* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2016-02-04-001
Previous SRU number: 2016-02-01-001
Applies to:
This SEU number: 1418
Previous SEU: 1416
Applies to:
This is the complete list of rules added in SRU 2016-02-04-001 and SEU 1418.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 37528 | EXPLOIT-KIT | Nuclear exploit kit outbound uri request attempt | off | drop | drop |
1 | 37529 | EXPLOIT-KIT | Nuclear exploit kit iframe injection attempt | off | drop | drop |
1 | 37534 | MALWARE-CNC | Win.Trojan.Sality variant outbound connection | off | drop | drop |
1 | 37535 | MALWARE-CNC | Win.Trojan.Derusbi outbound connection | off | off | drop |
1 | 37536 | MALWARE-CNC | Win.Trojan.Derusbi outbound connection | off | off | drop |
1 | 37537 | BROWSER-PLUGINS | Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt | off | off | drop |
1 | 37538 | BROWSER-PLUGINS | Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt | off | off | drop |
1 | 37539 | BROWSER-PLUGINS | Siemens Solid Edge WebPartHelper ActiveX clsid access attempt | off | off | drop |
1 | 37540 | BROWSER-PLUGINS | Siemens Solid Edge WebPartHelper ActiveX clsid access attempt | off | off | drop |
1 | 37541 | BROWSER-PLUGINS | Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt | off | off | drop |
1 | 37542 | BROWSER-PLUGINS | Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt | off | off | drop |
1 | 37543 | BROWSER-PLUGINS | Siemens Solid Edge WebPartHelper ActiveX clsid access attempt | off | off | drop |
1 | 37544 | BROWSER-PLUGINS | Siemens Solid Edge WebPartHelper ActiveX clsid access attempt | off | off | drop |
1 | 37545 | POLICY-OTHER | Netcore/Netis firmware hard-coded backdoor account access attempt | off | off | off |
1 | 37547 | SERVER-WEBAPP | eClinicalWorks portalUserService.jsp SQL injection attempt | off | off | drop |
1 | 37548 | EXPLOIT-KIT | Malicious iFrame redirection injection attempt | off | drop | drop |
1 | 37549 | EXPLOIT-KIT | Malicious iFrame injection outbound URI request attempt | off | off | drop |
1 | 37550 | EXPLOIT-KIT | Nuclear landing page detected | off | drop | drop |
1 | 37551 | EXPLOIT-KIT | Nuclear landing page detected | off | drop | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 37530 | FILE-PDF | Adobe Acrobat Reader pdfshell preview mode - possible denial of service attempt | off | drop | drop |
1 | 37531 | FILE-PDF | Adobe Acrobat Reader pdfshell preview mode - possible denial of service attempt | off | drop | drop |
1 | 37532 | FILE-PDF | Adobe Acrobat Reader pdfshell preview mode - possible denial of service attempt | off | drop | drop |
1 | 37533 | FILE-PDF | Adobe Acrobat Reader pdfshell preview mode - possible denial of service attempt | off | drop | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 37546 | SERVER-OTHER | Veritas NetBackup Volume Manager connection attempt | off | off | off |
Updated rules can be found at this link.