* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2016-03-08-001
Previous SRU number: 2016-03-07-001
Applies to:
This SEU number: 1445
Previous SEU: 1444
Applies to:
This is the complete list of rules added in SRU 2016-03-08-001 and SEU 1445.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 38131 | SERVER-WEBAPP | Netgear ProSafe NMS image.do directory traversal attempt | off | off | off |
1 | 38132 | SERVER-WEBAPP | Netgear ProSafe NMS image.do directory traversal attempt | off | off | off |
1 | 38133 | EXPLOIT-KIT | Angler exploit kit gate redirector | off | off | drop |
1 | 38134 | MALWARE-CNC | known malicious SSL certificate - Win.Trojan.Adwind | off | drop | drop |
3 | 38137 | SERVER-OTHER | Cisco DPC2203 arbitrary code execution attempt | off | off | drop |
3 | 38138 | SERVER-OTHER | Cisco DPQ3925 denial of service attempt | off | off | drop |
3 | 38139 | SERVER-OTHER | Cisco DPQ3939 denial of service attempt | off | off | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 38135 | BROWSER-OTHER | Apple iOS CoreGraphics library PDF embedded image handling information leak attempt | off | off | off |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 38130 | POLICY-OTHER | HTTP Request missing user-agent | off | off | off |
1 | 38136 | SERVER-MAIL | excessive email recipients - potential spam attempt | off | off | off |
Updated rules can be found at this link.