Rule Update

23-005 (January 31, 2023)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

1011669 - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21547)

SNMP Server
1011663 - Net-SNMP NULL Pointer Dereference Vulnerability (CVE-2022-44793)

Web Application Common
1011206* - BillQuick Web Suite SQL Injection Vulnerability (CVE-2021-42258)
1005934* - Identified Suspicious Command Injection Attack

Web Application PHP Based
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)

Web Application Ruby Based
1011231* - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)

Web Client Common
1011656* - Adobe Acrobat And Reader Remote Code Execution Vulnerability (CVE-2023-21608)
1011666 - Adobe Acrobat And Reader Remote Code Execution Vulnerability (CVE-2023-21609)

Web Server HTTPS
1011659* - VMware vCenter Server Denial of Service Vulnerability (CVE-2022-31698)

Integrity Monitoring Rules:

1002775* - Microsoft Windows - Network configuration files modified
1002777* - Microsoft Windows - System configuration file modified

Log Inspection Rules:

1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)