This SRU number: 2020-01-13-001
Previous SRU number: 2020-01-08-001
Applies to:
This SEU number: 2110
Previous SEU: 2109
Applies to:
This is the complete list of rules added in SRU 2020-01-13-001 and SEU 2110.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 52584 | EXPLOIT-KIT | BottleEK landing page detected | off | drop | drop | drop |
| 1 | 52585 | EXPLOIT-KIT | BottleEK variant outbound connection | off | drop | drop | drop |
| 1 | 52586 | EXPLOIT-KIT | BottleEK variant outbound connection | off | off | drop | drop |
| 1 | 52587 | EXPLOIT-KIT | BottleEK landing page detected | off | drop | drop | drop |
| 1 | 52588 | MALWARE-CNC | Unix.Trojan.Mirai Enigma NMS command injection attempt | off | drop | drop | drop |
| 1 | 52589 | SERVER-WEBAPP | Enigma NMS command injection attempt | off | off | drop | drop |
| 1 | 52590 | SERVER-WEBAPP | Enigma NMS command injection attempt | off | off | drop | drop |
| 1 | 52591 | SERVER-WEBAPP | Enigma NMS command injection attempt | off | off | drop | drop |
| 1 | 52592 | SERVER-WEBAPP | Enigma NMS command injection attempt | off | off | drop | drop |
| 1 | 52597 | BROWSER-WEBKIT | Apple Safari Webkit css title memory corruption attempt | off | off | off | drop |
| 1 | 52598 | BROWSER-WEBKIT | Apple Safari Webkit css title memory corruption attempt | off | off | off | drop |
| 1 | 52599 | BROWSER-IE | Microsoft Edge scripting engine memory corruption attempt | off | off | off | drop |
| 1 | 52600 | BROWSER-IE | Microsoft Edge scripting engine memory corruption attempt | off | off | off | drop |
| 1 | 52601 | BROWSER-CHROME | Google V8 engine type confusion attempt | off | drop | drop | drop |
| 1 | 52602 | BROWSER-CHROME | Google V8 engine type confusion attempt | off | drop | drop | drop |
| 1 | 52603 | SERVER-WEBAPP | Citrix ADC and Gateway arbitrary code execution attempt | off | drop | drop | drop |
| 1 | 52604 | OS-WINDOWS | Microsoft Windows clfs.sys local privilege escalation attempt | off | drop | drop | drop |
| 1 | 52605 | OS-WINDOWS | Microsoft Windows clfs.sys local privilege escalation attempt | off | drop | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 52593 | OS-WINDOWS | Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt | off | off | drop | drop |
| 1 | 52594 | OS-WINDOWS | Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt | off | off | drop | drop |
| 1 | 52595 | OS-WINDOWS | Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt | off | off | drop | drop |
| 1 | 52596 | OS-WINDOWS | Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt | off | off | drop | drop |
Updated rules can be found at this link.