wp-pw-brute-force via xmlrpc (which shoudl be blocked anyway)
credits goes to sucuri:
MainRule "str:system.multicall" "msg:Wordpress XMLRPC possible
Password Brute Force" "mz:$URL:/xmlrpc.php|BODY" "s:$ATTACK:8"
there has been a couple of rules added too, mostly JAVA.* - stuff to detect generic attacks against java-based app, inspired by the latest elasticsearch - exploits