Intrusion Policy Report Test Modified By admin Last Modified 2018-12-20 09:32:11 (UTC) Table of Contents Policy Information.........................................................................................................................................................................................................................1 Firepower Recommendations......................................................................................................................................................................................................1 Advanced Settings........................................................................................................................................................................................................................1 Global Rule Thresholding................................................................................................................................................................................................1 Sensitive Data Detection.................................................................................................................................................................................................1 Rules...............................................................................................................................................................................................................................................2 i Policy Information Name Test Description Test Policy Drop when Inline Enabled Current Rule Update Version 2018-12-19-001-vrt Base Policy Balanced Security and Connectivity Lock Base Policy to current Rule Update Version Disabled Modified By admin Last Modified 2018-12-20 09:32:11 (UTC) Firepower Recommendations Rule State Disabled Networks Recommendation Threshold Accept Recommendations to Disable Rules Advanced Settings Global Rule Thresholding Type Limit Track By Destination Count 1 Seconds 60 Sensitive Data Detection Global Settings Mask 1 Networks Global Threshold 25 Data Types Credit Card Numbers Data Type Credit Card Numbers Pattern credit_card Threshold 20 Destination Ports 21,25,80,110,143 Application Protocols SMTP, IMAP, HTTP, POP3, FTP Data Email Addresses Data Type Email Addresses Pattern email Threshold 20 Destination Ports 21,25,80,110,143 Application Protocols SMTP, IMAP, HTTP, POP3, FTP Data Social Security Numbers Data Type Social Security Numbers Pattern us_social 1 Threshold 2 Destination Ports 21,25,80,110,143 Application Protocols SMTP, IMAP, HTTP, POP3, FTP Data Social Security Numbers (no dashes) Data Type Social Security Numbers (no dashes) Pattern us_social_nodashes Threshold 20 Destination Ports 21,25,80,110,143 Application Protocols SMTP, IMAP, HTTP, POP3, FTP Data U.S. Phone Numbers Data Type U.S. Phone Numbers Pattern (\d{3})\d{3}-\d{4} Threshold 20 Destination Ports 21,25,80,110,143 Application Protocols SMTP, IMAP, HTTP, POP3, FTP Data Rules Drop and generate BO_CLIENT_TRAFFIC_DETECT (105:2) events Drop and generate BO_SERVER_TRAFFIC_DETECT (105:3) events Drop and generate BO_SNORT_BUFFER_ATTACK (105:4) events Drop and generate BO_TRAFFIC_DETECT (105:1) events Drop and generate BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corr uption attempt (1:33088) events Drop and generate BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corr uption attempt (1:33089) events Drop and generate BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corr uption attempt (1:33090) events Drop and generate BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corr uption attempt (1:27568) events Drop and generate BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (1:35072) events Drop and generate BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (1:35075) events Drop and generate BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (1:35070) events Drop and generate BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (1:35073) events Drop and generate BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use afte r free attempt (1:35071) events Drop and generate BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use afte r free attempt (1:35074) events Drop and generate BROWSER-FIREFOX Mozilla Firefox ESR NotifyTimeChange use after fr ee attempt (1:40896) events Drop and generate BROWSER-FIREFOX Mozilla Firefox ESR NotifyTimeChange use after fr ee attempt (1:40888) events Drop and generate BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (1:35051) events BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (1:35052) 2 Drop and generate events Drop and generate BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (1:37626) events Drop and generate BROWSER-FIREFOX Mozilla Firefox javascript type confusion code ex ecution attempt (1:48564) events Drop and generate BROWSER-FIREFOX Mozilla Firefox javascript type confusion code ex ecution attempt (1:48565) events Drop and generate BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remot e code execution attempt (1:48625) events Drop and generate BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remot e code execution attempt (1:48626) events Drop and generate BROWSER-IE Internet Explorer DataSource recordset remote code exe cution attempt (1:35865) events Drop and generate BROWSER-IE Internet Explorer URL file remote code execution attem pt detected (1:46384) events Drop and generate BROWSER-IE Internet Explorer URL file remote code execution attem pt detected (1:46385) events Drop and generate BROWSER-IE Internet Explorer WeakMap Freeze memory corruption att empt (1:44342) events Drop and generate BROWSER-IE Internet Explorer WeakMap Freeze memory corruption att empt (1:44343) events Drop and generate BROWSER-IE Microsoft Edge anonymous function type confusion attem pt (1:45387) events Drop and generate BROWSER-IE Microsoft Edge anonymous function type confusion attem pt (1:45388) events Drop and generate BROWSER-IE Microsoft Edge App-v vbs command attempt (1:48053) events Drop and generate BROWSER-IE Microsoft Edge App-v vbs command attempt (1:48054) events Drop and generate BROWSER-IE Microsoft Edge Array out of bounds memory corruption a ttempt (1:41557) events Drop and generate BROWSER-IE Microsoft Edge Array out of bounds memory corruption a ttempt (1:41558) events Drop and generate BROWSER-IE Microsoft Edge Array out of bounds memory corruption a ttempt (1:41559) events Drop and generate BROWSER-IE Microsoft Edge Array out of bounds memory corruption a ttempt (1:41560) events Drop and generate BROWSER-IE Microsoft Edge array type confusion attempt (1:45169) events Drop and generate BROWSER-IE Microsoft Edge array type confusion attempt (1:45170) events Drop and generate BROWSER-IE Microsoft Edge array use after free attempt (1:44819) events Drop and generate BROWSER-IE Microsoft Edge array use after free attempt (1:44820) events Drop and generate BROWSER-IE Microsoft Edge Array.concat type confusion attempt (1: 40661) events Drop and generate BROWSER-IE Microsoft Edge Array.concat type confusion attempt (1: 40662) events Drop and generate BROWSER-IE Microsoft Edge array.join information disclosure attem pt (1:40383) events Drop and generate BROWSER-IE Microsoft Edge array.join information disclosure attem pt (1:40384) events Drop and generate BROWSER-IE Microsoft Edge Array.prototype.fill out of bounds writ e attempt (1:38805) events 3 Drop and generate BROWSER-IE Microsoft Edge Array.prototype.fill out of bounds writ e attempt (1:38806) events Drop and generate BROWSER-IE Microsoft Edge ArrayBuffer.transfer information disclo sure attempt (1:39506) events Drop and generate BROWSER-IE Microsoft Edge ArrayBuffer.transfer information disclo sure attempt (1:39507) events Drop and generate BROWSER-IE Microsoft Edge browser memory corruption attempt (1:47 117) events Drop and generate BROWSER-IE Microsoft Edge browser memory corruption attempt (1:47 118) events Drop and generate BROWSER-IE Microsoft Edge browser redirection vulnerability attem pt (1:47474) events Drop and generate BROWSER-IE Microsoft Edge browser redirection vulnerability attem pt (1:47475) events Drop and generate BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll obj ect use after free attempt (1:38073) events Drop and generate BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll obj ect use after free attempt (1:38074) events Drop and generate BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll obj ect use after free attempt (1:38075) events Drop and generate BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll obj ect use after free attempt (1:38076) events Drop and generate BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt ( 1:36984) events Drop and generate BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt ( 1:36985) events Drop and generate BROWSER-IE Microsoft Edge Chakra Closure use after free attempt ( 1:44813) events Drop and generate BROWSER-IE Microsoft Edge Chakra Closure use after free attempt ( 1:44814) events Drop and generate BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (1:4 2753) events Drop and generate BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (1:4 2754) events Drop and generate BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (1:4 5889) events Drop