CVE-2022-36958 (GCVE-0-2022-36958)

Vulnerability from cvelistv5 – Published: 2022-10-20 20:10 – Updated: 2025-05-08 13:25
VLAI?
Summary
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
Vendor Product Version
SolarWinds SolarWinds Platform Affected: unspecified , ≤ 2022.3 and prior versions (custom)
Create a notification for this product.
    SolarWinds Orion Platform Affected: unspecified , ≤ 2020.2.6 HF5 and prior versions (custom)
Create a notification for this product.
Credits
SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-36958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T13:25:42.786016Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T13:25:48.824Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SolarWinds Platform",
          "vendor": "SolarWinds",
          "versions": [
            {
              "lessThanOrEqual": "2022.3 and prior versions",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Orion Platform",
          "vendor": "SolarWinds",
          "versions": [
            {
              "lessThanOrEqual": "2020.2.6 HF5 and prior versions",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
        }
      ],
      "datePublic": "2022-10-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-20T00:00:00.000Z",
        "orgId": "49f11609-934d-4621-84e6-e02e032104d6",
        "shortName": "SolarWinds"
      },
      "references": [
        {
          "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SolarWinds Platform Deserialization of Untrusted Data",
      "workarounds": [
        {
          "lang": "en",
          "value": "SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as it becomes available. The expected RC release is at the end of October. SolarWinds also recommends that customers follow the guidance provided in the SolarWinds Secure Configuration Guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm). Ensure only authorized users can access the SolarWinds Platform."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
    "assignerShortName": "SolarWinds",
    "cveId": "CVE-2022-36958",
    "datePublished": "2022-10-20T20:10:01.367Z",
    "dateReserved": "2022-07-27T00:00:00.000Z",
    "dateUpdated": "2025-05-08T13:25:48.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2020.2.6\", \"matchCriteriaId\": \"01CD6BD2-A53E-4AB1-A08C-00540EC437E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD239861-0422-45EE-9A3B-EED4F87F38F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D577F745-35B0-44D8-A457-FD00C4FD4F76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix2:*:*:*:*:*:*\", \"matchCriteriaId\": \"884E1621-E848-4769-BEF6-95A87F52A538\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix3:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A60806A-14DE-4E9D-A55E-6DA128EF7661\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix4:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E4171F0-1467-431C-A20C-6812045F9992\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix5:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8F73D48-6F19-44D9-9F3E-B6AEB78946B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:orion_platform:2022.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A6214D0-6FDD-40F8-9955-CF3D616CB9A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:orion_platform:2022.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"077EB1C9-5CE5-48D8-9841-D11A2FB41098\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.\"}, {\"lang\": \"es\", \"value\": \"SolarWinds Platform era susceptible a una Deserializaci\\u00f3n de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso v\\u00e1lido a la consola web de SolarWinds ejecutar comandos arbitrarios\"}]",
      "id": "CVE-2022-36958",
      "lastModified": "2024-11-21T07:14:09.453",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@solarwinds.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2022-10-20T21:15:09.990",
      "references": "[{\"url\": \"https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958\", \"source\": \"psirt@solarwinds.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567\", \"source\": \"psirt@solarwinds.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@solarwinds.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@solarwinds.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-36958\",\"sourceIdentifier\":\"psirt@solarwinds.com\",\"published\":\"2022-10-20T21:15:09.990\",\"lastModified\":\"2024-11-21T07:14:09.453\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.\"},{\"lang\":\"es\",\"value\":\"SolarWinds Platform era susceptible a una Deserializaci\u00f3n de Datos No Confiables. Esta vulnerabilidad permite a un adversario remoto con acceso v\u00e1lido a la consola web de SolarWinds ejecutar comandos arbitrarios\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@solarwinds.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@solarwinds.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2020.2.6\",\"matchCriteriaId\":\"01CD6BD2-A53E-4AB1-A08C-00540EC437E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD239861-0422-45EE-9A3B-EED4F87F38F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D577F745-35B0-44D8-A457-FD00C4FD4F76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix2:*:*:*:*:*:*\",\"matchCriteriaId\":\"884E1621-E848-4769-BEF6-95A87F52A538\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A60806A-14DE-4E9D-A55E-6DA128EF7661\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E4171F0-1467-431C-A20C-6812045F9992\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8F73D48-6F19-44D9-9F3E-B6AEB78946B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:orion_platform:2022.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A6214D0-6FDD-40F8-9955-CF3D616CB9A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:orion_platform:2022.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"077EB1C9-5CE5-48D8-9841-D11A2FB41098\"}]}]}],\"references\":[{\"url\":\"https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958\",\"source\":\"psirt@solarwinds.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567\",\"source\":\"psirt@solarwinds.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T10:21:32.213Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-36958\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T13:25:42.786016Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T13:25:45.845Z\"}}], \"cna\": {\"title\": \"SolarWinds Platform Deserialization of Untrusted Data\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"SolarWinds\", \"product\": \"SolarWinds Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2022.3 and prior versions\"}]}, {\"vendor\": \"SolarWinds\", \"product\": \"Orion Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2020.2.6 HF5 and prior versions\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as possible.\"}], \"datePublic\": \"2022-10-19T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-36958\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-CAN-17567\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"SolarWinds recommends customers upgrade to SolarWinds Platform version 2022.4 as soon as it becomes available. The expected RC release is at the end of October. SolarWinds also recommends that customers follow the guidance provided in the SolarWinds Secure Configuration Guide (https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm). Ensure only authorized users can access the SolarWinds Platform.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"49f11609-934d-4621-84e6-e02e032104d6\", \"shortName\": \"SolarWinds\", \"dateUpdated\": \"2022-10-20T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-36958\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-08T13:25:48.824Z\", \"dateReserved\": \"2022-07-27T00:00:00.000Z\", \"assignerOrgId\": \"49f11609-934d-4621-84e6-e02e032104d6\", \"datePublished\": \"2022-10-20T20:10:01.367Z\", \"assignerShortName\": \"SolarWinds\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.