©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Microsoft Vulnerability CVE-2025-47981: A coding deficiency exists in Microsoft SPNEGO Extended Negotiation (NEGOEX) Security Mechanism that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65105, 65106, Snort 3: GID 1, SID 65105, 65106.
Microsoft Vulnerability CVE-2025-47987: A coding deficiency exists in Microsoft Credential Security Support Provider Protocol (CredSSP) that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65100, 65101, Snort 3: GID 1, SID 301270.
Microsoft Vulnerability CVE-2025-48799: A coding deficiency exists in Microsoft Windows Update Service that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65098, 65099, Snort 3: GID 1, SID 301269.
Microsoft Vulnerability CVE-2025-49695: A coding deficiency exists in Microsoft Office that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65096, 65097, Snort 3: GID 1, SID 301268.
Microsoft Vulnerability CVE-2025-49696: A coding deficiency exists in Microsoft Office that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 64435, 64436, Snort 3: GID 1, SID 301114.
Microsoft Vulnerability CVE-2025-49701: A coding deficiency exists in Microsoft SharePoint that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65107, Snort 3: GID 1, SID 65107.
Microsoft Vulnerability CVE-2025-49704: A coding deficiency exists in Microsoft SharePoint that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65092, Snort 3: GID 1, SID 65092.
Microsoft Vulnerability CVE-2025-49718: A coding deficiency exists in Microsoft SQL Server that may lead to an information disclosure.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65102, 65103, Snort 3: GID 1, SID 65102, 65103.
Microsoft Vulnerability CVE-2025-49724: A coding deficiency exists in Microsoft Windows Connected Devices Platform Service that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65104, Snort 3: GID 1, SID 65104.
Microsoft Vulnerability CVE-2025-49727: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65112, 65113, Snort 3: GID 1, SID 301272.
Microsoft Vulnerability CVE-2025-49744: A coding deficiency exists in Microsoft Windows Graphics Component that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65110, 65111, Snort 3: GID 1, SID 301271.
Talos also has added and modified multiple rules in the file-office, os-linux, os-windows, server-mssql and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65092 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:65093 <-> ENABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules) * 1:65094 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65095 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65096 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65097 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65098 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65102 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65103 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt (os-windows.rules) * 1:65105 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65106 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65107 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt (server-webapp.rules) * 1:65110 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 3:65108 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules) * 3:65109 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules)
* 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64435 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64841 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64842 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64436 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65092 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:65096 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65110 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65107 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt (server-webapp.rules) * 1:65093 <-> ENABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules) * 1:65098 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65094 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65102 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt (os-windows.rules) * 1:65105 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65106 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65097 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65095 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65103 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 3:65108 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules) * 3:65109 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules)
* 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64435 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64842 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64841 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64436 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65098 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65096 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65095 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65094 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65092 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:65093 <-> ENABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules) * 1:65097 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65102 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt (os-windows.rules) * 1:65103 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65105 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65107 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt (server-webapp.rules) * 1:65106 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65110 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 3:65109 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules) * 3:65108 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules)
* 1:64435 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64436 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64841 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64842 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65107 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt (server-webapp.rules) * 1:65104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt (os-windows.rules) * 1:65094 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65106 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65110 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65105 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65097 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65102 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65096 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65098 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65103 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65093 <-> ENABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules) * 1:65092 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:65101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65095 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 3:65109 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules) * 3:65108 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules)
* 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64435 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64841 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64842 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64436 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65105 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65098 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65096 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65097 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65092 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:65106 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65094 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65102 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65103 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt (os-windows.rules) * 1:65093 <-> ENABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules) * 1:65095 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65107 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt (server-webapp.rules) * 1:65111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65110 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 3:65109 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules) * 3:65108 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules)
* 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64841 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64436 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64435 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64842 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65106 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65103 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65097 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65093 <-> ENABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules) * 1:65107 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt (server-webapp.rules) * 1:65105 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65110 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65098 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65092 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:65112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65094 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65102 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65096 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt (os-windows.rules) * 1:65095 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 3:65109 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules) * 3:65108 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules)
* 1:64435 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64842 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64841 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64436 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65097 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65098 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65096 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65102 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65103 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt (os-windows.rules) * 1:65107 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt (server-webapp.rules) * 1:65093 <-> ENABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules) * 1:65110 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65106 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65095 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65092 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:65113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65105 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65094 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 3:65109 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules) * 3:65108 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules)
* 1:64435 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64841 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64842 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64436 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt (os-windows.rules) * 1:65097 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65106 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65095 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65105 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65096 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65107 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt (server-webapp.rules) * 1:65098 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65093 <-> ENABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules) * 1:65102 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65110 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65103 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65094 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65092 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:65099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 3:65108 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules) * 3:65109 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules)
* 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64841 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64842 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64436 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64435 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65093 <-> ENABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules) * 1:65106 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65110 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65107 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt (server-webapp.rules) * 1:65113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65103 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65094 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65092 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:65095 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt (os-windows.rules) * 1:65105 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65096 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65102 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65097 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65098 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 3:65108 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules) * 3:65109 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules)
* 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64841 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64436 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64842 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64435 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65096 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65092 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:65113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65098 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65097 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65093 <-> ENABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules) * 1:65100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65103 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65107 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt (server-webapp.rules) * 1:65105 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65102 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt (os-windows.rules) * 1:65112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65106 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65095 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65110 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65094 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 3:65108 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules) * 3:65109 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules)
* 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64436 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64435 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64841 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64842 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65094 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65106 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65105 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt (os-windows.rules) * 1:65093 <-> ENABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules) * 1:65103 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65096 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65095 <-> DISABLED <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt (os-linux.rules) * 1:65102 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt (server-mssql.rules) * 1:65100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt (os-windows.rules) * 1:65111 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65098 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65107 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt (server-webapp.rules) * 1:65110 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules) * 1:65104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt (os-windows.rules) * 1:65092 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:65099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt (os-windows.rules) * 1:65097 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:65113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 1:65112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt (os-windows.rules) * 3:65109 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules) * 3:65108 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt (server-webapp.rules)
* 1:64435 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64788 <-> ENABLED <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt (server-other.rules) * 1:64842 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules) * 1:64436 <-> DISABLED <-> FILE-OFFICE Microsoft Excel remote code execution attempt (file-office.rules) * 1:64841 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt (os-windows.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.9.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:301267 <-> OS-LINUX Linux Kernel OverlayFS escalation of privilege attempt * 1:301268 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:301269 <-> OS-WINDOWS Microsoft Windows Update Service elevation of privilege attempt * 1:301270 <-> OS-WINDOWS Microsoft Windows CredSSP elevation of privilege attempt * 1:301271 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt * 1:301272 <-> OS-WINDOWS Microsoft Windows Win32k driver escalation of privilege attempt * 1:65092 <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt * 1:65093 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt * 1:65102 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65103 <-> SERVER-MSSQL Microsoft SQL Server memory leak attempt * 1:65104 <-> OS-WINDOWS Microsoft Windows Connected Devices Platform service remote code execution attempt * 1:65105 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65106 <-> OS-WINDOWS Microsoft Windows SPNEGO Extended Negotiation remote code execution attempt * 1:65107 <-> SERVER-WEBAPP Microsoft SharePoint Server remote code execution attempt * 3:65108 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt * 3:65109 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2208 attack attempt
* 1:301114 <-> FILE-OFFICE Microsoft Excel remote code execution attempt * 1:301191 <-> OS-WINDOWS Microsoft Windows NTLM hash disclosure attempt * 1:64788 <-> SERVER-OTHER Erlang/OTP SSH potential remote code execution attempt
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.