©2026 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Microsoft Vulnerability CVE-2026-33835: A coding deficiency exists in Microsoft Windows Cloud Files Mini Filter Driver that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66438 through 66439, Snort 3: GID 1, SID 301494.
Microsoft Vulnerability CVE-2026-33837: A coding deficiency exists in Microsoft Windows TCP/IP Local that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66440 through 66441, Snort 3: GID 1, SID 301495.
Microsoft Vulnerability CVE-2026-33840: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66442 through 66443, Snort 3: GID 1, SID 301496.
Microsoft Vulnerability CVE-2026-33841: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66453 through 66454, Snort 3: GID 1, SID 301501.
Microsoft Vulnerability CVE-2026-35416: A coding deficiency exists in Microsoft Windows Ancillary Function Driver for WinSock that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66455 through 66456, Snort 3: GID 1, SID 301502.
Microsoft Vulnerability CVE-2026-35417: A coding deficiency exists in Microsoft Windows Win32k that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66459 through 66460, Snort 3: GID 1, SID 301504.
Microsoft Vulnerability CVE-2026-40361: A coding deficiency exists in Microsoft Word that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66457 through 66458, Snort 3: GID 1, SID 301503.
Microsoft Vulnerability CVE-2026-40364: A coding deficiency exists in Microsoft Word that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66474 through 66475, Snort 3: GID 1, SID 301506.
Microsoft Vulnerability CVE-2026-40369: A coding deficiency exists in Microsoft Windows Kernel that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66444 through 66445, Snort 3: GID 1, SID 301497.
Microsoft Vulnerability CVE-2026-40397: A coding deficiency exists in Microsoft Windows Common Log File System Driver that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66470 through 66471, Snort 3: GID 1, SID 301505.
Microsoft Vulnerability CVE-2026-40398: A coding deficiency exists in Microsoft Windows Remote Desktop Services that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66451 through 66452, Snort 3: GID 1, SID 301500.
Microsoft Vulnerability CVE-2026-41089: A coding deficiency exists in Microsoft Windows Netlogon that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 66476, Snort 3: GID 1, SID 66476.
Microsoft Vulnerability CVE-2026-41103: A coding deficiency exists in Microsoft SSO Plugin for Jira & Confluence that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 66472 through 66473, Snort 3: GID 1, SIDs 66472 through 66473.
Talos has added and modified multiple rules in the browser-chrome, browser-firefox, file-office, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:66436 <-> DISABLED <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt (server-webapp.rules) * 1:66437 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt (server-webapp.rules) * 1:66438 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules) * 1:66439 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules) * 1:66440 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt (os-windows.rules) * 1:66441 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt (os-windows.rules) * 1:66442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66443 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66444 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66446 <-> DISABLED <-> SERVER-WEBAPP GitHub Enterprise remote code execution attempt (server-webapp.rules) * 1:66447 <-> DISABLED <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt (browser-chrome.rules) * 1:66448 <-> DISABLED <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt (browser-chrome.rules) * 1:66449 <-> DISABLED <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt (browser-firefox.rules) * 1:66450 <-> DISABLED <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt (browser-firefox.rules) * 1:66451 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt (os-windows.rules) * 1:66452 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt (os-windows.rules) * 1:66453 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66455 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules) * 1:66456 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules) * 1:66457 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt (file-office.rules) * 1:66458 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt (file-office.rules) * 1:66459 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66463 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules) * 1:66464 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules) * 1:66465 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules) * 1:66466 <-> DISABLED <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt (policy-other.rules) * 1:66467 <-> DISABLED <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt (policy-other.rules) * 1:66470 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt (os-windows.rules) * 1:66471 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt (os-windows.rules) * 1:66472 <-> DISABLED <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt (server-webapp.rules) * 1:66473 <-> DISABLED <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt (server-webapp.rules) * 1:66474 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:66475 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:66476 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt (os-windows.rules) * 3:66461 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:66462 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:66468 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt (server-webapp.rules) * 3:66469 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt (server-webapp.rules)
* 1:37890 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt (server-webapp.rules) * 1:65983 <-> DISABLED <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt (server-webapp.rules) * 1:27264 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt (server-other.rules) * 3:66435 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:66438 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules) * 1:66442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66441 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt (os-windows.rules) * 1:66443 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66444 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66447 <-> DISABLED <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt (browser-chrome.rules) * 1:66446 <-> DISABLED <-> SERVER-WEBAPP GitHub Enterprise remote code execution attempt (server-webapp.rules) * 1:66449 <-> DISABLED <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt (browser-firefox.rules) * 1:66448 <-> DISABLED <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt (browser-chrome.rules) * 1:66450 <-> DISABLED <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt (browser-firefox.rules) * 1:66451 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt (os-windows.rules) * 1:66453 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66452 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt (os-windows.rules) * 1:66455 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules) * 1:66454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66457 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt (file-office.rules) * 1:66456 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules) * 1:66459 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66458 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt (file-office.rules) * 1:66460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66463 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules) * 1:66464 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules) * 1:66465 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules) * 1:66466 <-> DISABLED <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt (policy-other.rules) * 1:66467 <-> DISABLED <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt (policy-other.rules) * 1:66436 <-> DISABLED <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt (server-webapp.rules) * 1:66439 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules) * 1:66440 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt (os-windows.rules) * 1:66470 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt (os-windows.rules) * 1:66472 <-> DISABLED <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt (server-webapp.rules) * 1:66471 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt (os-windows.rules) * 1:66437 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt (server-webapp.rules) * 1:66473 <-> DISABLED <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt (server-webapp.rules) * 1:66474 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:66475 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:66476 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt (os-windows.rules) * 3:66461 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:66462 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:66469 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt (server-webapp.rules) * 3:66468 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt (server-webapp.rules)
* 1:37890 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt (server-webapp.rules) * 1:65983 <-> DISABLED <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt (server-webapp.rules) * 1:27264 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt (server-other.rules) * 3:66435 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:66437 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt (server-webapp.rules) * 1:66436 <-> DISABLED <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt (server-webapp.rules) * 1:66457 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt (file-office.rules) * 1:66449 <-> DISABLED <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt (browser-firefox.rules) * 1:66466 <-> DISABLED <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt (policy-other.rules) * 1:66464 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules) * 1:66448 <-> DISABLED <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt (browser-chrome.rules) * 1:66475 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:66463 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules) * 1:66465 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules) * 1:66467 <-> DISABLED <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt (policy-other.rules) * 1:66470 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt (os-windows.rules) * 1:66471 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt (os-windows.rules) * 1:66472 <-> DISABLED <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt (server-webapp.rules) * 1:66473 <-> DISABLED <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt (server-webapp.rules) * 1:66474 <-> DISABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:66452 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt (os-windows.rules) * 1:66453 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66438 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules) * 1:66440 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt (os-windows.rules) * 1:66439 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt (os-windows.rules) * 1:66442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66441 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt (os-windows.rules) * 1:66444 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66443 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66446 <-> DISABLED <-> SERVER-WEBAPP GitHub Enterprise remote code execution attempt (server-webapp.rules) * 1:66447 <-> DISABLED <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt (browser-chrome.rules) * 1:66450 <-> DISABLED <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt (browser-firefox.rules) * 1:66454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt (os-windows.rules) * 1:66456 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules) * 1:66451 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt (os-windows.rules) * 1:66455 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules) * 1:66458 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt (file-office.rules) * 1:66459 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:66476 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt (os-windows.rules) * 3:66469 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt (server-webapp.rules) * 3:66462 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:66468 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt (server-webapp.rules) * 3:66461 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules)
* 1:65983 <-> DISABLED <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt (server-webapp.rules) * 1:37890 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt (server-webapp.rules) * 1:27264 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt (server-other.rules) * 3:66435 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.5.1.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.6.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.7.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.9.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.12.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.11.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.12.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301494 <-> OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt * 1:301495 <-> OS-WINDOWS Microsoft Windows TCP/IP protocol driver elevation of privilege attempt * 1:301496 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301497 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301498 <-> BROWSER-CHROME Google Chrome switch table memory corruption attempt * 1:301499 <-> BROWSER-FIREFOX Firefox PDF.js FontMatrix JavaScript code execution attempt * 1:301500 <-> OS-WINDOWS Microsoft Windows Remote Desktop Services elevation of privilege attempt * 1:301501 <-> OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt * 1:301502 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt * 1:301503 <-> FILE-OFFICE Microsoft Windows Outlook remote code execution attempt * 1:301504 <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt * 1:301505 <-> OS-WINDOWS Microsoft Windows Common Log File System driver elevation of privilege attempt * 1:301506 <-> FILE-OFFICE Microsoft Office remote code execution attempt * 1:66436 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 1:66437 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:66446 <-> SERVER-WEBAPP GitHub Enterprise command injection attempt * 1:66463 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66464 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66465 <-> SERVER-WEBAPP Advantech iView SQL injection attempt * 1:66466 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66467 <-> POLICY-OTHER LeRobot unauthenticated gRPC endpoint access attempt * 1:66472 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66473 <-> SERVER-WEBAPP Microsoft SSO Plugin for Jira and Confluence authentication bypass attempt * 1:66476 <-> OS-WINDOWS Microsoft Windows Netlogon remote code execution attempt * 3:66461 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66462 <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt * 3:66468 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt * 3:66469 <-> SERVER-WEBAPP Cisco SD-WAN vManage information disclosure attempt
* 1:27264 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt * 1:37890 <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt * 1:65983 <-> SERVER-WEBAPP GitLab CI Lint server side request forgery attempt * 3:66435 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2026-2396 attack attempt
©2026 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.