Talos Rules 2021-10-26
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the malware-cnc, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (server-webapp.rules)
 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 3:58387 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt (server-webapp.rules)
 * 3:58386 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt (server-other.rules)
 * 3:58415 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58414 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt (server-other.rules)
 * 3:58417 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt (server-other.rules)
 * 3:58416 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (server-webapp.rules)
 * 3:58387 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt (server-webapp.rules)
 * 3:58386 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt (server-other.rules)
 * 3:58414 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt (server-other.rules)
 * 3:58416 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58415 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58417 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt (server-other.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 3:58387 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt (server-webapp.rules)
 * 3:58414 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt (server-other.rules)
 * 3:58386 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt (server-other.rules)
 * 3:58415 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58417 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt (server-other.rules)
 * 3:58416 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 3:58386 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt (server-other.rules)
 * 3:58414 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt (server-other.rules)
 * 3:58416 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58415 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58387 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt (server-webapp.rules)
 * 3:58417 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt (server-other.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 3:58415 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58387 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt (server-webapp.rules)
 * 3:58414 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt (server-other.rules)
 * 3:58417 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt (server-other.rules)
 * 3:58386 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt (server-other.rules)
 * 3:58416 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (server-webapp.rules)
 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 3:58386 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt (server-other.rules)
 * 3:58416 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58414 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt (server-other.rules)
 * 3:58387 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt (server-webapp.rules)
 * 3:58417 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt (server-other.rules)
 * 3:58415 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (server-webapp.rules)
 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (server-webapp.rules)
 * 3:58415 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58387 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt (server-webapp.rules)
 * 3:58386 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt (server-other.rules)
 * 3:58414 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt (server-other.rules)
 * 3:58416 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58417 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt (server-other.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 3:58415 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58416 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58386 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt (server-other.rules)
 * 3:58417 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt (server-other.rules)
 * 3:58387 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt (server-webapp.rules)
 * 3:58414 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt (server-other.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (server-webapp.rules)
 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (server-webapp.rules)
 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 3:58416 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58387 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt (server-webapp.rules)
 * 3:58415 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58417 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt (server-other.rules)
 * 3:58386 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt (server-other.rules)
 * 3:58414 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt (server-other.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 3:58416 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58417 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt (server-other.rules)
 * 3:58387 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt (server-webapp.rules)
 * 3:58415 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt (server-other.rules)
 * 3:58414 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt (server-other.rules)
 * 3:58386 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt (server-other.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (snort3-server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (snort3-server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (snort3-server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (snort3-server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (snort3-server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (snort3-server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (snort3-server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (snort3-server-webapp.rules)
 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (snort3-server-webapp.rules)
 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (snort3-server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (snort3-server-webapp.rules)
 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (snort3-server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (snort3-server-webapp.rules)
 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (snort3-server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (snort3-server-webapp.rules)
 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (snort3-server-webapp.rules)
 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (snort3-server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (snort3-server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (snort3-server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (snort3-pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (snort3-pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (snort3-malware-cnc.rules)

2021-10-26 12:27:32 UTC

Snort Subscriber Rules Update

Date: 2021-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58413 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58388 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt (server-webapp.rules)
 * 1:58408 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58392 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58390 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58411 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58412 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58401 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58404 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58406 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58395 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt (server-webapp.rules)
 * 1:58403 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58399 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)
 * 1:58409 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58397 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58407 <-> DISABLED <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt (server-webapp.rules)
 * 1:58410 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt (server-webapp.rules)
 * 1:58391 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt (server-webapp.rules)
 * 1:58389 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt (server-webapp.rules)
 * 1:58405 <-> DISABLED <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt (server-webapp.rules)
 * 1:58402 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt (server-webapp.rules)
 * 1:58396 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58393 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58394 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt (server-webapp.rules)
 * 1:58398 <-> DISABLED <-> SERVER-WEBAPP Nagios XI PHP file injection attempt (server-webapp.rules)
 * 1:58400 <-> DISABLED <-> SERVER-WEBAPP Nagios XI directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules)
 * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules)

2021-10-26 12:33:13 UTC

Snort Subscriber Rules Update

Date: 2021-10-25-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58386 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt
* 3:58387 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt
* 1:58388 <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt
* 1:58389 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58390 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58391 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58392 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58393 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58394 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58395 <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt
* 1:58396 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58397 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58398 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58399 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58400 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58401 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58402 <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt
* 1:58403 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58404 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58405 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58406 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58407 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58408 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58409 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58410 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58411 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58412 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58413 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 3:58414 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt
* 3:58415 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58416 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58417 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt

Modified Rules:



2021-10-26 12:33:13 UTC

Snort Subscriber Rules Update

Date: 2021-10-25-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58386 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt
* 3:58387 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt
* 1:58388 <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt
* 1:58389 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58390 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58391 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58392 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58393 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58394 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58395 <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt
* 1:58396 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58397 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58398 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58399 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58400 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58401 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58402 <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt
* 1:58403 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58404 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58405 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58406 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58407 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58408 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58409 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58410 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58411 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58412 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58413 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 3:58414 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt
* 3:58415 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58416 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58417 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt

Modified Rules:



2021-10-26 12:33:13 UTC

Snort Subscriber Rules Update

Date: 2021-10-25-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58386 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt
* 3:58387 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt
* 1:58388 <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt
* 1:58389 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58390 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58391 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58392 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58393 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58394 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58395 <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt
* 1:58396 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58397 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58398 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58399 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58400 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58401 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58402 <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt
* 1:58403 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58404 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58405 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58406 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58407 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58408 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58409 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58410 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58411 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58412 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58413 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 3:58414 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt
* 3:58415 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58416 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58417 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt

Modified Rules:



2021-10-26 12:33:13 UTC

Snort Subscriber Rules Update

Date: 2021-10-25-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58386 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt
* 3:58387 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt
* 1:58388 <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt
* 1:58389 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58390 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58391 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58392 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58393 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58394 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58395 <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt
* 1:58396 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58397 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58398 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58399 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58400 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58401 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58402 <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt
* 1:58403 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58404 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58405 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58406 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58407 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58408 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58409 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58410 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58411 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58412 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58413 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 3:58414 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt
* 3:58415 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58416 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58417 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt

Modified Rules:



2021-10-26 12:33:13 UTC

Snort Subscriber Rules Update

Date: 2021-10-25-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58386 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt
* 3:58387 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt
* 1:58388 <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt
* 1:58389 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58390 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58391 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58392 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58393 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58394 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58395 <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt
* 1:58396 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58397 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58398 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58399 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58400 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58401 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58402 <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt
* 1:58403 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58404 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58405 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58406 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58407 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58408 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58409 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58410 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58411 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58412 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58413 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 3:58414 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt
* 3:58415 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58416 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58417 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt

Modified Rules:



2021-10-26 12:33:14 UTC

Snort Subscriber Rules Update

Date: 2021-10-25-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58386 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt
* 3:58387 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt
* 1:58388 <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt
* 1:58389 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58390 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58391 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58392 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58393 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58394 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58395 <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt
* 1:58396 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58397 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58398 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58399 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58400 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58401 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58402 <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt
* 1:58403 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58404 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58405 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58406 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58407 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58408 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58409 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58410 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58411 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58412 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58413 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 3:58414 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt
* 3:58415 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58416 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58417 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt

Modified Rules:



2021-10-26 12:33:14 UTC

Snort Subscriber Rules Update

Date: 2021-10-25-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58386 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt
* 3:58387 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt
* 1:58388 <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt
* 1:58389 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58390 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58391 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58392 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58393 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58394 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58395 <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt
* 1:58396 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58397 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58398 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58399 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58400 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58401 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58402 <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt
* 1:58403 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58404 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58405 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58406 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58407 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58408 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58409 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58410 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58411 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58412 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58413 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 3:58414 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt
* 3:58415 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58416 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58417 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt

Modified Rules:



2021-10-26 12:33:14 UTC

Snort Subscriber Rules Update

Date: 2021-10-25-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58386 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt
* 3:58387 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt
* 1:58388 <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt
* 1:58389 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58390 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58391 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58392 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58393 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58394 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58395 <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt
* 1:58396 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58397 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58398 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58399 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58400 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58401 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58402 <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt
* 1:58403 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58404 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58405 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58406 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58407 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58408 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58409 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58410 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58411 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58412 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58413 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 3:58414 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt
* 3:58415 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58416 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58417 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt

Modified Rules:



2021-10-26 12:33:14 UTC

Snort Subscriber Rules Update

Date: 2021-10-25-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58386 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt
* 3:58387 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt
* 1:58388 <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt
* 1:58389 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58390 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58391 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58392 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58393 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58394 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58395 <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt
* 1:58396 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58397 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58398 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58399 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58400 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58401 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58402 <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt
* 1:58403 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58404 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58405 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58406 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58407 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58408 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58409 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58410 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58411 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58412 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58413 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 3:58414 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt
* 3:58415 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58416 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58417 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt

Modified Rules:



2021-10-26 12:33:14 UTC

Snort Subscriber Rules Update

Date: 2021-10-25-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58386 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt
* 3:58387 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt
* 1:58388 <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt
* 1:58389 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58390 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58391 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58392 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58393 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58394 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58395 <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt
* 1:58396 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58397 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58398 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58399 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58400 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58401 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58402 <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt
* 1:58403 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58404 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58405 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58406 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58407 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58408 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58409 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58410 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58411 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58412 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58413 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 3:58414 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt
* 3:58415 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58416 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58417 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt

Modified Rules:



2021-10-26 12:33:14 UTC

Snort Subscriber Rules Update

Date: 2021-10-25-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 3:58386 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1390 attack attempt
* 3:58387 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1393 attack attempt
* 1:58388 <-> SERVER-WEBAPP ARRIS VAP2500 config_wds command injection attempt
* 1:58389 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58390 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center deploySelectBootrom Java expression language injection attempt
* 1:58391 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58392 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center reportTaskSelect Java expression language injection attempt
* 1:58393 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58394 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Java expression language injection attempt
* 1:58395 <-> SERVER-WEBAPP GE MDS PulseNET XmlAdapterServlet XML external entity injection attempt
* 1:58396 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58397 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58398 <-> SERVER-WEBAPP Nagios XI PHP file injection attempt
* 1:58399 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58400 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58401 <-> SERVER-WEBAPP Nagios XI directory traversal attempt
* 1:58402 <-> SERVER-WEBAPP Hewlett Packard Enterprise Network Automation authentication bypass attempt
* 1:58403 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58404 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58405 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58406 <-> SERVER-WEBAPP Nagios XI Watchguard wizard command injection attempt
* 1:58407 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58408 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58409 <-> SERVER-WEBAPP Nagios XI bulk modification tool SQL injection attempt
* 1:58410 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58411 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58412 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 1:58413 <-> SERVER-WEBAPP IBM Spectrum Protect Plus changeAdministratorPassword command injection attempt
* 3:58414 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1395 attack attempt
* 3:58415 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58416 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1396 attack attempt
* 3:58417 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1394 attack attempt

Modified Rules: