This SRU number: 2019-05-01-001
Previous SRU number: 2019-04-30-001
Applies to:
This SEU number: 2007
Previous SEU: 2006
Applies to:
This is the complete list of rules added in SRU 2019-05-01-001 and SEU 2007.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 49982 | POLICY-OTHER | TRUFFLEHUNTER TALOS-2019-0822 attack attempt | off | off | off | off |
| 3 | 49983 | POLICY-OTHER | TRUFFLEHUNTER TALOS-2019-0827 attack attempt | off | off | off | off |
| 1 | 49988 | BROWSER-IE | Microsoft Internet Explorer cdomuievent use after free attempt | off | off | off | drop |
| 1 | 49989 | BROWSER-IE | Microsoft Internet Explorer cdomuievent use after free attempt | off | off | off | drop |
| 1 | 49991 | SERVER-WEBAPP | WordPress WooCommerce Checkout Manager Plugin arbitrary PHP file upload attempt | off | off | drop | drop |
| 3 | 49992 | SERVER-WEBAPP | Cisco Web Security Appliance command injection attempt | off | off | drop | drop |
| 3 | 49993 | SERVER-WEBAPP | Cisco Web Security Appliance command injection attempt | off | off | drop | drop |
| 3 | 49994 | SERVER-WEBAPP | Cisco Web Security Appliance command injection attempt | off | off | drop | drop |
| 3 | 49995 | SERVER-WEBAPP | Cisco Web Security Appliance command injection attempt | off | off | drop | drop |
| 3 | 49997 | SERVER-WEBAPP | Cisco RV Series Routers session hijack attempt | off | off | drop | drop |
| 3 | 49998 | SERVER-WEBAPP | Cisco Adaptive Security Appliance admin command interface access attempt | off | off | drop | drop |
| 3 | 49999 | SERVER-WEBAPP | Cisco Adaptive Security Appliance admin command interface access attempt | off | off | drop | drop |
| 1 | 50001 | SERVER-OTHER | SAP NetWeaver Gateway arbitrary command execution attempt | off | off | drop | drop |
| 1 | 50002 | SERVER-OTHER | SAP NetWeaver Gateway arbitrary command execution attempt | off | off | drop | drop |
| 1 | 50003 | SERVER-OTHER | SAP NetWeaver Message Server RFC server registration attempt | off | off | drop | drop |
| 1 | 50004 | BROWSER-IE | Javascript CollectGarbage use-after-free attempt | off | off | off | drop |
| 1 | 50005 | BROWSER-IE | Javascript CollectGarbage use-after-free attempt | off | off | off | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 3 | 49990 | PROTOCOL-VOIP | Cisco IP Phone malformed SIP presence information data denial of service attempt | off | off | drop | drop |
| 3 | 49996 | SERVER-WEBAPP | Cisco ASA secure desktop login denial of service attempt | off | off | drop | drop |
| 3 | 50006 | SERVER-WEBAPP | Cisco Web Security Appliance proxy service buffer overflow attempt | off | off | off | drop |
| 3 | 50007 | SERVER-WEBAPP | Cisco ASA WebVPN expired session page direct access denial of service attempt | off | off | off | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 50000 | DELETED | this is a place holder 50000 | off | off | off | off |
Updated rules can be found at this link.