Rule Update

18-069 (December 26, 2018)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

FTP Server Common
1000153* - FTP MKD Command
1000151* - FTP PORT Command


Java RMI
1009451 - Java Unserialize Remote Code Execution Vulnerability Over RMI


Remote Desktop Protocol Server
1009448 - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt


Suspicious Client Application Activity
1009432 - Tildeb Acknowledgment Request


Suspicious Server Application Activity
1009433 - Tildeb Knock Request


Web Application PHP Based
1009445 - WordPress Authenticated Phar Insecure Deserialization Vulnerability


Web Client Common
1009454 - Microsoft Windows MsiAdvertiseProduct ReadFile Unauthorized Access Vulnerability


Web Server Common
1009450 - Kubernetes API Proxy Request Handling Privilege Escalation Vulnerability (CVE-2018-1002105)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

Featured Stories