Thursday, March 28, 2019

Snort rule update for March 28, 2019

Just released:
Snort Subscriber Rule Set Update for March 28, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 29 new rules, 15 of which are shared object rules. There are also 1,396 modified rules.

The bulk of these modified rules simply add references for the MITRE ATT&ACK framework. The MITRE ATT&CK Framework is described in this wiki, which provides a thorough overview of all known attack techniques that currently or have been employed by adversaries in the wild. Each documented technique is accompanied by explanations, examples, detection recommendations, and the related actor(s) that have employed the technique. Talos has added these additional references in the SIDs to provide attack context information for our customers, and to support integration with other systems or reporting requirements.

This release provides coverage for several vulnerabilities Cisco disclosed this week in IOS XE. These bugs could allow an attacker to gain access to sensitive configuration information on many of Cisco's small and home office (SOHO) routers.
There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the app-detect, browser-firefox, browser-ie, browser-plugins, browser-webkit, exploit-kit, file-executable, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-scan, indicator-shellcode, malware-backdoor, malware-cnc, malware-other, netbios, os-mobile, os-other, os-solaris, os-windows, policy-other, policy-social, policy-spam, protocol-ftp, protocol-imap, protocol-other, protocol-pop, protocol-rpc, protocol-scada, protocol-snmp, protocol-telnet, protocol-voip, pua-adware, server-apache, server-iis, server-mail, server-mysql, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies.
We would also like to acknowledge Yasser for their contributions to Snort rules 49592 - 49595.

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.