Inbound Processing, Event Types
Overview
Here is a list of the event types we classify during parsing. This is helpful when building Case Groups and other inbound rules and filters.
Type | Mapping |
---|---|
Copyright | |
Spam | |
Content | |
Activity | |
Vulnerability | |
Open | |
MailRelayAttempt | |
Bot | |
Malware | |
MalwareHosting | |
Phishing | |
NotSpam? | |
Spamvertised? | |
Blacklist | Blocklist |
Trademark | |
PortScan | |
DDos | |
DDosAmplification | |
IpSpoof | |
LoginAttack | |
IPReclamation | |
DNSProblems | |
Exploit | |
ChildAbuse | CSAM |
RPZ | |
Trap | |
CompromisedAccount | |
CompromisedServer | |
CompromisedWebsite | |
CVE | |
Backdoor | |
Fraud | |
Defacement | |
RogueDNS | |
Doxing | |
WebHack | |
WebCrawler | |
AuthFailure | |
Censorship | |
CompromisedMicrosoftExchange | |
DNSBlocklist | |
SSLPoodle | |
OutdatedDNSSEC | |
SSLFreak | |
Propaganda | |
Violence | |
DeviceIdentification | |
IllegalAdvertisement | |
MaliciousActivity | |
Harassment |
Open Subtypes
Each open event signifies the existence of open ports, with the corresponding sub-events providing details about the services associated with these open ports.
Type | Mapping |
---|---|
socks | |
proxy | |
router | |
redis | |
mongodb | |
elasticsearch | |
portmapper | |
snmp | |
ntp | |
tftp | |
ftp | |
rdp | |
rsync | |
netbios | |
mqtt | |
mc_sqlr | |
mdns_resolver | |
dns_resolver | |
ipmi | |
ldap | |
adb | |
afp | |
ard | |
ipp | |
ssl | |
tls | |
vpn | |
cwmp | |
ms_exchange | |
chargen | |
memcached | |
mssql | |
natpmp | |
qotd | |
ssdp | |
isakmp | |
vnc | |
telnet | |
xdmcp | |
db2 | |
smb | |
hadoop | |
cisco_smart_install | |
mail_server | |
grafana | |
bitbucket | |
apache_server | |
gitlab_server | |
imap | |
pop3 | |
http | |
radmin | |
ubiquiti | |
ssh | |
coap | |
vpn | |
smi | |
bosmon | |
ms_sharepoint | |
secvest_alarm_system | |
directory_listing | |
citrix | |
amqp | |
modbus | |
kubernetes_api_server | |
epmd | |
postgresql | |
quic | |
couchdb | |
docker | |
sip | |
stun | |
dvr | |
ics | |
hp_ilo | |
smarter_mail_server | |
log4j | |
zimbra_server | |
sap | |
bacnet | |
qnap | |
confluence | |
sophos | |
h2_web_console | |
fortigate | |
ivanti | |
fortios | |
canon | |
ws-discovery | |
slp | |
msmq |