Sourcefire SEU Update for Sourcefire 3D System

Date: 2014-08-28

This SEU number: 1162
Previous SEU number: 1160
Corresponding SRU number: 2014-08-27-002

Applies to:

SEU Change Summary:

ComponentChange
Total new rules22
Total rule modifications13
Policy changeYes
Online help changeNo
Detection Engine changeNo
User Interface changeNo

Note: SEU packages are cumulative. The installation of prior SEU packages is not required before installing the current package.

WARNING: The time taken to install the latest SEU will depend on the last time the 3D System was updated with an SEU. Installing SEUs weekly can help lessen the installation time. Additionally, SEUs require 50 Megabytes of free space in /tmp and 250 Megabytes of free space in /var to install successfully.

Synopsis:

This release adds and modifies rules in several categories.

Details:

The VRT has added and modified multiple rules in the blacklist, browser-ie, browser-other, browser-plugins, exploit-kit, file-executable, file-flash, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-shellcode, malware-cnc, malware-other, netbios, os-linux, os-other, os-windows, policy-social, protocol-dns, protocol-icmp, protocol-nntp, protocol-snmp, protocol-voip, pua-p2p, server-apache, server-iis, server-mail, server-mysql, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.

SEU Summary:

Cumulative SEU Release Notes:

SEU packages are cumulative. The installation of prior SEU packages is not required before installing the current package. However, because SEUs are cumulative, issues identified in previous SEUs can require your attention when you import the current SEU. To review a cumulative list of recent feature updates and resolved issues since the last SEU you imported, view the Cumulative SEU Release Notes here.

SEU Application:

SEU installation instructions can be found in the Cumulative SEU Release Notes on the Sourcefire Customer Support Site and in your Sourcefire 3D System user guide.

For Assistance:

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.