Talos Rules 2020-02-06
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-image, file-pdf, malware-cnc, protocol-dns and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-02-06 13:05:43 UTC

Snort Subscriber Rules Update

Date: 2020-02-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53031 <-> ENABLED <-> MALWARE-CNC Win.Malware.Loda RAT beacon detected (malware-cnc.rules)
 * 3:53044 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-0984 attack attempt (server-webapp.rules)
 * 3:53043 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53042 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53041 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53040 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53039 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53038 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53037 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53036 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53035 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53032 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)

Modified Rules:


 * 1:32040 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Ganiw variant outbound connection (malware-cnc.rules)
 * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:39878 <-> ENABLED <-> SERVER-OTHER Cisco IOS truncated NTP packet processing denial of service attempt (server-other.rules)
 * 3:44379 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS ipnat_dns_shift_data integer underflow attempt (protocol-dns.rules)
 * 3:48204 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP information disclosure attempt (server-other.rules)
 * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:44986 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0486 attack attempt (server-other.rules)

2020-02-06 13:05:43 UTC

Snort Subscriber Rules Update

Date: 2020-02-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53031 <-> ENABLED <-> MALWARE-CNC Win.Malware.Loda RAT beacon detected (malware-cnc.rules)
 * 3:53039 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53040 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53038 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53037 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53043 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53044 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-0984 attack attempt (server-webapp.rules)
 * 3:53042 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53032 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53041 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53036 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53035 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)

Modified Rules:


 * 1:32040 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Ganiw variant outbound connection (malware-cnc.rules)
 * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:39878 <-> ENABLED <-> SERVER-OTHER Cisco IOS truncated NTP packet processing denial of service attempt (server-other.rules)
 * 3:44379 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS ipnat_dns_shift_data integer underflow attempt (protocol-dns.rules)
 * 3:44986 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0486 attack attempt (server-other.rules)
 * 3:48204 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP information disclosure attempt (server-other.rules)
 * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)

2020-02-06 13:05:43 UTC

Snort Subscriber Rules Update

Date: 2020-02-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53031 <-> ENABLED <-> MALWARE-CNC Win.Malware.Loda RAT beacon detected (malware-cnc.rules)
 * 3:53040 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53039 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53038 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53043 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53044 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-0984 attack attempt (server-webapp.rules)
 * 3:53036 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53035 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53041 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53042 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53037 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53032 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)

Modified Rules:


 * 1:32040 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Ganiw variant outbound connection (malware-cnc.rules)
 * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:39878 <-> ENABLED <-> SERVER-OTHER Cisco IOS truncated NTP packet processing denial of service attempt (server-other.rules)
 * 3:44379 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS ipnat_dns_shift_data integer underflow attempt (protocol-dns.rules)
 * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:48204 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP information disclosure attempt (server-other.rules)
 * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:44986 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0486 attack attempt (server-other.rules)

2020-02-06 13:05:43 UTC

Snort Subscriber Rules Update

Date: 2020-02-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53031 <-> ENABLED <-> MALWARE-CNC Win.Malware.Loda RAT beacon detected (malware-cnc.rules)
 * 3:53040 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53041 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53032 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53043 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53036 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53035 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53037 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53044 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-0984 attack attempt (server-webapp.rules)
 * 3:53033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53038 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53042 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53039 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)

Modified Rules:


 * 1:32040 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Ganiw variant outbound connection (malware-cnc.rules)
 * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:44986 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0486 attack attempt (server-other.rules)
 * 3:44379 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS ipnat_dns_shift_data integer underflow attempt (protocol-dns.rules)
 * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:48204 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP information disclosure attempt (server-other.rules)
 * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:39878 <-> ENABLED <-> SERVER-OTHER Cisco IOS truncated NTP packet processing denial of service attempt (server-other.rules)
 * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)

2020-02-06 13:05:43 UTC

Snort Subscriber Rules Update

Date: 2020-02-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53031 <-> ENABLED <-> MALWARE-CNC Win.Malware.Loda RAT beacon detected (malware-cnc.rules)
 * 3:53033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53040 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53044 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-0984 attack attempt (server-webapp.rules)
 * 3:53036 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53042 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53035 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53037 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53038 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53039 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53032 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53041 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53043 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)

Modified Rules:


 * 1:32040 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Ganiw variant outbound connection (malware-cnc.rules)
 * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:39878 <-> ENABLED <-> SERVER-OTHER Cisco IOS truncated NTP packet processing denial of service attempt (server-other.rules)
 * 3:44379 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS ipnat_dns_shift_data integer underflow attempt (protocol-dns.rules)
 * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:44986 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0486 attack attempt (server-other.rules)
 * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:48204 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP information disclosure attempt (server-other.rules)

2020-02-06 13:05:43 UTC

Snort Subscriber Rules Update

Date: 2020-02-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53031 <-> ENABLED <-> MALWARE-CNC Win.Malware.Loda RAT beacon detected (snort3-malware-cnc.rules)

Modified Rules:


 * 1:32040 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Ganiw variant outbound connection (snort3-malware-cnc.rules)

2020-02-06 13:05:43 UTC

Snort Subscriber Rules Update

Date: 2020-02-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:53031 <-> ENABLED <-> MALWARE-CNC Win.Malware.Loda RAT beacon detected (malware-cnc.rules)
 * 3:53035 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53036 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53038 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53032 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53037 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules)
 * 3:53041 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53042 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules)
 * 3:53040 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53043 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)
 * 3:53044 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-0984 attack attempt (server-webapp.rules)
 * 3:53039 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules)

Modified Rules:


 * 1:32040 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Ganiw variant outbound connection (malware-cnc.rules)
 * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:44379 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS ipnat_dns_shift_data integer underflow attempt (protocol-dns.rules)
 * 3:39878 <-> ENABLED <-> SERVER-OTHER Cisco IOS truncated NTP packet processing denial of service attempt (server-other.rules)
 * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:48204 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP information disclosure attempt (server-other.rules)
 * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:44986 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0486 attack attempt (server-other.rules)
 * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)
 * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules)