Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SolarWinds Orion Vulnerability

MicahMicah SonicWall Employee

Learn more about the recent SolarWinds Orion Vulnerability here: https://www.sonicwall.com/support/product-notification/201215115842243/

SonicWall also has confirmed it is not using a vulnerable SolarWinds Orion product and is not impacted by this threat.

SonicWall Capture Labs threat researchers have investigated the vulnerability and published four signatures that identify malicious activity against affected SolarWinds Orion versions, and two additional application notifications that detect if an organization has SolarWinds Orion deployed within its network. These signatures are applied automatically to SonicWall firewalls with active security subscriptions:

  • 15292: BACKDOOR SolarWinds Supply Chain Malware Activity 1
  • 15293: BACKDOOR SolarWinds Supply Chain Malware Activity 2
  • 15294: BACKDOOR SolarWinds Supply Chain Malware Activity 3
  • 15295: BACKDOOR SolarWinds Supply Chain Malware Activity 4
  • 15296: BUSINESS-APPS SolarWinds Orion (API Activity)
  • 2014: BUSINESS-APPS SolarWinds Orion (Update Activity)
Category: Water Cooler
Reply

@micah - SonicWall's Self-Service Sr. Manager

Comments

  • brentrbrentr Newbie ✭

    Micah,

    Thank you for the update on the Signature Files, Can you tell me how I would be able to recognize any activity via the Sonicwall Console for Traffic related to this Threat?

  • KaranMKaranM Administrator

    Hi @brentr ,

    I hope you are safe and well!

    You shoud be able to see the logs related to IPS prevention and detection by enabling it under MANAGE | Log Settings | Base Setup.


    Regards

    Karan

    Knowledge Management Senior Analyst at SonicWall.

Sign In or Register to comment.