Administrative And Operational Audit
Vendor Documentation
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
| Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|---|---|
| pri_num | N/A | N/A |
| time | N/A | N/A |
| IP address/hostname | N/A | N/A |
| cat_name | N/A | <vendorinfo> |
| msg_id | N/A | N/A |
| total_seg | N/A | N/A |
| seg_num | N/A | N/A |
| timestamp | N/A | N/A |
| sequence_num | N/A | N/A |
| msg_code | <vmid> | <vmid> <tag1> |
| msg_sev | <severity> | <severity> |
| msg_class | <subject> <process> | <subject> |
| msg_text | <status> <tag1> | <action> |
| ConfigVersionId | <version> | <version> |
| ConnectionStatus | <subject> | <status> |
| adminInterface | <sinterface> | N/A |
| adminIPAddress | <sip> | <sip> |
| adminSession | <session> | <session> |
| adminName | <login> | <login> |
| UserName | <login> | <login> <domainorigin> |
| FailureReason | <reason> | <reason> |
| ShutdownReason | <reason> | <reason> |
| ObjectType | N/A | <objecttype> |
| ObjectName | <objectname> | <object> |
| OperationMessageText | <subject> <sip> <sport> <dip> | <result> |
| acsinstance | <object> | N/A |
| FeedServicePort | N/A | <sport> |
| PortNumber | N/A | <sport> |
| FeedServiceHost | N/A | <sname> |
| FeedUrl | N/A | <url> |
| AccountName | N/A | <account> |
| ISELocalAddress | <sip> <sport> | N/A |
| ISEModuleName | <objectname> | N/A |
| ISEServiceName | <object> | N/A |
| PeerAddress | <smac | N/A |
| PeerName | <login> | N/A |
| Key1 | N/A | N/A |
| Key2 | N/A | N/A |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
| 1010149 | Administrative And Operational Audit | Base Rule | General Audit | Other Audit Success |
| Administrator Authentication Failed | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| A Malformed SSH Requested Has Been Detected | Sub Rule | Failed to Establish SSH Session | Warning | |
| An Attempted SSH Connection Has Failed | Sub Rule | Failed to Establish SSH Session | Warning | |
| A SSH CLI User Has Attempted Unsuccessfully Login | Sub Rule | Denied SSH Session | Warning | |
| Shutdown Secure Connection With TLS Peer | Sub Rule | Connection Terminated | Network Traffic | |
| Open Secure Connection With TLS Peer | Sub Rule | Connection Established | Network Traffic | |
| Administrator Authentication Succeeded | Sub Rule | Authentication Activity | Authentication Success |
LogRhythm Default v2.0
| Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
| 1012850 | V 2.0 Admin And Operational Audit Event | Base Rule | General Administration Event | Other Audit |
| V 2.0 EVID 51000: Admin Authentication Failure | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 51001: Admin Authentication Success | Sub Rule | Authentication Activity | Authentication Success | |
| V 2.0 EVID 51002: Admin Logged Off | Sub Rule | Login Or Logout Event Executed | Other Audit | |
| V 2.0 EVID 51003: Session Timeout | Sub Rule | Session Timeout | Warning | |
| V 2.0 EVID 51004: Rejected Admin Session | Sub Rule | Failed Unauthorized Activity | Failed Misuse | |
| V 2.0 EVID 51005: Admin Account Disabled | Sub Rule | Authentication Provisioning Failed | Warning | |
| V 2.0 EVID 51006: Inactivity Admin Acct Disabled | Sub Rule | Account Disabled | Access Revoked | |
| V 2.0 EVID 51007: Password Expiration | Sub Rule | LOGIN_PASSWORD_EXPIRED | Information | |
| V 2.0 EVID 51008: Excessive Failed Auth Attempts | Sub Rule | Account Passwords Disabled | Warning | |
| V 2.0 EVID 51009: ISE Runtime Is Not Running | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 51020: Login Username Does Not Exist | Sub Rule | User Logon Failure: Bad Username | Authentication Failure | |
| V 2.0 EVID 51021: Invalid Password | Sub Rule | Info: LOGIN_FAILED_INCORRECT_PASSWORD | Information | |
| V 2.0 EVID 51022: System Error | Sub Rule | General System Error Warning | Warning | |
| V 2.0 EVID 51023: Administrator Account Unlocked | Sub Rule | Account Unlocked | Access Granted | |
| V 2.0 EVID 51100: Password Changed Success | Sub Rule | Performing Password Change | Information | |
| V 2.0 EVID 51101: Invalid New PW - PW Too Short | Sub Rule | Password Too Short | Error | |
| V 2.0 EVID 51102: Invalid New PW - Repeating Char | Sub Rule | Password Change Failed | Error | |
| V 2.0 EVID 51103: Invalid New PW- Missing Req Char | Sub Rule | Password Change Failed | Error | |
| V 2.0 EVID 51104: Invalid New PW - Contains U/N | Sub Rule | Password Change Failed | Error | |
| V 2.0 EVID 51105: Invalid New PW- Contain Res Word | Sub Rule | Password Change Failed | Error | |
| V 2.0 EVID 51106: Auth For Web Services Failure | Sub Rule | Failures Occurred For Web Or MAC Authentication | Information | |
| V 2.0 EVID 51107: Invalid New Password | Sub Rule | Password Change Failed | Error | |
| V 2.0 EVID 51115: New PW Invalid Previously Used | Sub Rule | Password Change Failed | Error | |
| V 2.0 EVID 51116: Invalid New PW- Reverse Order PW | Sub Rule | Password Change Failed | Error | |
| V 2.0 EVID 52000: Configuration Added | Sub Rule | Configuration Information | Information | |
| V 2.0 EVID 52001: Configuration Changed | Sub Rule | Configuration Information | Information | |
| V 2.0 EVID 52002: Configuration Deleted | Sub Rule | Configuration Information | Information | |
| V 2.0 EVID 52003: ISE Instances Node Deregistered | Sub Rule | Device Unregistered | Warning | |
| V 2.0 EVID 52004: ISE Instances Node Register Evt | Sub Rule | Register Node | Information | |
| V 2.0 EVID 52005: ISE Instances Node Activated | Sub Rule | Activate Node | Information | |
| V 2.0 EVID 52006: ISE Node Deactivated | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 52007: Force Full Replication | Sub Rule | Force Full Replication | Other Audit Success | |
| V 2.0 EVID 52008: H/W Replacement Register Handler | Sub Rule | Hardware Replacement | Information | |
| V 2.0 EVID 52009: Promote Node | Sub Rule | Promote Node | Information | |
| V 2.0 EVID 52010: Promote Node Handler | Sub Rule | Promote Node Handler | Information | |
| V 2.0 EVID 52011: Local Mode | Sub Rule | Local Mode Handler | Information | |
| V 2.0 EVID 52012: Local Mode Handler | Sub Rule | Local Mode Handler | Information | |
| V 2.0 EVID 52013: Hardware Replacement | Sub Rule | Hardware Replacement | Information | |
| V 2.0 EVID 52014: Deregister Handler | Sub Rule | Deregister Handler | Information | |
| V 2.0 EVID 52015: Enable LogCollector Target | Sub Rule | Log Collector Resumed | Information | |
| V 2.0 EVID 52016: Select LogCollector Node | Sub Rule | Log Collector Set | Information | |
| V 2.0 EVID 52017: Software Updated | Sub Rule | Software Update Request | Information | |
| V 2.0 EVID 52018: Overriding ISE Instances Log Cat | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 52019: Restoring ISE Instances Log Cat | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 52020: Prim Requested Full Replication | Sub Rule | Replication Information | Information | |
| V 2.0 EVID 52021: Sec Requested Full Replication | Sub Rule | Replication Information | Information | |
| V 2.0 EVID 52022: Full Replication | Sub Rule | Full Replication Succeeded | Other Audit Success | |
| V 2.0 EVID 52023: Failed To Create A Link | Sub Rule | Full Replication Failed | Error | |
| V 2.0 EVID 52024: Local Credential File | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 52025: Remote Database Key | Sub Rule | Retrieve Database Object | Information | |
| V 2.0 EVID 52026: Retrieving Database | Sub Rule | Retrieve Database Object | Information | |
| V 2.0 EVID 52027: Heartbeat Channel Stop | Sub Rule | Heartbeat Status | Information | |
| V 2.0 EVID 52028: Deleting Backup Files | Sub Rule | General Backup Information | Information | |
| V 2.0 EVID 52029: Cleanup Script & Restarting ISE | Sub Rule | Performing Cleanup | Information | |
| V 2.0 EVID 52030: Full Replication Success | Sub Rule | Full Replication Succeeded | Other Audit Success | |
| V 2.0 EVID 52031: Full Replication Failure | Sub Rule | Full Replication Failed | Error | |
| V 2.0 EVID 52032: Req To Join Distributed Environ | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 52033: Registration Success | Sub Rule | Registration Complete | Information | |
| V 2.0 EVID 52034: Registration Requested | Sub Rule | Registration Request | Information | |
| V 2.0 EVID 52035: Registration Failure | Sub Rule | Registration Failure | Error | |
| V 2.0 EVID 52036: Changing Instance | Sub Rule | Instance Information | Information | |
| V 2.0 EVID 52037: Updating Instance In Database | Sub Rule | Instance Information | Information | |
| V 2.0 EVID 52038: Distr ISE Deployment Join Succ | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 52039: Distr ISE Deployment Join Fail | Sub Rule | General Action Failure | Error | |
| V 2.0 EVID 52040: Promotion Req To Sec Instance | Sub Rule | Promotion Request | Information | |
| V 2.0 EVID 52041: Promotion Req To Prim Instance | Sub Rule | Promotion Request | Information | |
| V 2.0 EVID 52042: Demotion Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 52043: Demotion Failure | Sub Rule | Demotion Failed | Error | |
| V 2.0 EVID 52044: Global Deployment Update Success | Sub Rule | Update Successful | Information | |
| V 2.0 EVID 52045: Promotion Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 52046: Promotion Failure | Sub Rule | Promotion Failed | Error | |
| V 2.0 EVID 52047: Local Mode Reconnect Request | Sub Rule | Local Mode Reconnect Request | Information | |
| V 2.0 EVID 52048: Local Mode Remote Call To Recon | Sub Rule | Local Mode Reconnect Request | Information | |
| V 2.0 EVID 52049: Replication In Local Mode | Sub Rule | Replication Information | Information | |
| V 2.0 EVID 52050: Changing ISE Instance Status | Sub Rule | Instance Information | Information | |
| V 2.0 EVID 52051: Updating Instance Status | Sub Rule | Instance Information | Information | |
| V 2.0 EVID 52052: Local Mode Reconnect Success | Sub Rule | Local Mode Reconnect Succeeded | Information | |
| V 2.0 EVID 52053: Local Mode Reconnect Failure | Sub Rule | Local Mode Reconnect Failed | Error | |
| V 2.0 EVID 52054: Issue Request Local Mode | Sub Rule | Local Mode Reconnect Request | Information | |
| V 2.0 EVID 52055: Replace Request To Sec Instance | Sub Rule | Instance Information | Information | |
| V 2.0 EVID 52056: Changing ISE Instance Status | Sub Rule | Instance Information | Information | |
| V 2.0 EVID 52057: Updating Instance Status | Sub Rule | Instance Information | Information | |
| V 2.0 EVID 52058: Local Mode Success | Sub Rule | Local Mode Reconnect Succeeded | Information | |
| V 2.0 EVID 52059: Local Mode Failed | Sub Rule | Local Mode Failed | Error | |
| V 2.0 EVID 52060: Req To Deregister Prim To Sec | Sub Rule | Deregister Request | Information | |
| V 2.0 EVID 52061: Deregister Secondary Request | Sub Rule | Deregister Request | Information | |
| V 2.0 EVID 52062: Conn Removing Of Prim & Sec | Sub Rule | Connection Removed Or Disabled | Information | |
| V 2.0 EVID 52063: Restarting Reg Heartbeat | Sub Rule | Heartbeat Status | Information | |
| V 2.0 EVID 52070: Sec Request To Deregister Prim | Sub Rule | Deregister Request | Information | |
| V 2.0 EVID 52071: Primary Deleted Secondary Cert | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 52072: Deregistration Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 52073: Deregistration Failure | Sub Rule | Deregistration Failed | Error | |
| V 2.0 EVID 52074: Request To Disconnect Secondary | Sub Rule | Disconnect Request Received | Information | |
| V 2.0 EVID 52075: Req To Disconnect Sec From Prim | Sub Rule | Disconnect Request Received | Information | |
| V 2.0 EVID 52076: Prim Request To Delete Sec Node | Sub Rule | Delete Node Request | Information | |
| V 2.0 EVID 52077: Sec Instance Disconnection Succ | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 52078: Sec Instance Disconnection Fail | Sub Rule | Delete Node Failed | Error | |
| V 2.0 EVID 52079: Prim Delete Sec Instance Succes | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 52080: Sec Instance Deletion Failure | Sub Rule | Delete Node Failed | Error | |
| V 2.0 EVID 52081: Priamry Backup Request | Sub Rule | Backup Request | Information | |
| V 2.0 EVID 52082: Primary Backup Failure | Sub Rule | Backup Failure | Error | |
| V 2.0 EVID 52083: Secondary Backup Request | Sub Rule | Backup Request | Information | |
| V 2.0 EVID 52084: Primary Backup Success | Sub Rule | Backup Succeeded | Information | |
| V 2.0 EVID 52085: Secondary Backup Failure | Sub Rule | Backup Failure | Error | |
| V 2.0 EVID 52086: Software Update Request | Sub Rule | Software Update Request | Information | |
| V 2.0 EVID 52088: Software Update | Sub Rule | Software Updated | Configuration | |
| V 2.0 EVID 52089: Software Update Required Backup | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 52090: Software Update Download Bundle | Sub Rule | Downloading Bundle | Information | |
| V 2.0 EVID 52091: Software Update Failure | Sub Rule | Software Update Failed | Error | |
| V 2.0 EVID 52092: Software Update Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 52093: S/W Update Download Bundle Fail | Sub Rule | Software Update Failed | Error | |
| V 2.0 EVID 52094: Activate Request | Sub Rule | Activate Request | Information | |
| V 2.0 EVID 52095: H/W Replacement Register Req | Sub Rule | Hardware Replacement | Information | |
| V 2.0 EVID 52096: Unable To Retrieve Prim Instance | Sub Rule | Instance Information | Information | |
| V 2.0 EVID 52097: Sec To Initiate Full Replication | Sub Rule | Full Replication Request | Information | |
| V 2.0 EVID 52098: Sec Instance Activate Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 52099: Secondary Instance Activate Fail | Sub Rule | General Action Failure | Error | |
| V 2.0 EVID 52100: Process Status On Sec Instance | Sub Rule | Process Status | Information | |
| V 2.0 EVID 52101: Process Status On Prim Instance | Sub Rule | Process Status | Information | |
| V 2.0 EVID 52102: Scheduled Backup | Sub Rule | Scheduled Backup | Information | |
| V 2.0 EVID 52103: Sched Backup Fail- Invalid Char | Sub Rule | Scheduled Backup | Information | |
| V 2.0 EVID 52104: Sched Backup Fail- Invalid Repo | Sub Rule | Scheduled Backup | Information | |
| V 2.0 EVID 52105: Scheduled Backup Failed | Sub Rule | Scheduled Backup | Information | |
| V 2.0 EVID 52106: Scheduled Backup Success | Sub Rule | Scheduled Backup | Information | |
| V 2.0 EVID 57000: Deleted RolledOver Loc Log File | Sub Rule | File Deleted | Information | |
| V 2.0 EVID 58001: ISE Process Started | Sub Rule | Process/Service Started | Startup and Shutdown | |
| V 2.0 EVID 58002: ISE Process Stopped | Sub Rule | Process/Service Stopped | Startup and Shutdown | |
| V 2.0 EVID 58003: ISE Processes Started | Sub Rule | Process/Service Started | Startup and Shutdown | |
| V 2.0 EVID 58004: ISE Processes Stopped | Sub Rule | Process/Service Stopped | Startup and Shutdown | |
| V 2.0 EVID 58005: ISE Process Restart By Watchdog | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 58006: Watchdog Configuration Reloaded | Sub Rule | Configuration Information | Information | |
| V 2.0 EVID 58007: ISE Process Reported Start/Stop | Sub Rule | Failed Process Start | Error | |
| V 2.0 EVID 58008: CARS Backup Completed | Sub Rule | CARS Backup Complete | Information | |
| V 2.0 EVID 58009: CARS Restore Completed | Sub Rule | CARS Restore Complete | Information | |
| V 2.0 EVID 58010: ISE DB Backup | Sub Rule | Database Information | Information | |
| V 2.0 EVID 58011: ISE DB Restore | Sub Rule | Database Information | Information | |
| V 2.0 EVID 58012: ISE Support Bundle Collected | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 58013: ISE DB Reset | Sub Rule | Database Information | Information | |
| V 2.0 EVID 58014: ISE Core Files Delete | Sub Rule | File Deleted | Information | |
| V 2.0 EVID 58015: ISE Log Files Deleted | Sub Rule | File Deleted | Information | |
| V 2.0 EVID 58016: ISE Upgrade Completed | Sub Rule | Upgrade Complete | Information | |
| V 2.0 EVID 58017: ISE Patch Installed | Sub Rule | Software Patching Information | Information | |
| V 2.0 EVID 58018: ISE Migration Interface Enabled | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 58019: ISE Admin Password Reset | Sub Rule | Password Modified | Account Modified | |
| V 2.0 EVID 58020: Clock Set | Sub Rule | System Clock Has Been Updated | Information | |
| V 2.0 EVID 58021: Time Zone Set | Sub Rule | Local Time Zone | Information | |
| V 2.0 EVID 58022: NTP Server Set | Sub Rule | General NTP Information | Information | |
| V 2.0 EVID 58023: Hostname Set | Sub Rule | Local Machine Host Name | Information | |
| V 2.0 EVID 58024: IP Address Set | Sub Rule | IP Address Assigned | Information | |
| V 2.0 EVID 58025: IP Address State | Sub Rule | IP Address Assigned | Information | |
| V 2.0 EVID 58026: Default Gateway Set | Sub Rule | Gateway Is Up | Information | |
| V 2.0 EVID 58027: Name Server Set | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 58028: ADE OS Xfer Library Error | Sub Rule | ADE OS Xfer Library Error | Error | |
| V 2.0 EVID 58029: ADE OS Install Library Error | Sub Rule | ADE OS Install Library Error | Error | |
| V 2.0 EVID 58030: ISE Upgrade Schema Changed | Sub Rule | Schema Information | Information | |
| V 2.0 EVID 58031: ISE Upgrade Dictionary | Sub Rule | Upgrade Complete | Information | |
| V 2.0 EVID 58032: ISE Upgrade Data Manipulation | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 58033: ISE Upgrade AAC Event | Sub Rule | Upgrade Complete | Information | |
| V 2.0 EVID 58034: ISE Upgrade PKI Event | Sub Rule | Upgrade Complete | Information | |
| V 2.0 EVID 58035: ISE Upgrade MnT Event | Sub Rule | Upgrade Complete | Information | |
| V 2.0 EVID 58036: ISE Upgrade Event | Sub Rule | Upgrade Started | Information | |
| V 2.0 EVID 58037: ISE Install Event | Sub Rule | Install Started | Information | |
| V 2.0 EVID 58038: Failed To Join AD Event | Sub Rule | General Active Directory Information | Information | |
| V 2.0 EVID 58039: AD Join Event | Sub Rule | General Active Directory Information | Information | |
| V 2.0 EVID 58040: AD Leave Event | Sub Rule | General Active Directory Information | Information | |
| V 2.0 EVID 58041: Import/Export Process Aborted | Sub Rule | Import Process Aborted | Information | |
| V 2.0 EVID 58042: Import/Export Process Started | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 58043: Import/Export Process Completed | Sub Rule | Import Process Complete | Information | |
| V 2.0 EVID 58044: Import/Export Process Error | Sub Rule | Management Process Error | Error | |
| V 2.0 EVID 58045: Single Network Interface Allowed | Sub Rule | Only Single Network Interface Is Allowed | Warning | |
| V 2.0 EVID 59000: Received Req To Revoke All PACs | Sub Rule | Request Received | Other Audit Success | |
| V 2.0 EVID 59001: Generated New EAP-FAST Seed Key | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 59002: Successfully Updated EAP-FAST | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 59003: User Not Authorized To Revoke | Sub Rule | Unauthorized Activity | Misuse | |
| V 2.0 EVID 59004: Timed Out Attempt To Revoke EAP | Sub Rule | Timeout Error | Error | |
| V 2.0 EVID 59005: Rcvd Req To Generate Tunnel PAC | Sub Rule | Request Received | Other Audit Success | |
| V 2.0 EVID 59006: Rcvd Req To Generate Machine PAC | Sub Rule | Request Received | Other Audit Success | |
| V 2.0 EVID 59007: Failed To Generate PAC | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 59008: Successfully Generated PAC | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 59009: Rcvd Req To Generate TrustSecPAC | Sub Rule | Request Received | Other Audit Success | |
| V 2.0 EVID 59010: Failed To Generate TrustSec PAC | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 59011: Successfully Generated TrustSec | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 59050: Rcvd Req To Revoke All Tickets | Sub Rule | Request Received | Other Audit Success | |
| V 2.0 EVID 59051: Generated New EAP-TLS Seed Key | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 59052: Successfully Updated EAP-TLS | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 59100: Admin Req To Delete Loc Store | Sub Rule | Object Handle Requested | Other Audit Success | |
| V 2.0 EVID 59101: Successful Deletion Of Loc Store | Sub Rule | File Monitoring Event - Delete | Access Success | |
| V 2.0 EVID 59102: Successful Deletion Of Multiple | Sub Rule | File Monitoring Event - Delete | Access Success | |
| V 2.0 EVID 59103: Failed To Delete Local Store Log | Sub Rule | File Monitoring Event - Delete Failed | Access Failure | |
| V 2.0 EVID 59200: Admin Req To Set Log Collector | Sub Rule | Object Handle Requested | Other Audit Success | |
| V 2.0 EVID 59201: Set Log Collector Successful | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 59202: Set Log Collector Error | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 59203:Admin Req To Resume Log Collector | Sub Rule | Object Handle Requested | Other Audit Success | |
| V 2.0 EVID 59204: Resume Log Collector Successful | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 59205: Resume Log Collector Error | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 59206: Admin Req To Suspend Log Collec | Sub Rule | Object Handle Requested | Other Audit Success | |
| V 2.0 EVID 59207: Suspend Log Collector Successful | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 59208: Suspend Log Collector Error | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 59250: Adm Reset Access Setting Frm CLI | Sub Rule | Action Performed By Admin | Other Audit Success | |
| V 2.0 EVID 59251: Admin Activated/Deactivated AD | Sub Rule | Action Performed By Admin | Other Audit Success | |
| V 2.0 EVID 59252: Adm Changed Component Debug Log | Sub Rule | Action Performed By Admin | Other Audit Success | |
| V 2.0 EVID 59253: Admin Started Export Config Data | Sub Rule | Action Performed By Admin | Other Audit Success | |
| V 2.0 EVID 59254: Admin Started Export Config Data | Sub Rule | Action Performed By Admin | Other Audit Success | |
| V 2.0 EVID 59255: Adm Aborted Import/Export Config | Sub Rule | Action Performed By Admin | Other Audit Success | |
| V 2.0 EVID 59256: Adm Started Replication Process | Sub Rule | Action Performed By Admin | Other Audit Success | |
| V 2.0 EVID 59257: Admin Reset Mgmt Interface Cert | Sub Rule | Action Performed By Admin | Other Audit Success | |
| V 2.0 EVID 59258: Admin Decrypted Support Bundle | Sub Rule | Action Performed By Admin | Other Audit Success | |
| V 2.0 EVID 59259: Replication Failed | Sub Rule | Replication Failed | Error | |
| V 2.0 EVID 60000: Patch Installation Completed | Sub Rule | Software Patching Information | Information | |
| V 2.0 EVID 60001: Patch Installation Failed | Sub Rule | Software Patching Information | Information | |
| V 2.0 EVID 60002: Patch Rollback Completed | Sub Rule | Software Patching Information | Information | |
| V 2.0 EVID 60003: Patch Rollback Failure | Sub Rule | Software Patching Information | Information | |
| V 2.0 EVID 60050: Node Added To Deployment Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60051: Failed To Add Node To Deployment | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60052: Node Removed From Deployment | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60053: Failed To Remove Node Frm Deploy | Sub Rule | Delete Node Failed | Error | |
| V 2.0 EVID 60054: Node Updated Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60055: Failed To Update Node | Sub Rule | Update Unsuccessful | Warning | |
| V 2.0 EVID 60056: Node Group Runtime Status Change | Sub Rule | RuntimeChange Event | Other Audit Success | |
| V 2.0 EVID 60057: PSN Node Went Down | Sub Rule | Host Is Down | Error | |
| V 2.0 EVID 60058: System Heartbeat Initial Status | Sub Rule | Started Sending Heartbeats To Peer | Information | |
| V 2.0 EVID 60059: Successfully Reg Node With MnT | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60060: Admin Invoked OCSP Clear Cache | Sub Rule | Application Invoked | Information | |
| V 2.0 EVID 60061: OCSP Clear Cache O/P Completed | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60062: OCSP Clear Cache O/P Termination | Sub Rule | Delete Node Failed | Error | |
| V 2.0 EVID 60063: Replication To Node Completed | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60064: Node Replication Failure | Sub Rule | Replication Failed | Error | |
| V 2.0 EVID 60065: Max No Of Admin Sessions Exceed | Sub Rule | Connection Limit Exceeded | Warning | |
| V 2.0 EVID 60066: Not Matched Delta B/W Old & New | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 60067: Profiler Feed Service Automatic | Sub Rule | Endpoint Profiling Activity | Information | |
| V 2.0 EVID 60068: Profiler Feed Service Manual | Sub Rule | Endpoint Profiling Activity | Information | |
| V 2.0 EVID 60069: Profiler Feed Service Profiles | Sub Rule | Endpoint Profiling Activity | Information | |
| V 2.0 EVID 60070: Profiler Feed Service No Profile | Sub Rule | Endpoint Profiling Activity | Information | |
| V 2.0 EVID 60071: Feed Server Communication Issued | Sub Rule | Communication Failure | Error | |
| V 2.0 EVID 60072: Profiler Feed Svc Feed Unavaila | Sub Rule | Service Unavailable | Error | |
| V 2.0 EVID 60073: Querying Profiler Feed Svc Err | Sub Rule | Communication Failure | Error | |
| V 2.0 EVID 60074: Profiler Feed Service Importing | Sub Rule | Endpoint Profiling Activity | Information | |
| V 2.0 EVID 60075: Sponsor Successfully Auth | Sub Rule | Authentication Activity | Authentication Success | |
| V 2.0 EVID 60076: Sponsor Authentication Failure | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 60077: MyDevices User Auth Failure | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 60078: MyDevices User Successfully Auth | Sub Rule | Authentication Activity | Authentication Success | |
| V 2.0 EVID 60079: Failed To Establish SSL Session | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60080: SSH CLI User Successfully Log In | Sub Rule | Authentication Activity | Authentication Success | |
| V 2.0 EVID 60081: SSH CLI User Login Attempt Unsuc | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 60082: SSH CLI User Login Attempts Lock | Sub Rule | User Logon Failure: Account Locked Out | Authentication Failure | |
| V 2.0 EVID 60083: Syslog Server Config Changed | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60084: ADEOS CLI User Config Changed | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60085: ADEOS Repository Config Changed | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60086: ADEOS SSH Svc Config Changed | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60087:ADEOS Max SSH CLI Sess Config Chg | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60088: ADEOS SNMP Agent Config Changed | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60089: ADEOS CLI Kron Scheduler Policy | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60090: ADEOS CLI Kron Scheduler Occur | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60091:ADEOS CLI Pre-Login Banner Config | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60092:ADEOS CLI Post-Login Banner Confi | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60093: ISE Backup Started | Sub Rule | Backup Job Started | Information | |
| V 2.0 EVID 60094: ISE Backup Completed | Sub Rule | Backup Job Completed | Information | |
| V 2.0 EVID 60095: ISE Backup Failure | Sub Rule | Backup Failed | Error | |
| V 2.0 EVID 60096: ISE Log Backup Started | Sub Rule | Backup Job Started | Information | |
| V 2.0 EVID 60097: ISE Log Backup Completed Success | Sub Rule | Backup Job Completed | Information | |
| V 2.0 EVID 60098: ISE Log Backup Failure | Sub Rule | Backup Failed | Error | |
| V 2.0 EVID 60099: ISE Restore Started | Sub Rule | Backup Or Restore SQL Command | Information | |
| V 2.0 EVID 60100: ISE Restore Completed | Sub Rule | Backup Restored | Information | |
| V 2.0 EVID 60101: ISE Restore Failure | Sub Rule | Restore Failure | Error | |
| V 2.0 EVID 60102: Application Install. Completed | Sub Rule | Upgrade Complete | Information | |
| V 2.0 EVID 60103: Application Installation Failure | Sub Rule | Application Error | Error | |
| V 2.0 EVID 60104: Application Remove Started | Sub Rule | Job Started | Other Audit Success | |
| V 2.0 EVID 60105: Application Remove Completed | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 60106: Application Remove Failure | Sub Rule | Application Error | Error | |
| V 2.0 EVID 60107: Application Upgrade Failure | Sub Rule | Application Error | Error | |
| V 2.0 EVID 60108: Application Patch Started | Sub Rule | Software Patching Information | Information | |
| V 2.0 EVID 60109: Application Patch Remove Started | Sub Rule | Software Patching Information | Information | |
| V 2.0 EVID 60111: Application Patch Remove Complet | Sub Rule | Software Patching Information | Information | |
| V 2.0 EVID 60112: Application Patch Remove Failure | Sub Rule | Application Error | Error | |
| V 2.0 EVID 60113: ISE Server Reload Initiated | Sub Rule | General Server Warning | Warning | |
| V 2.0 EVID 60114: ISE Server Shutdown Initiated | Sub Rule | General Server Warning | Warning | |
| V 2.0 EVID 60115: CLI User Logged In Via SSH | Sub Rule | Authentication Activity | Authentication Success | |
| V 2.0 EVID 60116: CLI User Logged Out From SSH | Sub Rule | Login Or Logout Event Executed | Other Audit | |
| V 2.0 EVID 60117: ADEOS CLI User Forced Logged Out | Sub Rule | General User Activity Monitor Event | Other Audit | |
| V 2.0 EVID 60118: ADEOS CLI User Used Delete CLI | Sub Rule | General User Activity Monitor Event | Other Audit | |
| V 2.0 EVID 60119: ADEOS CLI User Used Copy CLI | Sub Rule | General User Activity Monitor Event | Other Audit | |
| V 2.0 EVID 60120: ADEOS CLI User Used MKDIR CLI | Sub Rule | General User Activity Monitor Event | Other Audit | |
| V 2.0 EVID 60121:ADEOS CLI User Copied Out Running | Sub Rule | General User Activity Monitor Event | Other Audit | |
| V 2.0 EVID 60122: ADEOS CLI User Copied System | Sub Rule | General User Activity Monitor Event | Other Audit | |
| V 2.0 EVID 60123: ADEOS CLI User Saved Running | Sub Rule | General User Activity Monitor Event | Other Audit | |
| V 2.0 EVID 60124: ADEOS CLI User Login Failure | Sub Rule | LOGIN_PASSWORD_EXPIRED | Information | |
| V 2.0 EVID 60125: Detected Malformed SSH Requested | Sub Rule | Detected Malware Activity | Malware | |
| V 2.0 EVID 60126: Application Patch Install. Fail | Sub Rule | Application Error | Error | |
| V 2.0 EVID 60127: Max No Of Concurrent CLI Session | Sub Rule | General Server Warning | Warning | |
| V 2.0 EVID 60128: Copy File In From ADEOS CLI Fail | Sub Rule | General User Activity Monitor Event | Other Audit | |
| V 2.0 EVID 60129:Copy File Out From ADEOS CLI Fail | Sub Rule | General User Activity Monitor Event | Other Audit | |
| V 2.0 EVID 60130: ISE Scheduled Backup Configured | Sub Rule | Scheduled Backup | Information | |
| V 2.0 EVID 60131: ISE Support Bundle Created | Sub Rule | Object Created | Access Success | |
| V 2.0 EVID 60132: ISE Support Bundle Deleted | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 60133: ISE Support Bundle Generation | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60134: DNS Resolution Failure | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60135: MyDevices User SSO Logout Fail | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60136: Sponsor User SSO Logout Failure | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60150: Slow Replication Info | Sub Rule | Replication Information | Information | |
| V 2.0 EVID 60151: Slow Replication Warning | Sub Rule | Replication Warning | Warning | |
| V 2.0 EVID 60152: Slow Replication Error | Sub Rule | Replication Error | Error | |
| V 2.0 EVID 60153: Certificate Exported | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60154: Application Patch Install Comple | Sub Rule | Software Patching Information | Information | |
| V 2.0 EVID 60155: Secure Comm With Syslog Svr Est | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60156: Secure Comm Establishment Fail | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60157: Failed To Copy Exported Report | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60158: All XGrid Admin Actions Logged | Sub Rule | General User Logged Event | Information | |
| V 2.0 EVID 60159: Posture Req Update Started | Sub Rule | Update Process Started | Information | |
| V 2.0 EVID 60160: Finished Updating Posture Req | Sub Rule | Content Successfully Updated | Information | |
| V 2.0 EVID 60161: Failed Update Posture Req | Sub Rule | Update Failed | Error | |
| V 2.0 EVID 60162: Checking Updated Posture Req | Sub Rule | Content Successfully Updated | Information | |
| V 2.0 EVID 60163: Processing Updated Posture Req | Sub Rule | Processing Notification | Information | |
| V 2.0 EVID 60164: NTP Service Down On Node | Sub Rule | NTPD Error | Error | |
| V 2.0 EVID 60165: NTP Failed To Sync With Config | Sub Rule | NTPD Error | Error | |
| V 2.0 EVID 60166: Certificate Expiring Soon | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60167: Certificate Expired | Sub Rule | Certificate Expired | Warning | |
| V 2.0 EVID 60168: Session Repeat Count Reset Succ | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60169: Session Repeat Count Reset Fail | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60170: Resetting Repeat Cnt Successful | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60171: Resetting Repeat Count Failed | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60172: Alarms Acknowledge | Sub Rule | Alarm Cleared | Information | |
| V 2.0 EVID 60173: Outdated Alarms Purged | Sub Rule | Over Max Date Purged | Information | |
| V 2.0 EVID 60174: Could Not Add Cert Revocation | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60175: Could Not Download Cert Revocat | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60176: Posture Updated | Sub Rule | Content Successfully Updated | Information | |
| V 2.0 EVID 60177: App Upgrade Preparation Failure | Sub Rule | Application Error | Error | |
| V 2.0 EVID 60178: App Upgrade Preparation Success | Sub Rule | Upgrade Information | Information | |
| V 2.0 EVID 60179: App Upgrade Preparation Start | Sub Rule | Upgrade Started | Information | |
| V 2.0 EVID 60180: Syslog Server Identity Chk Fail | Sub Rule | Device Communication Failure | Error | |
| V 2.0 EVID 60184: Console CLI User Success Login | Sub Rule | Authentication Activity | Authentication Success | |
| V 2.0 EVID 60185: Console CLI User Unsuccessful | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 60186: Console CLI User Login Attempt | Sub Rule | User Logon Failure: Account Locked Out | Authentication Failure | |
| V 2.0 EVID 60187: Application Upgrade Success | Sub Rule | Upgrade Complete | Information | |
| V 2.0 EVID 60188: SSH Connection Attempt Fail | Sub Rule | Connection Authentication Failed | Authentication Failure | |
| V 2.0 EVID 60189:Terminal Session Timeout Modified | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60190: XGrid Administrator Action | Sub Rule | Action Performed By Admin | Other Audit Success | |
| V 2.0 EVID 60191: Insufficient Virtual Mac Resourc | Sub Rule | Insufficient Resources | Critical | |
| V 2.0 EVID 60192: Firmware Update Required On Node | Sub Rule | Update Required | Information | |
| V 2.0 EVID 60193: RSA Key Configuration Modified | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60194: Host Key Configuration Modified | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60195: CA Service Started | Sub Rule | Process/Service Started | Startup and Shutdown | |
| V 2.0 EVID 60196: CA Service Stopped | Sub Rule | Process/Service Stopped | Startup and Shutdown | |
| V 2.0 EVID 60197: Revoked ISE CA Issued Cert | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60198: MnT Purge Event Occurred | Sub Rule | Cleanup Completed | Information | |
| V 2.0 EVID 60199: IP-SGT Mapping Deployed Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60200: IP-SGT Mapping Failed Deploying | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60201: IP-SGT Deployment Successful | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60202: IP-SGT Deployment Failure | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60203: IP-SGT Deployment Finished | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60204: System Root CLI Account Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60205: CLI User Logged In Via Console | Sub Rule | Login Or Logout Event Executed | Other Audit | |
| V 2.0 EVID 60206: CLI User Logged Out Via Console | Sub Rule | Login Or Logout Event Executed | Other Audit | |
| V 2.0 EVID 60207: Logging Loglevel Config Modified | Sub Rule | Configuration Modified: System | Configuration | |
| V 2.0 EVID 60208: Root CA Certificate Replaced | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60209: CA Service Enabled | Sub Rule | Security Mode Enabled Or Disabled | Information | |
| V 2.0 EVID 60210: CA Service Disabled | Sub Rule | Security Mode Enabled Or Disabled | Information | |
| V 2.0 EVID 60211: ISE Acquired Subordinate CA | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60212: Portal Could Not Start On Node | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60213: CA Keys Replaced By Import O/P | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60214: CA Keys Exported | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60215: Endpoint Certs Marked Expired | Sub Rule | Certificate Expired | Warning | |
| V 2.0 EVID 60216: Endpoint Certs Purged | Sub Rule | Cleaning Files | Other Audit Success | |
| V 2.0 EVID 60217: Certificate Replication Failed | Sub Rule | Replication Failed | Error | |
| V 2.0 EVID 60218: Certificate Replication Failure | Sub Rule | Replication Failed | Error | |
| V 2.0 EVID 60219: Admin Node Not Received PAN HA | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 60221: Misconfig PAN HA Monitoring | Sub Rule | Configuration Changes Failed | Critical | |
| V 2.0 EVID 60222: PAN Not Reachable Or Unhealthy | Sub Rule | Host Unreachable | Information | |
| V 2.0 EVID 60223: PAN HA Promotion Request Failure | Sub Rule | Process Request Failed | Error | |
| V 2.0 EVID 60224: Automatic Failover To Sec PAN | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60225: Unable To Build Cert Chain | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60226: Successfully Performed CoA Term | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60227:Failed To Perform CoA Termination | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60228: MSE Server Unreachable | Sub Rule | Host Unreachable | Information | |
| V 2.0 EVID 60229: MSE Server Back Online | Sub Rule | Previously Failed Device Back Online | Warning | |
| V 2.0 EVID 60231: Queried MSE Server | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 60232: Started Ongoing Sessions Check | Sub Rule | Certificate Retrieved | Information | |
| V 2.0 EVID 60233: Endpoint Session Terminated | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60234: SXP Connection Disconnected | Sub Rule | Session Disconnected | Other Audit Success | |
| V 2.0 EVID 60235: SXP Connection Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60236: SXP Connection Failure | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60237: SXP Binding Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60238: SXP Binding Failure | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 60239: SXP Binding Conflict Occurred | Sub Rule | Bind Information | Information | |
| V 2.0 EVID 60400: Policy Elements Generated Based | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 60401: Reminder Assign NAD Profiles | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 60451: Telemetry Enabled On Deployment | Sub Rule | Policy Enabled: Auditing | Policy | |
| V 2.0 EVID 60452: Telemetry Disabled On Deployment | Sub Rule | Policy Disabled: Auditing | Policy | |
| V 2.0 EVID 60453: Telemetry Messages Sent Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60454: Telemetry Msg Not Sent Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60501: ERS XML Input Is Suspect For XSS | Sub Rule | General Attack Activity | Attack | |
| V 2.0 EVID 60502: ERS Identified Deprecated URL | Sub Rule | Deprecation Announcement | Information | |
| V 2.0 EVID 60503: ERS Identified Out-Dated URL | Sub Rule | URL Information | Information | |
| V 2.0 EVID 60504: ERS Request Content-Type Header | Sub Rule | Content Type Does Not Match The Accept Type | Warning | |
| V 2.0 EVID 11319: TrustSec Works On TLS 1.0 | Sub Rule | TLS Message | Information | |
| V 2.0 EVID 60455: Easy Wired Selected On Allowed | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 60456: Started CRL/OCSP Periodic Cert | Sub Rule | Certificate Services Information | Information | |
| V 2.0 EVID 60457: Successful Message For Auth Type | Sub Rule | Authentication Activity | Authentication Success | |
| V 2.0 EVID 60458: Unsuccessful Msg For Auth Type | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 60459: SXP Binding Not Propagated | Sub Rule | Falling Threshold Crossed | Error | |
| V 2.0 EVID 60460: Inactivity Account Disabled | Sub Rule | Account Disabled | Access Revoked | |
| V 2.0 EVID 60461: User Lvl Date Expiry Acc Disable | Sub Rule | Account Disabled | Access Revoked | |
| V 2.0 EVID 60462: Global Lvl Date Expiry Disabled | Sub Rule | Account Disabled | Access Revoked | |
| V 2.0 EVID 60463: Global Lvl Days Expiry Disabled | Sub Rule | Account Disabled | Access Revoked | |
| V 2.0 EVID 60464: Smart Call Home Msg Sent Success | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 60465: Smart Call Home Msg Not Sent Suc | Sub Rule | Successful Activity | Other Audit Success | |
| V 2.0 EVID 61001: Used APIC Self Signed Cert | Sub Rule | Self-Generated Certificate Loaded | Other Audit Success | |
| V 2.0 EVID 61002: ISE Learned New SGT From IEPG | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 61003: ISE Propagated New EEPG To APIC | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 61004: ISE Learned New SXP Mapping | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 61005: ISE Propagated New Endpoint | Sub Rule | General Information Log Message | Information | |
| V 2.0 EVID 61006: ISE Removed SGT Due To Deleted | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61007: ISE Removed EEPG From APIC | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61008: ISE Removed SXP Mapping | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61009: ISE Removed Endpoint APIC | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61010: ISE Established Conn To APIC | Sub Rule | Connected | Information | |
| V 2.0 EVID 61011: ISE Disconnected From APIC | Sub Rule | Session Disconnected | Other Audit Success | |
| V 2.0 EVID 61012: ISE Auth Against APIC Success | Sub Rule | Authentication Activity | Authentication Success | |
| V 2.0 EVID 61013: ISE Failed To Auth Against APIC | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 61014 ISE Successfully Refreshed Auth | Sub Rule | Authentication Activity | Authentication Success | |
| V 2.0 EVID 61015 ISE Failed To Refresh Auth | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 61016 ISE Failed To Refresh EPG Subsc | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 61017 ISE Failed To Refresh Endpoint | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 61018 ISE Failed To Refresh EEPG Subs | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 61020 ISE Failed To Refresh L3EXTOUT | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 61021 ISE Rcvd EPG With Any Class Id | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61022 ISE Failed To Propagate SGT | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61023 ISE Failed To Learn IEPG | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61024 ISE Failed To Parse VRF For EPG | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61025 Secure Connection Established | Sub Rule | Connection Established | Network Traffic | |
| V 2.0 EVID 61026 Secure Connection With TLS Peer | Sub Rule | Connection Information | Information | |
| V 2.0 EVID 60505 ERS Req Rejected-Invalid I/P | Sub Rule | Request Rejected | Error | |
| V 2.0 EVID 60506 ERS Req Suspicious Of Mal Attack | Sub Rule | Suspicious Activity | Suspicious | |
| V 2.0 EVID 60507 ERS Req Rejected- Unauth User | Sub Rule | Request Rejected | Error | |
| V 2.0 EVID 60508 ERS Req Rejected- Illegal Req | Sub Rule | Request Rejected | Error | |
| V 2.0 EVID 60509 ERS Req Denied As Max Possible | Sub Rule | Connection Limit Exceeded | Warning | |
| V 2.0 EVID 61027 Invalid/Bad HTTP Request Rcvd | Sub Rule | Bad Request | Warning | |
| V 2.0 EVID 61028 TrustSec Deploy Ver. Started | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61029 TrustSec Deploy Ver. Finished | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61030 TrustSec Deploy Ver. Cancelled | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61031 TrustSec Deploy Ver. Failed | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61032 TrustSec Deploy Ver-Policy Diff | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61033 TrustSec Deploy Ver Process Suc | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61034 Maximum Resource Limit Reached | Sub Rule | Resource Shortage | Warning | |
| V 2.0 EVID 61035 IP SGT Static Mapping Sent | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61051 Synflood Limit Configured | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61052 Rate Limit Configured | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61053 Invalid User Input Detected | Sub Rule | Invalid Input Value | Error | |
| V 2.0 EVID 61054 ISE Found Invalid Auth Profile | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61055 Queue Consumed High Memory | Sub Rule | Memory Statistics Information | Information | |
| V 2.0 EVID 61056 Federation Link Down | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61057 Low Space Available To Queue | Sub Rule | Memory Statistics Information | Information | |
| V 2.0 EVID 61058 APIC Server Update Failed | Sub Rule | Update Failed | Error | |
| V 2.0 EVID 61059 Req From Customer Success N/W | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61060 ISE Server Registered To Cisco | Sub Rule | Device Registered | Information | |
| V 2.0 EVID 61061 ISE Svr De-Registered Frm Cisco | Sub Rule | Device Unregistered | Warning | |
| V 2.0 EVID 61062 Bi Dir. Connectivity Enabled | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61063 Bi Dir. Connectivity Disabled | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61064 Bi Dir. Connectivity Establish | Sub Rule | Connection Established | Network Traffic | |
| V 2.0 EVID 61065 Bi Dir. Connectivity Broken | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61066 ISE SSE Services Enrolled | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61067 ISE SSE Services Un-Enrolled | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61068 ACI Integration Performance | Sub Rule | General Performance Statistics | Information | |
| V 2.0 EVID 61069 Rest Req To Ctsmatrix Succeeded | Sub Rule | Operation Succeeded | Information | |
| V 2.0 EVID 61070 Rest Req To Ctssgacls Succeded | Sub Rule | Operation Succeeded | Information | |
| V 2.0 EVID 61071 Rest Req To Ctsenvdata Succded | Sub Rule | Operation Succeeded | Information | |
| V 2.0 EVID 61072 Error Processing REST Request | Sub Rule | Process Error | Error | |
| V 2.0 EVID 61073 Cisco Support Diag Bi-dir Conn | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61074 Node Out Of Sync Due To Expired | Sub Rule | Certificate Expired | Warning | |
| V 2.0 EVID 61075 ACI Integration Cannot Contact | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 51025 Web Services Auth Failed | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 61076 Sponsor Successfully Logged Out | Sub Rule | Operation Succeeded | Information | |
| V 2.0 EVID 61077 MyDevices Successfully Logout | Sub Rule | Operation Succeeded | Information | |
| V 2.0 EVID 61078 Rest Req To Ctsreportconfig Suc | Sub Rule | Operation Succeeded | Information | |
| V 2.0 EVID 61079 NAD TrustSec Propagation Status | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61100 ISE Learned New Tenant From ACI | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61101 ACI Tenant Removed From ISE | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61102 ISE Failed To Learn New Tenant | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61103 ISE Failed To Remove ACI Tenant | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61104 ISE Learned New Tenant From SDA | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61105 ISE Learned A New VN Info | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61106 Failed To Create VN Info In ISE | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61107 VN Info Updated In ISE | Sub Rule | Object Modified | Access Success | |
| V 2.0 EVID 61108 Failed To Update VN Info In ISE | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61109 VN Info Deleted In ISE | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61110 Failed To Delete VN Info In ISE | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61111 Domain Registration Process Fail | Sub Rule | Process Failed | Error | |
| V 2.0 EVID 61112 SPHUB Domain Reg Process Start | Sub Rule | Process/Service Started | Startup and Shutdown | |
| V 2.0 EVID 61113 Cert Req Sent To Domain Manager | Sub Rule | Certificate Request | Activity | |
| V 2.0 EVID 61114 Domain Registration Completed | Sub Rule | Registration Complete | Information | |
| V 2.0 EVID 61115 Domain Registration Failed | Sub Rule | Registration Failure | Warning | |
| V 2.0 EVID 61116 Unable To Store ACI Cert | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61117 ACI Connector Started Success | Sub Rule | Operation Succeeded | Information | |
| V 2.0 EVID 61118 Failed To Start ACI Connector | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61119 Domain De Reg Process Started | Sub Rule | Process/Service Started | Startup and Shutdown | |
| V 2.0 EVID 61120 ACI Cert Frm ISE Success Deletd | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61121 Failed To Delete ACI Cert | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61122 Failed To Delete ACI Keystore | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61123 ISE Learned A New ACI Domain | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61124 ISE Failed To Learn New ACI Dom | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61125 ISE Removed ACI Domain | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61126 Failed To Remove ACI Domain | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61127 ISE Learned A New SDA Domain | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61128 ISE Failed Learn New SDA Domain | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61129 ISE Removed SDA Domain | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61130 Failed To Remove SDA Domain | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61131 ISE Domain Reg Rsp Unsuccessful | Sub Rule | Unsuccessful Activity | Other Audit Failure | |
| V 2.0 EVID 61132 SDA Peering Initiation Failed | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61133 SDA Successfully Initiated Peer | Sub Rule | Process/Service Started | Startup and Shutdown | |
| V 2.0 EVID 61134 SDA Domain Advertisement Failed | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61135 SDA Domain Advertisement Failed | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61136 Successful SDA Domain Advertise | Sub Rule | Operation Succeeded | Information | |
| V 2.0 EVID 61137 SDA Publishing SXP Information | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61138 Error Processing MdpGatewayAdv | Sub Rule | General Error | Error | |
| V 2.0 EVID 61139 Publishing SDA Gateway Advertis | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61140 SDA Gateway Advertisement Info | Sub Rule | Publish Error | Error | |
| V 2.0 EVID 61141 Publishing SDA's VN Information | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61142 Failed To Publish SDA's VN Info | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61143 Publishing SDA's VN Information | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61144 Failed Handling SDA's VN Info | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61145 Publishing SDA Extend VN Rsp | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61146 Failed To Publish SDA Extend VN | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61147 Message Cannot Publish To ACI | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61148 Failed Parsing/Storing SDA | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61149 Failed Parsing/Storing SDA Ack | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61150 Publishing ACI Extend VN Rsp | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61151 Failed To Publish ACI Extend VN | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61152 ACI Notified ISE Received SDA | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61153 SDA Not Responded To ACI Msg | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61154 ISE Successfully Rsp To Peering | Sub Rule | Operation Succeeded | Information | |
| V 2.0 EVID 61156 SDA Published SXP Configuration | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61157 SDA SXP Config Successfully Rcv | Sub Rule | Configuration Information | Information | |
| V 2.0 EVID 61158 ISE Failed In Receiving SDA SXP | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61159 ISE Publishing Gateway Advertis | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61160 ISE Failed To Publish Gateway | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61161 ISE Learned New SXP Listener | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61162 ISE Updates VN Defined For SXP | Sub Rule | Object Modified | Access Success | |
| V 2.0 EVID 61163 ISE Learned New VN Defined For | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61164 ISE Updates SXP Listener | Sub Rule | Object Modified | Access Success | |
| V 2.0 EVID 61165 ISE Removed All SXP Connections | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61166 ACI Published Gateway Advertise | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61167 Send ACI Gateway Advertisement | Sub Rule | Message Sent | Information | |
| V 2.0 EVID 61168 Failed To Send ACI Gateway Advt | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61169 Successfully Send ACI Gateway | Sub Rule | Message Sent | Information | |
| V 2.0 EVID 61170 SDA Published Peer Domain Req | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61171 SDA Failed To Publish Peer Dom | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61172 SDA Published Peer Domain Rsp | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61173 SDA Failed To Publish Peer Dom | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61174 Process Peer Domain Request | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61175 Process Peer Domain Response | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61176 SDA Initiate Peering Process | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61177 ACI Initiate Peering Process | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61178 Peering Already Exist | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61179 Peering Process Failed ACI Dom | Sub Rule | Process Failed | Error | |
| V 2.0 EVID 61180 Peering Process Failed SDA Dom | Sub Rule | Process Failed | Error | |
| V 2.0 EVID 61181 Peering Estab B/W SDA & ACI | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61182 SDA-ACI Peering Process Failed | Sub Rule | Process Failed | Error | |
| V 2.0 EVID 61183 Received Peer Domain Request | Sub Rule | Request Received | Other Audit Success | |
| V 2.0 EVID 61184 Failed To Receive Peer Domain | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61185 Publish Peer Domain Request | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61186 Failed To Publish Peer Domain | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61187 Peering Status Created B/W ACI | Sub Rule | Object Created | Access Success | |
| V 2.0 EVID 61188 Peering Status Removed B/W ACI | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61189 Publishing Consumer To ACI | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61190 Fail To Publish Consumer To ACI | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61191 Publishing Consumer Service Req | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61192 Failed To Publish Consumer Svc | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61193 Consumer Service Frm ISE Delete | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61194 Consumer Service Frm ISE Delete | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61195 ISE Learned New SGACL From ACI | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61196 Failed To Learn New SGACL From | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61197 Successfully Updated SGACL | Sub Rule | Object Modified | Access Success | |
| V 2.0 EVID 61198 Failed To Update SGACL Learned | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61199 ACI Äôs SGACL Deleted From ISE | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61200 Failed To Delete ACI Äôs SGACL | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61201 Stored ACI Service In ISE | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61202 Failed To Store ACI Service | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61203 ISE ACI Service Updated | Sub Rule | Object Modified | Access Success | |
| V 2.0 EVID 61204 Failed To Update ACI Service | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61205 ISE ACI Service Deleted | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61206 Failed To Delete ACI Service | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61207 Published MdpConsumerServiceReq | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61208 Failed To Publish MdpConsumerSe | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61209 ISE Propagated New EEPG To ACI | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61210 ISE Fail To Propagate New EEPG | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61211 Received Endpoint Msg Frm ISE | Sub Rule | General Endpoint Message | Information | |
| V 2.0 EVID 61212 Published Endpoint To ACI | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61213 Fail To Publish Endpoint To ACI | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61214 Publishing Endpoints Addition | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61215 Publishing Endpoints Deletion | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61216 Failed To Publish ACI Binding | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61217 Failed To Publish Msg To SXP | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61218 Published ACI Binding To SXP | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61219 Failed To Publish ACI Binding | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61220 Published SXP Binding From SXP | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61221 Failed To Published SXP Binding | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61222 Received EndPointGroup Message | Sub Rule | General Endpoint Message | Information | |
| V 2.0 EVID 61223 ISE Failed To Store New SGT | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61224 Received EndPointGroup Message | Sub Rule | General Endpoint Message | Information | |
| V 2.0 EVID 61225 SGT Already Published To ACI | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61226 Published SGT To ACI | Sub Rule | Publish Information | Information | |
| V 2.0 EVID 61227 Failed Publishing SGT To ACI | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61228 ISE Created New SGT Based | Sub Rule | Object Created | Access Success | |
| V 2.0 EVID 61229 ISE Updated New SGT Based | Sub Rule | Object Modified | Access Success | |
| V 2.0 EVID 61230 ISE Removed New SGT Based | Sub Rule | Object Deleted/Removed | Access Success | |
| V 2.0 EVID 61231 Kafka Connection To ACI Error | Sub Rule | General Error | Error | |
| V 2.0 EVID 61232 Kafka Connection To ACI Error | Sub Rule | General Error | Error | |
| V 2.0 EVID 61233 Handling ACI Message Failure | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61234 Got Evt With Unknown Properties | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 61235 SDA Auth Against ACI Successful | Sub Rule | Authentication Activity | Authentication Success | |
| V 2.0 EVID 61236 SDA Failed To Auth Against ACI | Sub Rule | Authentication Failure Activity | Authentication Failure | |
| V 2.0 EVID 62000 Agentless Script Execute Comple | Sub Rule | Script Information | Information | |
| V 2.0 EVID 62001 Agentless Script Execute Failed | Sub Rule | Script Information | Information | |
| V 2.0 EVID 62002 Agentless Script Upload Complet | Sub Rule | Script Information | Information | |
| V 2.0 EVID 62003 Agentless Script Upload Failed | Sub Rule | Script Information | Information | |
| V 2.0 EVID 60181 PxGrid Cloud Device Cleanup Req | Sub Rule | Cleanup Completed | Information | |
| V 2.0 EVID 61080 High Database Tablespace Usage | Sub Rule | Database Information | Information | |
| V 2.0 EVID 61237 ACI Rejected SDA Peering Req | Sub Rule | Request Rejected | Error | |
| V 2.0 EVID 61238 SDA Rejected ACI Peering Req | Sub Rule | Request Rejected | Error | |
| V 2.0 EVID 61239 ACI Rejected SDA Delete Peering | Sub Rule | Request Rejected | Error | |
| V 2.0 EVID 61240 SDA Rejected ACI Delete Peering | Sub Rule | Request Rejected | Error | |
| V 2.0 EVID 61241 ACI Rejected SDA Extend VN Req | Sub Rule | Request Rejected | Error | |
| V 2.0 EVID 61242 ACI Rejected SDA Delete Extend | Sub Rule | Request Rejected | Error | |
| V 2.0 EVID 61243 ACI Rejected SDA Consume Svc | Sub Rule | Request Rejected | Error | |
| V 2.0 EVID 61246 ACI Rejected SDA Delete Consume | Sub Rule | Request Rejected | Error | |
| V 2.0 EVID 61244 PxGrid Not Enabled & Connected | Sub Rule | Publish Warning | Warning | |
| V 2.0 EVID 61245 PxGrid Failed To Publish Binding | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 62004 Posture Remediation Event Rcvd | Sub Rule | General Audit Message | Other Audit | |
| V 2.0 EVID 62005 Vulnerability Scan Failure | Sub Rule | General Failed Activity | Failed Activity | |
| V 2.0 EVID 61300 Network Access Policy Request | Sub Rule | General POLICY Information | Information | |
| V 2.0 EVID 61301 Device Admin Policy Request | Sub Rule | General POLICY Information | Information | |
| V 2.0 EVID 61302 Policy Pomponent Request | Sub Rule | General POLICY Information | Information |