Cisco Talos Update for FireSIGHT Management Center

Date: 2018-09-27

This SRU number: 2018-09-26-001
Previous SRU number: 2018-09-24-001

Applies to:

This SEU number: 1914
Previous SEU: 1913

Applies to:

This is the complete list of rules added in SRU 2018-09-26-001 and SEU 1914.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
147895BROWSER-PLUGINSTor Browser 7.x NoScript secure mode bypass attemptoffoffoffoff
147896SERVER-OTHERAlt-N MDaemon buffer overflow attemptoffoffoffoff
147897SERVER-OTHERAlt-N MDaemon buffer overflow attemptoffoffoffoff
147898MALWARE-CNCWin.Trojan.OilRig variant outbound connectionoffdropdropdrop
147899MALWARE-CNCWin.Trojan.OilRig variant outbound connectionoffdropdropdrop
147900MALWARE-CNCWin.Trojan.OilRig variant outbound connectionoffdropdropdrop
147901MALWARE-CNCWin.Trojan.CobInt outbound connectionoffdropdropdrop
147902MALWARE-CNCWin.Trojan.CobInt outbound connectionoffdropdropdrop
147903MALWARE-CNCWin.Trojan.CobInt outbound connectionoffdropdropdrop
147904MALWARE-CNCWin.Trojan.CobInt outbound connectionoffdropdropdrop
147905MALWARE-CNCWin.Trojan.CobInt outbound connectionoffdropdropdrop
147906MALWARE-CNCWin.Trojan.CobInt outbound connectionoffdropdropdrop
147907FILE-IMAGEAdobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attemptoffoffoffoff
147908FILE-IMAGEAdobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attemptoffoffoffoff
147909FILE-IMAGEAdobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attemptoffoffoffoff
147910FILE-IMAGEAdobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attemptoffoffoffoff
147911FILE-IMAGEAdobe Acrobat Reader EMF file JPEG Huffman table heap overflow attemptoffoffdropdrop
147912FILE-IMAGEAdobe Acrobat Reader EMF file JPEG Huffman table heap overflow attemptoffoffdropdrop
147913POLICY-OTHERMagecart redirect page detectedoffdropdropdrop
147914POLICY-OTHERMagecart js page injection attemptoffdropdropdrop
147915POLICY-OTHERMagecart js page injection attemptoffdropdropdrop
347917FILE-OTHERTRUFFLEHUNTER TALOS-2018-0682 attack attemptoffoffdropdrop
347918FILE-OTHERTRUFFLEHUNTER TALOS-2018-0682 attack attemptoffoffdropdrop
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
347893SERVER-WEBAPPCisco IOS XE Web UI denial of service attemptoffoffdropdrop
347894SERVER-WEBAPPCisco IOS XE Web UI denial of service attemptoffoffdropdrop
347916SERVER-WEBAPPCisco IOS XE denial of service attemptoffoffdropdrop
347919PROTOCOL-VOIPCisco IOS XE NAT SIP application layer gateway denial of service attemptoffoffoffdrop

There are no modified rules in this release.