Talos Rules 2024-06-27
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2024-06-27 12:16:50 UTC

Snort Subscriber Rules Update

Date: 2024-06-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63615 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63616 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63617 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63618 <-> DISABLED <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt (server-webapp.rules)
 * 1:63619 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63620 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63621 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63622 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63623 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63624 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63625 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt (server-webapp.rules)
 * 1:63626 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63627 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63628 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63629 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63630 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63631 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63632 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63633 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63634 <-> DISABLED <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt (server-webapp.rules)

Modified Rules:



2024-06-27 12:16:50 UTC

Snort Subscriber Rules Update

Date: 2024-06-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63630 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63631 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63615 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63616 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63617 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63618 <-> DISABLED <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt (server-webapp.rules)
 * 1:63619 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63620 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63621 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63622 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63623 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63624 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63625 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt (server-webapp.rules)
 * 1:63626 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63627 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63628 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63629 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63633 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63634 <-> DISABLED <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt (server-webapp.rules)
 * 1:63632 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)

Modified Rules:



2024-06-27 12:16:50 UTC

Snort Subscriber Rules Update

Date: 2024-06-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63632 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63633 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63634 <-> DISABLED <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt (server-webapp.rules)
 * 1:63615 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63616 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63617 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63618 <-> DISABLED <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt (server-webapp.rules)
 * 1:63619 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63620 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63621 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63622 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63623 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63624 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63625 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt (server-webapp.rules)
 * 1:63626 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63627 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63628 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63630 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63629 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63631 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)

Modified Rules:



2024-06-27 12:16:50 UTC

Snort Subscriber Rules Update

Date: 2024-06-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63634 <-> DISABLED <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt (server-webapp.rules)
 * 1:63618 <-> DISABLED <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt (server-webapp.rules)
 * 1:63617 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63616 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63620 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63619 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63621 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63624 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63623 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63622 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63625 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt (server-webapp.rules)
 * 1:63628 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63627 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63626 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63629 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63632 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63631 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63630 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63633 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63615 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)

Modified Rules:



2024-06-27 12:16:50 UTC

Snort Subscriber Rules Update

Date: 2024-06-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63630 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63633 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63634 <-> DISABLED <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt (server-webapp.rules)
 * 1:63631 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63632 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63629 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63615 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63616 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63617 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63618 <-> DISABLED <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt (server-webapp.rules)
 * 1:63619 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63620 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63621 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63622 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63623 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63624 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63625 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt (server-webapp.rules)
 * 1:63626 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63627 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63628 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)

Modified Rules:



2024-06-27 12:16:50 UTC

Snort Subscriber Rules Update

Date: 2024-06-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63631 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63634 <-> DISABLED <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt (server-webapp.rules)
 * 1:63619 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63628 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63617 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63615 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63616 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63621 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63632 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63618 <-> DISABLED <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt (server-webapp.rules)
 * 1:63633 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63620 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63625 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt (server-webapp.rules)
 * 1:63626 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63622 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63623 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63624 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63627 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63630 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63629 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)

Modified Rules:



2024-06-27 12:16:50 UTC

Snort Subscriber Rules Update

Date: 2024-06-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63634 <-> DISABLED <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt (server-webapp.rules)
 * 1:63622 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63633 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63618 <-> DISABLED <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt (server-webapp.rules)
 * 1:63620 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63619 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63632 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63615 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63623 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63616 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63628 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63629 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63625 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt (server-webapp.rules)
 * 1:63621 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63627 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63630 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63617 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63626 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63631 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63624 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)

Modified Rules:



2024-06-27 12:16:50 UTC

Snort Subscriber Rules Update

Date: 2024-06-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63634 <-> DISABLED <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt (server-webapp.rules)
 * 1:63624 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63625 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt (server-webapp.rules)
 * 1:63626 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63630 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63628 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63617 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63616 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63619 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63618 <-> DISABLED <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt (server-webapp.rules)
 * 1:63615 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63623 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63620 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63621 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63627 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63633 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63631 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63629 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63622 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63632 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)

Modified Rules:



2024-06-27 12:16:50 UTC

Snort Subscriber Rules Update

Date: 2024-06-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63628 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63616 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63618 <-> DISABLED <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt (server-webapp.rules)
 * 1:63617 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63631 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63630 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63623 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63622 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63634 <-> DISABLED <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt (server-webapp.rules)
 * 1:63620 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63629 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63626 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63632 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63627 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63624 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63619 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63633 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63615 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63625 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt (server-webapp.rules)
 * 1:63621 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)

Modified Rules:



2024-06-27 12:16:50 UTC

Snort Subscriber Rules Update

Date: 2024-06-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63631 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63634 <-> DISABLED <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt (server-webapp.rules)
 * 1:63632 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63623 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63617 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63633 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63616 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63618 <-> DISABLED <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt (server-webapp.rules)
 * 1:63615 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63626 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63620 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63619 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63627 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63628 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63630 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63629 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63621 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63624 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63622 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63625 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt (server-webapp.rules)

Modified Rules:



2024-06-27 12:16:50 UTC

Snort Subscriber Rules Update

Date: 2024-06-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63615 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63633 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63616 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63617 <-> DISABLED <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt (server-webapp.rules)
 * 1:63632 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63618 <-> DISABLED <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt (server-webapp.rules)
 * 1:63619 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63620 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63621 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63622 <-> DISABLED <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt (server-webapp.rules)
 * 1:63623 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63624 <-> DISABLED <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt (policy-other.rules)
 * 1:63634 <-> DISABLED <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt (server-webapp.rules)
 * 1:63625 <-> DISABLED <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt (server-webapp.rules)
 * 1:63626 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63627 <-> DISABLED <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt (server-webapp.rules)
 * 1:63628 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63629 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63630 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)
 * 1:63631 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cross site scripting attempt (server-webapp.rules)

Modified Rules:



2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt


2024-06-27 12:23:47 UTC

Snort Subscriber Rules Update

Date: 2024-06-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300943 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:300944 <-> POLICY-OTHER Progress Telerik Report Server potential authentiction bypass attempt
* 1:300945 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:300946 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 3:300947 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt
* 1:63615 <-> SERVER-WEBAPP Jenkins j_acegi_security_check authentication bypass attempt
* 1:63618 <-> SERVER-WEBAPP Opmantek Open-AudIT command injection attempt
* 1:63619 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63620 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63621 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63622 <-> SERVER-WEBAPP Hikvision Intercom Brodcasting System command injection attempt
* 1:63625 <-> SERVER-WEBAPP Progress Telerik Report Server insecure deserialization attempt
* 1:63626 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63627 <-> SERVER-WEBAPP Fluent Bit traces memory corruption attempt
* 1:63630 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63631 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63632 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63633 <-> SERVER-WEBAPP Nagios XI cross site scripting attempt
* 1:63634 <-> SERVER-WEBAPP Nagios XI 5.5.10 command injection attempt

Modified Rules:

* 3:38347 <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt