Rule Update
DPIルール他更新情報:20-039(2020年8月11日)
2020年8月11日
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
ActiveMQ OpenWire
1010428 - Apache ActiveMQ Unsafe Deserialization Vulnerability (CVE-2015-5254)
DCERPCサービス
1010426 - Identified Domain-Level Account Discovery Over SMB (ATT&CK T1087)
1009703* - Identified Domain-Level Permission Groups Discovery Over SMB (ATT&CK T1069)
1010430 - Identified Remote System Discovery Over SMB (ATT&CK T1018)
ディレクトリサーバ LDAP
1010433 - Identified Remote System Discovery Over LDAP (ATT&CK T1018)
1010350* - VMware vCenter Server Access Control Bypass Vulnerability (CVE-2020-3952)
HP Intelligent Management Center (IMC)
1010425* - Apache OFBiz Cross-Site Scripting Vulnerability (CVE-2020-1943)
1009947* - HPE Intelligent Management Center Various Expression Language Injection Vulnerabilities
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
ランサムウェアに関連する不審な活動(サーバ)
1010438 - Ransomware Foxware
Unix SSH
1005748* - Multiple SSH Connections Detected (ATT&CK T1498.001, T1110)
Webアプリケーション 共通
1000552* - Generic Cross Site Scripting(XSS) Prevention
1005402* - Identified Suspicious User Agent In HTTP Request
1010199* - Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618)
1010423* - Primetek Primefaces Remote Code Execution Vulnerability (CVE-2017-1000486)
Webクライアント 共通
1010435 - FFmpeg Heap-based Buffer Overflow Vulnerability (CVE-2020-12284)
1004715* - HTTP Web Client Decoding
1010436 - LibTIFF LZWDecode Null Pointer Dereference Vulnerability (CVE-2018-18661)
1010446 - Microsoft Windows 'hevcdecoder_store' HEIC File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-906)
Webクライアント Internet Explorer/Edge
1010442 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2020-1567)
1010441 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-1380)
1010439 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-1570)
Webサーバ 共通
1010178* - Cisco Data Center Network Manager Directory Traversal Vulnerability (CVE-2019-15981)
1010443 - rConfig 'Devicemgmt.php' Cross-Site Scripting Vulnerability (CVE-2020-12256)
Windowsサービス RPCサーバ DCERPC
1010431 - Identified Remote System Discovery Over LSARPC (ATT&CK T1018)
ZohoCorp ManageEngine Desktop Central
1010407 - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
1010197* - Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability (CVE-2020-10189)
変更監視(Integrity Monitoring)ルール:
1003019* - Trend Micro Deep Security Agent / Relay
セキュリティログ監視(Log Inspection)ルール:
1002828* - Application - Secure Shell Daemon (SSHD)
1008852* - Auditd
1002815* - Authentication Module - Unix Pluggable Authentication Module
DPI(Deep Packet Inspection) ルール:
ActiveMQ OpenWire
1010428 - Apache ActiveMQ Unsafe Deserialization Vulnerability (CVE-2015-5254)
DCERPCサービス
1010426 - Identified Domain-Level Account Discovery Over SMB (ATT&CK T1087)
1009703* - Identified Domain-Level Permission Groups Discovery Over SMB (ATT&CK T1069)
1010430 - Identified Remote System Discovery Over SMB (ATT&CK T1018)
ディレクトリサーバ LDAP
1010433 - Identified Remote System Discovery Over LDAP (ATT&CK T1018)
1010350* - VMware vCenter Server Access Control Bypass Vulnerability (CVE-2020-3952)
HP Intelligent Management Center (IMC)
1010425* - Apache OFBiz Cross-Site Scripting Vulnerability (CVE-2020-1943)
1009947* - HPE Intelligent Management Center Various Expression Language Injection Vulnerabilities
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
ランサムウェアに関連する不審な活動(サーバ)
1010438 - Ransomware Foxware
Unix SSH
1005748* - Multiple SSH Connections Detected (ATT&CK T1498.001, T1110)
Webアプリケーション 共通
1000552* - Generic Cross Site Scripting(XSS) Prevention
1005402* - Identified Suspicious User Agent In HTTP Request
1010199* - Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618)
1010423* - Primetek Primefaces Remote Code Execution Vulnerability (CVE-2017-1000486)
Webクライアント 共通
1010435 - FFmpeg Heap-based Buffer Overflow Vulnerability (CVE-2020-12284)
1004715* - HTTP Web Client Decoding
1010436 - LibTIFF LZWDecode Null Pointer Dereference Vulnerability (CVE-2018-18661)
1010446 - Microsoft Windows 'hevcdecoder_store' HEIC File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-906)
Webクライアント Internet Explorer/Edge
1010442 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2020-1567)
1010441 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-1380)
1010439 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-1570)
Webサーバ 共通
1010178* - Cisco Data Center Network Manager Directory Traversal Vulnerability (CVE-2019-15981)
1010443 - rConfig 'Devicemgmt.php' Cross-Site Scripting Vulnerability (CVE-2020-12256)
Windowsサービス RPCサーバ DCERPC
1010431 - Identified Remote System Discovery Over LSARPC (ATT&CK T1018)
ZohoCorp ManageEngine Desktop Central
1010407 - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
1010197* - Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability (CVE-2020-10189)
変更監視(Integrity Monitoring)ルール:
1003019* - Trend Micro Deep Security Agent / Relay
セキュリティログ監視(Log Inspection)ルール:
1002828* - Application - Secure Shell Daemon (SSHD)
1008852* - Auditd
1002815* - Authentication Module - Unix Pluggable Authentication Module