> ## Documentation Index > Fetch the complete documentation index at: https://docs.abusix.com/llms.txt > Use this file to discover all available pages before exploring further. # Event Types Reference > Reference of event types used in Guardian Ops abuse classification Guardian Ops uses a comprehensive system of event types to classify and categorize different types of abuse reports. This reference provides a complete list of all supported event types and their subtypes. ## Event Types without Subtypes These event types are standalone classifications that don't require additional subtype information. ### Security & Infrastructure * `AuthFailure` - Authentication failure attempts * `Backdoor` - Backdoor installations or access * `Blacklist` - IP addresses appearing on security blacklists * `CompromisedAccount` - Compromised user accounts * `CompromisedServer` - Compromised servers or systems * `CompromisedWebsite` - Compromised websites * `DDos` - Coordinated efforts to overwhelm systems with excessive traffic * `DDosAmplification` - Exploitation of amplification vulnerabilities to magnify DDoS attacks * `Defacement` - Website defacement * `DNSBlocklist` - DNS-based blocklist entries * `DNSProblems` - Fraudulent messages from compromised DNS/email servers * `Exploit` - Software or commands that exploit system vulnerabilities to compromise security * `IPReclamation` - IP prefix hijacking or unauthorized IP address use * `IpSpoof` - IP address spoofing * `LoginAttack` - Repeated unauthorized attempts to gain access to systems or accounts * `MaliciousActivity` - General malicious activity * `MalwareHosting` - Hosting malicious content * `OutdatedDNSSEC` - Outdated DNSSEC configurations * `PortScan` - Systematic attempts to discover open ports and potential vulnerabilities * `RogueDNS` - Rogue DNS services * `SSLFreak` - SSL FREAK vulnerability * `SSLPoodle` - SSL POODLE vulnerability * `Trap` - Honeypot or trap hits * `Unknown` - Used when content is too broad to categorize specifically * `WebCrawler` - Automated web crawling and indexing activity * `WebHack` - Web application attacks ### Content & Legal * `Censorship` - Censorship-related content * `ChildAbuse` - Child abuse material * `Copyright` - Copyright infringement * `Doxing` - Doxing or personal information exposure * `Fraud` - Fraudulent activities * `Harassment` - Online harassment * `IllegalAdvertisement` - Illegal advertising * `NotSpam` - MARF reports marked as not spam * `Phishing` - Phishing attacks * `Propaganda` - Propaganda content * `Spam` - Email spam * `Spamvertised` - Content advertised through spam * `Trademark` - Trademark infringement ### Specialized * `CompromisedMicrosoftExchange` - Compromised Microsoft Exchange servers *** ## Event Types with Subtypes Event types with subtypes provide additional granular classification. The subtype provides specific context about the nature of the abuse. ### Bot (subtype key: bot\_type) Botnet-related activity with specific bot family identification. * Malware family names (e.g., `conficker`, `zeus`) ### CVE (subtype key: cve\_name) Exploitation attempts targeting specific Common Vulnerabilities and Exposures. * CVE identifiers (e.g., `CVE-2021-44228`) ### Malware (subtype key: malware\_name) Malware hosting, distribution, or infection events. * Malware family names (dynamically determined based on threat intelligence) ### Open (subtype key: service) Services that are unexpectedly open or exposed. The Open event type includes over 100 subtypes organized into 12 categories: * **Network Services** SOCKS, proxy, router, VPN services * **Database Services** Redis, MongoDB, Elasticsearch, SQL databases, etc. * **File/Directory Services** FTP, TFTP, SMB, AFP, rsync, etc. * **Remote Access Services** RDP, VNC, SSH, Telnet, Citrix, etc. * **Web/HTTP Services** HTTP, Apache, SSL/TLS services * **Mail Services** Mail servers, IMAP, POP3 protocols * **DNS Services** DNS resolvers and mDNS services * **Management/Monitoring** SNMP, IPMI, LDAP, CWMP protocols * **Industrial/IoT Services** ICS, Modbus, BACnet, CoAP, MQTT * **Network Time** NTP synchronization services * **Media/Messaging** NetBIOS, SIP, STUN, AMQP protocols * **Specialized Services** 36 enterprise applications and specialized protocols **For the complete list with detailed descriptions, see [Open Event Subtypes Reference](/docs/guardian-ops/reference/open-subtypes)** *** ## Related Resources * [Open Event Subtypes Reference](/docs/guardian-ops/reference/open-subtypes) * [Getting Started with Guardian Ops](/docs/guardian-ops/getting-started) * [Inbound Processing](/docs/guardian-ops/inbound-processing) * [Cases](/docs/guardian-ops/cases) * [Glossary](/docs/guardian-ops/reference/glossary)