Rule Update
18-069 (26 Dezember 2018)
Beschreibung
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
FTP Server Common
1000153* - FTP MKD Command
1000151* - FTP PORT Command
Java RMI
1009451 - Java Unserialize Remote Code Execution Vulnerability Over RMI
Remote Desktop Protocol Server
1009448 - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt
Suspicious Client Application Activity
1009432 - Tildeb Acknowledgment Request
Suspicious Server Application Activity
1009433 - Tildeb Knock Request
Web Application PHP Based
1009445 - WordPress Authenticated Phar Insecure Deserialization Vulnerability
Web Client Common
1009454 - Microsoft Windows MsiAdvertiseProduct ReadFile Unauthorized Access Vulnerability
Web Server Common
1009450 - Kubernetes API Proxy Request Handling Privilege Escalation Vulnerability (CVE-2018-1002105)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
FTP Server Common
1000153* - FTP MKD Command
1000151* - FTP PORT Command
Java RMI
1009451 - Java Unserialize Remote Code Execution Vulnerability Over RMI
Remote Desktop Protocol Server
1009448 - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt
Suspicious Client Application Activity
1009432 - Tildeb Acknowledgment Request
Suspicious Server Application Activity
1009433 - Tildeb Knock Request
Web Application PHP Based
1009445 - WordPress Authenticated Phar Insecure Deserialization Vulnerability
Web Client Common
1009454 - Microsoft Windows MsiAdvertiseProduct ReadFile Unauthorized Access Vulnerability
Web Server Common
1009450 - Kubernetes API Proxy Request Handling Privilege Escalation Vulnerability (CVE-2018-1002105)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.