This release adds and modifies rules in several categories.
Today Talos is making the first of a number of additions to the max-detect policy to make it a heavily detection focused policy. As such, performance will be impacted if this policy is enabled and it is highly recommended that users test this policy’s performance before deploying it in production environments.
Talos has added and modified multiple rules in the app-detect, browser-chrome, browser-firefox, browser-ie, browser-other, browser-webkit, content-replace, exploit-kit, file-executable, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-scan, indicator-shellcode, malware-backdoor, malware-cnc, malware-other, malware-tools, netbios, os-linux, os-mobile, os-other, os-solaris, os-windows, policy-multimedia, policy-other, policy-social, policy-spam, protocol-dns, protocol-ftp, protocol-icmp, protocol-imap, protocol-nntp, protocol-other, protocol-pop, protocol-rpc, protocol-scada, protocol-services, protocol-snmp, protocol-telnet, protocol-tftp, protocol-voip, pua-adware, pua-other, pua-p2p, pua-toolbars, server-apache, server-iis, server-mail, server-mssql, server-mysql, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.