This SRU number: 2019-02-21-001
Previous SRU number: 2019-02-18-001
Applies to:
This SEU number: 1977
Previous SEU: 1975
Applies to:
This is the complete list of rules added in SRU 2019-02-21-001 and SEU 1977.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 49239 | SERVER-WEBAPP | Exhibitor for ZooKeeper javaEnvironment command injection attempt | off | off | drop | drop |
| 3 | 49240 | SERVER-WEBAPP | Cisco Prime Collaboration Assurance unauthorized access attempt | off | off | drop | drop |
| 1 | 49242 | FILE-OTHER | Adobe Acrobat PostScript parsing type confusion attempt | off | off | drop | drop |
| 1 | 49243 | FILE-OTHER | Adobe Acrobat PostScript parsing type confusion attempt | off | off | drop | drop |
| 1 | 49244 | FILE-OTHER | Adobe Acrobat PostScript parsing arbitrary code execution attempt | off | off | drop | drop |
| 1 | 49245 | FILE-OTHER | Adobe Acrobat PostScript parsing arbitrary code execution attempt | off | off | drop | drop |
| 1 | 49246 | FILE-OTHER | Adobe Acrobat JavaScript engine security bypass attempt | off | drop | drop | drop |
| 1 | 49247 | FILE-OTHER | Adobe Acrobat JavaScript engine security bypass attempt | off | drop | drop | drop |
| 1 | 49250 | FILE-PDF | Adobe Acrobat Pro out of bounds write attempt | off | drop | drop | drop |
| 1 | 49251 | FILE-PDF | Adobe Acrobat Pro out of bounds write attempt | off | drop | drop | drop |
| 1 | 49252 | SERVER-OTHER | HP iNode Management Center iNodeMngChecker buffer overflow attempt | off | off | off | off |
| 1 | 49253 | FILE-OFFICE | Microsoft Office Word styleWithEffects use-after-free attempt | off | off | off | off |
| 1 | 49254 | FILE-OFFICE | Microsoft Office Word styleWithEffects use-after-free attempt | off | off | off | off |
| 1 | 49255 | FILE-JAVA | Oracle Java ImagingLib buffer overflow attempt | off | drop | drop | drop |
| 1 | 49256 | FILE-JAVA | Oracle Java ImagingLib buffer overflow attempt | off | drop | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 49237 | FILE-OTHER | TRUFFLEHUNTER TALOS-2019-0781 attack attempt | off | off | drop | drop |
| 3 | 49238 | FILE-OTHER | TRUFFLEHUNTER TALOS-2019-0781 attack attempt | off | off | drop | drop |
| 3 | 49241 | PROTOCOL-TFTP | Read Request directory traversal attempt | off | off | drop | drop |
| 1 | 49248 | SERVER-WEBAPP | WordPress login reconnaissance attempt | off | off | off | off |
| 1 | 49249 | SERVER-WEBAPP | WordPress login reconnaissance attempt | off | off | off | off |
Updated rules can be found at this link.