Talos Rules 2026-07-14
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2026-49170: A coding deficiency exists in Microsoft Windows StateRepository API Server file that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66738 through 66739, Snort 3: GID 1, SID 301557.

Microsoft Vulnerability CVE-2026-49795: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66740 through 66741, Snort 3: GID 1, SID 301558.

Microsoft Vulnerability CVE-2026-49798: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66760 through 66761, Snort 3: GID 1, SID 301567.

Microsoft Vulnerability CVE-2026-49805: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66734 through 66735, Snort 3: GID 1, SID 301555.

Microsoft Vulnerability CVE-2026-50327: A coding deficiency exists in Microsoft Windows Media that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66748 through 66749, Snort 3: GID 1, SID 301561.

Microsoft Vulnerability CVE-2026-50329: A coding deficiency exists in Microsoft DWM Core Library that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66762 through 66763, Snort 3: GID 1, SID 301568.

Microsoft Vulnerability CVE-2026-50332: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66768 through 66769, Snort 3: GID 1, SID 301571.

Microsoft Vulnerability CVE-2026-50343: A coding deficiency exists in Microsoft Install Service that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66742 through 66743, Snort 3: GID 1, SID 301559.

Microsoft Vulnerability CVE-2026-50351: A coding deficiency exists in Microsoft Windows Audio Compression Manager (ACM) that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66750 through 66751, Snort 3: GID 1, SID 301562.

Microsoft Vulnerability CVE-2026-50375: A coding deficiency exists in Microsoft DirectX Graphics Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66754 through 66755, Snort 3: GID 1, SID 301564.

Microsoft Vulnerability CVE-2026-50387: A coding deficiency exists in Microsoft Windows GDI that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66764 through 66765, Snort 3: GID 1, SID 301569.

Microsoft Vulnerability CVE-2026-50390: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66803 through 66804, Snort 3: GID 1, SID 301582.

Microsoft Vulnerability CVE-2026-50420: A coding deficiency exists in Microsoft HTTP.sys that may lead to an information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66746 through 66747, Snort 3: GID 1, SID 301560.

Microsoft Vulnerability CVE-2026-50423: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66756 through 66757, Snort 3: GID 1, SID 301565.

Microsoft Vulnerability CVE-2026-50433: A coding deficiency exists in Microsoft Windows Media that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66758 through 66759, Snort 3: GID 1, SID 301566.

Microsoft Vulnerability CVE-2026-50436: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66766 through 66767, Snort 3: GID 1, SID 301570.

Microsoft Vulnerability CVE-2026-50454: A coding deficiency exists in Microsoft Windows User Interface Core that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66784 through 66785, Snort 3: GID 1, SID 301579.

Microsoft Vulnerability CVE-2026-50475: A coding deficiency exists in Microsoft Windows Kernel that may lead to an information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66736 through 66737, Snort 3: GID 1, SID 301556.

Microsoft Vulnerability CVE-2026-50476: A coding deficiency exists in Microsoft Windows Network Connections Service that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66770 through 66771, Snort 3: GID 1, SID 301572.

Microsoft Vulnerability CVE-2026-50489: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66772 through 66773, Snort 3: GID 1, SID 301573.

Microsoft Vulnerability CVE-2026-50518: A coding deficiency exists in Microsoft Windows DHCP Server that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 66745, Snort 3: GID 1, SID 66745.

Microsoft Vulnerability CVE-2026-50522: A coding deficiency exists in Microsoft SharePoint that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66791 through 66792, Snort 3: GID 1, SIDs 66791 through 66792.

Microsoft Vulnerability CVE-2026-50655: A coding deficiency exists in Microsoft Windows Media Foundation that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66752 through 66753, Snort 3: GID 1, SID 301563.

Microsoft Vulnerability CVE-2026-50667: A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66774 through 66775, Snort 3: GID 1, SID 301574.

Microsoft Vulnerability CVE-2026-50688: A coding deficiency exists in Microsoft Windows Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66776 through 66777, Snort 3: GID 1, SID 301575.

Microsoft Vulnerability CVE-2026-54114: A coding deficiency exists in Microsoft Windows Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66778 through 66779, Snort 3: GID 1, SID 301576.

Microsoft Vulnerability CVE-2026-54986: A coding deficiency exists in Microsoft Windows Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66780 through 66781, Snort 3: GID 1, SID 301577.

Microsoft Vulnerability CVE-2026-54992: A coding deficiency exists in Microsoft Message Queuing Queue Manager that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 66733, Snort 3: GID 1, SID 66733.

Microsoft Vulnerability CVE-2026-56164: A coding deficiency exists in Microsoft SharePoint Server that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66782 through 66783, Snort 3: GID 1, SID 301578.

Microsoft Vulnerability CVE-2026-56188: A coding deficiency exists in Microsoft Windows Server Network driver that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 66793, Snort 3: GID 1, SID 66793.

Microsoft Vulnerability CVE-2026-57091: A coding deficiency exists in Microsoft Windows File History Service that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66800 through 66801, Snort 3: GID 1, SID 301581.

Microsoft Vulnerability CVE-2026-58531: A coding deficiency exists in Microsoft Windows SMB that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 66807, Snort 3: GID 1, SID 66807.

Microsoft Vulnerability CVE-2026-58536: A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66805 through 66806, Snort 3: GID 1, SID 301583.

Microsoft Vulnerability CVE-2026-58631: A coding deficiency exists in Microsoft Windows Admin Center (WAC) that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 66802, Snort 3: GID 1, SID 66802.

Talos has added and modified multiple rules in the file-multimedia, malware-cnc, malware-other, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2026-07-14 19:34:05 UTC

Snort Subscriber Rules Update

Date: 2026-07-14

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:66750 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt (os-windows.rules)
 * 1:66751 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt (os-windows.rules)
 * 1:66752 <-> DISABLED <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt (os-windows.rules)
 * 1:66753 <-> DISABLED <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt (os-windows.rules)
 * 1:66754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66755 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66756 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66757 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66758 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt (os-windows.rules)
 * 1:66759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt (os-windows.rules)
 * 1:66760 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt (os-windows.rules)
 * 1:66763 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt (os-windows.rules)
 * 1:66764 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:66765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:66766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66767 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66768 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66769 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt (os-windows.rules)
 * 1:66771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt (os-windows.rules)
 * 1:66772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules)
 * 1:66775 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules)
 * 1:66776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66778 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66779 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66780 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66781 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66782 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt (server-webapp.rules)
 * 1:66783 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt (server-webapp.rules)
 * 1:66784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt (os-windows.rules)
 * 1:66785 <-> DISABLED <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt (os-windows.rules)
 * 1:66786 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (os-windows.rules)
 * 1:66787 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt (malware-cnc.rules)
 * 1:66788 <-> DISABLED <-> MALWARE-CNC Py.Trojan.Starland variant download attempt (malware-cnc.rules)
 * 1:66789 <-> DISABLED <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt (malware-other.rules)
 * 1:66790 <-> DISABLED <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt (malware-other.rules)
 * 1:66791 <-> DISABLED <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request (policy-other.rules)
 * 1:66792 <-> DISABLED <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request (policy-other.rules)
 * 1:66793 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt (os-windows.rules)
 * 1:66800 <-> DISABLED <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt (os-windows.rules)
 * 1:66801 <-> DISABLED <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt (os-windows.rules)
 * 1:66802 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt (policy-other.rules)
 * 1:66803 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66805 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules)
 * 1:66806 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules)
 * 1:66807 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt (os-windows.rules)
 * 1:66728 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt (server-webapp.rules)
 * 1:66729 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt (server-webapp.rules)
 * 1:66730 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt (server-webapp.rules)
 * 1:66731 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt (server-webapp.rules)
 * 1:66732 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt (server-webapp.rules)
 * 1:66733 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt (server-other.rules)
 * 1:66734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66735 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66736 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:66737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:66738 <-> DISABLED <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt (os-windows.rules)
 * 1:66739 <-> DISABLED <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt (os-windows.rules)
 * 1:66740 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66741 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66742 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt (os-windows.rules)
 * 1:66743 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt (os-windows.rules)
 * 1:66744 <-> ENABLED <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt (server-webapp.rules)
 * 1:66745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt (os-windows.rules)
 * 1:66746 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt (os-windows.rules)
 * 1:66747 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt (os-windows.rules)
 * 1:66748 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt (os-windows.rules)
 * 1:66749 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt (os-windows.rules)
 * 3:66794 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt (file-multimedia.rules)
 * 3:66795 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt (file-multimedia.rules)
 * 3:66796 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)
 * 3:66797 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)
 * 3:66798 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)
 * 3:66799 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)

Modified Rules:



2026-07-14 19:34:05 UTC

Snort Subscriber Rules Update

Date: 2026-07-14

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:66729 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt (server-webapp.rules)
 * 1:66730 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt (server-webapp.rules)
 * 1:66731 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt (server-webapp.rules)
 * 1:66732 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt (server-webapp.rules)
 * 1:66733 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt (server-other.rules)
 * 1:66734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66735 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66736 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:66737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:66738 <-> DISABLED <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt (os-windows.rules)
 * 1:66739 <-> DISABLED <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt (os-windows.rules)
 * 1:66740 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66741 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66742 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt (os-windows.rules)
 * 1:66743 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt (os-windows.rules)
 * 1:66744 <-> ENABLED <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt (server-webapp.rules)
 * 1:66745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt (os-windows.rules)
 * 1:66746 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt (os-windows.rules)
 * 1:66747 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt (os-windows.rules)
 * 1:66748 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt (os-windows.rules)
 * 1:66749 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt (os-windows.rules)
 * 1:66750 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt (os-windows.rules)
 * 1:66751 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt (os-windows.rules)
 * 1:66752 <-> DISABLED <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt (os-windows.rules)
 * 1:66753 <-> DISABLED <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt (os-windows.rules)
 * 1:66754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66755 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66756 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66757 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66758 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt (os-windows.rules)
 * 1:66759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt (os-windows.rules)
 * 1:66760 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt (os-windows.rules)
 * 1:66786 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (os-windows.rules)
 * 1:66785 <-> DISABLED <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt (os-windows.rules)
 * 1:66787 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt (malware-cnc.rules)
 * 1:66788 <-> DISABLED <-> MALWARE-CNC Py.Trojan.Starland variant download attempt (malware-cnc.rules)
 * 1:66789 <-> DISABLED <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt (malware-other.rules)
 * 1:66790 <-> DISABLED <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt (malware-other.rules)
 * 1:66791 <-> DISABLED <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request (policy-other.rules)
 * 1:66792 <-> DISABLED <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request (policy-other.rules)
 * 1:66793 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt (os-windows.rules)
 * 1:66800 <-> DISABLED <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt (os-windows.rules)
 * 1:66801 <-> DISABLED <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt (os-windows.rules)
 * 1:66802 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt (policy-other.rules)
 * 1:66803 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66805 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules)
 * 1:66806 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules)
 * 1:66807 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt (os-windows.rules)
 * 1:66784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt (os-windows.rules)
 * 1:66783 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt (server-webapp.rules)
 * 1:66763 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt (os-windows.rules)
 * 1:66764 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:66765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:66766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66767 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66768 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66769 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt (os-windows.rules)
 * 1:66771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt (os-windows.rules)
 * 1:66772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules)
 * 1:66775 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules)
 * 1:66776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66778 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66779 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66780 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66781 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66782 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt (server-webapp.rules)
 * 1:66728 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt (server-webapp.rules)
 * 3:66794 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt (file-multimedia.rules)
 * 3:66795 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt (file-multimedia.rules)
 * 3:66796 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)
 * 3:66797 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)
 * 3:66798 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)
 * 3:66799 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)

Modified Rules:



2026-07-14 19:34:05 UTC

Snort Subscriber Rules Update

Date: 2026-07-14

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:66730 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt (server-webapp.rules)
 * 1:66732 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt (server-webapp.rules)
 * 1:66733 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt (server-other.rules)
 * 1:66734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66735 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66736 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:66737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules)
 * 1:66738 <-> DISABLED <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt (os-windows.rules)
 * 1:66739 <-> DISABLED <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt (os-windows.rules)
 * 1:66740 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66741 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66742 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt (os-windows.rules)
 * 1:66743 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt (os-windows.rules)
 * 1:66744 <-> ENABLED <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt (server-webapp.rules)
 * 1:66745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt (os-windows.rules)
 * 1:66746 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt (os-windows.rules)
 * 1:66747 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt (os-windows.rules)
 * 1:66748 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt (os-windows.rules)
 * 1:66749 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt (os-windows.rules)
 * 1:66750 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt (os-windows.rules)
 * 1:66751 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt (os-windows.rules)
 * 1:66752 <-> DISABLED <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt (os-windows.rules)
 * 1:66753 <-> DISABLED <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt (os-windows.rules)
 * 1:66754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66755 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66756 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66757 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66758 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt (os-windows.rules)
 * 1:66759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt (os-windows.rules)
 * 1:66760 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt (os-windows.rules)
 * 1:66763 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt (os-windows.rules)
 * 1:66787 <-> DISABLED <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt (malware-cnc.rules)
 * 1:66764 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:66765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules)
 * 1:66786 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (os-windows.rules)
 * 1:66788 <-> DISABLED <-> MALWARE-CNC Py.Trojan.Starland variant download attempt (malware-cnc.rules)
 * 1:66790 <-> DISABLED <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt (malware-other.rules)
 * 1:66789 <-> DISABLED <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt (malware-other.rules)
 * 1:66791 <-> DISABLED <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request (policy-other.rules)
 * 1:66792 <-> DISABLED <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request (policy-other.rules)
 * 1:66793 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt (os-windows.rules)
 * 1:66800 <-> DISABLED <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt (os-windows.rules)
 * 1:66801 <-> DISABLED <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt (os-windows.rules)
 * 1:66802 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt (policy-other.rules)
 * 1:66803 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66805 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules)
 * 1:66806 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules)
 * 1:66807 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt (os-windows.rules)
 * 1:66766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66767 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66768 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66769 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules)
 * 1:66770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt (os-windows.rules)
 * 1:66771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt (os-windows.rules)
 * 1:66772 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules)
 * 1:66775 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt (os-windows.rules)
 * 1:66776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66778 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66779 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66780 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66781 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt (os-windows.rules)
 * 1:66782 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt (server-webapp.rules)
 * 1:66783 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt (server-webapp.rules)
 * 1:66784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt (os-windows.rules)
 * 1:66728 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt (server-webapp.rules)
 * 1:66731 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt (server-webapp.rules)
 * 1:66729 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt (server-webapp.rules)
 * 1:66785 <-> DISABLED <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt (os-windows.rules)
 * 3:66794 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt (file-multimedia.rules)
 * 3:66795 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt (file-multimedia.rules)
 * 3:66796 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)
 * 3:66797 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)
 * 3:66798 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)
 * 3:66799 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt (file-multimedia.rules)

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.5.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.6.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.9.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.12.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.11.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules:



2026-07-14 19:43:18 UTC

Snort Subscriber Rules Update

Date: 2026-07-14-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.12.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301554 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:301555 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301556 <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt
* 1:301557 <-> OS-WINDOWS Microsoft Windows StateRepository API elevation of privilege attempt
* 1:301558 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301559 <-> OS-WINDOWS Microsoft Windows Install Service elevation of privilege attempt
* 1:301560 <-> OS-WINDOWS Microsoft Windows HTTP.sys information disclosure attempt
* 1:301561 <-> OS-WINDOWS Microsoft Windows Media Foundation remote code execution attempt
* 1:301562 <-> OS-WINDOWS Microsoft Windows Audio Compression Manager elevation of privilege attempt
* 1:301563 <-> OS-WINDOWS Microsoft Media Foundation remote code execution attempt
* 1:301564 <-> OS-WINDOWS Microsoft Windows DirectX Graphics Kernel elevation of privilege attempt
* 1:301565 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301566 <-> OS-WINDOWS Microsoft Windows Windows Media elevation of privilege attempt
* 1:301567 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301568 <-> OS-WINDOWS Microsoft Windows DWM Core Library elevation of privilege attempt
* 1:301569 <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt
* 1:301570 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301571 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301572 <-> OS-WINDOWS Microsoft Windows Windows Network Connections Service elevation of privilege attempt
* 1:301573 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301574 <-> OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt
* 1:301575 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301576 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt
* 1:301577 <-> OS-WINDOWS Microsoft Windows Windows Win32k elevation of privilege attempt
* 1:301578 <-> SERVER-WEBAPP Microsoft SharePoint elevation of privilege attempt
* 1:301579 <-> OS-WINDOWS Microsoft Windows User Interface Core elevation of privilege attempt
* 1:301580 <-> MALWARE-OTHER Vbs.Loader.Starland variant download attempt
* 1:301581 <-> OS-WINDOWS Microsoft Windows File History Service privilege escalation attempt
* 1:301582 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt
* 1:301583 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt
* 1:66728 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie arbitrary JSP file upload attempt
* 1:66729 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie directory traversal attempt
* 1:66732 <-> SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt
* 1:66733 <-> SERVER-OTHER Microsoft Windows Messaging Queue buffer overflow attempt
* 1:66744 <-> SERVER-WEBAPP Adobe ColdFusion File IO directory traversal attempt
* 1:66745 <-> OS-WINDOWS Microsoft Windows DHCP Server remote code exectuion attempt
* 1:66786 <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt
* 1:66787 <-> MALWARE-CNC Ps1.Trojan.WLDR variant download attempt
* 1:66788 <-> MALWARE-CNC Py.Trojan.Starland variant download attempt
* 1:66791 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66792 <-> POLICY-OTHER Microsoft Sharepoint invalid WS-Trust request
* 1:66793 <-> OS-WINDOWS Microsoft Windows Server network driver remote code execution attempt
* 1:66802 <-> POLICY-OTHER Microsoft Windows Admin Center potential remote code execution attempt
* 1:66807 <-> OS-WINDOWS Microsoft Windows SMB elevation of privilege attempt
* 3:66794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66795 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2367 attack attempt
* 3:66796 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66797 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66798 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt
* 3:66799 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2026-2371 attack attempt

Modified Rules: