Talos Rules 2019-10-03
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, file-identify, indicator-compromise, malware-cnc, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-10-03 12:34:53 UTC

Snort Subscriber Rules Update

Date: 2019-10-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51714 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 1:51712 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.NanoCore DNS request for known malware domain bsbs.duckdns.org (indicator-compromise.rules)
 * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules)
 * 1:51685 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules)
 * 1:51727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51725 <-> DISABLED <-> SERVER-WEBAPP HAProxy H2 Frame heap memory corruption attempt (server-webapp.rules)
 * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules)
 * 1:51723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51721 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51720 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51715 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 3:51690 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51700 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51695 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51691 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51708 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51707 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51706 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51705 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51704 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51703 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51702 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51701 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51694 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51692 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51693 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51699 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51687 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51688 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51689 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51698 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51729 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51728 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51719 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51718 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51717 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51716 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51696 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51713 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN denial of service attempt (server-webapp.rules)
 * 3:51711 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51710 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51697 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51709 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (server-webapp.rules)
 * 1:46610 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules)
 * 1:43597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)
 * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:39931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)

2019-10-03 12:34:53 UTC

Snort Subscriber Rules Update

Date: 2019-10-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51725 <-> DISABLED <-> SERVER-WEBAPP HAProxy H2 Frame heap memory corruption attempt (server-webapp.rules)
 * 1:51727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51721 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51715 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 1:51726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51685 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules)
 * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules)
 * 1:51712 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.NanoCore DNS request for known malware domain bsbs.duckdns.org (indicator-compromise.rules)
 * 1:51714 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules)
 * 1:51720 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 3:51713 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN denial of service attempt (server-webapp.rules)
 * 3:51691 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51711 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51716 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51699 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51689 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51700 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51717 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51701 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51692 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51693 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51703 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51702 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51697 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51704 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51705 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51688 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51706 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51707 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51709 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51710 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51698 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51708 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51718 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51729 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51728 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51719 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51687 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51694 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51695 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51696 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51690 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:46610 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:43597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)
 * 1:39931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules)
 * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (server-webapp.rules)

2019-10-03 12:34:53 UTC

Snort Subscriber Rules Update

Date: 2019-10-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules)
 * 1:51712 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.NanoCore DNS request for known malware domain bsbs.duckdns.org (indicator-compromise.rules)
 * 1:51715 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 1:51720 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51725 <-> DISABLED <-> SERVER-WEBAPP HAProxy H2 Frame heap memory corruption attempt (server-webapp.rules)
 * 1:51722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51714 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 1:51727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules)
 * 1:51721 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51685 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules)
 * 3:51691 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51690 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51689 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51697 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51688 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51717 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51716 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51701 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51718 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51719 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51728 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51729 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51695 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51694 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51687 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51699 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51696 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51702 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51700 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51692 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51693 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51711 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51713 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN denial of service attempt (server-webapp.rules)
 * 3:51710 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51698 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51708 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51709 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51706 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51707 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51705 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51704 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51703 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:39931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)
 * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (server-webapp.rules)
 * 1:46610 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules)
 * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules)
 * 1:43597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)

2019-10-03 12:34:53 UTC

Snort Subscriber Rules Update

Date: 2019-10-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51725 <-> DISABLED <-> SERVER-WEBAPP HAProxy H2 Frame heap memory corruption attempt (server-webapp.rules)
 * 1:51685 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules)
 * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules)
 * 1:51712 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.NanoCore DNS request for known malware domain bsbs.duckdns.org (indicator-compromise.rules)
 * 1:51721 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51714 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 1:51727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51720 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules)
 * 1:51726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51715 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 3:51695 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51717 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51696 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51691 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51687 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51694 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51713 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN denial of service attempt (server-webapp.rules)
 * 3:51690 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51688 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51689 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51697 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51718 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51719 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51701 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51728 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51716 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51692 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51702 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51693 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51700 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51699 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51703 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51711 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51704 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51729 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51705 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51706 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51707 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51708 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51709 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51710 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51698 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:43597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)
 * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules)
 * 1:39931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)
 * 1:46610 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (server-webapp.rules)

2019-10-03 12:34:53 UTC

Snort Subscriber Rules Update

Date: 2019-10-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (snort3-server-other.rules)
 * 1:51725 <-> DISABLED <-> SERVER-WEBAPP HAProxy H2 Frame heap memory corruption attempt (snort3-server-webapp.rules)
 * 1:51721 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (snort3-malware-cnc.rules)
 * 1:51720 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (snort3-malware-cnc.rules)
 * 1:51722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (snort3-malware-cnc.rules)
 * 1:51714 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (snort3-browser-ie.rules)
 * 1:51685 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (snort3-server-other.rules)
 * 1:51712 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.NanoCore DNS request for known malware domain bsbs.duckdns.org (snort3-indicator-compromise.rules)
 * 1:51726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (snort3-malware-cnc.rules)
 * 1:51727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (snort3-malware-cnc.rules)
 * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (snort3-server-webapp.rules)
 * 1:51723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (snort3-malware-cnc.rules)
 * 1:51715 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (snort3-browser-ie.rules)

Modified Rules:


 * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (snort3-indicator-compromise.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (snort3-file-identify.rules)
 * 1:43597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (snort3-malware-cnc.rules)
 * 1:39931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (snort3-malware-cnc.rules)
 * 1:46610 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (snort3-server-mail.rules)
 * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (snort3-server-webapp.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (snort3-file-identify.rules)

2019-10-03 12:34:53 UTC

Snort Subscriber Rules Update

Date: 2019-10-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules)
 * 1:51720 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51712 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.NanoCore DNS request for known malware domain bsbs.duckdns.org (indicator-compromise.rules)
 * 1:51714 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 1:51725 <-> DISABLED <-> SERVER-WEBAPP HAProxy H2 Frame heap memory corruption attempt (server-webapp.rules)
 * 1:51685 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules)
 * 1:51727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules)
 * 1:51721 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51715 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 1:51723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 3:51717 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51695 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51701 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51728 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51689 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51699 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51697 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51696 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51729 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51719 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51691 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51702 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51718 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51693 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51700 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51690 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51692 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51716 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51713 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN denial of service attempt (server-webapp.rules)
 * 3:51708 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51710 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51706 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51698 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51709 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51707 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51704 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51705 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51703 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51688 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51687 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51694 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51711 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:39931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)
 * 1:43597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)
 * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules)
 * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (server-webapp.rules)
 * 1:46610 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules)

2019-10-03 12:34:53 UTC

Snort Subscriber Rules Update

Date: 2019-10-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51720 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules)
 * 1:51685 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules)
 * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules)
 * 1:51712 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.NanoCore DNS request for known malware domain bsbs.duckdns.org (indicator-compromise.rules)
 * 1:51714 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 1:51715 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules)
 * 1:51725 <-> DISABLED <-> SERVER-WEBAPP HAProxy H2 Frame heap memory corruption attempt (server-webapp.rules)
 * 1:51723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules)
 * 1:51722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 1:51721 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules)
 * 3:51691 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51716 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51717 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51695 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51696 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51690 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51697 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51698 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51699 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51692 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51729 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51719 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51718 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51701 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51693 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51689 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51687 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51711 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51713 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN denial of service attempt (server-webapp.rules)
 * 3:51694 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51708 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51706 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51707 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51704 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51709 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51702 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51728 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules)
 * 3:51710 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules)
 * 3:51705 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules)
 * 3:51688 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51700 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)
 * 3:51703 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:46610 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules)
 * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules)
 * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (server-webapp.rules)
 * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules)
 * 1:43597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)
 * 1:39931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules)