Snort mailing list archives
Re: Citrix CVE-2019-19781
From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Wed, 15 Jan 2020 11:57:25 +0000
Maybe you don’t have a subscription? If they were released in the last 30 days, a registered user would not see them. Sent from my iPhone On Jan 14, 2020, at 22:18, Rees Bevan <rbevan () swcp com> wrote: Joel, Thanks for the reply. A Cisco engineer contacted me directly and it sounds like I have some serious updating to do on the NGIPS. Any clue why I am not seeing those rules in the VRT subscriber set? I have a mix of 2.9.13.0 and 2.9.15.0 sensors. We are pulling the 2.9.13.0 rules and using them for both flavors. Rees From: Joel Esler (jesler) [mailto:jesler () cisco com] Sent: Tuesday, January 14, 2020 7:31 PM To: Rees Bevan Cc: Snort-sigs () lists snort org Subject: Re: [Snort-sigs] Citrix CVE-2019-19781 If you are using a Cisco Firepower device, probably the best course would be to call TAC. Are you sure you’ve updated your SRU? Sent from my iPhone On Jan 14, 2020, at 20:04, Rees Bevan via Snort-sigs <snort-sigs () lists snort org> wrote: Hello list, The Talos blog post here: https://blog.talosintelligence.com/2020/01/snort-rules-cve-2019-19781.html mentions three rules, signatures 52512, 52513, and 52603. The blog indicates that the rules have been available since 12/24/19. My environment includes Sourcefire NGIPS and snort sensors running with the VRT subscription. I cannot locate these rules in either place. We are using “Security over Connectivity” on both the pulledpork config and the NGIPS config. I have grepped the rules files on our snort sensors and I see current rules, but not 52512, 52513, and 52603. On the NGIPS, I have sorted the intrusion rules by priority and tried searching by signatures and keywords, but no luck. Where should I be looking for these rules? Rees Bevan, CISSP, GCIA, MCSE rbevan () swcp com _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Citrix CVE-2019-19781 Rees Bevan via Snort-sigs (Jan 14)
- Re: Citrix CVE-2019-19781 Joel Esler (jesler) via Snort-sigs (Jan 14)
- Re: Citrix CVE-2019-19781 Rees Bevan via Snort-sigs (Jan 14)
- Re: Citrix CVE-2019-19781 Joel Esler (jesler) via Snort-sigs (Jan 15)
- Re: Citrix CVE-2019-19781 Rees Bevan via Snort-sigs (Jan 15)
- Re: Citrix CVE-2019-19781 Joel Esler (jesler) via Snort-sigs (Jan 15)
- Re: Citrix CVE-2019-19781 rbevan via Snort-sigs (Jan 15)
- Re: Citrix CVE-2019-19781 Joel Esler (jesler) via Snort-sigs (Jan 15)
- Re: Citrix CVE-2019-19781 Rees Bevan via Snort-sigs (Jan 14)
- Re: Citrix CVE-2019-19781 Joel Esler (jesler) via Snort-sigs (Jan 14)