Rule Update

20-060 (December 1, 2020)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1010585 - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client

Directory Server LDAP
1010640* - Identified Remote Account Discovery Over LDAP (ATT&CK T1087)
1010433* - Identified Remote System Discovery Over LDAP (ATT&CK T1018)

Java RMI
1010579* - Adobe ColdFusion 'DataServicesCFProxy ROME' Framework Insecure Deserialization Vulnerability (CVE-2018-4939)

NFS Server
1010605* - Microsoft Windows Network File System NLM RPC Message Information Disclosure Vulnerability (CVE-2020-17056)

Suspicious Server Application Activity
1010644 - Identified HTTP Trojan-Downloader.Shell.Lightbot.A C&C Traffic Request

Web Application Common
1010635* - Jenkins Groovy Plugin Sandbox Bypass Vulnerability (CVE-2019-1003030)

Web Server Common
1010630* - Trend Micro InterScan Web Security Virtual Appliance Command Injection Vulnerability (CVE-2020-8605)

Web Server Oracle
1010625* - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14825)
1010587* - Oracle WebLogic Server IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-14841)
1010624* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14825)
1010588* - Oracle WebLogic Server T3 Protocol Remote Code Execution Vulnerability (CVE-2020-14859)

Zoho ManageEngine
1010612* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15927)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1010141* - Microsoft Windows - Export Certificate and Private Key