RichBaldry Is Sophos aware of and working on this?
https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj
Under 58906, 58907 on the ID.
Astaro IPS Rules
UTM - 9.713-19 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SATA HDD | GB Ethernet x5
Thanks for the info! Unfortunately the Snort site doesn't have details on the two IDs. I'm afraid that the Snort software itself needs to be updated by/on Sophos though. I currently see Snort Version 2.9.17.1 on a 9.710-1 Sophos UTM. I found this interesting link which states that the Snort engine can be delivered by Sophos via the pattern updates. That's why I tried to ask RichBaldry here.
You should create a Support Case to get this answer.
__________________________________________________________________________________________________________________