Cisco Talos Update for FireSIGHT Management Center

Date: 2019-04-18

This SRU number: 2019-04-17-001
Previous SRU number: 2019-04-15-001

Applies to:

This SEU number: 2001
Previous SEU: 2000

Applies to:

This is the complete list of rules added in SRU 2019-04-17-001 and SEU 2001.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
349852FILE-OFFICETRUFFLEHUNTER TALOS-2019-0805 attack attemptoffoffoffdrop
349853FILE-OFFICETRUFFLEHUNTER TALOS-2019-0805 attack attemptoffoffoffdrop
349856FILE-OTHERTRUFFLEHUNTER TALOS-2019-0801 attack attemptoffoffoffdrop
349857FILE-OTHERTRUFFLEHUNTER TALOS-2019-0801 attack attemptoffoffoffdrop
349859SERVER-WEBAPPCisco Wireless LAN Controller cross site request forgery attemptoffoffdropdrop
149860POLICY-OTHERTP-Link TL-WA850RE remote reboot attemptoffoffoffoff
149861SERVER-WEBAPPMicrosoft SharePoint EntityInstanceIdEncoder remote code execution attemptoffdropdropdrop
149862BROWSER-IEMicrosoft Internet Explorer eval type confusion attemptoffoffoffdrop
149863BROWSER-IEMicrosoft Internet Explorer eval type confusion attemptoffoffoffdrop
149864FILE-OTHERMultiple Products XML external entity information disclosure attemptoffoffoffoff
149868BROWSER-IEMicrosoft Edge SIMD memory corruption attemptoffoffoffdrop
149869BROWSER-IEMicrosoft Edge SIMD memory corruption attemptoffoffoffdrop
149870BROWSER-IEMicrosoft Internet Explorer CQuotes use-after-free attemptoffoffoffdrop
149871BROWSER-IEMicrosoft Internet Explorer CQuotes use-after-free attemptoffoffoffdrop
149873BROWSER-PLUGINSIBM iNotes version 9 ActiveX clsid accessoffoffoffdrop
149874BROWSER-PLUGINSIBM iNotes version 9 ActiveX clsid accessoffoffoffdrop
149875BROWSER-PLUGINSIBM iNotes version 9 ActiveX clsid accessoffoffoffdrop
149876BROWSER-PLUGINSIBM iNotes version 9 ActiveX clsid accessoffoffoffdrop
149877BROWSER-PLUGINSIBM iNotes version 9 ActiveX clsid accessoffoffoffdrop
149878BROWSER-PLUGINSIBM iNotes version 9 ActiveX clsid accessoffoffoffdrop
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
349854PROTOCOL-OTHERTRUFFLEHUNTER TALOS-2019-0803 attack attemptoffoffoffdrop
349855PROTOCOL-OTHERTRUFFLEHUNTER TALOS-2019-0803 attack attemptoffoffoffdrop
349858PROTOCOL-VOIPCisco VCS exponential XML entity expansion attack attemptoffoffdropdrop
149865FILE-OTHERMultiple Products XML external entity information disclosure attemptoffoffdropdrop
349866SERVER-WEBAPPCisco Wireless LAN Controller denial of service attemptoffoffdropdrop
349867SERVER-WEBAPPCisco Wireless LAN Controller denial of service attemptoffoffdropdrop
149872SERVER-OTHERDrager X-Dock dxmanager denial of service attemptoffoffoffoff
349879SERVER-OTHERCisco Wireless LAN Controller IAPP message denial of service attemptoffoffdropdrop
149880SERVER-OTHERCorosync 2.3+ with sha1 integer overflow attempt detectedoffoffoffoff
149881SERVER-OTHERCorosync 2.3+ with md5 integer overflow attempt detectedoffoffoffoff
149882SERVER-OTHERCorosync 2.3+ with sha256 integer overflow attempt detectedoffoffoffoff
149883SERVER-OTHERCorosync 2.3+ with sha384 integer overflow attempt detectedoffoffoffoff
149884SERVER-OTHERCorosync 2.3+ with sha512 integer overflow attempt detectedoffoffoffoff

Updated Rules:

Updated rules can be found at this link.