0fb003bc-8383-442f-8f3d-afcfbaefe617.md

Products: Sophos - UTM 9

Rules

Rule ID	Rule Name
LEGACY-S00004	Bitsadmin to Uncommon TLD
MATCH-S00209	CVE-2021-44228 Log4j2 Java Library 0-Day Attempt
LEGACY-S00013	Connection to High Entropy Domain
LEGACY-S00026	DNS Lookup of High Entropy Domain
LEGACY-S00028	Directory Traversal - Successful
THRESHOLD-S00009	Directory Traversal - Unsuccessful
THRESHOLD-S00074	Excessive Firewall Denies
THRESHOLD-S00085	Excessive Outbound Firewall Blocks
MATCH-S00454	Firewall Allowed SMB Traffic
FIRST-S00030	First Seen Outbound Connection to External IP Address on Port 445 from IP Address
FIRST-S00025	First Seen SMB Allowed Traffic From IP
LEGACY-S00039	GitHub Raw URL Resource Request
LEGACY-S00040	HTTP CloudFlare Protocol Violation or Empty Response
LEGACY-S00041	HTTP External Request to PowerShell Extension
THRESHOLD-S00016	HTTP Response Error Spike - Internal
LEGACY-S00045	HTTP request for single character file name
LEGACY-S00027	Hexadecimal in DNS Query Domain
THRESHOLD-S00079	Inbound Port Scan
THRESHOLD-S00080	Internal Port Scan
THRESHOLD-S00081	Internal Port Sweep
MATCH-S00457	Large File Upload
MATCH-S00554	Outbound IRC Traffic
LEGACY-S00008	Possible Dynamic DNS Domain
MATCH-S00835	Possible Dynamic URL Domain
MATCH-S00558	Potential Inbound VNC Traffic
MATCH-S00502	RDP Traffic to Unexpected Host
LEGACY-S00093	Script/CLI UserAgent string
OUTLIER-S00010	Spike in URL Length from IP Address
MATCH-S00783	Spring4Shell Exploitation - URL
LEGACY-S00182	Suspicious HTTP User-Agent
MATCH-S00595	Telegram API Access
MATCH-S00555	Threat Intel - Inbound Traffic Context
LEGACY-S00107	Threat Intel Match - IP Address
LEGACY-S00165	VBS file downloaded from Internet

Log Mappers

Log Mapper ID	Log Mapper Name
24f1d77b-3b08-4824-af70-ef92e78c8fad	Sophos UTM 9 Firewall
f8556e2d-6721-4671-816d-4f59bf33da57	Sophos UTM 9 Firewall - Custom Parser