Rule Update

19-055 (November 5, 2019)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center (IMC)
1010042 - HPE Intelligent Management Center AMF3 Externalizable Deserialization (CVE-2019-11944)


Remote Login Applications
1004364* - TeamViewer (ATT&CK T1219)


Suspicious Client Application Activity
1005299* - Identified Potentially Malicious RAT Traffic - III (ATT&CK T1094)
1005300* - Identified Potentially Malicious RAT Traffic - IV (ATT&CK T1094)


Suspicious Server Ransomware Activity
1007582* - Ransomware Lectool-1


Web Application Common
1005934* - Identified Suspicious Command Injection Attack
1010046 - rConfig Remote Command Execution Vulnerability (CVE-2019-16662)
1010047 - rConfig Remote Command Execution Vulnerability (CVE-2019-16663)


Web Application Tomcat
1009697* - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)


Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
1009226* - Wing FTP Server Authenticated Command Execution Vulnerability (CVE-2015-4107)


Webmin
1010043* - Webmin Unauthenticated Remote Code Execution Vulnerability (CVE-2019-15107)


Windows Services RPC Server DCERPC
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.