Frontdoor - DRS Changelog: 2.0 → 2.1¶
Generated: 05 July 2026 | Base: 2.0 | Target: 2.1
Summary: 19 added · 0 removed · 4 changed
Added Rules¶
| Rule ID | Rule Group Name | Description | Action | State |
|---|---|---|---|---|
| 920181 | PROTOCOL-ENFORCEMENT | Content-Length and Transfer-Encoding headers present | AnomalyScoring | Enabled |
| 920500 | PROTOCOL-ENFORCEMENT | Attempt to access a backup or working file | AnomalyScoring | Enabled |
| 921190 | PROTOCOL-ATTACK | HTTP Splitting (CR/LF in request filename detected) | AnomalyScoring | Enabled |
| 921200 | PROTOCOL-ATTACK | LDAP Injection Attack | AnomalyScoring | Enabled |
| 99001002 | MS-ThreatIntel-CVEs | Attempted Citrix NSC_USER directory traversal (CVE-2019-19781) | AnomalyScoring | Enabled |
| 99001003 | MS-ThreatIntel-CVEs | Attempted Atlassian Confluence Widget Connector exploitation (CVE-2019-3396) | AnomalyScoring | Enabled |
| 99001004 | MS-ThreatIntel-CVEs | Attempted Pulse Secure custom template exploitation (CVE-2020-8243) | AnomalyScoring | Enabled |
| 99001005 | MS-ThreatIntel-CVEs | Attempted SharePoint type converter exploitation (CVE-2020-0932) | AnomalyScoring | Enabled |
| 99001006 | MS-ThreatIntel-CVEs | Attempted Pulse Connect directory traversal (CVE-2019-11510) | AnomalyScoring | Enabled |
| 99001007 | MS-ThreatIntel-CVEs | Attempted Junos OS J-Web local file inclusion (CVE-2020-1631) | AnomalyScoring | Enabled |
| 99001008 | MS-ThreatIntel-CVEs | Attempted Fortinet path traversal (CVE-2018-13379) | AnomalyScoring | Enabled |
| 99001009 | MS-ThreatIntel-CVEs | Attempted Apache struts ognl injection (CVE-2017-5638) | AnomalyScoring | Enabled |
| 99001010 | MS-ThreatIntel-CVEs | Attempted Apache struts ognl injection (CVE-2017-12611) | AnomalyScoring | Enabled |
| 99001011 | MS-ThreatIntel-CVEs | Attempted Oracle WebLogic path traversal (CVE-2020-14882) | AnomalyScoring | Enabled |
| 99001012 | MS-ThreatIntel-CVEs | Attempted Telerik WebUI insecure deserialization exploitation (CVE-2019-18935) | AnomalyScoring | Enabled |
| 99001013 | MS-ThreatIntel-CVEs | Attempted SharePoint insecure XML deserialization (CVE-2019-0604) | AnomalyScoring | Enabled |
| 99005005 | MS-ThreatIntel-WebShells | Web Shell Interaction Attempt | AnomalyScoring | Enabled |
| 99031003 | MS-ThreatIntel-SQLI | SQL Injection Attack (replacing rule #942150) | AnomalyScoring | Enabled |
| 99031004 | MS-ThreatIntel-SQLI | Detects basic SQL authentication bypass attempts ⅔ (replacing rule #942260) | AnomalyScoring | Enabled |
Removed Rules¶
No rules removed.
Changed Rules¶
| Rule ID | Rule Group | Field | Before | After |
|---|---|---|---|---|
| 942150 | SQLI | State | Enabled | Disabled |
| 942260 | SQLI | State | Enabled | Disabled |
| 99031001 | MS-ThreatIntel-SQLI | Description | SQL Injection Attack: Common Injection Testing Detected | SQL Injection Attack: Common Injection Testing Detected (replacing rule #942110) |
| 99031002 | MS-ThreatIntel-SQLI | Description | SQL Comment Sequence Detected. | SQL Comment Sequence Detected (replacing rule #942440). |