Snort mailing list archives
Re: Question regarding SNORT Rule
From: "Filice II, Anthony via Snort-sigs" <snort-sigs () lists snort org>
Date: Wed, 15 Jan 2020 19:51:00 +0000
Thank you for the information Anthony C Filice II 313-656-3472 Desk From: Alex McDonnell <amcdonnell () sourcefire com> Sent: Wednesday, January 15, 2020 2:48 PM To: Filice II, Anthony <Anthony.FiliceII () Ally com> Cc: snort-sigs () lists snort org Subject: Re: [Snort-sigs] Question regarding SNORT Rule External Email: Do not click any links or open any attachments unless you trust the sender and know the content is safe. The rules show up as disabled simply because they are not enabled in the balanced policy. I believe they are enabled in balanced for the next build (tomorrow) thanks Alex McDonnell Talos On Wed, Jan 15, 2020 at 2:24 PM Filice II, Anthony via Snort-sigs <snort-sigs () lists snort org<mailto:snort-sigs () lists snort org>> wrote: All, Question regarding Microsoft Vulnerability CVE-2020-0601: A coding deficiency exists in Microsoft Windows CryptoAPI that may lead to spoofing. Why is this disabled in the new rules 1:52596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (os-windows.rules) * 1:52595 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (os-windows.rules) * 1:52594 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (os-windows.rules) * 1:52593 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (os-windows.rules) Anthony C Filice II IPS/NAC Engineer IPR-IPR-SEC-F1840 313-656-3472 desk 702-287-6732 cell _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org<mailto:Snort-sigs () lists snort org> https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Question regarding SNORT Rule Filice II, Anthony via Snort-sigs (Jan 15)
- Re: Question regarding SNORT Rule Joel Esler (jesler) via Snort-sigs (Jan 15)
- Re: Question regarding SNORT Rule Alex McDonnell (Jan 15)
- Re: Question regarding SNORT Rule Filice II, Anthony via Snort-sigs (Jan 15)