Q: How often does Trend Micro release updates to its rule groups?

A: Updates are not released on a fixed schedule. Instead, they are made available whenever an important vulnerability is discovered in an application that matches the rule group’s coverage. In the long run, we expect to provide weekly updates, on average.

Q: Do the Trend Micro rule groups cover cross-site scripting (XSS) and SQL injection (SQLi) vulnerabilities?

A: We do cover specific XSS and SQLi vulnerabilities, but we do not provide generic coverage for these classes of vulnerabilities.

Q: What vulnerabilities do the Trend Micro rule groups cover?

A: We cover the following vulnerabilities, organized into the two rule groups we offer.

Please note that each rule group also includes rules that are not associated with a Common Vulnerabilities and Exposures (CVE) number. You can look up the CVE here.

Trend Micro Managed Rules for AWS WAF – WebServer (Apache, NGINX):

Apache Httpd CVE-2017-9788
Apache Httpd CVE-2014-7169
Apache Httpd CVE-2014-6271
Apache Solr CVE-2017-12629
Apache Struts CVE-2017-5638
Apache Struts CVE-2017-12611
Apache Struts CVE-2017-9805
Apache Struts CVE-2017-9793
Apache Struts CVE-2017-9791
Apache Struts CVE-2016-3082
Apache Struts CVE-2016-4465
Apache Struts CVE-2016-3081
Apache Tomcat CVE-2017-12615
Apache Tomcat CVE-2017-12617
Apache Tomcat CVE-2016-3092
Nginx CVE-2017-7529
Nginx CVE-2016-1000103
Nginx CVE-2013-2028
                                                         

Trend Micro Managed Rules for AWS WAF – Content Management System (CMS):

Drupal CVE-2014-3704
Drupal CVE-2014-5265
Joomla CVE-2016-8869
Joomla CVE-2016-8870
Joomla CVE-2017-8917
Joomla CVE-2015-8562
WordPress CVE-2017-1001000
WordPress CVE-2017-5942
WordPress CVE-2017-6814
WordPress CVE-2017-10991
WordPress CVE-2016-1209
WordPress CVE-2016-10033
WordPress CVE-2016-6896
WordPress CVE-2016-1564
                                             

Q: Why does Trend Micro not offer more generic rules?

A: Generic rules can be powerful, but ultimately rely on a trade-off between their generality and the risk of blocking legitimate traffic (false-positives) and a consequent negative business impact. Given the targeted nature of most high impact vulnerabilities today, we chose to favor specificity. We feel that we can provide excellent protection for specific web applications by tailoring our coverage to attacks that are specific to the application in question.

Questions? Contact us at aws@trendmicro.com