Tuesday, January 25, 2022

Snort rule update for Jan. 25, 2022 — And an update to our supported operating systems

The newest SNORTⓇ rule update from Cisco Talos is now available.

This release includes several rules to protect against malicious PHP command shells in Ajax that are sometimes used in cyber attacks. 

Here's a full breakdown of the rest of Tuesday's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
0140

There were no changes made to the snort.conf in this release.

Cisco Talos' rule release: 

Talos has added and modified multiple rules in the malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

We would also like to give everyone a head's up that we are working to update the list of supported operating systems for Snort. As of Feb. 15, 2022, the following operating systems will no longer be supported:

  • Alpine 3.10 i386
  • Alpine 3.10 x64
  • CentOS 6 i386
  • CentOS 6 x64
  • CentOS 7 i386
  • CentOS 7 x64
  • Debian 8 i386
  • Debian 8 x64
  • Debian 9 i386
  • Debian 9 x64
  • FC 27 x64
  • FC 30 x64
  • FC 31 x64
  • FreeBSD 11.1 i386
  • FreeBSD 11.1 x64
  • FreeBSD 12.0 x64
  • OpenBSD 6.2 i386
  • OpenBSD 6.2 x64
  • OpenBSD 6.4 i386
  • OpenBSD 6.4 x64
  • OpenBSD 6.5 i386
  • OpenBSD 6.5 x64
  • OpenSUSE LEAP 42.3 x64
  • OpenSUSE LEAP 15.0 x64
  • OpenSUSE LEAP 15.1 x64
  • RHEL 6 i386
  • RHEL 6 x64
  • Ubuntu 17.10 i386
  • Ubuntu 17.10 x64
  • Ubuntu 19.10 x64 
Please reach out to one of our mailing lists if you have any questions.