Sourcefire VRT Rules Update

Date: 2013-08-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.4.6.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:27586 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27591 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27587 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27579 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules)
 * 1:27581 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27584 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27593 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split (indicator-obfuscation.rules)
 * 1:27583 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27588 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection attempt (malware-cnc.rules)
 * 1:27592 <-> ENABLED <-> EXPLOIT-KIT Cool Exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:27585 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27580 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27578 <-> ENABLED <-> SERVER-OTHER OpenX POST to known backdoored file (server-other.rules)
 * 1:27582 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27590 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27589 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:27576 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules)

Modified Rules:


 * 1:896 <-> DISABLED <-> SERVER-WEBAPP way-board access (server-webapp.rules)
 * 1:897 <-> DISABLED <-> SERVER-WEBAPP pals-cgi access (server-webapp.rules)
 * 1:898 <-> DISABLED <-> SERVER-WEBAPP commerce.cgi access (server-webapp.rules)
 * 1:899 <-> DISABLED <-> SERVER-WEBAPP Amaya templates sendtemp.pl directory traversal attempt (server-webapp.rules)
 * 1:900 <-> DISABLED <-> SERVER-WEBAPP webspirs.cgi directory traversal attempt (server-webapp.rules)
 * 1:901 <-> DISABLED <-> SERVER-WEBAPP webspirs.cgi access (server-webapp.rules)
 * 1:902 <-> DISABLED <-> SERVER-WEBAPP tstisapi.dll access (server-webapp.rules)
 * 1:966 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage .... request (server-other.rules)
 * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules)
 * 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules)
 * 1:9793 <-> DISABLED <-> BROWSER-PLUGINS YMMAPI.YMailAttach ActiveX clsid access (browser-plugins.rules)
 * 1:9795 <-> DISABLED <-> BROWSER-PLUGINS Panda ActiveScan ActiveScan.1 ActiveX clsid access (browser-plugins.rules)
 * 1:9798 <-> DISABLED <-> BROWSER-PLUGINS Panda ActiveScan PAVPZ.SOS.1 ActiveX clsid access (browser-plugins.rules)
 * 1:10189 <-> DISABLED <-> BROWSER-PLUGINS DivXBrowserPlugin ActiveX clsid access (browser-plugins.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10404 <-> DISABLED <-> BROWSER-PLUGINS SignKorea SKCommAX ActiveX clsid access (browser-plugins.rules)
 * 1:10412 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus SameTime STJNILoader ActiveX clsid access attempt (browser-plugins.rules)
 * 1:10415 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus SameTime STJNILoader ActiveX clsid access attempt (browser-plugins.rules)
 * 1:1052 <-> DISABLED <-> SERVER-WEBAPP technote print.cgi directory traversal attempt (server-webapp.rules)
 * 1:1053 <-> DISABLED <-> SERVER-WEBAPP ads.cgi command execution attempt (server-webapp.rules)
 * 1:1062 <-> DISABLED <-> SERVER-WEBAPP nc.exe attempt (server-webapp.rules)
 * 1:1064 <-> DISABLED <-> SERVER-WEBAPP wsh attempt (server-webapp.rules)
 * 1:1065 <-> DISABLED <-> SERVER-WEBAPP rcmd attempt (server-webapp.rules)
 * 1:1066 <-> DISABLED <-> SERVER-WEBAPP telnet attempt (server-webapp.rules)
 * 1:1067 <-> DISABLED <-> SERVER-WEBAPP net attempt (server-webapp.rules)
 * 1:1068 <-> DISABLED <-> SERVER-WEBAPP tftp attempt (server-webapp.rules)
 * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access (server-webapp.rules)
 * 1:1072 <-> DISABLED <-> SERVER-WEBAPP Lotus Domino directory traversal (server-webapp.rules)
 * 1:1073 <-> DISABLED <-> SERVER-WEBAPP webhits.exe access (server-webapp.rules)
 * 1:1077 <-> DISABLED <-> SQL queryhit.htm access (sql.rules)
 * 1:1078 <-> DISABLED <-> SQL counter.exe access (sql.rules)
 * 1:1080 <-> DISABLED <-> SERVER-WEBAPP unify eWave ServletExec upload (server-webapp.rules)
 * 1:1081 <-> DISABLED <-> SERVER-WEBAPP Netscape Servers suite DOS (server-webapp.rules)
 * 1:1082 <-> DISABLED <-> SERVER-WEBAPP amazon 1-click cookie theft (server-webapp.rules)
 * 1:1083 <-> DISABLED <-> SERVER-WEBAPP unify eWave ServletExec DOS (server-webapp.rules)
 * 1:1084 <-> DISABLED <-> SERVER-WEBAPP Allaire JRUN DOS attempt (server-webapp.rules)
 * 1:1086 <-> DISABLED <-> SERVER-WEBAPP strings overflow (server-webapp.rules)
 * 1:1091 <-> DISABLED <-> SERVER-WEBAPP ICQ Webfront HTTP DOS (server-webapp.rules)
 * 1:1093 <-> DISABLED <-> SERVER-WEBAPP cached_feed.cgi moreover shopping cart directory traversal (server-webapp.rules)
 * 1:1098 <-> DISABLED <-> SERVER-WEBAPP SmartWin CyberOffice Shopping Cart access (server-webapp.rules)
 * 1:1099 <-> DISABLED <-> SERVER-WEBAPP cybercop scan (server-webapp.rules)
 * 1:10990 <-> DISABLED <-> SERVER-WEBAPP encoded cross site scripting HTML Image tag attempt (server-webapp.rules)
 * 1:10999 <-> DISABLED <-> SERVER-WEBAPP chetcpasswd access (server-webapp.rules)
 * 1:1103 <-> DISABLED <-> SERVER-WEBAPP Netscape admin passwd (server-webapp.rules)
 * 1:1106 <-> DISABLED <-> SERVER-WEBAPP Poll-it access (server-webapp.rules)
 * 1:1107 <-> DISABLED <-> SERVER-WEBAPP ftp.pl access (server-webapp.rules)
 * 1:1110 <-> DISABLED <-> SERVER-WEBAPP apache source.asp file access (server-webapp.rules)
 * 1:1115 <-> DISABLED <-> SERVER-WEBAPP ICQ webserver DOS (server-webapp.rules)
 * 1:1116 <-> DISABLED <-> SERVER-WEBAPP Lotus DelDoc attempt (server-webapp.rules)
 * 1:1117 <-> DISABLED <-> SERVER-WEBAPP Lotus EditDoc attempt (server-webapp.rules)
 * 1:1119 <-> DISABLED <-> SERVER-WEBAPP mlog.phtml access (server-webapp.rules)
 * 1:1120 <-> DISABLED <-> SERVER-WEBAPP mylog.phtml access (server-webapp.rules)
 * 1:1122 <-> DISABLED <-> SERVER-WEBAPP /etc/passwd file access attempt (server-webapp.rules)
 * 1:1123 <-> DISABLED <-> SERVER-WEBAPP ?PageServices access (server-webapp.rules)
 * 1:1124 <-> DISABLED <-> SERVER-WEBAPP Ecommerce check.txt access (server-webapp.rules)
 * 1:1125 <-> DISABLED <-> SERVER-WEBAPP webcart access (server-webapp.rules)
 * 1:1126 <-> DISABLED <-> SERVER-WEBAPP AuthChangeUrl access (server-webapp.rules)
 * 1:1127 <-> DISABLED <-> SERVER-WEBAPP convert.bas access (server-webapp.rules)
 * 1:1128 <-> DISABLED <-> SERVER-WEBAPP cpshost.dll access (server-webapp.rules)
 * 1:1129 <-> DISABLED <-> SERVER-WEBAPP .htaccess access (server-webapp.rules)
 * 1:1130 <-> DISABLED <-> SERVER-WEBAPP .wwwacl access (server-webapp.rules)
 * 1:1131 <-> DISABLED <-> SERVER-WEBAPP .wwwacl access (server-webapp.rules)
 * 1:1134 <-> DISABLED <-> SERVER-WEBAPP Phorum admin access (server-webapp.rules)
 * 1:1140 <-> DISABLED <-> SERVER-WEBAPP guestbook.pl access (server-webapp.rules)
 * 1:1141 <-> DISABLED <-> SERVER-WEBAPP handler access (server-webapp.rules)
 * 1:1145 <-> DISABLED <-> SERVER-WEBAPP /~root access (server-webapp.rules)
 * 1:1146 <-> DISABLED <-> SERVER-WEBAPP Ecommerce import.txt access (server-webapp.rules)
 * 1:1147 <-> DISABLED <-> SERVER-WEBAPP cat%20 access (server-webapp.rules)
 * 1:1148 <-> DISABLED <-> SERVER-WEBAPP Ecommerce import.txt access (server-webapp.rules)
 * 1:1149 <-> DISABLED <-> SERVER-WEBAPP count.cgi access (server-webapp.rules)
 * 1:1150 <-> DISABLED <-> SERVER-WEBAPP Domino catalog.nsf access (server-webapp.rules)
 * 1:1151 <-> DISABLED <-> SERVER-WEBAPP Domino domcfg.nsf access (server-webapp.rules)
 * 1:1152 <-> DISABLED <-> SERVER-WEBAPP Domino domlog.nsf access (server-webapp.rules)
 * 1:1153 <-> DISABLED <-> SERVER-WEBAPP Domino log.nsf access (server-webapp.rules)
 * 1:1154 <-> DISABLED <-> SERVER-WEBAPP Domino names.nsf access (server-webapp.rules)
 * 1:1155 <-> DISABLED <-> SERVER-WEBAPP Ecommerce checks.txt access (server-webapp.rules)
 * 1:1157 <-> DISABLED <-> SERVER-WEBAPP Netscape PublishingXpert access (server-webapp.rules)
 * 1:1158 <-> DISABLED <-> SERVER-WEBAPP windmail.exe access (server-webapp.rules)
 * 1:1159 <-> DISABLED <-> SERVER-WEBAPP webplus access (server-webapp.rules)
 * 1:1160 <-> DISABLED <-> SERVER-WEBAPP Netscape dir index wp (server-webapp.rules)
 * 1:1162 <-> DISABLED <-> SERVER-WEBAPP cart 32 AdminPwd access (server-webapp.rules)
 * 1:1163 <-> DISABLED <-> SERVER-WEBAPP webdist.cgi access (server-webapp.rules)
 * 1:1164 <-> DISABLED <-> SERVER-WEBAPP shopping cart access (server-webapp.rules)
 * 1:1166 <-> DISABLED <-> SERVER-WEBAPP ws_ftp.ini access (server-webapp.rules)
 * 1:1167 <-> DISABLED <-> SERVER-WEBAPP rpm_query access (server-webapp.rules)
 * 1:1168 <-> DISABLED <-> SERVER-WEBAPP mall log order access (server-webapp.rules)
 * 1:1172 <-> DISABLED <-> SERVER-WEBAPP bigconf.cgi access (server-webapp.rules)
 * 1:1173 <-> DISABLED <-> SERVER-WEBAPP architext_query.pl access (server-webapp.rules)
 * 1:1174 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/jj access (server-webapp.rules)
 * 1:1175 <-> DISABLED <-> SERVER-WEBAPP wwwboard.pl access (server-webapp.rules)
 * 1:1177 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules)
 * 1:1178 <-> DISABLED <-> SERVER-WEBAPP Phorum read access (server-webapp.rules)
 * 1:1179 <-> DISABLED <-> SERVER-WEBAPP Phorum violation access (server-webapp.rules)
 * 1:1180 <-> DISABLED <-> SERVER-WEBAPP get32.exe access (server-webapp.rules)
 * 1:1183 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules)
 * 1:1184 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules)
 * 1:1185 <-> DISABLED <-> SERVER-WEBAPP bizdbsearch attempt (server-webapp.rules)
 * 1:1186 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules)
 * 1:1187 <-> DISABLED <-> SERVER-WEBAPP SalesLogix Eviewer web command attempt (server-webapp.rules)
 * 1:1188 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules)
 * 1:1189 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules)
 * 1:1190 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules)
 * 1:1191 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules)
 * 1:1192 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan access (server-webapp.rules)
 * 1:1195 <-> DISABLED <-> SERVER-WEBAPP sojourn.cgi access (server-webapp.rules)
 * 1:1196 <-> DISABLED <-> SERVER-WEBAPP SGI InfoSearch fname attempt (server-webapp.rules)
 * 1:1197 <-> DISABLED <-> SERVER-WEBAPP Phorum code access (server-webapp.rules)
 * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules)
 * 1:1198 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules)
 * 1:1204 <-> DISABLED <-> SERVER-WEBAPP ax-admin.cgi access (server-webapp.rules)
 * 1:1205 <-> DISABLED <-> SERVER-WEBAPP axs.cgi access (server-webapp.rules)
 * 1:12056 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUpGold instancename overflow attempt (server-webapp.rules)
 * 1:12057 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUpGold configuration access (server-webapp.rules)
 * 1:1206 <-> DISABLED <-> SERVER-WEBAPP cachemgr.cgi access (server-webapp.rules)
 * 1:1208 <-> DISABLED <-> SERVER-WEBAPP responder.cgi access (server-webapp.rules)
 * 1:1211 <-> DISABLED <-> SERVER-WEBAPP web-map.cgi access (server-webapp.rules)
 * 1:1212 <-> DISABLED <-> SERVER-WEBAPP Admin_files access (server-webapp.rules)
 * 1:1213 <-> DISABLED <-> SERVER-WEBAPP backup access (server-webapp.rules)
 * 1:1214 <-> DISABLED <-> SERVER-WEBAPP intranet access (server-webapp.rules)
 * 1:1215 <-> DISABLED <-> SERVER-WEBAPP ministats admin access (server-webapp.rules)
 * 1:1216 <-> DISABLED <-> SERVER-WEBAPP filemail access (server-webapp.rules)
 * 1:3463 <-> DISABLED <-> SERVER-WEBAPP awstats access (server-webapp.rules)
 * 1:891 <-> DISABLED <-> SERVER-WEBAPP upload.pl access (server-webapp.rules)
 * 1:886 <-> DISABLED <-> SERVER-WEBAPP phf access (server-webapp.rules)
 * 1:1217 <-> DISABLED <-> SERVER-WEBAPP plusmail access (server-webapp.rules)
 * 1:1218 <-> DISABLED <-> SERVER-WEBAPP adminlogin access (server-webapp.rules)
 * 1:1219 <-> DISABLED <-> SERVER-WEBAPP dfire.cgi access (server-webapp.rules)
 * 1:1220 <-> DISABLED <-> SERVER-WEBAPP ultraboard access (server-webapp.rules)
 * 1:1221 <-> DISABLED <-> SERVER-WEBAPP Muscat Empower cgi access (server-webapp.rules)
 * 1:1222 <-> DISABLED <-> SERVER-WEBAPP pals-cgi arbitrary file access attempt (server-webapp.rules)
 * 1:1230 <-> DISABLED <-> SERVER-WEBAPP VirusWall FtpSave access (server-webapp.rules)
 * 1:1231 <-> DISABLED <-> SERVER-WEBAPP VirusWall catinfo access (server-webapp.rules)
 * 1:1234 <-> DISABLED <-> SERVER-WEBAPP VirusWall FtpSaveCSP access (server-webapp.rules)
 * 1:1235 <-> DISABLED <-> SERVER-WEBAPP VirusWall FtpSaveCVP access (server-webapp.rules)
 * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules)
 * 1:12674 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - iebar (blacklist.rules)
 * 1:1300 <-> DISABLED <-> SERVER-WEBAPP admin.php file upload attempt (server-webapp.rules)
 * 1:1301 <-> DISABLED <-> SERVER-WEBAPP admin.php access (server-webapp.rules)
 * 1:1302 <-> DISABLED <-> SERVER-WEBAPP console.exe access (server-webapp.rules)
 * 1:1303 <-> DISABLED <-> SERVER-WEBAPP cs.exe access (server-webapp.rules)
 * 1:1304 <-> DISABLED <-> SERVER-WEBAPP txt2html.cgi access (server-webapp.rules)
 * 1:1305 <-> DISABLED <-> SERVER-WEBAPP txt2html.cgi directory traversal attempt (server-webapp.rules)
 * 1:1307 <-> DISABLED <-> SERVER-WEBAPP store.cgi access (server-webapp.rules)
 * 1:1308 <-> DISABLED <-> SERVER-WEBAPP sendmessage.cgi access (server-webapp.rules)
 * 1:1309 <-> DISABLED <-> SERVER-WEBAPP zsh access (server-webapp.rules)
 * 1:13512 <-> DISABLED <-> SQL generic sql exec injection attempt - GET parameter (sql.rules)
 * 1:13514 <-> DISABLED <-> SQL generic sql update injection attempt - GET parameter (sql.rules)
 * 1:1374 <-> DISABLED <-> SERVER-WEBAPP .htgroup access (server-webapp.rules)
 * 1:1381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan attempt (server-webapp.rules)
 * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules)
 * 1:1392 <-> DISABLED <-> SERVER-WEBAPP lastlines.cgi access (server-webapp.rules)
 * 1:13928 <-> ENABLED <-> SERVER-WEBAPP Adobe RoboHelp r0 SQL injection attempt (server-webapp.rules)
 * 1:1396 <-> DISABLED <-> SERVER-WEBAPP zml.cgi access (server-webapp.rules)
 * 1:1397 <-> DISABLED <-> SERVER-WEBAPP wayboard attempt (server-webapp.rules)
 * 1:1399 <-> DISABLED <-> SERVER-WEBAPP PHP-Nuke remote file include attempt (server-webapp.rules)
 * 1:1405 <-> DISABLED <-> SERVER-WEBAPP AHG search.cgi access (server-webapp.rules)
 * 1:1406 <-> DISABLED <-> SERVER-WEBAPP agora.cgi access (server-webapp.rules)
 * 1:1451 <-> DISABLED <-> SERVER-WEBAPP NPH-maillist access (server-webapp.rules)
 * 1:1452 <-> DISABLED <-> SERVER-WEBAPP args.cmd access (server-webapp.rules)
 * 1:1453 <-> DISABLED <-> SERVER-WEBAPP AT-generated.cgi access (server-webapp.rules)
 * 1:1454 <-> DISABLED <-> SERVER-WEBAPP wwwwais access (server-webapp.rules)
 * 1:1456 <-> DISABLED <-> SERVER-WEBAPP calender_admin.pl access (server-webapp.rules)
 * 1:1457 <-> DISABLED <-> SERVER-WEBAPP user_update_admin.pl access (server-webapp.rules)
 * 1:1458 <-> DISABLED <-> SERVER-WEBAPP user_update_passwd.pl access (server-webapp.rules)
 * 1:1459 <-> DISABLED <-> SERVER-WEBAPP bb-histlog.sh access (server-webapp.rules)
 * 1:1460 <-> DISABLED <-> SERVER-WEBAPP bb-histsvc.sh access (server-webapp.rules)
 * 1:1461 <-> DISABLED <-> SERVER-WEBAPP bb-rep.sh access (server-webapp.rules)
 * 1:1462 <-> DISABLED <-> SERVER-WEBAPP bb-replog.sh access (server-webapp.rules)
 * 1:1465 <-> DISABLED <-> SERVER-WEBAPP auktion.cgi access (server-webapp.rules)
 * 1:1466 <-> DISABLED <-> SERVER-WEBAPP cgiforum.pl access (server-webapp.rules)
 * 1:1467 <-> DISABLED <-> SERVER-WEBAPP directorypro.cgi access (server-webapp.rules)
 * 1:1469 <-> DISABLED <-> SERVER-WEBAPP Web Shopper shopper.cgi access (server-webapp.rules)
 * 1:1470 <-> DISABLED <-> SERVER-WEBAPP listrec.pl access (server-webapp.rules)
 * 1:1471 <-> DISABLED <-> SERVER-WEBAPP mailnews.cgi access (server-webapp.rules)
 * 1:1472 <-> DISABLED <-> SERVER-WEBAPP book.cgi access (server-webapp.rules)
 * 1:1473 <-> DISABLED <-> SERVER-WEBAPP newsdesk.cgi access (server-webapp.rules)
 * 1:1474 <-> DISABLED <-> SERVER-WEBAPP cal_make.pl access (server-webapp.rules)
 * 1:1475 <-> DISABLED <-> SERVER-WEBAPP mailit.pl access (server-webapp.rules)
 * 1:1476 <-> DISABLED <-> SERVER-WEBAPP sdbsearch.cgi access (server-webapp.rules)
 * 1:14764 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX clsid access attempt (browser-plugins.rules)
 * 1:1480 <-> DISABLED <-> SERVER-WEBAPP ttawebtop.cgi access (server-webapp.rules)
 * 1:1481 <-> DISABLED <-> SERVER-WEBAPP upload.cgi access (server-webapp.rules)
 * 1:1482 <-> DISABLED <-> SERVER-WEBAPP view_source access (server-webapp.rules)
 * 1:1483 <-> DISABLED <-> SERVER-WEBAPP ustorekeeper.pl access (server-webapp.rules)
 * 1:1488 <-> DISABLED <-> SERVER-WEBAPP store.cgi directory traversal attempt (server-webapp.rules)
 * 1:1491 <-> DISABLED <-> SERVER-WEBAPP Phorum /support/common.php access (server-webapp.rules)
 * 1:1495 <-> DISABLED <-> SERVER-WEBAPP SIX webboard generate.cgi access (server-webapp.rules)
 * 1:1496 <-> DISABLED <-> SERVER-WEBAPP spin_client.cgi access (server-webapp.rules)
 * 1:1500 <-> DISABLED <-> SERVER-WEBAPP ExAir access (server-webapp.rules)
 * 1:1501 <-> DISABLED <-> SERVER-WEBAPP a1stats a1disp3.cgi directory traversal attempt (server-webapp.rules)
 * 1:1505 <-> DISABLED <-> SERVER-WEBAPP alchemy http server PRN arbitrary command execution attempt (server-webapp.rules)
 * 1:1506 <-> DISABLED <-> SERVER-WEBAPP alchemy http server NUL arbitrary command execution attempt (server-webapp.rules)
 * 1:1507 <-> DISABLED <-> SERVER-WEBAPP alibaba.pl arbitrary command execution attempt (server-webapp.rules)
 * 1:1508 <-> DISABLED <-> SERVER-WEBAPP alibaba.pl access (server-webapp.rules)
 * 1:1509 <-> DISABLED <-> SERVER-WEBAPP AltaVista Intranet Search directory traversal attempt (server-webapp.rules)
 * 1:1511 <-> DISABLED <-> SERVER-WEBAPP test.bat access (server-webapp.rules)
 * 1:1512 <-> DISABLED <-> SERVER-WEBAPP input.bat arbitrary command execution attempt (server-webapp.rules)
 * 1:1513 <-> DISABLED <-> SERVER-WEBAPP input.bat access (server-webapp.rules)
 * 1:1514 <-> DISABLED <-> SERVER-WEBAPP input2.bat arbitrary command execution attempt (server-webapp.rules)
 * 1:1515 <-> DISABLED <-> SERVER-WEBAPP input2.bat access (server-webapp.rules)
 * 1:1516 <-> DISABLED <-> SERVER-WEBAPP envout.bat arbitrary command execution attempt (server-webapp.rules)
 * 1:1517 <-> DISABLED <-> SERVER-WEBAPP envout.bat access (server-webapp.rules)
 * 1:1532 <-> DISABLED <-> SERVER-WEBAPP bb-hostscv.sh attempt (server-webapp.rules)
 * 1:1533 <-> DISABLED <-> SERVER-WEBAPP bb-hostscv.sh access (server-webapp.rules)
 * 1:1535 <-> DISABLED <-> SERVER-WEBAPP bizdbsearch access (server-webapp.rules)
 * 1:1539 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/ls access (server-webapp.rules)
 * 1:1542 <-> DISABLED <-> SERVER-WEBAPP cgimail access (server-webapp.rules)
 * 1:1543 <-> DISABLED <-> SERVER-WEBAPP cgiwrap access (server-webapp.rules)
 * 1:1544 <-> DISABLED <-> SERVER-WEBAPP Cisco Catalyst command execution attempt (server-webapp.rules)
 * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules)
 * 1:1554 <-> DISABLED <-> SERVER-WEBAPP dbman db.cgi access (server-webapp.rules)
 * 1:1555 <-> DISABLED <-> SERVER-WEBAPP DCShop access (server-webapp.rules)
 * 1:1556 <-> DISABLED <-> SERVER-WEBAPP DCShop orders.txt access (server-webapp.rules)
 * 1:1557 <-> DISABLED <-> SERVER-WEBAPP DCShop auth_user_file.txt access (server-webapp.rules)
 * 1:1559 <-> DISABLED <-> SERVER-WEBAPP /doc/packages access (server-webapp.rules)
 * 1:1560 <-> DISABLED <-> SERVER-WEBAPP /doc/ access (server-webapp.rules)
 * 1:1564 <-> DISABLED <-> SERVER-WEBAPP login.htm access (server-webapp.rules)
 * 1:1566 <-> DISABLED <-> SERVER-WEBAPP eshop.pl access (server-webapp.rules)
 * 1:1570 <-> DISABLED <-> SERVER-WEBAPP loadpage.cgi access (server-webapp.rules)
 * 1:1572 <-> DISABLED <-> SERVER-WEBAPP commerce.cgi arbitrary file access attempt (server-webapp.rules)
 * 1:1574 <-> DISABLED <-> SERVER-WEBAPP directorypro.cgi attempt (server-webapp.rules)
 * 1:1575 <-> DISABLED <-> SERVER-WEBAPP Domino mab.nsf access (server-webapp.rules)
 * 1:1576 <-> DISABLED <-> SERVER-WEBAPP Domino cersvr.nsf access (server-webapp.rules)
 * 1:1577 <-> DISABLED <-> SERVER-WEBAPP Domino setup.nsf access (server-webapp.rules)
 * 1:1578 <-> DISABLED <-> SERVER-WEBAPP Domino statrep.nsf access (server-webapp.rules)
 * 1:1579 <-> DISABLED <-> SERVER-WEBAPP Domino webadmin.nsf access (server-webapp.rules)
 * 1:1580 <-> DISABLED <-> SERVER-WEBAPP Domino events4.nsf access (server-webapp.rules)
 * 1:1581 <-> DISABLED <-> SERVER-WEBAPP Domino ntsync4.nsf access (server-webapp.rules)
 * 1:1582 <-> DISABLED <-> SERVER-WEBAPP Domino collect4.nsf access (server-webapp.rules)
 * 1:1583 <-> DISABLED <-> SERVER-WEBAPP Domino mailw46.nsf access (server-webapp.rules)
 * 1:1584 <-> DISABLED <-> SERVER-WEBAPP Domino bookmark.nsf access (server-webapp.rules)
 * 1:1585 <-> DISABLED <-> SERVER-WEBAPP Domino agentrunner.nsf access (server-webapp.rules)
 * 1:1586 <-> DISABLED <-> SERVER-WEBAPP Domino mail.box access (server-webapp.rules)
 * 1:1587 <-> DISABLED <-> SERVER-WEBAPP cgitest.exe access (server-webapp.rules)
 * 1:15874 <-> DISABLED <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules)
 * 1:15875 <-> DISABLED <-> SQL generic sql insert injection attempt - POST parameter (sql.rules)
 * 1:1588 <-> DISABLED <-> SERVER-WEBAPP SalesLogix Eviewer access (server-webapp.rules)
 * 1:1589 <-> DISABLED <-> SERVER-WEBAPP musicat empower attempt (server-webapp.rules)
 * 1:1590 <-> DISABLED <-> SERVER-WEBAPP faqmanager.cgi arbitrary file access attempt (server-webapp.rules)
 * 1:1591 <-> DISABLED <-> SERVER-WEBAPP faqmanager.cgi access (server-webapp.rules)
 * 1:1592 <-> DISABLED <-> SERVER-WEBAPP /fcgi-bin/echo.exe access (server-webapp.rules)
 * 1:1593 <-> DISABLED <-> SERVER-WEBAPP FormHandler.cgi external site redirection attempt (server-webapp.rules)
 * 1:1594 <-> DISABLED <-> SERVER-WEBAPP FormHandler.cgi access (server-webapp.rules)
 * 1:15962 <-> DISABLED <-> SERVER-WEBAPP Sybase EAServer WebConsole overflow attempt (server-webapp.rules)
 * 1:1597 <-> DISABLED <-> SERVER-WEBAPP guestbook.cgi access (server-webapp.rules)
 * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules)
 * 1:1599 <-> DISABLED <-> SERVER-WEBAPP search.cgi access (server-webapp.rules)
 * 1:1600 <-> DISABLED <-> SERVER-WEBAPP htsearch arbitrary configuration file attempt (server-webapp.rules)
 * 1:1601 <-> DISABLED <-> SERVER-WEBAPP htsearch arbitrary file read attempt (server-webapp.rules)
 * 1:1602 <-> DISABLED <-> SERVER-WEBAPP htsearch access (server-webapp.rules)
 * 1:16052 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules)
 * 1:1606 <-> DISABLED <-> SERVER-WEBAPP icat access (server-webapp.rules)
 * 1:16078 <-> DISABLED <-> SERVER-WEBAPP PHP memory_limit vulnerability exploit attempt (server-webapp.rules)
 * 1:1608 <-> DISABLED <-> SERVER-WEBAPP htmlscript attempt (server-webapp.rules)
 * 1:1611 <-> DISABLED <-> SERVER-WEBAPP eXtropia webstore access (server-webapp.rules)
 * 1:1613 <-> DISABLED <-> SERVER-WEBAPP handler attempt (server-webapp.rules)
 * 1:1617 <-> DISABLED <-> SERVER-WEBAPP Bugzilla doeditvotes.cgi access (server-webapp.rules)
 * 1:1622 <-> DISABLED <-> PROTOCOL-FTP RNFR ././ attempt (protocol-ftp.rules)
 * 1:1637 <-> DISABLED <-> SERVER-WEBAPP yabb access (server-webapp.rules)
 * 1:1642 <-> DISABLED <-> SERVER-WEBAPP document.d2w access (server-webapp.rules)
 * 1:1643 <-> DISABLED <-> SERVER-WEBAPP db2www access (server-webapp.rules)
 * 1:1644 <-> DISABLED <-> SERVER-WEBAPP test-cgi attempt (server-webapp.rules)
 * 1:1645 <-> DISABLED <-> SERVER-WEBAPP testcgi access (server-webapp.rules)
 * 1:1646 <-> DISABLED <-> SERVER-WEBAPP test.cgi access (server-webapp.rules)
 * 1:1648 <-> DISABLED <-> SERVER-WEBAPP perl.exe command attempt (server-webapp.rules)
 * 1:1649 <-> DISABLED <-> SERVER-WEBAPP perl command attempt (server-webapp.rules)
 * 1:16493 <-> ENABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules)
 * 1:16497 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - Tear Application (blacklist.rules)
 * 1:1650 <-> DISABLED <-> SERVER-WEBAPP tst.bat access (server-webapp.rules)
 * 1:1651 <-> DISABLED <-> SERVER-WEBAPP environ.pl access (server-webapp.rules)
 * 1:1652 <-> DISABLED <-> SERVER-WEBAPP campas attempt (server-webapp.rules)
 * 1:1654 <-> DISABLED <-> SERVER-WEBAPP cart32.exe access (server-webapp.rules)
 * 1:16551 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - malware (blacklist.rules)
 * 1:1656 <-> DISABLED <-> SERVER-WEBAPP pfdispaly.cgi access (server-webapp.rules)
 * 1:1658 <-> DISABLED <-> SERVER-WEBAPP pagelog.cgi access (server-webapp.rules)
 * 1:1662 <-> DISABLED <-> SERVER-WEBAPP /~ftp access (server-webapp.rules)
 * 1:1663 <-> DISABLED <-> SERVER-WEBAPP *%20.pl access (server-webapp.rules)
 * 1:1664 <-> DISABLED <-> SERVER-WEBAPP mkplog.exe access (server-webapp.rules)
 * 1:1667 <-> DISABLED <-> SERVER-WEBAPP cross site scripting HTML Image tag set to javascript attempt (server-webapp.rules)
 * 1:16674 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:16678 <-> DISABLED <-> SERVER-WEBAPP Tandberg VCS local file disclosure attempt (server-webapp.rules)
 * 1:1670 <-> DISABLED <-> SERVER-WEBAPP /home/ftp access (server-webapp.rules)
 * 1:1671 <-> DISABLED <-> SERVER-WEBAPP /home/www access (server-webapp.rules)
 * 1:16741 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Works WkImgSrv.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:1700 <-> DISABLED <-> SERVER-WEBAPP imagemap.exe access (server-webapp.rules)
 * 1:1701 <-> DISABLED <-> SERVER-WEBAPP calendar-admin.pl access (server-webapp.rules)
 * 1:1702 <-> DISABLED <-> SERVER-WEBAPP Amaya templates sendtemp.pl access (server-webapp.rules)
 * 1:1706 <-> DISABLED <-> SERVER-WEBAPP echo.bat access (server-webapp.rules)
 * 1:1708 <-> DISABLED <-> SERVER-WEBAPP hello.bat access (server-webapp.rules)
 * 1:1709 <-> DISABLED <-> SERVER-WEBAPP ad.cgi access (server-webapp.rules)
 * 1:1710 <-> DISABLED <-> SERVER-WEBAPP bbs_forum.cgi access (server-webapp.rules)
 * 1:1711 <-> DISABLED <-> SERVER-WEBAPP bsguest.cgi access (server-webapp.rules)
 * 1:1712 <-> DISABLED <-> SERVER-WEBAPP bslist.cgi access (server-webapp.rules)
 * 1:1713 <-> DISABLED <-> SERVER-WEBAPP cgforum.cgi access (server-webapp.rules)
 * 1:17131 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (browser-ie.rules)
 * 1:1714 <-> DISABLED <-> SERVER-WEBAPP newdesk access (server-webapp.rules)
 * 1:1715 <-> DISABLED <-> SERVER-WEBAPP register.cgi access (server-webapp.rules)
 * 1:17157 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 1 (server-webapp.rules)
 * 1:17158 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 2 (server-webapp.rules)
 * 1:17159 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 3 (server-webapp.rules)
 * 1:1716 <-> DISABLED <-> SERVER-WEBAPP gbook.cgi access (server-webapp.rules)
 * 1:1717 <-> DISABLED <-> SERVER-WEBAPP simplestguest.cgi access (server-webapp.rules)
 * 1:1718 <-> DISABLED <-> SERVER-WEBAPP statsconfig.pl access (server-webapp.rules)
 * 1:1720 <-> DISABLED <-> SERVER-WEBAPP talkback.cgi access (server-webapp.rules)
 * 1:1721 <-> DISABLED <-> SERVER-WEBAPP adcycle access (server-webapp.rules)
 * 1:1722 <-> DISABLED <-> SERVER-WEBAPP MachineInfo access (server-webapp.rules)
 * 1:1724 <-> DISABLED <-> SERVER-WEBAPP emumail.cgi access (server-webapp.rules)
 * 1:1727 <-> DISABLED <-> SERVER-WEBAPP SGI InfoSearch fname access (server-webapp.rules)
 * 1:1737 <-> DISABLED <-> SERVER-WEBAPP squirrel mail theme arbitrary command attempt (server-webapp.rules)
 * 1:1738 <-> DISABLED <-> SERVER-WEBAPP global.inc access (server-webapp.rules)
 * 1:17386 <-> DISABLED <-> SERVER-WEBAPP Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt (server-webapp.rules)
 * 1:1739 <-> DISABLED <-> SERVER-WEBAPP DNSTools administrator authentication bypass attempt (server-webapp.rules)
 * 1:17391 <-> ENABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules)
 * 1:1740 <-> DISABLED <-> SERVER-WEBAPP DNSTools authentication bypass attempt (server-webapp.rules)
 * 1:1741 <-> DISABLED <-> SERVER-WEBAPP DNSTools access (server-webapp.rules)
 * 1:1743 <-> DISABLED <-> SERVER-WEBAPP Blahz-DNS dostuff.php access (server-webapp.rules)
 * 1:17449 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks patch management SQL injection attempt (server-webapp.rules)
 * 1:1745 <-> DISABLED <-> SERVER-WEBAPP Messagerie supp_membre.php access (server-webapp.rules)
 * 1:17459 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:17460 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:17498 <-> ENABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules)
 * 1:17501 <-> ENABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules)
 * 1:17502 <-> ENABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules)
 * 1:17529 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp Server Arbitrary File Upload and Execute (server-webapp.rules)
 * 1:17533 <-> ENABLED <-> SERVER-APACHE Apache Struts Information Disclosure Attempt (server-apache.rules)
 * 1:1763 <-> DISABLED <-> SERVER-WEBAPP Nortel Contivity cgiproc DOS attempt (server-webapp.rules)
 * 1:1764 <-> DISABLED <-> SERVER-WEBAPP Nortel Contivity cgiproc DOS attempt (server-webapp.rules)
 * 1:1765 <-> DISABLED <-> SERVER-WEBAPP Nortel Contivity cgiproc access (server-webapp.rules)
 * 1:1773 <-> DISABLED <-> SERVER-WEBAPP php.exe access (server-webapp.rules)
 * 1:1774 <-> DISABLED <-> SERVER-WEBAPP bb_smilies.php access (server-webapp.rules)
 * 1:17778 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules)
 * 1:1787 <-> DISABLED <-> SERVER-WEBAPP csPassword.cgi access (server-webapp.rules)
 * 1:1788 <-> DISABLED <-> SERVER-WEBAPP csPassword password.cgi.tmp access (server-webapp.rules)
 * 1:1805 <-> DISABLED <-> SERVER-WEBAPP Oracle Reports CGI access (server-webapp.rules)
 * 1:1816 <-> DISABLED <-> SERVER-WEBAPP directory.php access (server-webapp.rules)
 * 1:1822 <-> DISABLED <-> SERVER-WEBAPP AlienForm alienform.cgi directory traversal attempt (server-webapp.rules)
 * 1:1824 <-> DISABLED <-> SERVER-WEBAPP AlienForm alienform.cgi access (server-webapp.rules)
 * 1:18241 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules)
 * 1:18247 <-> ENABLED <-> BLACKLIST User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (blacklist.rules)
 * 1:1825 <-> DISABLED <-> SERVER-WEBAPP AlienForm af.cgi access (server-webapp.rules)
 * 1:1826 <-> DISABLED <-> SERVER-WEBAPP WEB-INF access (server-webapp.rules)
 * 1:18326 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_site_misc module directory traversal attempt (protocol-ftp.rules)
 * 1:18336 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string gbot/2.3 (blacklist.rules)
 * 1:18337 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iamx/3.11 (blacklist.rules)
 * 1:18338 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSISDL/1.2 (blacklist.rules)
 * 1:18340 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (blacklist.rules)
 * 1:18341 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string UtilMind HTTPGet (blacklist.rules)
 * 1:18342 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_DOWNLOAD (blacklist.rules)
 * 1:18343 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WSEnrichment (blacklist.rules)
 * 1:18345 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (blacklist.rules)
 * 1:18346 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18347 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoIt (blacklist.rules)
 * 1:18348 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (blacklist.rules)
 * 1:18349 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Flipopia (blacklist.rules)
 * 1:1835 <-> DISABLED <-> SERVER-WEBAPP Macromedia SiteSpring cross site scripting attempt (server-webapp.rules)
 * 1:18350 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GabPath (blacklist.rules)
 * 1:18351 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPUpdater (blacklist.rules)
 * 1:18352 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (blacklist.rules)
 * 1:18354 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string opera/8.11 (blacklist.rules)
 * 1:18355 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Se2011 (blacklist.rules)
 * 1:18356 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string random (blacklist.rules)
 * 1:18357 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Setup Factory (blacklist.rules)
 * 1:18358 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_INETLOAD (blacklist.rules)
 * 1:18359 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Shareaza (blacklist.rules)
 * 1:18360 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Oncues (blacklist.rules)
 * 1:18361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Downloader1.1 (blacklist.rules)
 * 1:18362 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Search Toolbar 1.1 (blacklist.rules)
 * 1:18363 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18364 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string msndown (blacklist.rules)
 * 1:18365 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Agentcc (blacklist.rules)
 * 1:18366 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCInstaller (blacklist.rules)
 * 1:18367 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPRecover (blacklist.rules)
 * 1:18368 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Our_Agent (blacklist.rules)
 * 1:18369 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iexp-get (blacklist.rules)
 * 1:18370 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Mozilla Windows MSIE (blacklist.rules)
 * 1:18371 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string QvodDown (blacklist.rules)
 * 1:18373 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Installer (blacklist.rules)
 * 1:18374 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string MSDN SurfBear (blacklist.rules)
 * 1:18375 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTP Wininet (blacklist.rules)
 * 1:18376 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Trololo (blacklist.rules)
 * 1:18377 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string malware (blacklist.rules)
 * 1:18378 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoHotkey (blacklist.rules)
 * 1:18379 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AskInstallChecker (blacklist.rules)
 * 1:18380 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPUpdater (blacklist.rules)
 * 1:18381 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Travel Update (blacklist.rules)
 * 1:18382 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WMUpdate (blacklist.rules)
 * 1:18383 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPInstaller (blacklist.rules)
 * 1:18385 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTPCSDCENTER (blacklist.rules)
 * 1:18386 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AHTTPConnection (blacklist.rules)
 * 1:18387 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string dwplayer (blacklist.rules)
 * 1:18388 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules)
 * 1:18389 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string 3653Client (blacklist.rules)
 * 1:1839 <-> DISABLED <-> SERVER-WEBAPP mailman cross site scripting attempt (server-webapp.rules)
 * 1:18390 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Delphi 5.x (blacklist.rules)
 * 1:18391 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string MyLove (blacklist.rules)
 * 1:18392 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string qixi (blacklist.rules)
 * 1:18393 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string vyre32 (blacklist.rules)
 * 1:18394 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCRecover (blacklist.rules)
 * 1:18395 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Duckling/1.0 (blacklist.rules)
 * 1:1847 <-> DISABLED <-> SERVER-WEBAPP webalizer access (server-webapp.rules)
 * 1:18470 <-> DISABLED <-> SERVER-WEBAPP Java floating point number denial of service - via URI (server-webapp.rules)
 * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules)
 * 1:1848 <-> DISABLED <-> SERVER-WEBAPP webcart-lite access (server-webapp.rules)
 * 1:1849 <-> DISABLED <-> SERVER-WEBAPP webfind.exe access (server-webapp.rules)
 * 1:1850 <-> DISABLED <-> SERVER-WEBAPP way-board.cgi access (server-webapp.rules)
 * 1:1851 <-> DISABLED <-> SERVER-WEBAPP active.log access (server-webapp.rules)
 * 1:1852 <-> DISABLED <-> SERVER-WEBAPP robots.txt access (server-webapp.rules)
 * 1:18556 <-> DISABLED <-> SERVER-WEBAPP Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (server-webapp.rules)
 * 1:1857 <-> DISABLED <-> SERVER-WEBAPP robot.txt access (server-webapp.rules)
 * 1:18668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Messenger ActiveX clsid access (browser-plugins.rules)
 * 1:1868 <-> DISABLED <-> SERVER-WEBAPP Interactive Story story.pl arbitrary file read attempt (server-webapp.rules)
 * 1:1869 <-> DISABLED <-> SERVER-WEBAPP Interactive Story story.pl access (server-webapp.rules)
 * 1:1870 <-> DISABLED <-> SERVER-WEBAPP siteUserMod.cgi access (server-webapp.rules)
 * 1:18745 <-> ENABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules)
 * 1:1875 <-> DISABLED <-> SERVER-WEBAPP cgicso access (server-webapp.rules)
 * 1:1876 <-> DISABLED <-> SERVER-WEBAPP nph-publish.cgi access (server-webapp.rules)
 * 1:18761 <-> ENABLED <-> SERVER-WEBAPP Majordomo2 http directory traversal attempt (server-webapp.rules)
 * 1:1877 <-> DISABLED <-> SERVER-WEBAPP printenv access (server-webapp.rules)
 * 1:1878 <-> DISABLED <-> SERVER-WEBAPP sdbsearch.cgi access (server-webapp.rules)
 * 1:1879 <-> DISABLED <-> SERVER-WEBAPP book.cgi arbitrary command execution attempt (server-webapp.rules)
 * 1:1880 <-> DISABLED <-> SERVER-WEBAPP oracle web application server access (server-webapp.rules)
 * 1:18802 <-> ENABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules)
 * 1:18803 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Runtime CMM readMabCurveData buffer overflow attempt (server-webapp.rules)
 * 1:18804 <-> DISABLED <-> SERVER-WEBAPP OpenLDAP Modrdn utf-8 string code execution attempt (server-webapp.rules)
 * 1:19047 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - RCleanT (blacklist.rules)
 * 1:19205 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules)
 * 1:1930 <-> ENABLED <-> PROTOCOL-IMAP auth literal overflow attempt (protocol-imap.rules)
 * 1:1931 <-> DISABLED <-> SERVER-WEBAPP rpc-nlog.pl access (server-webapp.rules)
 * 1:1932 <-> DISABLED <-> SERVER-WEBAPP rpc-smb.pl access (server-webapp.rules)
 * 1:1933 <-> DISABLED <-> SERVER-WEBAPP cart.cgi access (server-webapp.rules)
 * 1:1943 <-> DISABLED <-> SERVER-WEBAPP /Carello/add.exe access (server-webapp.rules)
 * 1:19434 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ErrCode (blacklist.rules)
 * 1:19439 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:1944 <-> DISABLED <-> SERVER-WEBAPP /ecscripts/ecware.exe access (server-webapp.rules)
 * 1:19440 <-> DISABLED <-> SQL 1 = 0 - possible sql injection attempt (sql.rules)
 * 1:19570 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - ie 11.0 sp6 (blacklist.rules)
 * 1:19645 <-> DISABLED <-> SERVER-WEBAPP cross-site scripting attempt via form data attempt (server-webapp.rules)
 * 1:1968 <-> DISABLED <-> SERVER-WEBAPP phpbb quick-reply.php access (server-webapp.rules)
 * 1:1969 <-> DISABLED <-> SERVER-WEBAPP ion-p access (server-webapp.rules)
 * 1:19694 <-> ENABLED <-> SERVER-WEBAPP Microsoft Windows .NET Chart Control directory traversal attempt (server-webapp.rules)
 * 1:19703 <-> ENABLED <-> MALWARE-CNC Worm Win.Trojan.Dusta.br outbound connnection (malware-cnc.rules)
 * 1:1977 <-> DISABLED <-> SERVER-WEBAPP xp_regwrite attempt (server-webapp.rules)
 * 1:1978 <-> DISABLED <-> SERVER-WEBAPP xp_regdeletekey attempt (server-webapp.rules)
 * 1:19869 <-> DISABLED <-> MALWARE-TOOLS Anonymous PHP RefRef DoS tool (malware-tools.rules)
 * 1:19870 <-> DISABLED <-> MALWARE-TOOLS Anonymous Perl RefRef DoS tool (malware-tools.rules)
 * 1:1994 <-> DISABLED <-> SERVER-WEBAPP vpasswd.cgi access (server-webapp.rules)
 * 1:1995 <-> DISABLED <-> SERVER-WEBAPP alya.cgi access (server-webapp.rules)
 * 1:1996 <-> DISABLED <-> SERVER-WEBAPP viralator.cgi access (server-webapp.rules)
 * 1:1997 <-> DISABLED <-> SERVER-WEBAPP read_body.php access attempt (server-webapp.rules)
 * 1:1998 <-> DISABLED <-> SERVER-WEBAPP calendar.php access (server-webapp.rules)
 * 1:1999 <-> DISABLED <-> SERVER-WEBAPP edit_image.php access (server-webapp.rules)
 * 1:2000 <-> DISABLED <-> SERVER-WEBAPP readmsg.php access (server-webapp.rules)
 * 1:2001 <-> DISABLED <-> SERVER-WEBAPP smartsearch.cgi access (server-webapp.rules)
 * 1:20013 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager webappmon.exe host header buffer overflow attempt (server-webapp.rules)
 * 1:20047 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:20101 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - User-Agent (pua-adware.rules)
 * 1:20103 <-> DISABLED <-> PUA-ADWARE Adware playsushi - User-Agent (pua-adware.rules)
 * 1:20114 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint hiddenSpanData cross site scripting attempt (server-webapp.rules)
 * 1:20116 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Javascript XSS attempt (server-webapp.rules)
 * 1:20143 <-> DISABLED <-> PUA-ADWARE Adware mightymagoo/playpickle/livingplay - User-Agent (pua-adware.rules)
 * 1:20240 <-> ENABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules)
 * 1:20293 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string MBVDFRESCT (blacklist.rules)
 * 1:2051 <-> DISABLED <-> SERVER-WEBAPP cached_feed.cgi moreover shopping cart access (server-webapp.rules)
 * 1:2052 <-> DISABLED <-> SERVER-WEBAPP overflow.cgi access (server-webapp.rules)
 * 1:2053 <-> DISABLED <-> SERVER-WEBAPP Bugtraq process_bug.cgi access (server-webapp.rules)
 * 1:2054 <-> DISABLED <-> SERVER-WEBAPP Bugtraq enter_bug.cgi arbitrary command attempt (server-webapp.rules)
 * 1:26604 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:26796 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.ZertSecurity encrypted information leak (malware-other.rules)
 * 1:26181 <-> DISABLED <-> BROWSER-PLUGINS Samsung NET-i viewer BackupToAvi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:25093 <-> ENABLED <-> MALWARE-CNC Win.Exploit.Hacktool variant outbound connection (malware-cnc.rules)
 * 1:26291 <-> ENABLED <-> OS-MOBILE Android Ksapp device registration (os-mobile.rules)
 * 1:829 <-> DISABLED <-> SERVER-WEBAPP nph-test-cgi access (server-webapp.rules)
 * 1:25508 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit java exploit retrieval (exploit-kit.rules)
 * 1:25094 <-> ENABLED <-> MALWARE-OTHER PERL.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:3131 <-> DISABLED <-> SERVER-WEBAPP mailman directory traversal attempt (server-webapp.rules)
 * 1:860 <-> DISABLED <-> SERVER-WEBAPP snork.bat access (server-webapp.rules)
 * 1:870 <-> DISABLED <-> SERVER-WEBAPP snorkerz.cmd access (server-webapp.rules)
 * 1:25322 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit EOT file download (exploit-kit.rules)
 * 1:2665 <-> ENABLED <-> PROTOCOL-IMAP login literal format string attempt (protocol-imap.rules)
 * 1:856 <-> DISABLED <-> SERVER-WEBAPP environ.cgi access (server-webapp.rules)
 * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound communication (malware-cnc.rules)
 * 1:7191 <-> DISABLED <-> PUA-ADWARE Adware trustyfiles v3.1.0.1 runtime detection - url retrieval (pua-adware.rules)
 * 1:26767 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp embed access (browser-plugins.rules)
 * 1:26616 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript indexOf rename attempt (indicator-obfuscation.rules)
 * 1:882 <-> DISABLED <-> SERVER-WEBAPP calendar access (server-webapp.rules)
 * 1:849 <-> DISABLED <-> SERVER-WEBAPP view-source access (server-webapp.rules)
 * 1:26543 <-> DISABLED <-> BROWSER-PLUGINS SafeNet ActiveX clsid access (browser-plugins.rules)
 * 1:888 <-> DISABLED <-> SERVER-WEBAPP wwwadmin.pl access (server-webapp.rules)
 * 1:25509 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit pdf exploit retrieval (exploit-kit.rules)
 * 1:25962 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit EOT file download (exploit-kit.rules)
 * 1:27014 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection attempt (malware-cnc.rules)
 * 1:807 <-> DISABLED <-> SERVER-WEBAPP /wwwboard/passwd.txt access (server-webapp.rules)
 * 1:25478 <-> DISABLED <-> POLICY-SOCIAL IRC G-line active (policy-social.rules)
 * 1:805 <-> DISABLED <-> SERVER-WEBAPP Progress webspeed access (server-webapp.rules)
 * 1:868 <-> DISABLED <-> SERVER-WEBAPP rsh access (server-webapp.rules)
 * 1:7050 <-> DISABLED <-> PUA-TOOLBARS Hijacker freecruise toolbar runtime detection (pua-toolbars.rules)
 * 1:25479 <-> DISABLED <-> POLICY-SOCIAL IRC K-line active (policy-social.rules)
 * 1:2566 <-> DISABLED <-> SERVER-WEBAPP PHPBB viewforum.php access (server-webapp.rules)
 * 1:863 <-> DISABLED <-> SERVER-WEBAPP day5datacopier.cgi access (server-webapp.rules)
 * 1:869 <-> DISABLED <-> SERVER-WEBAPP dumpenv.pl access (server-webapp.rules)
 * 1:25095 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:3008 <-> DISABLED <-> PROTOCOL-IMAP delete literal overflow attempt (protocol-imap.rules)
 * 1:7866 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Connection ActiveX clsid access (browser-plugins.rules)
 * 1:25963 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit SWF file download (exploit-kit.rules)
 * 1:26766 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp ActiveX clsid access (browser-plugins.rules)
 * 1:880 <-> DISABLED <-> SERVER-WEBAPP LWGate access (server-webapp.rules)
 * 1:858 <-> DISABLED <-> SERVER-WEBAPP filemail access (server-webapp.rules)
 * 1:25260 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Mozila (blacklist.rules)
 * 1:26182 <-> DISABLED <-> BROWSER-PLUGINS Samsung NET-i viewer BackupToAvi ActiveX function call access attempt (browser-plugins.rules)
 * 1:7839 <-> DISABLED <-> PUA-TOOLBARS Hijacker rx toolbar runtime detection (pua-toolbars.rules)
 * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules)
 * 1:26241 <-> DISABLED <-> BROWSER-PLUGINS ActivePDF WebGrabber APWebGrb.ocx ActiveX function call access attempt (browser-plugins.rules)
 * 1:7641 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:875 <-> DISABLED <-> SERVER-WEBAPP win-c-sample.exe access (server-webapp.rules)
 * 1:25112 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:27111 <-> DISABLED <-> BROWSER-PLUGINS PcVue SVUIGrd.ocx ActiveX clsid access (browser-plugins.rules)
 * 1:848 <-> DISABLED <-> SERVER-WEBAPP view-source directory traversal (server-webapp.rules)
 * 1:25323 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit EOT file download (exploit-kit.rules)
 * 1:27174 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Socket ActiveX clsid access (browser-plugins.rules)
 * 1:7582 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - Pcast Live (blacklist.rules)
 * 1:825 <-> DISABLED <-> SERVER-WEBAPP glimpse access (server-webapp.rules)
 * 1:25765 <-> ENABLED <-> MALWARE-CNC Trojan Agent YEH outbound connection (malware-cnc.rules)
 * 1:26393 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Messenger ActiveX function call access (browser-plugins.rules)
 * 1:27287 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:815 <-> DISABLED <-> SERVER-WEBAPP websendmail access (server-webapp.rules)
 * 1:836 <-> DISABLED <-> SERVER-WEBAPP textcounter.pl access (server-webapp.rules)
 * 1:27164 <-> DISABLED <-> SERVER-WEBAPP Dasdec unauthenticated information disclosure vulnerability (server-webapp.rules)
 * 1:25267 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules)
 * 1:25951 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit EOT file download (exploit-kit.rules)
 * 1:5797 <-> DISABLED <-> APP-DETECT Kontiki runtime detection (app-detect.rules)
 * 1:837 <-> DISABLED <-> SERVER-WEBAPP uploader.exe access (server-webapp.rules)
 * 1:808 <-> DISABLED <-> SERVER-WEBAPP webdriver access (server-webapp.rules)
 * 1:840 <-> DISABLED <-> SERVER-WEBAPP perlshop.cgi access (server-webapp.rules)
 * 1:2664 <-> DISABLED <-> PROTOCOL-IMAP login format string attempt (protocol-imap.rules)
 * 1:25118 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:850 <-> DISABLED <-> SERVER-WEBAPP wais.pl access (server-webapp.rules)
 * 1:3469 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Gold dos attempt (server-webapp.rules)
 * 1:25507 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit pdf exploit retrieval (exploit-kit.rules)
 * 1:26905 <-> ENABLED <-> SERVER-WEBAPP FosWiki and TWiki MAKETEXT macro memory consumption denial of service attempt (server-webapp.rules)
 * 1:25950 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit PDF exploit (exploit-kit.rules)
 * 1:819 <-> DISABLED <-> SERVER-WEBAPP mmstdod.cgi access (server-webapp.rules)
 * 1:25594 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit java exploit retrieval (exploit-kit.rules)
 * 1:27244 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules)
 * 1:846 <-> DISABLED <-> SERVER-WEBAPP bnbform.cgi access (server-webapp.rules)
 * 1:879 <-> DISABLED <-> SERVER-WEBAPP admin.pl access (server-webapp.rules)
 * 1:26764 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp ActiveX clsid access (browser-plugins.rules)
 * 1:813 <-> DISABLED <-> SERVER-WEBAPP webplus directory traversal (server-webapp.rules)
 * 1:864 <-> DISABLED <-> SERVER-WEBAPP day5datanotifier.cgi access (server-webapp.rules)
 * 1:845 <-> DISABLED <-> SERVER-WEBAPP AT-admin.cgi access (server-webapp.rules)
 * 1:25325 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit pdf exploit retrieval (exploit-kit.rules)
 * 1:27016 <-> ENABLED <-> OS-MOBILE Android AnserverBot initial contact (os-mobile.rules)
 * 1:3638 <-> DISABLED <-> SERVER-WEBAPP SoftCart.exe CGI buffer overflow attempt (server-webapp.rules)
 * 1:26544 <-> DISABLED <-> BROWSER-PLUGINS SafeNet ActiveX clsid access (browser-plugins.rules)
 * 1:832 <-> DISABLED <-> SERVER-WEBAPP perl.exe access (server-webapp.rules)
 * 1:26048 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit PDF exploit (exploit-kit.rules)
 * 1:878 <-> DISABLED <-> SERVER-WEBAPP w3tvars.pm access (server-webapp.rules)
 * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound communication (malware-cnc.rules)
 * 1:842 <-> DISABLED <-> SERVER-WEBAPP aglimpse access (server-webapp.rules)
 * 1:3674 <-> DISABLED <-> SERVER-WEBAPP db4web_c directory traversal attempt (server-webapp.rules)
 * 1:5900 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - Async HTTP Agent (blacklist.rules)
 * 1:25266 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules)
 * 1:25262 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string IEToolbar (blacklist.rules)
 * 1:27192 <-> DISABLED <-> SERVER-WEBAPP DM Albums album.php remote file include attempt (server-webapp.rules)
 * 1:25328 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit java exploit retrieval (exploit-kit.rules)
 * 1:4128 <-> DISABLED <-> SERVER-WEBAPP 4DWebstar ShellExample.cgi information disclosure (server-webapp.rules)
 * 1:6198 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - SQTR_VERIFY (blacklist.rules)
 * 1:25261 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string MSIE (blacklist.rules)
 * 1:25316 <-> DISABLED <-> BROWSER-PLUGINS InduSoft ISSymbol InternationalSeparator heap overflow attempt (browser-plugins.rules)
 * 1:812 <-> DISABLED <-> SERVER-WEBAPP webplus version access (server-webapp.rules)
 * 1:827 <-> DISABLED <-> SERVER-WEBAPP info2www access (server-webapp.rules)
 * 1:3086 <-> DISABLED <-> SERVER-WEBAPP 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt (server-webapp.rules)
 * 1:27176 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Socket ActiveX clsid access (browser-plugins.rules)
 * 1:25859 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit malicious jar file download (exploit-kit.rules)
 * 1:25597 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit EOT file download (exploit-kit.rules)
 * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules)
 * 1:871 <-> DISABLED <-> SERVER-WEBAPP survey.cgi access (server-webapp.rules)
 * 1:847 <-> DISABLED <-> SERVER-WEBAPP campas access (server-webapp.rules)
 * 1:2663 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUpGold instancename overflow attempt (server-webapp.rules)
 * 1:821 <-> DISABLED <-> SERVER-WEBAPP imagemap.exe overflow attempt (server-webapp.rules)
 * 1:2565 <-> DISABLED <-> SERVER-WEBAPP modules.php access (server-webapp.rules)
 * 1:26050 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit SWF file download (exploit-kit.rules)
 * 1:27544 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab runtime traffic detected (malware-cnc.rules)
 * 1:804 <-> DISABLED <-> SERVER-WEBAPP SWSoft ASPSeek Overflow attempt (server-webapp.rules)
 * 1:865 <-> DISABLED <-> SERVER-WEBAPP ksh access (server-webapp.rules)
 * 1:3058 <-> DISABLED <-> PROTOCOL-IMAP copy literal overflow attempt (protocol-imap.rules)
 * 1:866 <-> DISABLED <-> SERVER-WEBAPP post-query access (server-webapp.rules)
 * 1:859 <-> DISABLED <-> SERVER-WEBAPP man.sh access (server-webapp.rules)
 * 1:26387 <-> ENABLED <-> OS-MOBILE Android Stels initial server contact (os-mobile.rules)
 * 1:27162 <-> DISABLED <-> SERVER-WEBAPP Dasdec unauthenticated information disclosure vulnerability (server-webapp.rules)
 * 1:25092 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool variant outbound connection (malware-other.rules)
 * 1:3468 <-> DISABLED <-> SERVER-WEBAPP math_sum.mscgi access (server-webapp.rules)
 * 1:25116 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:25096 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:838 <-> DISABLED <-> SERVER-WEBAPP webgais access (server-webapp.rules)
 * 1:852 <-> DISABLED <-> SERVER-WEBAPP wguest.exe access (server-webapp.rules)
 * 1:861 <-> DISABLED <-> SERVER-WEBAPP w3-msql access (server-webapp.rules)
 * 1:26184 <-> DISABLED <-> BROWSER-PLUGINS TRENDNet SecurView internet camera UltraMJCam ActiveX function call access attempt (browser-plugins.rules)
 * 1:26823 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Neshgai.A runtime detection (malware-backdoor.rules)
 * 1:867 <-> DISABLED <-> SERVER-WEBAPP visadmin.exe access (server-webapp.rules)
 * 1:7187 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - SAH Agent (blacklist.rules)
 * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manger cross site scripting attempt (server-webapp.rules)
 * 1:854 <-> DISABLED <-> SERVER-WEBAPP classifieds.cgi access (server-webapp.rules)
 * 1:2569 <-> DISABLED <-> SERVER-WEBAPP cPanel resetpass access (server-webapp.rules)
 * 1:828 <-> DISABLED <-> SERVER-WEBAPP maillist.pl access (server-webapp.rules)
 * 1:881 <-> DISABLED <-> SERVER-WEBAPP archie access (server-webapp.rules)
 * 1:25598 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit EOT file download (exploit-kit.rules)
 * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules)
 * 1:2581 <-> DISABLED <-> SERVER-WEBAPP SAP Crystal Reports crystalimagehandler.aspx access (server-webapp.rules)
 * 1:25120 <-> DISABLED <-> SERVER-WEBAPP W3 Total Cache for Wordpress access - likely information disclosure (server-webapp.rules)
 * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound communication (malware-cnc.rules)
 * 1:26981 <-> DISABLED <-> SERVER-WEBAPP WordPress login denial of service attempt (server-webapp.rules)
 * 1:2585 <-> ENABLED <-> SERVER-WEBAPP nessus 2.x 404 probe (server-webapp.rules)
 * 1:27161 <-> DISABLED <-> SERVER-WEBAPP Dasdec unauthenticated information disclosure vulnerability (server-webapp.rules)
 * 1:2672 <-> DISABLED <-> SERVER-WEBAPP sresult.exe access (server-webapp.rules)
 * 1:833 <-> DISABLED <-> SERVER-WEBAPP rguest.exe access (server-webapp.rules)
 * 1:25595 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit java exploit retrieval (exploit-kit.rules)
 * 1:26777 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:885 <-> DISABLED <-> SERVER-WEBAPP bash access (server-webapp.rules)
 * 1:25528 <-> ENABLED <-> SERVER-WEBAPP Moveable Type unauthenticated remote command execution attempt (server-webapp.rules)
 * 1:806 <-> DISABLED <-> SERVER-WEBAPP yabb directory traversal attempt (server-webapp.rules)
 * 1:3465 <-> DISABLED <-> SERVER-WEBAPP RiSearch show.pl proxy attempt (server-webapp.rules)
 * 1:26690 <-> ENABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules)
 * 1:25105 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway directory traversal attempt (server-webapp.rules)
 * 1:27163 <-> DISABLED <-> SERVER-WEBAPP Dasdec unauthenticated information disclosure vulnerability (server-webapp.rules)
 * 1:803 <-> DISABLED <-> SERVER-WEBAPP HyperSeek hsx.cgi directory traversal attempt (server-webapp.rules)
 * 1:27112 <-> DISABLED <-> BROWSER-PLUGINS PcVue SVUIGrd.ocx ActiveX function call access (browser-plugins.rules)
 * 1:26881 <-> DISABLED <-> MALWARE-OTHER HTML.Dropper.Agent uri scheme detected (malware-other.rules)
 * 1:27206 <-> DISABLED <-> BROWSER-PLUGINS SigPlus Pro ActiveX clsid access (browser-plugins.rules)
 * 1:2668 <-> DISABLED <-> SERVER-WEBAPP processit access (server-webapp.rules)
 * 1:27288 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:843 <-> DISABLED <-> SERVER-WEBAPP anform2 access (server-webapp.rules)
 * 1:823 <-> DISABLED <-> SERVER-WEBAPP cvsweb.cgi access (server-webapp.rules)
 * 1:25104 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway directory traversal attempt (server-webapp.rules)
 * 1:26395 <-> ENABLED <-> MALWARE-OTHER Possible data upload - Bitcoin Miner User Agent (malware-other.rules)
 * 1:26049 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit EOT file download (exploit-kit.rules)
 * 1:6362 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - MGS-Internal-Web-Manager (blacklist.rules)
 * 1:857 <-> DISABLED <-> SERVER-WEBAPP faxsurvey access (server-webapp.rules)
 * 1:26557 <-> ENABLED <-> SERVER-WEBAPP Wordpress brute-force login attempt (server-webapp.rules)
 * 1:877 <-> DISABLED <-> SERVER-WEBAPP rksh access (server-webapp.rules)
 * 1:25114 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules)
 * 1:2567 <-> DISABLED <-> SERVER-WEBAPP Emumail init.emu access (server-webapp.rules)
 * 1:26545 <-> DISABLED <-> BROWSER-PLUGINS SafeNet ActiveX clsid access (browser-plugins.rules)
 * 1:27177 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Socket ActiveX clsid access (browser-plugins.rules)
 * 1:862 <-> DISABLED <-> SERVER-WEBAPP csh access (server-webapp.rules)
 * 1:7071 <-> DISABLED <-> SERVER-WEBAPP encoded cross site scripting HTML Image tag set to javascript attempt (server-webapp.rules)
 * 1:27243 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirectAction (server-apache.rules)
 * 1:5838 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - EI (blacklist.rules)
 * 1:844 <-> DISABLED <-> SERVER-WEBAPP args.bat access (server-webapp.rules)
 * 1:2568 <-> DISABLED <-> SERVER-WEBAPP Emumail emumail.fcgi access (server-webapp.rules)
 * 1:2669 <-> DISABLED <-> SERVER-WEBAPP ibillpm.pl access (server-webapp.rules)
 * 1:25505 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit EOT file download (exploit-kit.rules)
 * 1:26765 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp ActiveX function call access (browser-plugins.rules)
 * 1:27283 <-> DISABLED <-> BROWSER-PLUGINS PPMate PPMPlayer.dll ActiveX clsid access (browser-plugins.rules)
 * 1:851 <-> DISABLED <-> SERVER-WEBAPP files.pl access (server-webapp.rules)
 * 1:4650 <-> DISABLED <-> SERVER-WEBAPP cacti graph_image.php access (server-webapp.rules)
 * 1:834 <-> DISABLED <-> SERVER-WEBAPP rwwwshell.pl access (server-webapp.rules)
 * 1:25326 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit java exploit retrieval (exploit-kit.rules)
 * 1:27570 <-> DISABLED <-> BROWSER-PLUGINS CEnroll.CEnroll.2 ActiveX function stringtoBinary access attempt (browser-plugins.rules)
 * 1:25954 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit SWF file download (exploit-kit.rules)
 * 1:27282 <-> DISABLED <-> BROWSER-PLUGINS PPMate PPMPlayer.dll ActiveX clsid access (browser-plugins.rules)
 * 1:26605 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules)
 * 1:25506 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit EOT file download (exploit-kit.rules)
 * 1:6274 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - Stubby (blacklist.rules)
 * 1:27175 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Socket ActiveX clsid access (browser-plugins.rules)
 * 1:27207 <-> DISABLED <-> BROWSER-PLUGINS SigPlus Pro ActiveX clsid access (browser-plugins.rules)
 * 1:25510 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit java exploit retrieval (exploit-kit.rules)
 * 1:835 <-> DISABLED <-> SERVER-WEBAPP test-cgi access (server-webapp.rules)
 * 1:872 <-> DISABLED <-> SERVER-WEBAPP tcsh access (server-webapp.rules)
 * 1:3062 <-> DISABLED <-> SERVER-WEBAPP NetScreen SA 5000 delhomepage.cgi access (server-webapp.rules)
 * 1:25097 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:2670 <-> DISABLED <-> SERVER-WEBAPP pgpmail.pl access (server-webapp.rules)
 * 1:839 <-> DISABLED <-> SERVER-WEBAPP finger access (server-webapp.rules)
 * 1:25327 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit pdf exploit retrieval (exploit-kit.rules)
 * 1:883 <-> DISABLED <-> SERVER-WEBAPP flexform access (server-webapp.rules)
 * 1:824 <-> DISABLED <-> SERVER-WEBAPP php.cgi access (server-webapp.rules)
 * 1:26183 <-> DISABLED <-> BROWSER-PLUGINS TRENDNet SecurView internet camera UltraMJCam ActiveX clsid access attempt (browser-plugins.rules)
 * 1:890 <-> DISABLED <-> SERVER-WEBAPP sendform.cgi access (server-webapp.rules)
 * 1:10128 <-> DISABLED <-> BROWSER-PLUGINS Aliplay ActiveX clsid access (browser-plugins.rules)
 * 1:894 <-> DISABLED <-> SERVER-WEBAPP bb-hist.sh access (server-webapp.rules)
 * 1:892 <-> DISABLED <-> SERVER-WEBAPP AnyForm2 access (server-webapp.rules)
 * 1:826 <-> DISABLED <-> SERVER-WEBAPP htmlscript access (server-webapp.rules)
 * 1:887 <-> DISABLED <-> SERVER-WEBAPP www-sql access (server-webapp.rules)
 * 1:889 <-> DISABLED <-> SERVER-WEBAPP ppdscgi.exe access (server-webapp.rules)
 * 1:895 <-> DISABLED <-> SERVER-WEBAPP redirect access (server-webapp.rules)
 * 1:2055 <-> DISABLED <-> SERVER-WEBAPP Bugtraq enter_bug.cgi access (server-webapp.rules)
 * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:20582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:2076 <-> DISABLED <-> SERVER-WEBAPP Mambo uploadimage.php access (server-webapp.rules)
 * 1:2077 <-> DISABLED <-> SERVER-WEBAPP Mambo upload.php access (server-webapp.rules)
 * 1:2078 <-> DISABLED <-> SERVER-WEBAPP phpBB privmsg.php access (server-webapp.rules)
 * 1:2085 <-> DISABLED <-> SERVER-WEBAPP parse_xml.cgi access (server-webapp.rules)
 * 1:20988 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ZmEu - vulnerability scanner (blacklist.rules)
 * 1:2105 <-> DISABLED <-> PROTOCOL-IMAP authenticate literal overflow attempt (protocol-imap.rules)
 * 1:21060 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Administrator console site injection attempt (server-webapp.rules)
 * 1:21065 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Edituser cross site scripting attempt (server-webapp.rules)
 * 1:21066 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Systemdashboard cross site scripting attempt (server-webapp.rules)
 * 1:21067 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager TOC_simple cross site scripting attempt (server-webapp.rules)
 * 1:2116 <-> DISABLED <-> SERVER-WEBAPP chipcfg.cgi access (server-webapp.rules)
 * 1:21175 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string Win32 Amti (blacklist.rules)
 * 1:21225 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string Flag (blacklist.rules)
 * 1:2127 <-> DISABLED <-> SERVER-WEBAPP ikonboard.cgi access (server-webapp.rules)
 * 1:2128 <-> DISABLED <-> SERVER-WEBAPP swsrv.cgi access (server-webapp.rules)
 * 1:21380 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string - QvodDown (blacklist.rules)
 * 1:2140 <-> DISABLED <-> SERVER-WEBAPP p-news.php access (server-webapp.rules)
 * 1:2144 <-> DISABLED <-> SERVER-WEBAPP b2 cafelog gm-2-b2.php access (server-webapp.rules)
 * 1:21465 <-> DISABLED <-> SERVER-WEBAPP HTTP response splitting attempt (server-webapp.rules)
 * 1:2149 <-> DISABLED <-> SERVER-WEBAPP Turba status.php access (server-webapp.rules)
 * 1:2150 <-> DISABLED <-> SERVER-WEBAPP ttCMS header.php remote file include attempt (server-webapp.rules)
 * 1:21517 <-> DISABLED <-> SERVER-WEBAPP JBoss admin-console access (server-webapp.rules)
 * 1:2152 <-> DISABLED <-> SERVER-WEBAPP test.php access (server-webapp.rules)
 * 1:2155 <-> DISABLED <-> SERVER-WEBAPP ttforum remote file include attempt (server-webapp.rules)
 * 1:21761 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21762 <-> DISABLED <-> SERVER-WEBAPP Youngzsoft CMailServer CMailCOM Buffer Overflow attempt (server-webapp.rules)
 * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules)
 * 1:2194 <-> DISABLED <-> SERVER-WEBAPP CSMailto.cgi access (server-webapp.rules)
 * 1:2195 <-> DISABLED <-> SERVER-WEBAPP alert.cgi access (server-webapp.rules)
 * 1:2196 <-> DISABLED <-> SERVER-WEBAPP catgy.cgi access (server-webapp.rules)
 * 1:2197 <-> DISABLED <-> SERVER-WEBAPP cvsview2.cgi access (server-webapp.rules)
 * 1:2198 <-> DISABLED <-> SERVER-WEBAPP cvslog.cgi access (server-webapp.rules)
 * 1:2199 <-> DISABLED <-> SERVER-WEBAPP multidiff.cgi access (server-webapp.rules)
 * 1:2200 <-> DISABLED <-> SERVER-WEBAPP dnewsweb.cgi access (server-webapp.rules)
 * 1:22000 <-> DISABLED <-> MALWARE-CNC Worm.VB.amna outbound connection A (malware-cnc.rules)
 * 1:2201 <-> DISABLED <-> SERVER-WEBAPP Matt Wright download.cgi access (server-webapp.rules)
 * 1:2202 <-> DISABLED <-> SERVER-WEBAPP Webmin Directory edit_action.cgi access (server-webapp.rules)
 * 1:2203 <-> DISABLED <-> SERVER-WEBAPP Leif M. Wright everythingform.cgi access (server-webapp.rules)
 * 1:2204 <-> DISABLED <-> SERVER-WEBAPP EasyBoard 2000 ezadmin.cgi access (server-webapp.rules)
 * 1:2205 <-> DISABLED <-> SERVER-WEBAPP EasyBoard 2000 ezboard.cgi access (server-webapp.rules)
 * 1:2206 <-> DISABLED <-> SERVER-WEBAPP EasyBoard 2000 ezman.cgi access (server-webapp.rules)
 * 1:2207 <-> DISABLED <-> SERVER-WEBAPP FileSeek fileseek.cgi access (server-webapp.rules)
 * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules)
 * 1:2208 <-> DISABLED <-> SERVER-WEBAPP Faq-O-Matic fom.cgi access (server-webapp.rules)
 * 1:2209 <-> DISABLED <-> SERVER-WEBAPP Infonautics getdoc.cgi access (server-webapp.rules)
 * 1:2210 <-> DISABLED <-> SERVER-WEBAPP Multiple Vendors global.cgi access (server-webapp.rules)
 * 1:2211 <-> DISABLED <-> SERVER-WEBAPP Lars Ellingsen guestserver.cgi access (server-webapp.rules)
 * 1:2212 <-> DISABLED <-> SERVER-WEBAPP cgiCentral WebStore imageFolio.cgi access (server-webapp.rules)
 * 1:2213 <-> DISABLED <-> SERVER-WEBAPP Oatmeal Studios Mail File mailfile.cgi access (server-webapp.rules)
 * 1:2214 <-> DISABLED <-> SERVER-WEBAPP 3R Soft MailStudio 2000 mailview.cgi access (server-webapp.rules)
 * 1:2215 <-> DISABLED <-> SERVER-WEBAPP Alabanza Control Panel nsManager.cgi access (server-webapp.rules)
 * 1:2216 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail readmail.cgi access (server-webapp.rules)
 * 1:2217 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail printmail.cgi access (server-webapp.rules)
 * 1:2218 <-> DISABLED <-> SERVER-WEBAPP Oracle Cobalt RaQ service.cgi access (server-webapp.rules)
 * 1:2219 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan VirusWall setpasswd.cgi access (server-webapp.rules)
 * 1:2220 <-> DISABLED <-> SERVER-WEBAPP Leif M. Wright simplestmail.cgi access (server-webapp.rules)
 * 1:2221 <-> DISABLED <-> SERVER-WEBAPP cgiCentral WebStore ws_mail.cgi access (server-webapp.rules)
 * 1:2222 <-> DISABLED <-> SERVER-WEBAPP Infinity CGI exploit scanner nph-exploitscanget.cgi access (server-webapp.rules)
 * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules)
 * 1:2224 <-> DISABLED <-> SERVER-WEBAPP Psunami Bulletin Board psunami.cgi access (server-webapp.rules)
 * 1:2225 <-> DISABLED <-> SERVER-WEBAPP Linksys BEFSR41 gozila.cgi access (server-webapp.rules)
 * 1:2226 <-> DISABLED <-> SERVER-WEBAPP pmachine remote file include attempt (server-webapp.rules)
 * 1:2228 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin db_details_importdocsql.php access (server-webapp.rules)
 * 1:2231 <-> DISABLED <-> SERVER-WEBAPP register.dll access (server-webapp.rules)
 * 1:2232 <-> DISABLED <-> SERVER-WEBAPP ContentFilter.dll access (server-webapp.rules)
 * 1:2233 <-> DISABLED <-> SERVER-WEBAPP SFNofitication.dll access (server-webapp.rules)
 * 1:2234 <-> DISABLED <-> SERVER-WEBAPP TOP10.dll access (server-webapp.rules)
 * 1:2235 <-> DISABLED <-> SERVER-WEBAPP SpamExcp.dll access (server-webapp.rules)
 * 1:2236 <-> DISABLED <-> SERVER-WEBAPP spamrule.dll access (server-webapp.rules)
 * 1:2237 <-> DISABLED <-> SERVER-WEBAPP cgiWebupdate.exe access (server-webapp.rules)
 * 1:2238 <-> DISABLED <-> SERVER-WEBAPP WebLogic ConsoleHelp view source attempt (server-webapp.rules)
 * 1:2239 <-> DISABLED <-> SERVER-WEBAPP redirect.exe access (server-webapp.rules)
 * 1:2240 <-> DISABLED <-> SERVER-WEBAPP changepw.exe access (server-webapp.rules)
 * 1:2241 <-> DISABLED <-> SERVER-WEBAPP cwmail.exe access (server-webapp.rules)
 * 1:2242 <-> DISABLED <-> SERVER-WEBAPP ddicgi.exe access (server-webapp.rules)
 * 1:2243 <-> DISABLED <-> SERVER-WEBAPP ndcgi.exe access (server-webapp.rules)
 * 1:2244 <-> DISABLED <-> SERVER-WEBAPP VsSetCookie.exe access (server-webapp.rules)
 * 1:2245 <-> DISABLED <-> SERVER-WEBAPP Webnews.exe access (server-webapp.rules)
 * 1:2246 <-> DISABLED <-> SERVER-WEBAPP webadmin.dll access (server-webapp.rules)
 * 1:2276 <-> DISABLED <-> SERVER-WEBAPP oracle portal demo access (server-webapp.rules)
 * 1:2277 <-> DISABLED <-> SERVER-WEBAPP PeopleSoft PeopleBooks psdoccgi access (server-webapp.rules)
 * 1:2279 <-> DISABLED <-> SERVER-WEBAPP UpdateClasses.php access (server-webapp.rules)
 * 1:2280 <-> DISABLED <-> SERVER-WEBAPP Title.php access (server-webapp.rules)
 * 1:2281 <-> DISABLED <-> SERVER-WEBAPP Setup.php access (server-webapp.rules)
 * 1:2282 <-> DISABLED <-> SERVER-WEBAPP GlobalFunctions.php access (server-webapp.rules)
 * 1:2283 <-> DISABLED <-> SERVER-WEBAPP DatabaseFunctions.php access (server-webapp.rules)
 * 1:2285 <-> DISABLED <-> SERVER-WEBAPP rolis guestbook access (server-webapp.rules)
 * 1:2286 <-> DISABLED <-> SERVER-WEBAPP friends.php access (server-webapp.rules)
 * 1:2287 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_comment.php access (server-webapp.rules)
 * 1:2288 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_edit.php access (server-webapp.rules)
 * 1:2289 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_embed.php access (server-webapp.rules)
 * 1:2290 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_help.php access (server-webapp.rules)
 * 1:2291 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_license.php access (server-webapp.rules)
 * 1:2292 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_logout.php access (server-webapp.rules)
 * 1:2293 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_password.php access (server-webapp.rules)
 * 1:2294 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_preview.php access (server-webapp.rules)
 * 1:2295 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_settings.php access (server-webapp.rules)
 * 1:2296 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_stats.php access (server-webapp.rules)
 * 1:2297 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_templates_misc.php access (server-webapp.rules)
 * 1:2298 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_templates.php access (server-webapp.rules)
 * 1:2299 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_tpl_misc_new.php access (server-webapp.rules)
 * 1:2300 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_tpl_new.php access (server-webapp.rules)
 * 1:2301 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll booth.php access (server-webapp.rules)
 * 1:2302 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll poll_ssi.php access (server-webapp.rules)
 * 1:2304 <-> DISABLED <-> SERVER-WEBAPP files.inc.php access (server-webapp.rules)
 * 1:2305 <-> DISABLED <-> SERVER-WEBAPP chatbox.php access (server-webapp.rules)
 * 1:2323 <-> DISABLED <-> SERVER-WEBAPP iSoft-Solutions QuickStore shopping cart quickstore.cgi access (server-webapp.rules)
 * 1:2327 <-> DISABLED <-> SERVER-WEBAPP bsml.pl access (server-webapp.rules)
 * 1:2328 <-> DISABLED <-> SERVER-WEBAPP authentication_index.php access (server-webapp.rules)
 * 1:2331 <-> DISABLED <-> SERVER-WEBAPP MatrikzGB privilege escalation attempt (server-webapp.rules)
 * 1:23405 <-> DISABLED <-> SERVER-WEBAPP PHP-Nuke index.php SQL injection attempt (server-webapp.rules)
 * 1:23406 <-> DISABLED <-> SERVER-WEBAPP PHP-Nuke index.php SQL injection attempt (server-webapp.rules)
 * 1:2346 <-> DISABLED <-> SERVER-WEBAPP myPHPNuke chatheader.php access (server-webapp.rules)
 * 1:2347 <-> DISABLED <-> SERVER-WEBAPP myPHPNuke partner.php access (server-webapp.rules)
 * 1:23616 <-> DISABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules)
 * 1:23619 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch broken (exploit-kit.rules)
 * 1:2363 <-> DISABLED <-> SERVER-WEBAPP Cyboards default_header.php access (server-webapp.rules)
 * 1:2364 <-> DISABLED <-> SERVER-WEBAPP Cyboards options_form.php access (server-webapp.rules)
 * 1:2369 <-> DISABLED <-> SERVER-WEBAPP ISAPISkeleton.dll access (server-webapp.rules)
 * 1:2370 <-> DISABLED <-> SERVER-WEBAPP BugPort config.conf file access (server-webapp.rules)
 * 1:2372 <-> DISABLED <-> SERVER-WEBAPP Photopost PHP Pro showphoto.php access (server-webapp.rules)
 * 1:2388 <-> DISABLED <-> SERVER-WEBAPP Apple QuickTime streaming server view_broadcast.cgi access (server-webapp.rules)
 * 1:2393 <-> DISABLED <-> SERVER-WEBAPP /_admin access (server-webapp.rules)
 * 1:2395 <-> DISABLED <-> SERVER-WEBAPP InteractiveQuery.jsp access (server-webapp.rules)
 * 1:23964 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules)
 * 1:23965 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules)
 * 1:2397 <-> DISABLED <-> SERVER-WEBAPP CCBill whereami.cgi access (server-webapp.rules)
 * 1:2399 <-> DISABLED <-> SERVER-WEBAPP WAnewsletter db_type.php access (server-webapp.rules)
 * 1:2400 <-> DISABLED <-> SERVER-WEBAPP edittag.pl access (server-webapp.rules)
 * 1:2405 <-> DISABLED <-> SERVER-WEBAPP phptest.php access (server-webapp.rules)
 * 1:2407 <-> DISABLED <-> SERVER-WEBAPP util.pl access (server-webapp.rules)
 * 1:2410 <-> DISABLED <-> SERVER-WEBAPP IGeneric Free Shopping Cart page.php access (server-webapp.rules)
 * 1:24113 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 ieframe.dll ActiveX clsid access (browser-plugins.rules)
 * 1:24156 <-> DISABLED <-> FILE-IDENTIFY .rtx file download request (file-identify.rules)
 * 1:24204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules)
 * 1:24205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules)
 * 1:24307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules)
 * 1:24308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules)
 * 1:24340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab initial CNC connection (malware-cnc.rules)
 * 1:24341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound communication (malware-cnc.rules)
 * 1:24368 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign phone-home (malware-cnc.rules)
 * 1:24375 <-> ENABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound communication (malware-cnc.rules)
 * 1:24385 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Tracur variant outbound communication (malware-cnc.rules)
 * 1:24408 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules)
 * 1:24409 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules)
 * 1:24410 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules)
 * 1:24411 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules)
 * 1:2447 <-> DISABLED <-> SERVER-WEBAPP ServletManager access (server-webapp.rules)
 * 1:2448 <-> DISABLED <-> SERVER-WEBAPP setinfo.hts access (server-webapp.rules)
 * 1:24482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules)
 * 1:24495 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24497 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24514 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules)
 * 1:24563 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules)
 * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24583 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24584 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:24585 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24591 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24592 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24600 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24601 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24602 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24603 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24604 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24605 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24606 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24607 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24609 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24610 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24611 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24612 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24613 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24614 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24615 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24616 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24617 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24618 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24619 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24620 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24621 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24622 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:24643 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX function call access (browser-plugins.rules)
 * 1:24644 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules)
 * 1:24645 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules)
 * 1:24646 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET exetension ActiveX clsid access (browser-plugins.rules)
 * 1:24648 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:24689 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX function call access (browser-plugins.rules)
 * 1:24690 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules)
 * 1:24691 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules)
 * 1:24692 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET exetension ActiveX clsid access (browser-plugins.rules)
 * 1:24708 <-> DISABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules)
 * 1:24723 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX clsid access (browser-plugins.rules)
 * 1:24724 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX function call access (browser-plugins.rules)
 * 1:24725 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX clsid access (browser-plugins.rules)
 * 1:24726 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX function call access (browser-plugins.rules)
 * 1:24727 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice arbitrary file deletion attempt (server-webapp.rules)
 * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules)
 * 1:24775 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX function call access (browser-plugins.rules)
 * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules)
 * 1:24777 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX function call access (browser-plugins.rules)
 * 1:24780 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit - PDF Exploit (exploit-kit.rules)
 * 1:24783 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit 32-bit font file download (exploit-kit.rules)
 * 1:24799 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules)
 * 1:24800 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules)
 * 1:24801 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager Express asset.getmimetype sql injection attempt (server-webapp.rules)
 * 1:2484 <-> DISABLED <-> SERVER-WEBAPP source.jsp access (server-webapp.rules)
 * 1:24900 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:24908 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL user enumeration attempt (server-mysql.rules)
 * 1:24913 <-> ENABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules)
 * 1:24914 <-> ENABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules)
 * 1:24957 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24958 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24959 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24960 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24961 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24962 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:24963 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectPlay ActiveX clsid access (browser-plugins.rules)
 * 1:25004 <-> DISABLED <-> BROWSER-PLUGINS ClearQuest session stack corruption attempt (browser-plugins.rules)
 * 1:25005 <-> DISABLED <-> BROWSER-PLUGINS ClearQuest session stack corruption attempt (browser-plugins.rules)
 * 1:25018 <-> ENABLED <-> BLACKLIST Connection to malware sinkhole (blacklist.rules)
 * 1:25056 <-> DISABLED <-> EXPLOIT-KIT Cool Exploit Kit 32-bit font file download (exploit-kit.rules)
 * 1:25071 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.Macnsed variant outbound connection (malware-cnc.rules)
 * 1:25072 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules)
 * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules)
 * 1:25074 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25084 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25085 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25086 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25087 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25088 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25089 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25090 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)
 * 1:25091 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules)