©2026 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Talos has added and modified multiple rules in the file-pdf, malware-cnc, os-windows, policy-other, protocol-snmp and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65864 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt (server-webapp.rules) * 1:65865 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt (server-webapp.rules) * 1:65866 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt (server-webapp.rules) * 1:65867 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt (server-webapp.rules) * 1:65868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution (os-windows.rules) * 1:65869 <-> DISABLED <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt (server-webapp.rules) * 1:65870 <-> DISABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules) * 1:65871 <-> ENABLED <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt (server-webapp.rules) * 1:65872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt (os-windows.rules) * 1:65873 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt (server-webapp.rules) * 1:65874 <-> DISABLED <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt (policy-other.rules) * 1:65875 <-> DISABLED <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt (policy-other.rules) * 1:65876 <-> DISABLED <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt (policy-other.rules) * 1:65878 <-> DISABLED <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt (server-webapp.rules) * 1:65879 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt (file-pdf.rules) * 1:65880 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt (file-pdf.rules) * 1:65881 <-> DISABLED <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt (protocol-snmp.rules) * 1:65883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection (malware-cnc.rules) * 1:65884 <-> DISABLED <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt (server-webapp.rules) * 3:65877 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt (server-webapp.rules) * 3:65885 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt (server-webapp.rules) * 3:65882 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt (server-webapp.rules) * 3:65886 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt (server-webapp.rules) * 3:65887 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt (server-webapp.rules)
* 1:65425 <-> ENABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules) * 1:65424 <-> DISABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules) * 1:65426 <-> ENABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection (malware-cnc.rules) * 1:65881 <-> DISABLED <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt (protocol-snmp.rules) * 1:65876 <-> DISABLED <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt (policy-other.rules) * 1:65875 <-> DISABLED <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt (policy-other.rules) * 1:65884 <-> DISABLED <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt (server-webapp.rules) * 1:65864 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt (server-webapp.rules) * 1:65872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt (os-windows.rules) * 1:65865 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt (server-webapp.rules) * 1:65878 <-> DISABLED <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt (server-webapp.rules) * 1:65867 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt (server-webapp.rules) * 1:65880 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt (file-pdf.rules) * 1:65879 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt (file-pdf.rules) * 1:65866 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt (server-webapp.rules) * 1:65869 <-> DISABLED <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt (server-webapp.rules) * 1:65868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution (os-windows.rules) * 1:65871 <-> ENABLED <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt (server-webapp.rules) * 1:65870 <-> DISABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules) * 1:65873 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt (server-webapp.rules) * 1:65874 <-> DISABLED <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt (policy-other.rules) * 3:65877 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt (server-webapp.rules) * 3:65885 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt (server-webapp.rules) * 3:65882 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt (server-webapp.rules) * 3:65887 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt (server-webapp.rules) * 3:65886 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt (server-webapp.rules)
* 1:65425 <-> ENABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules) * 1:65424 <-> DISABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules) * 1:65426 <-> ENABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:65884 <-> DISABLED <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt (server-webapp.rules) * 1:65869 <-> DISABLED <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt (server-webapp.rules) * 1:65867 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt (server-webapp.rules) * 1:65883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection (malware-cnc.rules) * 1:65873 <-> ENABLED <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt (server-webapp.rules) * 1:65868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution (os-windows.rules) * 1:65864 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt (server-webapp.rules) * 1:65879 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt (file-pdf.rules) * 1:65870 <-> DISABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules) * 1:65866 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt (server-webapp.rules) * 1:65865 <-> DISABLED <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt (server-webapp.rules) * 1:65872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt (os-windows.rules) * 1:65871 <-> ENABLED <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt (server-webapp.rules) * 1:65875 <-> DISABLED <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt (policy-other.rules) * 1:65874 <-> DISABLED <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt (policy-other.rules) * 1:65878 <-> DISABLED <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt (server-webapp.rules) * 1:65876 <-> DISABLED <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt (policy-other.rules) * 1:65880 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt (file-pdf.rules) * 1:65881 <-> DISABLED <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt (protocol-snmp.rules) * 3:65877 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt (server-webapp.rules) * 3:65882 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt (server-webapp.rules) * 3:65885 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt (server-webapp.rules) * 3:65886 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt (server-webapp.rules) * 3:65887 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt (server-webapp.rules)
* 1:65424 <-> DISABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules) * 1:65425 <-> ENABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules) * 1:65426 <-> ENABLED <-> SERVER-OTHER Redis Lua scripting remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.5.1.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.6.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.7.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.9.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.11.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301393 <-> FILE-PDF Foxit PDF Reader Annotations memory corruption attempt * 1:65864 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65865 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65866 <-> SERVER-WEBAPP Microsoft WebDeploy external inbound deploy request attempt * 1:65867 <-> SERVER-WEBAPP Microsoft WebDeploy insecure deserialization attempt * 1:65868 <-> OS-WINDOWS Microsoft Windows DHCPv6 client remote code execution * 1:65869 <-> SERVER-WEBAPP Rockwell Automation ThinManager ThinServer memory corruption attempt * 1:65870 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65871 <-> SERVER-WEBAPP Versa Concerto authentication bypass attempt * 1:65872 <-> OS-WINDOWS Microsoft Windows Telephony Service arbitrary file write attempt * 1:65873 <-> SERVER-WEBAPP Ivanti Endpoint Manager Mobile command injection attempt * 1:65874 <-> POLICY-OTHER AnomalyCo OpenCode arbitrary file read attempt * 1:65875 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65876 <-> POLICY-OTHER AnomalyCo OpenCode command execution attempt * 1:65878 <-> SERVER-WEBAPP EnterpriseDT CompleteFTP Server arbitrary file deletion attempt * 1:65881 <-> PROTOCOL-SNMP Net-SNMP snmptrapd buffer overflow attempt * 1:65883 <-> MALWARE-CNC Win.Trojan.Chrysalis variant outbound connection * 1:65884 <-> SERVER-WEBAPP AdonisJS multipart file directory traversal attempt * 3:65877 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2353 attack attempt * 3:65882 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2351 attack attempt * 3:65885 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2340 attack attempt * 3:65886 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2352 attack attempt * 3:65887 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2350 attack attempt
* 1:65424 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65425 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt * 1:65426 <-> SERVER-OTHER Redis Lua scripting remote code execution attempt
©2026 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.