <-> DISABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 1:35893 <-> DISABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules)
 * 1:35896 <-> ENABLED <-> SERVER-OTHER GE Proficy CIMPLICITY Marquee Manager stack buffer overflow attempt  (server-other.rules)
 * 1:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt  (server-other.rules)
 * 1:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt  (server-other.rules)
 * 1:35920 <-> ENABLED <-> SERVER-OTHER General Electric Proficy memory leakage request attempt  (server-other.rules)
 * 1:36022 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:36023 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:36024 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules)
 * 1:36030 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36031 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36032 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36033 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules)
 * 1:36041 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36042 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36043 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules)
 * 1:36049 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36050 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36051 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules)
 * 1:36052 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA JSON interface hidden credentials authentication attempt (server-webapp.rules)
 * 1:36053 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA snmp JSON interface command injection attempt (server-webapp.rules)
 * 1:36101 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules)
 * 1:36102 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules)
 * 1:36104 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA configdb_file.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:36270 <-> DISABLED <-> SERVER-WEBAPP Centreon main.php command injection attempt (server-webapp.rules)
 * 1:36282 <-> ENABLED <-> POLICY-OTHER Cisco router Security Device Manager default banner (policy-other.rules)
 * 1:36283 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36284 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36285 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules)
 * 1:36380 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev SaveContentServiceImpl servlet directory traversal attempt (server-webapp.rules)
 * 1:36544 <-> DISABLED <-> SERVER-WEBAPP pChart script parameter directory traversal attempt (server-webapp.rules)
 * 1:36793 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:36794 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:36795 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37243 <-> DISABLED <-> INDICATOR-COMPROMISE download of a Office document with embedded PowerShell (indicator-compromise.rules)
 * 1:37244 <-> DISABLED <-> INDICATOR-COMPROMISE download of a Office document with embedded PowerShell (indicator-compromise.rules)
 * 1:37285 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37286 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37287 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37289 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37290 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37292 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules)
 * 1:37324 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox dsl_control stack buffer overflow attempt (server-webapp.rules)
 * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (server-other.rules)
 * 1:37411 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS hidden credentials authentication attempt (server-webapp.rules)
 * 1:37412 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS kill.php command injection attempt (server-webapp.rules)
 * 1:37413 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS kill.php command injection attempt (server-webapp.rules)
 * 1:37443 <-> DISABLED <-> SQL use of sleep function with select - likely SQL injection (sql.rules)
 * 1:37537 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37538 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37539 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37540 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37541 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37542 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37543 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37544 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37622 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:37623 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:37624 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules)
 * 1:38269 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_system command injection attempt (server-webapp.rules)
 * 1:38383 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules)
 * 1:38384 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules)
 * 1:38389 <-> DISABLED <-> SERVER-WEBAPP HID door command injection attempt (server-webapp.rules)
 * 1:38532 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38534 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38535 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules)
 * 1:38579 <-> DISABLED <-> SERVER-WEBAPP Atvise denial of service attempt (server-webapp.rules)
 * 1:38619 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (indicator-compromise.rules)
 * 1:38629 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38630 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38631 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38632 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38633 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38634 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38635 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38636 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules)
 * 1:38639 <-> ENABLED <-> FILE-OFFICE Microsoft Office document with auto-start VBA macro detected (file-office.rules)
 * 1:38640 <-> ENABLED <-> FILE-OFFICE Microsoft Office document with auto-start VBA macro detected (file-office.rules)
 * 1:38648 <-> DISABLED <-> SERVER-OTHER Trend Micro remote debugging URL handling remote code execution attempt (server-other.rules)
 * 1:38649 <-> DISABLED <-> SERVER-OTHER Trend Micro remote debugging URL handling remote code execution attempt (server-other.rules)
 * 1:38796 <-> DISABLED <-> SERVER-OTHER Adroit denial of service attempt (server-other.rules)
 * 1:38993 <-> ENABLED <-> SQL use of sleep function in HTTP header - likely SQL injection attempt (sql.rules)
 * 1:39038 <-> DISABLED <-> BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39039 <-> DISABLED <-> BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39043 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39044 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39070 <-> ENABLED <-> SERVER-WEBAPP Dlink local file disclosure attempt (server-webapp.rules)
 * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules)
 * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules)
 * 1:39192 <-> ENABLED <-> SERVER-WEBAPP D-Link router unauthorised DNS change attempt (server-webapp.rules)
 * 1:39198 <-> DISABLED <-> SERVER-WEBAPP D-Link authentication bypass attempt (server-webapp.rules)
 * 1:39268 <-> DISABLED <-> SERVER-WEBAPP Joomla PayPlans Extension com_payplans group_id SQL injection attempt (server-webapp.rules)
 * 1:39328 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39329 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39330 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules)
 * 1:39349 <-> ENABLED <-> SERVER-WEBAPP Wordpress Mobile Detector Plugin remote file upload attempt (server-webapp.rules)
 * 1:39350 <-> ENABLED <-> SERVER-WEBAPP Wordpress Mobile Detector Plugin remote file upload attempt (server-webapp.rules)
 * 1:39468 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39469 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39470 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39471 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules)
 * 1:39474 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler REST API login SQL injection attempt (server-webapp.rules)
 * 1:39475 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler algorithm_settings SQL injection attempt (server-webapp.rules)
 * 1:39476 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler export_report SQL injection attempt (server-webapp.rules)
 * 1:39477 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler port_config SQL injection attempt (server-webapp.rules)
 * 1:39639 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39640 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39641 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules)
 * 1:39742 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS set_dns XMLRPC method command injection attempt (server-webapp.rules)
 * 1:39743 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC method command injection attempt (server-webapp.rules)
 * 1:39851 <-> ENABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules)
 * 1:39866 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ml dns query (indicator-compromise.rules)
 * 1:39867 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .tk dns query (indicator-compromise.rules)
 * 1:39868 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters msofbtCLSID stack buffer overflow attempt (file-office.rules)
 * 1:39869 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters msofbtCLSID stack buffer overflow attempt (file-office.rules)
 * 1:39871 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters wSectorShift heap buffer overflow attempt (file-office.rules)
 * 1:39872 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters wSectorShift heap buffer overflow attempt (file-office.rules)
 * 1:39930 <-> ENABLED <-> SERVER-WEBAPP Siemens IP-Camera credential disclosure attempt (server-webapp.rules)
 * 1:39932 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39933 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39934 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39935 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39942 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39943 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39944 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39945 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules)
 * 1:39959 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39960 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39961 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39962 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39970 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39971 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39972 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39973 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40030 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40031 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40032 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40033 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules)
 * 1:40047 <-> ENABLED <-> SERVER-WEBAPP Belkin F9K1122 webpage buffer overflow attempt (server-webapp.rules)
 * 1:40068 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System jsrpc.php SQL injection attempt (server-webapp.rules)
 * 1:40069 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System jsrpc.php SQL injection attempt (server-webapp.rules)
 * 1:40070 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System latest.php SQL injection attempt (server-webapp.rules)
 * 1:40071 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System latest.php SQL injection attempt (server-webapp.rules)
 * 1:40149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML IDispatch use after free attempt (browser-ie.rules)
 * 1:40150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML IDispatch use after free attempt (browser-ie.rules)
 * 1:40255 <-> DISABLED <-> SERVER-WEBAPP FreePBX Music Module ajax.php command injection attempt (server-webapp.rules)
 * 1:40283 <-> DISABLED <-> SERVER-WEBAPP Kaltura redirectWidgetCmd PHP object injection attempt (server-webapp.rules)
 * 1:40382 <-> DISABLED <-> SERVER-OTHER Easy File Sharing Server remote code execution attempt (server-other.rules)
 * 1:40446 <-> ENABLED <-> SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (server-webapp.rules)
 * 1:40447 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (server-webapp.rules)
 * 1:40448 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (server-webapp.rules)
 * 1:40524 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync JSON API ad_sync_now command injection attempt (server-webapp.rules)
 * 1:40589 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40590 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40591 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules)
 * 1:40592 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS notificationsBatchDetails.php SQL injection attempt (server-webapp.rules)
 * 1:40755 <-> DISABLED <-> FILE-FLASH Adobe Flash EnableDebugger2 obfuscation attempt (file-flash.rules)
 * 1:40784 <-> ENABLED <-> SERVER-WEBAPP ZyXEL TR-064 SetNTPServers command injection attempt (server-webapp.rules)
 * 1:40785 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules)
 * 1:40786 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules)
 * 1:40866 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP SET_CONFIG type buffer overflow attempt (protocol-other.rules)
 * 1:40904 <-> ENABLED <-> SERVER-WEBAPP Oracle Weblogic default credentials login attempt (server-webapp.rules)
 * 1:40905 <-> ENABLED <-> SERVER-WEBAPP Oracle Weblogic default credentials login attempt (server-webapp.rules)
 * 1:40907 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP Get_config configuration leak attempt (protocol-other.rules)
 * 1:40933 <-> DISABLED <-> SERVER-WEBAPP Reference Design Kit ajax_network_diagnostic_tools.php command injection attempt (server-webapp.rules)
 * 1:40994 <-> DISABLED <-> SERVER-WEBAPP Sony IPELA IP Cameras prima-factory.cgi telnet backdoor access attempt (server-webapp.rules)
 * 1:41112 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41113 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules)
 * 1:41114 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41115 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41116 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41117 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules)
 * 1:41346 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41347 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41348 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41349 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41364 <-> DISABLED <-> PROTOCOL-OTHER ARM mbed TLS x509 invalid public key remote code execution attempt (protocol-other.rules)
 * 1:41387 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router logset.asp command injection attempt (server-webapp.rules)
 * 1:41388 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt (server-webapp.rules)
 * 1:41390 <-> ENABLED <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt (server-webapp.rules)
 * 1:41401 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router adv_remotelog.asp command injection attempt (server-webapp.rules)
 * 1:41402 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router tools_time.asp command injection attempt (server-webapp.rules)
 * 1:41420 <-> ENABLED <-> SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (server-webapp.rules)
 * 1:41421 <-> ENABLED <-> SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (server-webapp.rules)
 * 1:41449 <-> DISABLED <-> SQL use of sleep function with and - likely SQL injection (sql.rules)
 * 1:41488 <-> DISABLED <-> SERVER-WEBAPP GitHub Enterprise pre-receive-hooks SQL injection attempt (server-webapp.rules)
 * 1:41495 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41496 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41497 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules)
 * 1:41515 <-> ENABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:41520 <-> DISABLED <-> SERVER-OTHER Ge Fanuc Proficy WebView DOS attempt (server-other.rules)
 * 1:41642 <-> DISABLED <-> SERVER-WEBAPP TP-LINK AC750 ping diagnostic command injection attempt (server-webapp.rules)
 * 1:41646 <-> DISABLED <-> PROTOCOL-SCADA BB-Elec ethernet gateway DOS attempt (protocol-scada.rules)
 * 1:41693 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera adcommand.cgi command execution attempt (server-webapp.rules)
 * 1:41694 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera pwdgrp.cgi command injection attempt (server-webapp.rules)
 * 1:41695 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera pwdgrp.cgi command injection attempt (server-webapp.rules)
 * 1:41696 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera cloudsetup.cgi command execution attempt (server-webapp.rules)
 * 1:41697 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (server-webapp.rules)
 * 1:41710 <-> DISABLED <-> INDICATOR-COMPROMISE Binary file download request from internationalized domain name using Microsoft BITS (indicator-compromise.rules)
 * 1:41722 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol backup config command attempt (server-other.rules)
 * 1:41723 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download config command attempt (server-other.rules)
 * 1:41724 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download image command attempt (server-other.rules)
 * 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules)
 * 1:41732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41733 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41734 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41735 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules)
 * 1:41743 <-> DISABLED <-> PROTOCOL-SCADA TwinCAT PLC DOS attempt (protocol-scada.rules)
 * 1:41752 <-> DISABLED <-> PROTOCOL-SCADA PowerNet Twin Client DOS attempt (protocol-scada.rules)
 * 1:41770 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN Gallery SQL injection attempt (server-webapp.rules)
 * 1:41781 <-> ENABLED <-> SERVER-WEBAPP carel plantvisorpro3 directory traversal attempt (server-webapp.rules)
 * 1:41782 <-> ENABLED <-> SERVER-WEBAPP carel plantvisorpro3 directory traversal attempt (server-webapp.rules)
 * 1:41793 <-> ENABLED <-> INDICATOR-SCAN Cisco Smart Install Protocol scan TFTP response (indicator-scan.rules)
 * 1:41814 <-> DISABLED <-> SERVER-WEBAPP NetGain Enterprise Manager arbitrary command execution attempt (server-webapp.rules)
 * 1:41815 <-> DISABLED <-> SERVER-WEBAPP NetGain Enterprise Manager arbitrary command execution attempt (server-webapp.rules)
 * 1:41917 <-> ENABLED <-> SERVER-WEBAPP Carel PlantVisorPRO default login attempt (server-webapp.rules)
 * 1:42005 <-> DISABLED <-> SERVER-WEBAPP Logsign JSON API validate_file command injection attempt (server-webapp.rules)
 * 1:42016 <-> ENABLED <-> PROTOCOL-SCADA Moxa discovery packet information disclosure attempt (protocol-scada.rules)
 * 1:42119 <-> DISABLED <-> SERVER-WEBAPP pfSense openvpn_wizard PHP code injection attempt (server-webapp.rules)
 * 1:42131 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42132 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42210 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules)
 * 1:42211 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules)
 * 1:42232 <-> ENABLED <-> SERVER-OTHER TopSec Firewall cookie header command injection attempt (server-other.rules)
 * 1:42253 <-> ENABLED <-> OS-SOLARIS Solaris dtappgather local privilege escalation attempt (os-solaris.rules)
 * 1:42254 <-> ENABLED <-> OS-SOLARIS Solaris dtappgather local privilege escalation attempt (os-solaris.rules)
 * 1:42291 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM API get_host_fqdn host_ip command injection attempt (server-webapp.rules)
 * 1:42338 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB large NT RENAME transaction request memory leak attempt (os-windows.rules)
 * 1:42340 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt (os-windows.rules)
 * 1:42372 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42406 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG admin backdoor login attempt (server-webapp.rules)
 * 1:42407 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42408 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42409 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42410 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdtool backdoor login attempt (server-webapp.rules)
 * 1:42411 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG session id check bypass attempt (server-webapp.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42426 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42427 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42428 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42429 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42430 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42767 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (os-windows.rules)
 * 1:42768 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (os-windows.rules)
 * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules)
 * 1:42839 <-> DISABLED <-> SERVER-WEBAPP Crypttech CryptoLog login.php SQL injection attempt (server-webapp.rules)
 * 1:42840 <-> DISABLED <-> SERVER-WEBAPP Crypttech CryptoLog logshares_ajax.php command injection attempt (server-webapp.rules)
 * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules)
 * 1:42850 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42851 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42852 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules)
 * 1:42853 <-> DISABLED <-> SERVER-WEBAPP Serviio Media Server checkStreamUrl command injection attempt (server-webapp.rules)
 * 1:42854 <-> DISABLED <-> SERVER-WEBAPP Serviio Media Server checkStreamUrl command injection attempt (server-webapp.rules)
 * 1:42890 <-> ENABLED <-> FILE-OTHER AfterMidnight post exploitation tool aftermidnight.dll dll-load exploit attempt (file-other.rules)
 * 1:42891 <-> ENABLED <-> FILE-OTHER AfterMidnight post exploitation tool aftermidnight.dll dll-load exploit attempt (file-other.rules)
 * 1:42901 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS file containing embedded PE (file-office.rules)
 * 1:42905 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS file containing embedded PE (file-office.rules)
 * 1:42906 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42907 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42908 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42909 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42920 <-> DISABLED <-> SERVER-WEBAPP LogRhythm Network Monitor JSON configuration API command injection attempt (server-webapp.rules)
 * 1:43045 <-> ENABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules)
 * 1:43178 <-> DISABLED <-> SERVER-WEBAPP VICIdial user_authorization command injection attempt (server-webapp.rules)
 * 1:43179 <-> ENABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules)
 * 1:43180 <-> ENABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules)
 * 1:43237 <-> ENABLED <-> SERVER-WEBAPP SysAid Enterprise auth bypass and remote file upload attempt  (server-webapp.rules)
 * 1:43251 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA LogSettingHandler command injection attempt (server-webapp.rules)
 * 1:43308 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43309 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43310 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43311 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43312 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43313 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43314 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43315 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43316 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43317 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43318 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43319 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43320 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43321 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43322 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43323 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43451 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:43494 <-> DISABLED <-> SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling appleid (server-webapp.rules)
 * 1:43495 <-> DISABLED <-> SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling paypal (server-webapp.rules)
 * 1:43549 <-> DISABLED <-> SERVER-WEBAPP AlienVault Unified Security Manager authentication bypass attempt (server-webapp.rules)
 * 1:43552 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43553 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43554 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules)
 * 1:43687 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .top dns query (indicator-compromise.rules)
 * 1:43709 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43710 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43711 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules)
 * 1:43875 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF with malformed embedded JPEG memory corruption attempt (file-other.rules)
 * 1:43876 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF with malformed embedded JPEG memory corruption attempt (file-other.rules)
 * 1:43878 <-> ENABLED <-> FILE-PDF Acrobat Reader PDFDocEncoding object WinAnsiEncoding memory corruption attempt (file-pdf.rules)
 * 1:43881 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)
 * 1:43882 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)
 * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:43886 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules)
 * 1:43887 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules)
 * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BLTBIT record out of bounds access attempt (file-multimedia.rules)
 * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BLTBIT record out of bounds access attempt (file-multimedia.rules)
 * 1:43893 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF LZW coding table memory corruption attempt (file-other.rules)
 * 1:43894 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF LZW coding table memory corruption attempt (file-other.rules)
 * 1:43895 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43896 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43897 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)
 * 1:43898 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules)