Skip to content

Latest commit

 

History

History
56 lines (49 loc) · 4.05 KB

da9e05a5-3fd3-46a7-a107-ae03c01e3f5a.md

File metadata and controls

56 lines (49 loc) · 4.05 KB
Raw

Products: Cisco Systems - Firepower

Rules

Rule ID Rule Name
MATCH-S00209 CVE-2021-44228 Log4j2 Java Library 0-Day Attempt
LEGACY-S00013 Connection to High Entropy Domain
MATCH-S00513 Critical Severity Intrusion Signature
THRESHOLD-S00009 Directory Traversal - Unsuccessful
MATCH-S00454 Firewall Allowed SMB Traffic
FIRST-S00030 First Seen Outbound Connection to External IP Address on Port 445 from IP Address
FIRST-S00025 First Seen SMB Allowed Traffic From IP
LEGACY-S00041 HTTP External Request to PowerShell Extension
MATCH-S00666 High Severity Intrusion Signature
LEGACY-S00047 High risk file extension download without hostname and referrer
THRESHOLD-S00079 Inbound Port Scan
MATCH-S00669 Informational Severity Intrusion Signature
THRESHOLD-S00080 Internal Port Scan
THRESHOLD-S00081 Internal Port Sweep
THRESHOLD-S00514 Intrusion Scan - Targeted
THRESHOLD-S00515 Intrusion Sweep
MATCH-S00668 Low Severity Intrusion Signature
MATCH-S00667 Medium Severity Intrusion Signature
MATCH-S00556 Outbound Data Transfer Protocol Over Non-standard Port
MATCH-S00554 Outbound IRC Traffic
LEGACY-S00056 Outbound TFTP Traffic
THRESHOLD-S00040 Possible DNS over TLS (DoT) Activity
MATCH-S00835 Possible Dynamic URL Domain
LEGACY-S00093 Script/CLI UserAgent string
MATCH-S00783 Spring4Shell Exploitation - URL
LEGACY-S00182 Suspicious HTTP User-Agent
LEGACY-S00109 Threat Intel - Matched Domain Name
LEGACY-S00107 Threat Intel Match - IP Address

Log Mappers

Log Mapper ID Log Mapper Name
d4c5da9c-c753-4c91-b749-c98a0ac24c53 Cisco Firepower CEF Alerts
0b02715e-e7c2-43c5-ab11-c02f51b5d63c Cisco Firepower CEF File
cfb2c4e8-72eb-4b69-ae52-c865ca397dfc Cisco Firepower CEF FireAMP
e0497f50-c29c-42c5-a996-31be6e02b909 Cisco Firepower CEF Packets
59f1f2b6-6429-4bdc-afbd-e9a9c1f647d7 Cisco Firepower CEF Traffic
72f1f2b6-6429-4gdc-afbc-e9a9c1f847e7 Cisco Firepower CEF unknown ips-event
d45d66dc-d50b-408d-81f1-361a20fea5ef Cisco Firepower Intrusion Event 430001
04a8ffb0-f7d8-4999-b9f4-63108097197d Firepower Access Control Events
7ce1179a-f90a-4654-907c-1db4e800ff37 Firepower Alerts2
6259f6a3-ddd8-41b6-8b02-ef16f6dbd174 Firepower Catch All
82de581f-dd41-4acd-b62e-e3a8a33c0e72 Firepower File Malware Events
69d9ee44-29fc-497a-85d5-aed507a923db Firepower Intrusion Events
34fd7e6c-85ef-421c-ab4f-84f9a31b835b Firepower Primary Detection Engine Intrusion Events
8a6aef8b-8983-4798-8539-bb86b4d7d271 Firepower Snort Alerts