This SRU number: 2018-09-26-001
Previous SRU number: 2018-09-24-001
Applies to:
This SEU number: 1914
Previous SEU: 1913
Applies to:
This is the complete list of rules added in SRU 2018-09-26-001 and SEU 1914.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 47895 | BROWSER-PLUGINS | Tor Browser 7.x NoScript secure mode bypass attempt | off | off | off | off |
| 1 | 47896 | SERVER-OTHER | Alt-N MDaemon buffer overflow attempt | off | off | off | off |
| 1 | 47897 | SERVER-OTHER | Alt-N MDaemon buffer overflow attempt | off | off | off | off |
| 1 | 47898 | MALWARE-CNC | Win.Trojan.OilRig variant outbound connection | off | drop | drop | drop |
| 1 | 47899 | MALWARE-CNC | Win.Trojan.OilRig variant outbound connection | off | drop | drop | drop |
| 1 | 47900 | MALWARE-CNC | Win.Trojan.OilRig variant outbound connection | off | drop | drop | drop |
| 1 | 47901 | MALWARE-CNC | Win.Trojan.CobInt outbound connection | off | drop | drop | drop |
| 1 | 47902 | MALWARE-CNC | Win.Trojan.CobInt outbound connection | off | drop | drop | drop |
| 1 | 47903 | MALWARE-CNC | Win.Trojan.CobInt outbound connection | off | drop | drop | drop |
| 1 | 47904 | MALWARE-CNC | Win.Trojan.CobInt outbound connection | off | drop | drop | drop |
| 1 | 47905 | MALWARE-CNC | Win.Trojan.CobInt outbound connection | off | drop | drop | drop |
| 1 | 47906 | MALWARE-CNC | Win.Trojan.CobInt outbound connection | off | drop | drop | drop |
| 1 | 47907 | FILE-IMAGE | Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt | off | off | off | off |
| 1 | 47908 | FILE-IMAGE | Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt | off | off | off | off |
| 1 | 47909 | FILE-IMAGE | Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt | off | off | off | off |
| 1 | 47910 | FILE-IMAGE | Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt | off | off | off | off |
| 1 | 47911 | FILE-IMAGE | Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt | off | off | drop | drop |
| 1 | 47912 | FILE-IMAGE | Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt | off | off | drop | drop |
| 1 | 47913 | POLICY-OTHER | Magecart redirect page detected | off | drop | drop | drop |
| 1 | 47914 | POLICY-OTHER | Magecart js page injection attempt | off | drop | drop | drop |
| 1 | 47915 | POLICY-OTHER | Magecart js page injection attempt | off | drop | drop | drop |
| 3 | 47917 | FILE-OTHER | TRUFFLEHUNTER TALOS-2018-0682 attack attempt | off | off | drop | drop |
| 3 | 47918 | FILE-OTHER | TRUFFLEHUNTER TALOS-2018-0682 attack attempt | off | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 47893 | SERVER-WEBAPP | Cisco IOS XE Web UI denial of service attempt | off | off | drop | drop |
| 3 | 47894 | SERVER-WEBAPP | Cisco IOS XE Web UI denial of service attempt | off | off | drop | drop |
| 3 | 47916 | SERVER-WEBAPP | Cisco IOS XE denial of service attempt | off | off | drop | drop |
| 3 | 47919 | PROTOCOL-VOIP | Cisco IOS XE NAT SIP application layer gateway denial of service attempt | off | off | off | drop |
There are no modified rules in this release.