Talos has added and modified multiple rules in the file-office, file-other, malware-cnc, malware-other, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49080 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49076 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49071 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules) * 1:49079 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49049 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:49072 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant network share encryption attempt (malware-other.rules) * 1:49073 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49068 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules) * 1:49078 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49077 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49070 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules) * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules) * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49048 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49074 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49069 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules) * 1:49075 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
* 1:48785 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules) * 1:48786 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules) * 1:49041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules) * 1:49040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49075 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49080 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49073 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49049 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:49048 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49078 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49079 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49070 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49068 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules) * 1:49069 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules) * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules) * 1:49072 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant network share encryption attempt (malware-other.rules) * 1:49077 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49074 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49076 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49071 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules)
* 1:48785 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules) * 1:49041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules) * 1:48786 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules) * 1:49040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49075 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules) * 1:49048 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (snort3-file-office.rules) * 1:49071 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (snort3-malware-other.rules) * 1:49080 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (snort3-protocol-scada.rules) * 1:49079 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules) * 1:49076 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules) * 1:49077 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules) * 1:49078 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules) * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (snort3-server-other.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49049 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (snort3-file-office.rules) * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49070 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (snort3-malware-other.rules) * 1:49068 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (snort3-malware-cnc.rules) * 1:49069 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (snort3-malware-cnc.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (snort3-server-other.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (snort3-server-other.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (snort3-server-other.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (snort3-server-other.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49074 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules) * 1:49072 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant network share encryption attempt (snort3-malware-other.rules) * 1:49073 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (snort3-file-other.rules)
* 1:48785 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (snort3-server-other.rules) * 1:49041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (snort3-os-windows.rules) * 1:48786 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (snort3-server-other.rules) * 1:49040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (snort3-os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49048 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:49074 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49080 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49079 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49078 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49077 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49049 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:49076 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49075 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules) * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49073 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49071 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules) * 1:49072 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant network share encryption attempt (malware-other.rules) * 1:49069 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules) * 1:49070 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49068 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules)
* 1:48786 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules) * 1:48785 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules) * 1:49041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules) * 1:49040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules) * 1:49049 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:49048 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:49075 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49074 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49073 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49072 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant network share encryption attempt (malware-other.rules) * 1:49071 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules) * 1:49070 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules) * 1:49069 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules) * 1:49068 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49080 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49079 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49078 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49077 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49076 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules)
* 1:48786 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules) * 1:49040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules) * 1:49041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules) * 1:48785 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
