Categories

id
1001
name
Unknown Form of Recon
parent
Recon
1002
Application Query
Recon
1003
Host Query
Recon
1004
Network Sweep
Recon
1005
Mail Reconnaissance
Recon
1006
Windows Reconnaissance
Recon
1007
Portmap / RPC Request
Recon
1008
Host Port Scan
Recon
1009
RPC Dump
Recon
1010
DNS Reconnaissance
Recon
1011
Misc Recon Event
Recon
1012
Web Reconnaissance
Recon
1013
Database Reconnaissance
Recon
1014
ICMP Reconnaissance
Recon
1015
UDP Reconnaissance
Recon
1016
SNMP Reconnaissance
Recon
1017
ICMP Host Query
Recon
1018
UDP Host Query
Recon
1019
NMAP Reconnaissance
Recon
1020
TCP Reconnaissance
Recon
1021
Unix Reconnaissance
Recon
1022
FTP Reconnaissance
Recon
2001
Unknown DoS Attack
DOS
2002
ICMP DoS
DOS
2003
TCP DoS
DOS
2004
UDP DoS
DOS
2005
DNS Service DoS
DOS
2006
Web Service DoS
DOS
2007
Mail Service DoS
DOS
2008
Distributed DoS
DOS
2009
Misc DoS
DOS
2010
Unix DOS
DOS
2011
Windows DoS
DOS
2012
Database DoS
DOS
2013
FTP DoS
DOS
2014
Infrastructure DoS
DOS
2015
Telnet DoS
DOS
2016
Brute force login
DOS
2017
High Rate TCP DoS
DOS
2018
High Rate UDP DoS
DOS
2019
High Rate ICMP DoS
DOS
2020
High Rate DoS
DOS
2021
Medium Rate TCP DoS
DOS
2022
Medium Rate UDP DoS
DOS
2023
Medium Rate ICMP DoS
DOS
2024
Medium Rate DoS
DOS
2025
Low Rate TCP DoS
DOS
2026
Low Rate UDP DoS
DOS
2027
Low Rate ICMP DoS
DOS
2028
Low Rate DoS
DOS
2029
Distributed High Rate TCP DoS
DOS
2030
Distributed High Rate UDP DoS
DOS
2031
Distributed High Rate ICMP DoS
DOS
2032
Distributed High Rate DoS
DOS
2033
Distributed Medium Rate TCP DoS
DOS
2034
Distributed Medium Rate UDP DoS
DOS
2035
Distributed Medium Rate ICMP DoS
DOS
2036
Distributed Medium Rate DoS
DOS
2037
Distributed Low Rate TCP DoS
DOS
2038
Distributed Low Rate UDP DoS
DOS
2039
Distributed Low Rate ICMP DoS
DOS
2040
Distributed Low Rate DoS
DOS
2041
High Rate TCP Scan
DOS
2042
High Rate UDP Scan
DOS
2043
High Rate ICMP Scan
DOS
2044
High Rate Scan
DOS
2045
Medium Rate TCP Scan
DOS
2046
Medium Rate UDP Scan
DOS
2047
Medium Rate ICMP Scan
DOS
2048
Medium Rate Scan
DOS
2049
Low Rate TCP Scan
DOS
2050
Low Rate UDP Scan
DOS
2051
Low Rate ICMP Scan
DOS
2052
Low Rate Scan
DOS
2053
VoIP DoS
DOS
2054
Flood
DOS
2055
TCP Flood
DOS
2056
UDP Flood
DOS
2057
ICMP Flood
DOS
2058
SYN Flood
DOS
2059
URG Flood
DOS
2060
SYN URG Flood
DOS
2061
SYN FIN Flood
DOS
2062
SYN ACK Flood
DOS
3001
cation
3002
cation
3003
cation
3004
cation
3005
cation
3006
Unknown Authentication
Authenti
Host Login Succeeded
Authenti
Host Login Failed
Authenti
Misc Login Succeeded
Authenti
Misc Login Failed
Authenti
Privilege Escalation Failed
Authenti
cation
3007
cation
3008
cation
3009
cation
3010
cation
3011
cation
3012
cation
3013
cation
3014
cation
3015
cation
3016
cation
3017
cation
3018
cation
3019
cation
3020
cation
3021
cation
3022
cation
3023
cation
3024
cation
3025
cation
3026
cation
3027
cation
3028
cation
3029
cation
3030
cation
3031
cation
3032
cation
3033
cation
3034
cation
3035
cation
3036
Privilege Escalation Succeeded
Authenti
Mail Service Login Succeeded
Authenti
Mail Service Login Failed
Authenti
Auth Server Login Failed
Authenti
Auth Server Login Succeeded
Authenti
Web Service Login Succeeded
Authenti
Web Service Login Failed
Authenti
Admin Login Successful
Authenti
Admin Login Failure
Authenti
Suspicious Username
Authenti
Login with username/password defaults successful
Authenti
Login with username/password defaults failed
Authenti
FTP Login Succeeded
Authenti
FTP Login Failed
Authenti
SSH Login Succeeded
Authenti
SSH Login Failed
Authenti
User Right Assigned
Authenti
User Right Removed
Authenti
Trusted Domain Added
Authenti
Trusted Domain Removed
Authenti
System Security Access Granted
Authenti
System Security Access Removed
Authenti
Policy Added
Authenti
Policy Change
Authenti
User Account Added
Authenti
User Account Changed
Authenti
Password Change Failed
Authenti
Password Change Succeeded
Authenti
User Account Removed
Authenti
Group Member Added
Authenti
cation
3037
cation
3038
cation
3039
cation
3040
cation
3041
cation
3042
cation
3043
cation
3044
cation
3045
cation
3046
cation
3047
cation
3048
cation
3049
cation
3050
cation
3051
cation
3052
cation
3053
cation
3054
cation
3055
cation
3056
cation
3057
cation
3058
cation
3059
cation
3060
cation
3061
cation
3062
cation
3063
cation
3064
cation
3065
cation
3066
Group Member Removed
Authenti
Group Added
Authenti
Group Changed
Authenti
Group Removed
Authenti
Computer Account Added
Authenti
Computer Account Changed
Authenti
Computer Account Removed
Authenti
Remote Access Login Succeeded
Authenti
Remote Access Login Failed
Authenti
General Authentication Successful
Authenti
General Authentication Failed
Authenti
Telnet Login Succeeded
Authenti
Telnet Login Failed
Authenti
Suspicious Password
Authenti
Samba Login Succeeded
Authenti
Samba Login Failed
Authenti
Auth Server Session Opened
Authenti
Auth Server Session Closed
Authenti
Firewall Session Closed
Authenti
Host Logout
Authenti
Misc Logout
Authenti
Auth Server Logout
Authenti
Web Service Logout
Authenti
Admin Logout
Authenti
FTP Logout
Authenti
SSH Logout
Authenti
Remote Access Logout
Authenti
Telnet Logout
Authenti
Samba Logout
Authenti
VoIP Login Succeeded
Authenti
cation
3067
cation
3068
cation
3069
cation
3070
cation
3071
cation
3072
cation
3073
cation
3074
cation
3075
cation
3076
cation
3077
cation
3078
cation
3079
cation
3080
cation
3081
cation
3082
cation
3083
cation
3084
cation
3085
cation
3086
cation
3087
cation
3088
cation
3089
cation
3090
cation
3091
cation
3092
cation
3093
cation
3094
cation
3095
cation
3096
VoIP Login Failed
Authenti
VoIP Logout
Authenti
VoIP Session Initiated
Authenti
VoIP Session Terminated
Authenti
SSH Session Started
Authenti
SSH Session Finished
Authenti
Admin Session Started
Authenti
Admin Session Finished
Authenti
Database Login Succeeded
Authenti
Database Login Failed
Authenti
IKE Authentication Failed
Authenti
IKE Authentication Succeeded
Authenti
IKE Session Started
Authenti
IKE Session Ended
Authenti
IKE Error
Authenti
IKE Status
Authenti
RADIUS Session Started
Authenti
RADIUS Session Ended
Authenti
RADIUS Session Denied
Authenti
RADIUS Session Status
Authenti
RADIUS Authentication Failed
Authenti
RADIUS Authentication Succeeded
Authenti
TACACS Session Started
Authenti
TACACS Session Ended
Authenti
TACACS Session Denied
Authenti
TACACS Session Status
Authenti
TACACS Authentication Succeeded
Authenti
TACACS Authentication Failed
Authenti
Deauthenticating host succeeded
Authenti
Deauthenticating host failed
Authenti
cation
3097
cation
3098
cation
3099
cation
3100
cation
3101
cation
3102
cation
3103
cation
3104
cation
3105
cation
3106
cation
3107
cation
3108
cation
3109
cation
3110
cation
3111
cation
3112
cation
3113
cation
3114
cation
3115
cation
3116
cation
3117
cation
3118
cation
3119
cation
3120
cation
3121
cation
3122
cation
4001
Station authentication succeeded
Authenti
Station authentication failed
Authenti
Station association succeeded
Authenti
Station association failed
Authenti
Station reassociation succeeded
Authenti
Station reassociation failed
Authenti
Disassociating host succeeded
Authenti
Disassociating host failed
Authenti
SA Error
Authenti
SA Creation Failure
Authenti
SA Established
Authenti
SA Rejected
Authenti
Deleting SA
Authenti
Creating SA
Authenti
Certificate Mismatch
Authenti
Credentials Mismatch
Authenti
Admin Login Attempt
Authenti
User Login Attempt
Authenti
User Login Success
Authenti
User Login Failure
Authenti
SFTP Login Succeeded
Authenti
SFTP Login Failed
Authenti
SFTP Logout
Authenti
Identity Granted
Authenti
Identity Removed
Authenti
Identity Revoked
Authenti
Unknown Network Communication Event
Access
4002
Firewall Permit
Access
4003
Firewall Deny
Access
4004
Flow Context Response
Access
4005
Misc Network Communication Event
Access
4006
IPS Deny
Access
4007
Firewall Session Opened
Access
4008
Firewall Session Closed
Access
4009
Dynamic Address Translation Successful
Access
4010
No Translation Group Found
Access
4011
Misc Authorization
Access
4012
ACL Permit
Access
4013
ACL Deny
Access
4014
Access Permitted
Access
4015
Access Denied
Access
4016
Session Opened
Access
4017
Session Closed
Access
4018
Session Reset
Access
4019
Session Terminated
Access
4020
Session Denied
Access
4021
Session In Progress
Access
4022
Session Delayed
Access
4023
Session Queued
Access
4024
Session Inbound
Access
4025
Session Outbound
Access
4026
Unauthorized Access Attempt
Access
4027
Misc Application Action Allowed
Access
4028
Misc Application Action Denied
Access
4029
Database Action Allowed
Access
4030
Database Action Denied
Access
4031
FTP Action Allowed
Access
4032
FTP Action Denied
Access
4033
Object Cached
Access
4034
Object Not Cached
Access
4035
Rate Limiting
Access
4036
No Rate Limiting
Access
4037
PII Access Permitted
Access
4038
PII Access Denied
Access
5001
Unknown Exploit Attack
Exploit
5002
Buffer Overflow
Exploit
5003
DNS Exploit
Exploit
5004
Telnet Exploit
Exploit
5005
Linux Exploit
Exploit
5006
Unix Exploit
Exploit
5007
Windows Exploit
Exploit
5008
Mail Exploit
Exploit
5009
Infrastructure Exploit
Exploit
5010
Misc Exploit
Exploit
5011
Web Exploit
Exploit
5012
Session Hijack
Exploit
5013
Worm Active
Exploit
5014
Password Guess/Retrieve
Exploit
5015
FTP Exploit
Exploit
5016
RPC Exploit
Exploit
5017
SNMP Exploit
Exploit
5018
NOOP Exploit
Exploit
5019
Samba Exploit
Exploit
5020
SSH Exploit
Exploit
5021
Database Exploit
Exploit
5022
ICMP Exploit
Exploit
5023
UDP Exploit
Exploit
5024
Browser Exploit
Exploit
5025
DHCP Exploit
Exploit
5026
Remote Access Exploit
Exploit
5027
ActiveX Exploit
Exploit
5028
SQL Injection
Exploit
5029
Cross Site Scripting
Exploit
5030
Format String Vulnerability
Exploit
5031
Input Validation Exploit
Exploit
5032
Remote Code Execution
Exploit
5033
Memory Corruption
Exploit
5034
Command Execution
Exploit
5035
Code Injection
Exploit
5036
Replay Attack
Exploit
6001
Unknown Malware
Malware
6002
Backdoor Detected
Malware
6003
Hostile Mail Attachment
Malware
6004
Malicious Software
Malware
6005
Hostile Software Download
Malware
6006
Virus Detected
Malware
6007
Misc Malware
Malware
6008
Trojan Detected
Malware
6009
Spyware Detected
Malware
6010
Content Scan
Malware
6011
Content Scan Failed
Malware
6012
Content Scan Successful
Malware
6013
Content Scan Inprogress
Malware
6014
Keylogger
Malware
6015
Adware Detected
Malware
6016
Quarantine Successful
Malware
6017
Quarantine Failed
Malware
6018
Malware Infection
Malware
7001
Unknown Suspicious Event
us Activity
7002
Suspicious Pattern Detected
Suspicio
Suspicio
us Activity
7003
us Activity
7004
us Activity
7005
us Activity
7006
us Activity
7007
us Activity
7008
us Activity
7009
us Activity
7010
us Activity
7011
us Activity
7012
us Activity
7013
us Activity
7014
us Activity
7015
us Activity
7016
us Activity
7017
us Activity
7018
us Activity
7019
us Activity
7020
us Activity
7021
us Activity
7022
us Activity
7023
us Activity
7024
us Activity
7025
us Activity
7026
us Activity
7027
us Activity
7028
us Activity
7029
us Activity
7030
us Activity
7031
us Activity
7032
Content Modified By Firewall
Suspicio
Invalid Command or Data
Suspicio
Suspicious Packet
Suspicio
Suspicious Activity
Suspicio
Suspicious File Name
Suspicio
Suspicious Port Activity
Suspicio
Suspicious Routing
Suspicio
Potential Web Vulnerability
Suspicio
Unknown Evasion Event
Suspicio
IP Spoof
Suspicio
IP Fragmentation
Suspicio
Overlapping IP Fragments
Suspicio
IDS Evasion
Suspicio
DNS Protocol Anomaly
Suspicio
FTP Protocol Anomaly
Suspicio
Mail Protocol Anomaly
Suspicio
Routing Protocol Anomaly
Suspicio
Web Protocol Anomaly
Suspicio
SQL Protocol Anomaly
Suspicio
Executable Code Detected
Suspicio
Misc Suspicious Event
Suspicio
Information Leak
Suspicio
Potential Mail Vulnerability
Suspicio
Potential Version Vulnerability
Suspicio
Potential FTP Vulnerability
Suspicio
Potential SSH Vulnerability
Suspicio
Potential DNS Vulnerability
Suspicio
Potential SMB Vulnerability
Suspicio
Potential Database Vulnerability
Suspicio
IP Protocol Anomaly
Suspicio
us Activity
7033
us Activity
7034
us Activity
7035
us Activity
7036
us Activity
7037
us Activity
7038
us Activity
7039
us Activity
7040
us Activity
7041
us Activity
7042
us Activity
7043
us Activity
7044
us Activity
7045
us Activity
7046
us Activity
7047
us Activity
7048
us Activity
7049
us Activity
7050
us Activity
7051
us Activity
7052
us Activity
7053
us Activity
7054
us Activity
7055
us Activity
7056
us Activity
7057
us Activity
7058
us Activity
7059
us Activity
7060
us Activity
7061
us Activity
7062
Suspicious IP Address
Suspicio
Invalid IP Protocol Usage
Suspicio
Invalid Protocol
Suspicio
Suspicious Windows Events
Suspicio
Suspicious ICMP Activity
Suspicio
Potential NFS Vulnerability
Suspicio
Potential NNTP Vulnerability
Suspicio
Potential RPC Vulnerability
Suspicio
Potential Telnet Vulnerability
Suspicio
Potential SNMP Vulnerability
Suspicio
Illegal TCP Flag Combination
Suspicio
Suspicious TCP Flag Combination
Suspicio
Illegal ICMP Protocol Usage
Suspicio
Suspicious ICMP Protocol Usage
Suspicio
Illegal ICMP Type
Suspicio
Illegal ICMP Code
Suspicio
Suspicious ICMP Type
Suspicio
Suspicious ICMP Code
Suspicio
TCP Port 0
Suspicio
UDP Port 0
Suspicio
Hostile IP
Suspicio
Watch List IP
Suspicio
Known Offender IP
Suspicio
RFC 1918 (private) IP
Suspicio
Potential VoIP Vulnerability
Suspicio
Blacklist Address
Suspicio
Watchlist Address
Suspicio
Darknet Address
Suspicio
Botnet Address
Suspicio
Suspicious Address
Suspicio
us Activity
7063
us Activity
7064
us Activity
7065
us Activity
7066
us Activity
7067
us Activity
7068
us Activity
7069
us Activity
7070
us Activity
8001
Bad Content
Suspicio
Invalid Cert
Suspicio
User Activity
Suspicio
Suspicious Protocol Usage
Suspicio
Suspicious BGP Activity
Suspicio
Route Poisoning
Suspicio
ARP Poisoning
Suspicio
Rogue device detected
Suspicio
Unknown System Event
System
8002
System Boot
System
8003
System Configuration
System
8004
System Halt
System
8005
System Failure
System
8006
System Status
System
8007
System Error
System
8008
Misc System Event
System
8009
Service Started
System
8010
Service Stopped
System
8011
Service Failure
System
8012
Successful Registry Modification
System
8013
Successful Host-Policy Modification
System
8014
Successful File Modification
System
8015
Successful Stack Modification
System
8016
Successful Application Modification
System
8017
Successful Configuration Modification
System
8018
Successful Service Modification
System
8019
Failed Registry Modification
System
8020
Failed Host-Policy Modification
System
8021
Failed File Modification
System
8022
Failed Stack Modification
System
8023
Failed Application Modification
System
8024
Failed Configuration Modification
System
8025
Failed Service Modification
System
8026
Registry Addition
System
8027
Host-Policy Created
System
8028
File Created
System
8029
Application Installed
System
8030
Service Installed
System
8031
Registry Deletion
System
8032
Host-Policy Deleted
System
8033
File Deleted
System
8034
Application Uninstalled
System
8035
Service Uninstalled
System
8036
System Informational
System
8037
System Action Allow
System
8038
System Action Deny
System
8039
Cron
System
8040
Cron Status
System
8041
Cron Failed
System
8042
Cron Successful
System
8043
Daemon
System
8044
Daemon Status
System
8045
Daemon Failed
System
8046
Daemon Successful
System
8047
Kernel
System
8048
Kernel Status
System
8049
Kernel Failed
System
8050
Kernel Successful
System
8051
Authentication
System
8052
Information
System
8053
Notice
System
8054
Warning
System
8055
Error
System
8056
Critical
System
8057
Debug
System
8058
Messages
System
8059
Privilege Access
System
8060
Alert
System
8061
Emergency
System
8062
SNMP Status
System
8063
FTP Status
System
8064
NTP Status
System
8065
Access point radio failure
System
8066
Encryption protocol configuration mismatch
System
8067
Client device or authentication server misconfigured
System
8068
Hot standby enable failed
System
8069
Hot standby disable failed
System
8070
Hot standby enabled successfully
System
8071
Hot standby association lost
System
8072
Mainmode Initiation Failure
System
8073
Mainmode Initiation Succeeded
System
8074
Mainmode Status
System
8075
Quickmode Initiation Failure
System
8076
Quickmode Initiation Succeeded
System
8077
Quickmode Status
System
8078
Invalid License
System
8079
License Expired
System
8080
New License Applied
System
8081
License Error
System
8082
License Status
System
8083
Configuration Error
System
8084
Service Disruption
System
8085
License Exceeded
System
8086
Performance Status
System
8087
Performance Degradation
System
8088
Misconfiguration
System
9001
Unknown Policy Violation
Policy
9002
Web Policy Violation
Policy
9003
Remote Access Policy Violation
Policy
9004
IRC/IM Policy Violation
Policy
9005
P2P Policy Violation
Policy
9006
IP Access Policy Violation
Policy
9007
Application Policy Violation
Policy
9008
Database Policy Violation
Policy
9009
Network Threshold Policy Violation
Policy
9010
Porn Policy Violation
Policy
9011
Games Policy Violation
Policy
9012
Misc Policy Violation
Policy
9013
Compliance Policy Violation
Policy
9014
Mail Policy Violation
Policy
9015
IRC Policy Violation
Policy
9016
IM Policy Violation
Policy
9017
VoIP Policy Violation
Policy
9018
Succeeded
Policy
9019
Failed
Policy
10001
Unknown
Unknown
10002
Unknown Snort Event
Unknown
10003
Unknown Dragon Event
Unknown
10004
Unknown Pix Firewall Event
Unknown
10005
Unknown Tipping Point Event
Unknown
10006
Unknown Windows Auth Server Event
Unknown
10007
Unknown Nortel Event
Unknown
10008
Unknown Generic Log Event
Unknown
10009
Stored
Unknown
11001
ies
11002
ies
11003
ies
12001
Behavioral
Time Ser
Threshold
Time Ser
Anomaly
Time Ser
Unknown CRE Event
CRE
12002
Single Event Rule Match
CRE
12003
Event Sequence Rule Match
CRE
12004
Cross-Offense Event Sequence Rule Match
CRE
12005
Offense Rule Match
CRE
13001
l Exploit
13002
l Exploit
13003
l Exploit
13004
l Exploit
13005
l Exploit
13006
l Exploit
13007
l Exploit
13008
l Exploit
13009
l Exploit
13010
l Exploit
13011
l Exploit
13012
l Exploit
13013
l Exploit
14001
Unknown Potential Exploit Attack
Potentia
Potential Buffer Overflow
Potentia
Potential DNS Exploit
Potentia
Potential Telnet Exploit
Potentia
Potential Linux Exploit
Potentia
Potential Unix Exploit
Potentia
Potential Windows Exploit
Potentia
Potential Mail Exploit
Potentia
Potential Infrastructure Exploit
Potentia
Potential Misc Exploit
Potentia
Potential Web Exploit
Potentia
Potential Botnet Connection
Potentia
Potential Worm Activity
Potentia
Unidirectional Flow
Flow
14002
Low number of Unidirectional Flows
Flow
14003
Medium number of Unidirectional Flows
Flow
14004
High number of Unidirectional Flows
Flow
14005
Unidirectional TCP Flow
Flow
14006
Low number of Unidirectional TCP Flows
Flow
14007
Medium number of Unidirectional TCP Flows
Flow
14008
High number of Unidirectional TCP Flows
Flow
14009
Unidirectional ICMP Flow
Flow
14010
Low number of Unidirectional ICMP Flows
Flow
14011
Medium number of Unidirectional ICMP Flows
Flow
14012
High number of Unidirectional ICMP Flows
Flow
14013
Suspicious ICMP Flow
Flow
14014
Suspicious UDP Flow
Flow
14015
Suspicious TCP Flow
Flow
14016
Suspicious Flow
Flow
14017
Empty Packet Flows
Flow
14018
Low number of Empty Packet Flows
Flow
14019
Medium number of Empty Packet Flows
Flow
14020
High number of Empty Packet Flows
Flow
14021
Large Payload Flows
Flow
14022
Low number of Large Payload Flows
Flow
14023
Medium number of Large Payload Flows
Flow
14024
High number of Large Payload Flows
Flow
14025
One Attacker to Many Target Flow
Flow
14026
Many Attackers to one Target Flow
Flow
14027
Unknown Flow
Flow
14028
Netflow Record
Flow
14029
QFlow Record
Flow
14030
SFlow Record
Flow
14031
Packeteer Record
Flow
14032
Misc flow
Flow
14033
Large Data Transfer
Flow
14034
Large Data Transfer outbound
Flow
14035
VoIP Flows
Flow
15001
ined
15002
ined
15003
ined
15004
ined
15005
ined
15006
ined
15007
ined
15008
ined
15009
ined
15010
ined
15011
ined
15012
ined
15013
ined
15014
ined
15015
ined
15016
ined
15017
ined
15018
ined
15019
ined
15020
ined
15021
ined
15022
ined
15023
ined
15024
ined
15025
ined
15026
ined
15027
ined
15028
ined
15029
ined
15030
Custom Sentry Low
User Def
Custom Sentry Medium
User Def
Custom Sentry High
User Def
Custom Sentry 1
User Def
Custom Sentry 2
User Def
Custom Sentry 3
User Def
Custom Sentry 4
User Def
Custom Sentry 5
User Def
Custom Sentry 6
User Def
Custom Sentry 7
User Def
Custom Sentry 8
User Def
Custom Sentry 9
User Def
Custom Policy Low
User Def
Custom Policy Medium
User Def
Custom Policy High
User Def
Custom Policy 1
User Def
Custom Policy 2
User Def
Custom Policy 3
User Def
Custom Policy 4
User Def
Custom Policy 5
User Def
Custom Policy 6
User Def
Custom Policy 7
User Def
Custom Policy 8
User Def
Custom Policy 9
User Def
Custom User Low
User Def
Custom User Medium
User Def
Custom User High
User Def
Custom User 1
User Def
Custom User 2
User Def
Custom User 3
User Def
ined
15031
ined
15032
ined
15033
ined
15034
ined
15035
ined
15036
ined
16001
t
16002
t
16003
t
16004
t
16005
t
16006
t
16007
t
16008
t
16009
t
16010
t
17001
Discovery
17002
Discovery
17003
Discovery
17004
Discovery
17005
Discovery
18001
ion
18002
ion
18003
ion
18004
ion
18005
ion
18006
ion
18007
ion
18008
ion
18009
Custom User 4
User Def
Custom User 5
User Def
Custom User 6
User Def
Custom User 7
User Def
Custom User 8
User Def
Custom User 9
User Def
SIM User Authentication
SIM Audi
SIM Configuration Change
SIM Audi
SIM User Action
SIM Audi
Session Created
SIM Audi
Session Destroyed
SIM Audi
Admin Session Created
SIM Audi
Admin Session Destroyed
SIM Audi
Session Authentication Invalid
SIM Audi
Session Authentication Expired
SIM Audi
Risk Manager Configuration
SIM Audi
New Host Discovered
VIS Host
New OS Discovered
VIS Host
New Port Discovered
VIS Host
New Vuln Discovered
VIS Host
Bulk Host Discovered
VIS Host
Mail Opened
Applicat
Mail Closed
Applicat
Mail Reset
Applicat
Mail Terminated
Applicat
Mail Denied
Applicat
Mail In Progress
Applicat
Mail Delayed
Applicat
Mail Queued
Applicat
Mail Redirected
Applicat
ion
18010
ion
18011
ion
18012
ion
18013
ion
18014
ion
18015
ion
18016
ion
18017
ion
18018
ion
18019
ion
18020
ion
18021
ion
18022
ion
18023
ion
18024
ion
18025
ion
18026
ion
18027
ion
18028
ion
18029
ion
18030
ion
18031
ion
18032
ion
18033
ion
18034
ion
18035
ion
18036
ion
18037
ion
18038
ion
18039
FTP Opened
Applicat
FTP Closed
Applicat
FTP Reset
Applicat
FTP Terminated
Applicat
FTP Denied
Applicat
FTP In Progress
Applicat
FTP Redirected
Applicat
HTTP Opened
Applicat
HTTP Closed
Applicat
HTTP Reset
Applicat
HTTP Terminated
Applicat
HTTP Denied
Applicat
HTTP In Progress
Applicat
HTTP Delayed
Applicat
HTTP Queued
Applicat
HTTP Redirected
Applicat
HTTP Proxy
Applicat
HTTPS Opened
Applicat
HTTPS Closed
Applicat
HTTPS Reset
Applicat
HTTPS Terminated
Applicat
HTTPS Denied
Applicat
HTTPS In Progress
Applicat
HTTPS Delayed
Applicat
HTTPS Queued
Applicat
HTTPS Redirected
Applicat
HTTPS Proxy
Applicat
SSH Opened
Applicat
SSH Closed
Applicat
SSH Reset
Applicat
ion
18040
ion
18041
ion
18042
ion
18043
ion
18044
ion
18045
ion
18046
ion
18047
ion
18048
ion
18049
ion
18050
ion
18051
ion
18052
ion
18053
ion
18054
ion
18055
ion
18056
ion
18057
ion
18058
ion
18059
ion
18060
ion
18061
ion
18062
ion
18063
ion
18064
ion
18065
ion
18066
ion
18067
ion
18068
ion
18069
SSH Terminated
Applicat
SSH Denied
Applicat
SSH In Progress
Applicat
RemoteAccess Opened
Applicat
RemoteAccess Closed
Applicat
RemoteAccess Reset
Applicat
RemoteAccess Terminated
Applicat
RemoteAccess Denied
Applicat
RemoteAccess In Progress
Applicat
RemoteAccess Delayed
Applicat
RemoteAccess Redirected
Applicat
VPN Opened
Applicat
VPN Closed
Applicat
VPN Reset
Applicat
VPN Terminated
Applicat
VPN Denied
Applicat
VPN In Progress
Applicat
VPN Delayed
Applicat
VPN Queued
Applicat
VPN Redirected
Applicat
RDP Opened
Applicat
RDP Closed
Applicat
RDP Reset
Applicat
RDP Terminated
Applicat
RDP Denied
Applicat
RDP In Progress
Applicat
RDP Redirected
Applicat
FileTransfer Opened
Applicat
FileTransfer Closed
Applicat
FileTransfer Reset
Applicat
ion
18070
ion
18071
ion
18072
ion
18073
ion
18074
ion
18075
ion
18076
ion
18077
ion
18078
ion
18079
ion
18080
ion
18081
ion
18082
ion
18083
ion
18084
ion
18085
ion
18086
ion
18087
ion
18088
ion
18089
ion
18090
ion
18091
ion
18092
ion
18093
ion
18094
ion
18095
ion
18096
ion
18097
ion
18098
ion
18099
FileTransfer Terminated
Applicat
FileTransfer Denied
Applicat
FileTransfer In Progress
Applicat
FileTransfer Delayed
Applicat
FileTransfer Queued
Applicat
FileTransfer Redirected
Applicat
DNS Opened
Applicat
DNS Closed
Applicat
DNS Reset
Applicat
DNS Terminated
Applicat
DNS Denied
Applicat
DNS In Progress
Applicat
DNS Delayed
Applicat
DNS Redirected
Applicat
Chat Opened
Applicat
Chat Closed
Applicat
Chat Reset
Applicat
Chat Terminated
Applicat
Chat Denied
Applicat
Chat In Progress
Applicat
Chat Redirected
Applicat
Database Opened
Applicat
Database Closed
Applicat
Database Reset
Applicat
Database Terminated
Applicat
Database Denied
Applicat
Database In Progress
Applicat
Database Redirected
Applicat
SMTP Opened
Applicat
SMTP Closed
Applicat
ion
18100
ion
18101
ion
18102
ion
18103
ion
18104
ion
18105
ion
18106
ion
18107
ion
18108
ion
18109
ion
18110
ion
18111
ion
18112
ion
18113
ion
18114
ion
18115
ion
18116
ion
18117
ion
18118
ion
18119
ion
18120
ion
18121
ion
18122
ion
18123
ion
18124
ion
18125
ion
18126
ion
18127
ion
18128
ion
18129
SMTP Reset
Applicat
SMTP Terminated
Applicat
SMTP Denied
Applicat
SMTP In Progress
Applicat
SMTP Delayed
Applicat
SMTP Queued
Applicat
SMTP Redirected
Applicat
Auth Opened
Applicat
Auth Closed
Applicat
Auth Reset
Applicat
Auth Terminated
Applicat
Auth Denied
Applicat
Auth In Progress
Applicat
Auth Delayed
Applicat
Auth Queued
Applicat
Auth Redirected
Applicat
P2P Opened
Applicat
P2P Closed
Applicat
P2P Reset
Applicat
P2P Terminated
Applicat
P2P Denied
Applicat
P2P In Progress
Applicat
Web Opened
Applicat
Web Closed
Applicat
Web Reset
Applicat
Web Terminated
Applicat
Web Denied
Applicat
Web In Progress
Applicat
Web Delayed
Applicat
Web Queued
Applicat
ion
18130
ion
18131
ion
18132
ion
18133
ion
18134
ion
18135
ion
18136
ion
18137
ion
18138
ion
18139
ion
18140
ion
18141
ion
18142
ion
18143
ion
18144
ion
18145
ion
18146
ion
18147
ion
18148
ion
18149
ion
18150
ion
18151
ion
18152
ion
18153
ion
18154
ion
18155
ion
18156
ion
18157
ion
18158
ion
18159
Web Redirected
Applicat
Web Proxy
Applicat
VoIP Opened
Applicat
VoIP Closed
Applicat
VoIP Reset
Applicat
VoIP Terminated
Applicat
VoIP Denied
Applicat
VoIP In Progress
Applicat
VoIP Delayed
Applicat
VoIP Redirected
Applicat
LDAP Session Started
Applicat
LDAP Session Ended
Applicat
LDAP Session Denied
Applicat
LDAP Session Status
Applicat
LDAP Authentication Failed
Applicat
LDAP Authentication Succeeded
Applicat
AAA Session Started
Applicat
AAA Session Ended
Applicat
AAA Session Denied
Applicat
AAA Session Status
Applicat
AAA Authentication Failed
Applicat
AAA Authentication Succeeded
Applicat
IPSec Authentication Failed
Applicat
IPSec Authentication Succeeded
Applicat
IPSec Session Started
Applicat
IPSec Session Ended
Applicat
IPSec Error
Applicat
IPSec Status
Applicat
IM Session Opened
Applicat
IM Session Closed
Applicat
ion
18160
ion
18161
ion
18162
ion
18163
ion
18164
ion
18165
ion
18166
ion
18167
ion
18168
ion
18169
ion
18170
ion
18171
ion
18172
ion
18173
ion
18174
ion
18175
ion
18176
ion
18177
ion
18178
ion
18179
ion
18180
ion
18181
ion
18182
ion
18183
ion
18184
ion
18185
ion
18186
ion
18187
ion
18188
ion
18189
IM Session Reset
Applicat
IM Session Terminated
Applicat
IM Session Denied
Applicat
IM Session In Progress
Applicat
IM Session Delayed
Applicat
IM Session Redirected
Applicat
Whois Session Opened
Applicat
Whois Session Closed
Applicat
Whois Session Reset
Applicat
Whois Session Terminated
Applicat
Whois Session Denied
Applicat
Whois Session In Progress
Applicat
Whois Session Redirected
Applicat
Traceroute Session Opened
Applicat
Traceroute Session Closed
Applicat
Traceroute Session Denied
Applicat
Traceroute Session In Progress
Applicat
TN3270 Session Opened
Applicat
TN3270 Session Closed
Applicat
TN3270 Session Reset
Applicat
TN3270 Session Terminated
Applicat
TN3270 Session Denied
Applicat
TN3270 Session In Progress
Applicat
TFTP Session Opened
Applicat
TFTP Session Closed
Applicat
TFTP Session Reset
Applicat
TFTP Session Terminated
Applicat
TFTP Session Denied
Applicat
TFTP Session In Progress
Applicat
Telnet Session Opened
Applicat
ion
18190
ion
18191
ion
18192
ion
18193
ion
18194
ion
18201
ion
18202
ion
18203
ion
18204
ion
18205
ion
18206
ion
18207
ion
18208
ion
18209
ion
18210
ion
18211
ion
18212
ion
18213
ion
18214
ion
18215
ion
18216
ion
18217
ion
18218
ion
18219
ion
18220
ion
18221
ion
18222
ion
18223
ion
18224
ion
18225
Telnet Session Closed
Applicat
Telnet Session Reset
Applicat
Telnet Session Terminated
Applicat
Telnet Session Denied
Applicat
Telnet Session In Progress
Applicat
Syslog Session Opened
Applicat
Syslog Session Closed
Applicat
Syslog Session Denied
Applicat
Syslog Session In Progress
Applicat
SSL Session Opened
Applicat
SSL Session Closed
Applicat
SSL Session Reset
Applicat
SSL Session Terminated
Applicat
SSL Session Denied
Applicat
SSL Session In Progress
Applicat
SNMP Session Opened
Applicat
SNMP Session Closed
Applicat
SNMP Session Denied
Applicat
SNMP Session In Progress
Applicat
SMB Session Opened
Applicat
SMB Session Closed
Applicat
SMB Session Reset
Applicat
SMB Session Terminated
Applicat
SMB Session Denied
Applicat
SMB Session In Progress
Applicat
Streaming Media Session Opened
Applicat
Streaming Media Session Closed
Applicat
Streaming Media Session Reset
Applicat
Streaming Media Session Terminated
Applicat
Streaming Media Session Denied
Applicat
ion
18226
ion
18227
ion
18228
ion
18229
ion
18230
ion
18231
ion
18232
ion
18233
ion
18234
ion
18235
ion
18236
ion
18237
ion
18238
ion
18239
ion
18240
ion
18241
ion
18242
ion
18243
ion
18244
ion
18245
ion
18246
ion
18247
ion
18248
ion
18249
ion
18250
ion
18251
ion
18252
ion
18253
ion
18254
ion
18255
Streaming Media Session In Progress
Applicat
RUSERS Session Opened
Applicat
RUSERS Session Closed
Applicat
RUSERS Session Denied
Applicat
RUSERS Session In Progress
Applicat
RSH Session Opened
Applicat
RSH Session Closed
Applicat
RSH Session Reset
Applicat
RSH Session Terminated
Applicat
RSH Session Denied
Applicat
RSH Session In Progress
Applicat
RLOGIN Session Opened
Applicat
RLOGIN Session Closed
Applicat
RLOGIN Session Reset
Applicat
RLOGIN Session Terminated
Applicat
RLOGIN Session Denied
Applicat
RLOGIN Session In Progress
Applicat
REXEC Session Opened
Applicat
REXEC Session Closed
Applicat
REXEC Session Reset
Applicat
REXEC Session Terminated
Applicat
REXEC Session Denied
Applicat
REXEC Session In Progress
Applicat
RPC Session Opened
Applicat
RPC Session Closed
Applicat
RPC Session Reset
Applicat
RPC Session Terminated
Applicat
RPC Session Denied
Applicat
RPC Session In Progress
Applicat
NTP Session Opened
Applicat
ion
18256
ion
18257
ion
18258
ion
18259
ion
18260
ion
18261
ion
18262
ion
18263
ion
18264
ion
18265
ion
18266
ion
18267
ion
18268
ion
18269
ion
18270
ion
18271
ion
18272
ion
18273
ion
18274
ion
18275
ion
18276
ion
18277
ion
18278
ion
18279
ion
18280
ion
18281
ion
18282
ion
18283
ion
18284
ion
18285
NTP Session Closed
Applicat
NTP Session Reset
Applicat
NTP Session Terminated
Applicat
NTP Session Denied
Applicat
NTP Session In Progress
Applicat
NNTP Session Opened
Applicat
NNTP Session Closed
Applicat
NNTP Session Reset
Applicat
NNTP Session Terminated
Applicat
NNTP Session Denied
Applicat
NNTP Session In Progress
Applicat
NFS Session Opened
Applicat
NFS Session Closed
Applicat
NFS Session Reset
Applicat
NFS Session Terminated
Applicat
NFS Session Denied
Applicat
NFS Session In Progress
Applicat
NCP Session Opened
Applicat
NCP Session Closed
Applicat
NCP Session Reset
Applicat
NCP Session Terminated
Applicat
NCP Session Denied
Applicat
NCP Session In Progress
Applicat
NetBIOS Session Opened
Applicat
NetBIOS Session Closed
Applicat
NetBIOS Session Reset
Applicat
NetBIOS Session Terminated
Applicat
NetBIOS Session Denied
Applicat
NetBIOS Session In Progress
Applicat
MODBUS Session Opened
Applicat
ion
18286
ion
18287
ion
18288
ion
18289
ion
18290
ion
18291
ion
18292
ion
18293
ion
18294
ion
18295
ion
18296
ion
18297
ion
18298
ion
18299
ion
18300
ion
18301
ion
18302
ion
18303
ion
18304
ion
18305
ion
18306
ion
18307
ion
18308
ion
18309
ion
18310
ion
18311
ion
18312
ion
18313
ion
18314
ion
18315
MODBUS Session Closed
Applicat
MODBUS Session Reset
Applicat
MODBUS Session Terminated
Applicat
MODBUS Session Denied
Applicat
MODBUS Session In Progress
Applicat
LPD Session Opened
Applicat
LPD Session Closed
Applicat
LPD Session Reset
Applicat
LPD Session Terminated
Applicat
LPD Session Denied
Applicat
LPD Session In Progress
Applicat
Lotus Notes Session Opened
Applicat
Lotus Notes Session Closed
Applicat
Lotus Notes Session Reset
Applicat
Lotus Notes Session Terminated
Applicat
Lotus Notes Session Denied
Applicat
Lotus Notes Session In Progress
Applicat
Kerberos Session Opened
Applicat
Kerberos Session Closed
Applicat
Kerberos Session Reset
Applicat
Kerberos Session Terminated
Applicat
Kerberos Session Denied
Applicat
Kerberos Session In Progress
Applicat
IRC Session Opened
Applicat
IRC Session Closed
Applicat
IRC Session Reset
Applicat
IRC Session Terminated
Applicat
IRC Session Denied
Applicat
IRC Session In Progress
Applicat
IEC 104 Session Opened
Applicat
ion
18316
ion
18317
ion
18318
ion
18319
ion
18320
ion
18321
ion
18322
ion
18323
ion
18324
ion
18325
ion
18326
ion
18327
ion
18328
ion
18329
ion
18330
ion
18331
ion
18332
ion
18333
ion
18334
ion
18335
ion
18336
ion
18337
ion
18338
ion
18339
ion
18340
ion
18341
ion
18342
ion
18343
ion
18344
ion
18345
IEC 104 Session Closed
Applicat
IEC 104 Session Reset
Applicat
IEC 104 Session Terminated
Applicat
IEC 104 Session Denied
Applicat
IEC 104 Session In Progress
Applicat
Ident Session Opened
Applicat
Ident Session Closed
Applicat
Ident Session Reset
Applicat
Ident Session Terminated
Applicat
Ident Session Denied
Applicat
Ident Session In Progress
Applicat
ICCP Session Opened
Applicat
ICCP Session Closed
Applicat
ICCP Session Reset
Applicat
ICCP Session Terminated
Applicat
ICCP Session Denied
Applicat
ICCP Session In Progress
Applicat
Groupwise Session Opened
Applicat
Groupwise Session Closed
Applicat
Groupwise Session Reset
Applicat
Groupwise Session Terminated
Applicat
Groupwise Session Denied
Applicat
Groupwise Session In Progress
Applicat
Gopher Session Opened
Applicat
Gopher Session Closed
Applicat
Gopher Session Reset
Applicat
Gopher Session Terminated
Applicat
Gopher Session Denied
Applicat
Gopher Session In Progress
Applicat
GIOP Session Opened
Applicat
ion
18346
ion
18347
ion
18348
ion
18349
ion
18350
ion
18351
ion
18352
ion
18353
ion
18354
ion
18355
ion
18356
ion
18357
ion
18358
ion
18359
ion
18360
ion
18361
ion
18362
ion
18363
ion
18364
ion
18365
ion
18366
ion
18367
ion
18368
ion
18369
ion
18370
ion
18371
ion
18372
ion
18373
ion
18374
ion
18375
GIOP Session Closed
Applicat
GIOP Session Reset
Applicat
GIOP Session Terminated
Applicat
GIOP Session Denied
Applicat
GIOP Session In Progress
Applicat
Finger Session Opened
Applicat
Finger Session Closed
Applicat
Finger Session Reset
Applicat
Finger Session Terminated
Applicat
Finger Session Denied
Applicat
Finger Session In Progress
Applicat
Echo Session Opened
Applicat
Echo Session Closed
Applicat
Echo Session Denied
Applicat
Echo Session In Progress
Applicat
Remote .NET Session Opened
Applicat
Remote .NET Session Closed
Applicat
Remote .NET Session Reset
Applicat
Remote .NET Session Terminated
Applicat
Remote .NET Session Denied
Applicat
Remote .NET Session In Progress
Applicat
DNP3 Session Opened
Applicat
DNP3 Session Closed
Applicat
DNP3 Session Reset
Applicat
DNP3 Session Terminated
Applicat
DNP3 Session Denied
Applicat
DNP3 Session In Progress
Applicat
Discard Session Opened
Applicat
Discard Session Closed
Applicat
Discard Session Reset
Applicat
ion
18376
ion
18377
ion
18378
ion
18379
ion
18380
ion
18381
ion
18382
ion
18383
ion
18384
ion
18385
ion
18386
ion
18387
ion
18388
ion
18389
ion
18390
ion
18391
ion
18392
ion
18393
ion
18394
ion
18395
ion
18396
ion
18397
ion
18398
ion
18399
ion
18400
ion
18401
ion
18402
ion
18403
ion
18404
ion
18405
Discard Session Terminated
Applicat
Discard Session Denied
Applicat
Discard Session In Progress
Applicat
DHCP Session Opened
Applicat
DHCP Session Closed
Applicat
DHCP Session Denied
Applicat
DHCP Session In Progress
Applicat
DHCP Success
Applicat
DHCP Failure
Applicat
CVS Session Opened
Applicat
CVS Session Closed
Applicat
CVS Session Reset
Applicat
CVS Session Terminated
Applicat
CVS Session Denied
Applicat
CVS Session In Progress
Applicat
CUPS Session Opened
Applicat
CUPS Session Closed
Applicat
CUPS Session Reset
Applicat
CUPS Session Terminated
Applicat
CUPS Session Denied
Applicat
CUPS Session In Progress
Applicat
Chargen Session Started
Applicat
Chargen Session Closed
Applicat
Chargen Session Reset
Applicat
Chargen Session Terminated
Applicat
Chargen Session Denied
Applicat
Chargen Session In Progress
Applicat
Misc VPN
Applicat
DAP Session Started
Applicat
DAP Session Ended
Applicat
ion
18406
ion
18407
ion
18408
ion
18409
ion
18410
ion
18411
ion
18412
ion
18413
ion
18414
ion
18415
ion
18416
ion
18417
ion
18418
ion
18419
ion
18420
ion
18421
ion
18422
ion
18423
ion
18424
ion
18425
ion
18426
ion
18427
ion
18428
ion
18429
ion
18430
ion
18431
ion
18432
ion
18433
ion
18434
ion
18435
DAP Session Denied
Applicat
DAP Session Status
Applicat
DAP Session In Progress
Applicat
DAP Authentication Failed
Applicat
DAP Authentication Succeeded
Applicat
TOR Session Started
Applicat
TOR Session Closed
Applicat
TOR Session Reset
Applicat
TOR Session Terminated
Applicat
TOR Session Denied
Applicat
TOR Session In Progress
Applicat
Game Session Started
Applicat
Game Session Closed
Applicat
Game Session Reset
Applicat
Game Session Terminated
Applicat
Game Session Denied
Applicat
Game Session In Progress
Applicat
Authentication (Application)
Applicat
Chat
Applicat
Client Server
Applicat
Content Delivery
Applicat
Data Transfer
Applicat
Data Warehousing
Applicat
Directory Services
Applicat
File Print
Applicat
File Transfer
Applicat
Games
Applicat
Healthcare
Applicat
Inner System
Applicat
Internet Protocol
Applicat
ion
18436
ion
18437
ion
18438
ion
18439
ion
18440
ion
18441
ion
18442
ion
18443
ion
18444
ion
18445
ion
18446
ion
18447
ion
18448
ion
18449
ion
19001
Legacy
Applicat
Mail
Applicat
Misc
Applicat
Multimedia
Applicat
Network Management
Applicat
P2P
Applicat
Remote Access
Applicat
Routing Protocols
Applicat
Security Protocol
Applicat
Streaming
Applicat
Uncommon Protocol
Applicat
VoIP
Applicat
Web
Applicat
ICMP
Applicat
General Audit Event
Audit
19002
Built-in Execution
Audit
19003
Bulk Copy
Audit
19004
Data Dump
Audit
19005
Data Import
Audit
19006
Data Selection
Audit
19007
Data Truncation
Audit
19008
Data Update
Audit
19009
Procedure/Trigger Execution
Audit
19010
Schema Change
Audit
19011
Create Activity Attempted
Audit
19012
Create Activity Succeeded
Audit
19013
Create Activity Failed
Audit
19014
Read Activity Attempted
Audit
19015
Read Activity Succeeded
Audit
19016
Read Activity Failed
Audit
19017
Update Activity Attempted
Audit
19018
Update Activity Succeeded
Audit
19019
Update Activity Failed
Audit
19020
Delete Activity Attempted
Audit
19021
Delete Activity Succeeded
Audit
19022
Delete Activity Failed
Audit
19023
Backup Activity Attempted
Audit
19024
Backup Activity Succeeded
Audit
19025
Backup Activity Failed
Audit
19026
Capture Activity Attempted
Audit
19027
Capture Activity Succeeded
Audit
19028
Capture Activity Failed
Audit
19029
Configure Activity Attempted
Audit
19030
Configure Activity Succeeded
Audit
19031
Configure Activity Failed
Audit
19032
Deploy Activity Attempted
Audit
19033
Deploy Activity Succeeded
Audit
19034
Deploy Activity Failed
Audit
19035
Disable Activity Attempted
Audit
19036
Disable Activity Succeeded
Audit
19037
Disable Activity Failed
Audit
19038
Enable Activity Attempted
Audit
19039
Enable Activity Succeeded
Audit
19040
Enable Activity Failed
Audit
19041
Monitor Activity Attempted
Audit
19042
Monitor Activity Succeeded
Audit
19043
Monitor Activity Failed
Audit
19044
Restore Activity Attempted
Audit
19045
Restore Activity Succeeded
Audit
19046
Restore Activity Failed
Audit
19047
Start Activity Attempted
Audit
19048
Start Activity Succeeded
Audit
19049
Start Activity Failed
Audit
19050
Stop Activity Attempted
Audit
19051
Stop Activity Succeeded
Audit
19052
Stop Activity Failed
Audit
19053
Undeploy Activity Attempted
Audit
19054
Undeploy Activity Succeeded
Audit
19055
Undeploy Activity Failed
Audit
19056
Receive Activity Attempted
Audit
19057
Receive Activity Succeeded
Audit
19058
Receive Activity Failed
Audit
19059
Send Activity Attempted
Audit
19060
Send Activity Succeeded
Audit
19061
Send Activity Failed
Audit
19062
Enable Logging Attempted
Audit
19063
Enable Logging Success
Audit
19064
Enable Logging Failed
Audit
19065
Disable Logging Attempted
Audit
19066
Disable Logging Success
Audit
19067
Disable Logging Failed
Audit
20001
Policy Exposure
Risk
20002
Compliance Violation
Risk
20003
Exposed Vulnerability
Risk
20004
Remote Access Vulnerability
Risk
20005
Local Access Vulnerability
Risk
20006
Open Wireless Access
Risk
20007
Weak Encryption
Risk
20008
Un-Encrypted Data Transfer
Risk
20009
Un-Encrypted Data Store
Risk
20010
Mis-Configured Rule
Risk
20011
Mis-Configured Device
Risk
20012
Mis-Configured Host
Risk
20013
Data Loss Possible
Risk
20014
Weak Authentication
Risk
20015
No Password
Risk
20016
Fraud
Risk
20017
Possible DoS Target
Risk
20018
Possible DoS Weakness
Risk
20019
Loss of Confidentiality
Risk
20020
Policy Monitor Risk Score Accumulation
Risk
21001
ager Audit
21002
ager Audit
21003
ager Audit
21004
ager Audit
22001
System
22002
System
22003
System
22004
System
22005
System
22006
System
22007
System
22008
System
22009
System
22010
System
22011
System
22012
System
22013
System
22014
System
22015
Policy Monitor
Risk Man
Topology
Risk Man
Simulations
Risk Man
Administration
Risk Man
Device Read
Control
Device Communication
Control
Device Audit
Control
Device Event
Control
Device Ping
Control
Device Configuration
Control
Device Registration
Control
Device Route
Control
Device Import
Control
Device Information
Control
Device Warning
Control
Device Error
Control
Relay Event
Control
NIC Event
Control
UIQ Event
Control
System
22016
System
22017
System
22018
System
22019
System
22020
System
22021
System
22022
System
22023
System
22024
System
22025
System
22026
System
22027
System
22028
System
22029
System
22030
System
22031
System
22032
System
22033
System
23001
ofiler
23002
ofiler
23003
ofiler
23004
ofiler
23005
ofiler
23006
ofiler
23007
ofiler
23008
ofiler
23009
ofiler
23010
ofiler
23011
ofiler
23012
IMU Event
Control
Billing Event
Control
DBMS Event
Control
Import Event
Control
Location Import
Control
Route Import
Control
Export Event
Control
Remote Signalling
Control
Gateway Status
Control
Job Event
Control
Security Event
Control
Device Tamper Detection
Control
Time Event
Control
Suspicious Behavior
Control
Power Outage
Control
Power Restoration
Control
Heartbeat
Control
Remote Connection Event
Control
Asset Created
Asset Pr
Asset Updated
Asset Pr
Asset Observed
Asset Pr
Asset Moved
Asset Pr
Asset Deleted
Asset Pr
Asset Hostname Cleaned
Asset Pr
Asset Hostname Created
Asset Pr
Asset Hostname Updated
Asset Pr
Asset Hostname Observed
Asset Pr
Asset Hostname Moved
Asset Pr
Asset Hostname Deleted
Asset Pr
Asset Port Cleaned
Asset Pr
ofiler
23013
ofiler
23014
ofiler
23015
ofiler
23016
ofiler
23017
ofiler
23018
ofiler
23019
ofiler
23020
ofiler
23021
ofiler
23022
ofiler
23023
ofiler
23024
ofiler
23025
ofiler
23026
ofiler
23027
ofiler
23028
ofiler
23029
ofiler
23030
ofiler
23031
ofiler
23032
ofiler
23033
ofiler
23034
ofiler
23035
ofiler
23036
ofiler
23037
ofiler
23038
ofiler
23039
ofiler
23040
ofiler
23041
ofiler
23042
Asset Port Created
Asset Pr
Asset Port Updated
Asset Pr
Asset Port Observed
Asset Pr
Asset Port Moved
Asset Pr
Asset Port Deleted
Asset Pr
Asset Vuln Instance Cleaned
Asset Pr
Asset Vuln Instance Created
Asset Pr
Asset Vuln Instance Updated
Asset Pr
Asset Vuln Instance Observed
Asset Pr
Asset Vuln Instance Moved
Asset Pr
Asset Vuln Instance Deleted
Asset Pr
Asset OS Cleaned
Asset Pr
Asset OS Created
Asset Pr
Asset OS Updated
Asset Pr
Asset OS Observed
Asset Pr
Asset OS Moved
Asset Pr
Asset OS Deleted
Asset Pr
Asset Property Cleaned
Asset Pr
Asset Property Created
Asset Pr
Asset Property Updated
Asset Pr
Asset Property Observed
Asset Pr
Asset Property Moved
Asset Pr
Asset Property Deleted
Asset Pr
Asset IP Address Cleaned
Asset Pr
Asset IP Address Created
Asset Pr
Asset IP Address Updated
Asset Pr
Asset IP Address Observed
Asset Pr
Asset IP Address Moved
Asset Pr
Asset IP Address Deleted
Asset Pr
Asset Interface Cleaned
Asset Pr
ofiler
23043
ofiler
23044
ofiler
23045
ofiler
23046
ofiler
23047
ofiler
23048
ofiler
23049
ofiler
23050
ofiler
23051
ofiler
23052
ofiler
23053
ofiler
23054
ofiler
23055
ofiler
23056
ofiler
23057
ofiler
23058
ofiler
23059
ofiler
23060
ofiler
23061
ofiler
23062
ofiler
23063
ofiler
23064
ofiler
23065
ofiler
23066
ofiler
23067
ofiler
23068
ofiler
23069
ofiler
23070
ofiler
23071
ofiler
23072
Asset Interface Created
Asset Pr
Asset Interface Updated
Asset Pr
Asset Interface Observed
Asset Pr
Asset Interface Moved
Asset Pr
Asset Interface Merged
Asset Pr
Asset Interface Deleted
Asset Pr
Asset User Cleaned
Asset Pr
Asset User Observed
Asset Pr
Asset User Moved
Asset Pr
Asset User Deleted
Asset Pr
Asset Scanned Policy Cleaned
Asset Pr
Asset Scanned Policy Observed
Asset Pr
Asset Scanned Policy Moved
Asset Pr
Asset Scanned Policy Deleted
Asset Pr
Asset Windows Application Cleaned
Asset Pr
Asset Windows Application Observed
Asset Pr
Asset Windows Application Moved
Asset Pr
Asset Windows Application Deleted
Asset Pr
Asset Scanned Service Cleaned
Asset Pr
Asset Scanned Service Observed
Asset Pr
Asset Scanned Service Moved
Asset Pr
Asset Scanned Service Deleted
Asset Pr
Asset Windows Patch Cleaned
Asset Pr
Asset Windows Patch Observed
Asset Pr
Asset Windows Patch Moved
Asset Pr
Asset Windows Patch Deleted
Asset Pr
Asset UNIX Patch Cleaned
Asset Pr
Asset UNIX Patch Observed
Asset Pr
Asset UNIX Patch Moved
Asset Pr
Asset UNIX Patch Deleted
Asset Pr
ofiler
23073
ofiler
23074
ofiler
23075
ofiler
23076
ofiler
23077
ofiler
23078
ofiler
23079
ofiler
23080
ofiler
23081
ofiler
23082
ofiler
23083
ofiler
23084
ofiler
23085
ofiler
23086
ofiler
23087
ofiler
23088
ofiler
23089
ofiler
23090
ofiler
23091
ofiler
23092
ofiler
23093
ofiler
Asset Patch Scan Cleaned
Asset Pr
Asset Patch Scan Created
Asset Pr
Asset Patch Scan Moved
Asset Pr
Asset Patch Scan Deleted
Asset Pr
Asset Port Scan Cleaned
Asset Pr
Asset Port Scan Created
Asset Pr
Asset Port Scan Moved
Asset Pr
Asset Port Scan Deleted
Asset Pr
Asset Client Application Cleaned
Asset Pr
Asset Client Application Observed
Asset Pr
Asset Client Application Moved
Asset Pr
Asset Client Application Deleted
Asset Pr
Asset Patch Scan Observed
Asset Pr
Asset Port Scan Observed
Asset Pr
NetBIOS Group Created
Asset Pr
NetBIOS Group Updated
Asset Pr
NetBIOS Group Observed
Asset Pr
NetBIOS Group Deleted
Asset Pr
NetBIOS Group Cleaned
Asset Pr
NetBIOS Group Moved
Asset Pr
Asset Deviation Report
Asset Pr
Invoking operation: forceNotification ( )

Result: true
Invoking operation: forceNotification ( )
Result: true

Categories

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Categories

Uploaded by

Copyright:

Available Formats

id

Portmap / RPC Request

Host Port Scan

Misc Recon Event

ICMP Host Query

UDP Host Query

Unknown DoS Attack

DNS Service DoS

Web Service DoS

Mail Service DoS

Brute force login

High Rate TCP DoS

High Rate UDP DoS

High Rate ICMP DoS

High Rate DoS

Medium Rate TCP DoS

Medium Rate UDP DoS

Medium Rate ICMP DoS

Medium Rate DoS

Low Rate TCP DoS

Low Rate UDP DoS

Low Rate ICMP DoS

Low Rate DoS

Distributed High Rate TCP DoS

Distributed High Rate UDP DoS

Distributed High Rate ICMP DoS

Distributed High Rate DoS

Distributed Medium Rate TCP DoS

Distributed Medium Rate UDP DoS

Distributed Medium Rate ICMP DoS

Distributed Medium Rate DoS

Distributed Low Rate TCP DoS

Distributed Low Rate UDP DoS

Distributed Low Rate ICMP DoS

Distributed Low Rate DoS

High Rate TCP Scan

High Rate UDP Scan

High Rate ICMP Scan

High Rate Scan

Medium Rate TCP Scan

Medium Rate UDP Scan

Medium Rate ICMP Scan

Medium Rate Scan

Low Rate TCP Scan

Low Rate UDP Scan

Low Rate ICMP Scan

Low Rate Scan

SYN URG Flood

SYN FIN Flood

SYN ACK Flood

Host Login Succeeded

Host Login Failed

Misc Login Succeeded

Misc Login Failed

Privilege Escalation Failed

Privilege Escalation Succeeded

Mail Service Login Succeeded

Mail Service Login Failed

Auth Server Login Failed

Auth Server Login Succeeded

Web Service Login Succeeded

Web Service Login Failed

Admin Login Successful