👋 How can we help you?

Event types

A list of the event types we classify during processing

Last updated on Invalid Date

Overview

Here is a list of the event types we classify during parsing. This is helpful when building Case Groups and other inbound rules and filters.

"auth-failure",
"blacklist",
"bot-infection",
"censorship",
"copyright",
"web-crawler",
"ddos",
"ddos-attack",
"ddos-cc-server",
"defacement",
"dnsbl-listing",
"driveby-malware",
"exploit-probe",
"fraud",
"harvesting",
"insecure-config",
"login-attack",
"malware",
"malware-hosting",
"open-dns-resolver",
"open-mdns-resolver",
"open-ntp",
"open-proxy",
"open-router",
"open-ssdp",
"open-snmp",
"open-redis",
"open-tftp",
"open-qotd",
"open-netbios",
"open-natpmp",
"open-mssql",
"open-mongodb",
"open-memcached",
"open-ipmi",
"open-elasticsearch",
"open-chargen",
"open-portmapper",
"open-http",
"ssl-poodle",
"ssl-freak",
"phishing",
"port-probe",
"relay-probe",
"spam",
"spamvertized",
"suspended-account",
"unknown",
"web-exploit",
"web-hacking-attempt",
"trademark",
"child-abuse",
"ntp-monlist",
"ids-event",
"compromised-server",
"compromised-account",
"open-isakmp",
"open-vnc",
"open-cwmp",
"open-telnet",
"open-rdp",
"open-xdmcp",
"open-db2",
"open-ldap",
"open-smb",
"open-hadoop",
"open-rsync",
"comment-spamming",
"port-scan",
"unregistered-website",
"network-telescope",
"open-afp",
"rogue-dns-server",
"doxing",
"compromised-email",
"open-ubiquiti",
"open-ftp",
"open-radmin",
"open-ard",
"open-ipp",
"open-mqtt",
"open-citrix",
"backdoor",
"open-coap"
 
 
 
Did this answer your question?
😞
😐
🤩