Talos has added and modified multiple rules in the file-multimedia, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:66714 <-> DISABLED <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt (server-webapp.rules) * 1:66715 <-> DISABLED <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt (server-other.rules) * 1:66716 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt (os-windows.rules) * 1:66717 <-> DISABLED <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt (server-other.rules) * 1:66718 <-> DISABLED <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt (server-other.rules) * 1:66719 <-> DISABLED <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt (server-other.rules) * 1:66720 <-> DISABLED <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt (policy-other.rules) * 1:66723 <-> DISABLED <-> SERVER-OTHER Git server apply reject arbitrary file write attempt (server-other.rules) * 1:66724 <-> DISABLED <-> SERVER-OTHER Git server apply reject arbitrary file write attempt (server-other.rules) * 1:66725 <-> DISABLED <-> SERVER-WEBAPP Splunk Backup directory traversal attempt (server-webapp.rules) * 1:66726 <-> DISABLED <-> SERVER-WEBAPP Splunk Backup directory traversal attempt (server-webapp.rules) * 1:66727 <-> DISABLED <-> SERVER-WEBAPP Splunk Backup directory traversal attempt (server-webapp.rules) * 3:66722 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt (file-multimedia.rules) * 3:66721 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:66727 <-> DISABLED <-> SERVER-WEBAPP Splunk Backup directory traversal attempt (server-webapp.rules) * 1:66714 <-> DISABLED <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt (server-webapp.rules) * 1:66716 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt (os-windows.rules) * 1:66717 <-> DISABLED <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt (server-other.rules) * 1:66718 <-> DISABLED <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt (server-other.rules) * 1:66723 <-> DISABLED <-> SERVER-OTHER Git server apply reject arbitrary file write attempt (server-other.rules) * 1:66719 <-> DISABLED <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt (server-other.rules) * 1:66724 <-> DISABLED <-> SERVER-OTHER Git server apply reject arbitrary file write attempt (server-other.rules) * 1:66715 <-> DISABLED <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt (server-other.rules) * 1:66725 <-> DISABLED <-> SERVER-WEBAPP Splunk Backup directory traversal attempt (server-webapp.rules) * 1:66720 <-> DISABLED <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt (policy-other.rules) * 1:66726 <-> DISABLED <-> SERVER-WEBAPP Splunk Backup directory traversal attempt (server-webapp.rules) * 3:66721 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt (file-multimedia.rules) * 3:66722 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:66726 <-> DISABLED <-> SERVER-WEBAPP Splunk Backup directory traversal attempt (server-webapp.rules) * 1:66724 <-> DISABLED <-> SERVER-OTHER Git server apply reject arbitrary file write attempt (server-other.rules) * 1:66725 <-> DISABLED <-> SERVER-WEBAPP Splunk Backup directory traversal attempt (server-webapp.rules) * 1:66720 <-> DISABLED <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt (policy-other.rules) * 1:66723 <-> DISABLED <-> SERVER-OTHER Git server apply reject arbitrary file write attempt (server-other.rules) * 1:66715 <-> DISABLED <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt (server-other.rules) * 1:66718 <-> DISABLED <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt (server-other.rules) * 1:66727 <-> DISABLED <-> SERVER-WEBAPP Splunk Backup directory traversal attempt (server-webapp.rules) * 1:66716 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt (os-windows.rules) * 1:66717 <-> DISABLED <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt (server-other.rules) * 1:66714 <-> DISABLED <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt (server-webapp.rules) * 1:66719 <-> DISABLED <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt (server-other.rules) * 3:66721 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt (file-multimedia.rules) * 3:66722 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.5.1.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.6.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.7.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.9.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.12.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.11.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.12.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301552 <-> SERVER-OTHER Git server apply reject arbitrary file write attempt * 1:301553 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 1:66714 <-> SERVER-WEBAPP Grafana Labs Grafana GeoMap cross site scripting attempt * 1:66715 <-> SERVER-OTHER Apache Storm Nimbus getToplogyHistory command injection attempt * 1:66716 <-> OS-WINDOWS Microsoft Windows SMB information disclosure attempt * 1:66717 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66718 <-> SERVER-OTHER Progress WhatsUp Gold WriteDataFile directory traversal attempt * 1:66719 <-> SERVER-OTHER Fishbowl Inventory Server insecure deserialization attempt * 1:66720 <-> POLICY-OTHER LiteSpeed cPanel Plugin potential privilege escalation attempt * 1:66725 <-> SERVER-WEBAPP Splunk Backup directory traversal attempt * 3:66721 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt * 3:66722 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2416 attack attempt