Rule Update
DPIルール他更新情報:21-032(2021年7月13日)
概要
* は既存ルールの新バージョンを示します。
DPI(Deep Packet Inspection) ルール:
Oracle E-Business Suite Web Interface
1011019* - Oracle E-Business Suite Denial Of Service Vulnerability (CVE-2021-2190)
Pulsar Binary Protocol
1010998 - Apache Pulsar JSON Web Token Authentication Bypass Vulnerability Over Pulsar (CVE-2021-22160)
Webクライアント 共通
1011032 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-51)
Webクライアント Internet Explorer/Edge
1011040 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2021-34448)
Webサーバ 共通
1009705* - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)
Webサーバ HTTPS
1011041 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473)
Webサーバ その他
1011028 - Jenkins 'Scriptler' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21667)
Webサーバ Nagios
1011023 - Nagios XI 'Custom-includes' Module Directory Traversal Vulnerability (CVE-2021-3277)
Webサーバ SharePoint
1011030 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-34467)
Windowsサーバ DCERPC
1011016* - Identified DCERPC AddPrinterDriverEx Call Over TCP Protocol
Zoho ManageEngine
1011020* - Zoho ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability
変更監視(Integrity Monitoring)ルール:
1002875* - Linux/Unix - Software installed, updated or removed
1010373* - Linux/Unix - Systemd service modified (ATT&CK T1543.002)
1010791 - Linux/Unix - Task scheduler entries modified (ATT&CK T1053)
1009643* - Linux/Unix - bash command history cleared (ATT&CK T1059.004)
1009622* - Linux/Unix - bash non-root user configuration files modified (ATT&CK T1546.004)
1011021 - Linux/Unix - bash root user configuration files modified (ATT&CK T1546.004)
セキュリティログ監視(Log Inspection)ルール:
1011042 - SolarWinds Serv-U SSH EXCEPTION (CVE-2021-35211)
DPI(Deep Packet Inspection) ルール:
Oracle E-Business Suite Web Interface
1011019* - Oracle E-Business Suite Denial Of Service Vulnerability (CVE-2021-2190)
Pulsar Binary Protocol
1010998 - Apache Pulsar JSON Web Token Authentication Bypass Vulnerability Over Pulsar (CVE-2021-22160)
Webクライアント 共通
1011032 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-51)
Webクライアント Internet Explorer/Edge
1011040 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2021-34448)
Webサーバ 共通
1009705* - Atlassian Confluence Server Remote Code Execution Vulnerability (CVE-2019-3396)
Webサーバ HTTPS
1011041 - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473)
Webサーバ その他
1011028 - Jenkins 'Scriptler' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21667)
Webサーバ Nagios
1011023 - Nagios XI 'Custom-includes' Module Directory Traversal Vulnerability (CVE-2021-3277)
Webサーバ SharePoint
1011030 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-34467)
Windowsサーバ DCERPC
1011016* - Identified DCERPC AddPrinterDriverEx Call Over TCP Protocol
Zoho ManageEngine
1011020* - Zoho ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability
変更監視(Integrity Monitoring)ルール:
1002875* - Linux/Unix - Software installed, updated or removed
1010373* - Linux/Unix - Systemd service modified (ATT&CK T1543.002)
1010791 - Linux/Unix - Task scheduler entries modified (ATT&CK T1053)
1009643* - Linux/Unix - bash command history cleared (ATT&CK T1059.004)
1009622* - Linux/Unix - bash non-root user configuration files modified (ATT&CK T1546.004)
1011021 - Linux/Unix - bash root user configuration files modified (ATT&CK T1546.004)
セキュリティログ監視(Log Inspection)ルール:
1011042 - SolarWinds Serv-U SSH EXCEPTION (CVE-2021-35211)