Skip to main content
Skip table of contents

Alert Messages

Vendor Documentation

https://www.forcepoint.com/product/ngfw-next-generation-firewall
https://help.stonesoft.com/onlinehelp/StoneGate/SMC/6.5.0/GUID-71291199-8540-496C-A4DF-52A69E8FE227.html
https://support.forcepoint.com/KBArticle?id=000015002
https://www.websense.com/content/support/library/ngfw/v64/mgmt/ngfw_640_pg_a_en-us.pdf

Classification

Rule Name

Rule Type

Common Event

Classification


Alert MessagesBase RuleGeneral Alert MessageInformation
EVID 76509 : File_Malware-DetectedSub RuleDetected Malware ActivityMalware
EVID 70471 : DNS_Server-Class-UnknownSub RuleNon Compliant DNSActivity
EVID 70590 : TCP_Checksum-MismatchSub RuleVuln Low Severity : TCP/IPVulnerability
EVID 70422 : DNS_Client-UDP-Extra-DataSub RuleNon Compliant DNSActivity
EVID 70428 : DNS_Client-Type-UnknownSub RuleNon Compliant DNSActivity
EVID 70407 : DNS_Client-Name-Bad-Label-TypeSub RuleNon Compliant DNSActivity
EVID 79891 : HTTP_Headerline_LFSub RuleNon Compliant DNSActivity
EVID 501487 : Binary_Confl-Content-Type-Text-PlainSub RuleVuln Low Severity : Protocol ViolationVulnerability
EVID 501485 : Binary_Conflicting-Content-Type-TextSub RuleVuln Low Severity : Protocol ViolationVulnerability
EVID 76457 : HTTP_Server-Nested-Multipart-MessageSub RuleVuln Low Severity : Web ServerVulnerability
EVID 70425 : DNS_Client-Class-UnknownSub RuleNon Compliant DNSActivity
EVID 278069 : MHTML-Info-Dsclosure-CVE-2011-0096-3Sub RuleVuln High Severity : Web ServerVulnerability
EVID 275505 : HTTP_SLS-Unauthorized-Status-CodeSub RuleUser Logon FailureAuthentication Failure
EVID 316105 : Authentication-Null-Session-DOSSub RuleVuln Low Severity : Denial Of ServiceVulnerability
EVID 264210 : HTTPS_CS-OpenSSL-SSLv3-Get-Shared-CiSub RuleCipher InformationInformation
EVID 276065 : HTTP_CSU-Excessively-Long-UrlSub RuleUrl Too LongWarning
EVID 70613 : TCP_Segment-InvalidSub RuleGeneral TCP/IP WarningWarning
EVID 70802 : System_Engine-LOGIN_FailedSub RuleComputer Logon FailureAuthentication Failure
EVID 71423 : HTTP_Client-Obsolete-Header-Line-FoldSub RuleHTTP Header ErrorError

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData Type
Version

<version>

Number
vmid<vmid>Number
objectname<objectname>Text/String
cve<cve>Text/String/Number
severity<severity>Text/String/Number
spt<sport>Number
dst<dip>IP Address
cat<subject>Text/String/Number
requestURL<url>Text/String
app<session>Text/String/Number
act<command>Text/String
deviceoutboundinterface<sinterface>Text/String/Number
deviceinboundinterface<dinterface>Text/String/Number
proto<protnum>Number
dpt<dport>Number
src<sip>IP Address
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close