Skip to main content
Skip table of contents

EVID : 18056 : EPO - Buffer Overflow Blocked

Vendor Documentation

Classification

Rule Name

Rule Type

Classification

Common Event

EVID: 18056: EPO - Buffer Overflow Blocked

Base Rule

Failed Attack

Failed General Attack Activity

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

MachineName

N/A

N/A

Name of the system hosting the detecting product.

AgentGUID

N/A

N/A

Unique identifier of the agent that forwarded the event.

IPAddress

<dip>

Ip Address

IP address of the system hosting the detecting product (if given in the event).

OSName

N/A

N/A

N/A

UserName

N/A

N/A

N/A

TimeZoneBias

N/A

N/A

N/A

RawMACAddress

<dmac>

Text/Number

MAC address of the system hosting the detecting product.

ProductName

<vendorinfo>

Text/String

Name of the detecting managed product.

ProductVersion

<version>

Text/Number

Version number of the detecting product.

ProductFamily

N/A

N/A

N/A

Analyzer

N/A

N/A

N/A

AnalyzerName

N/A

N/A

Name of the detecting managed product.

AnalyzerVersion

N/A

N/A

Version number of the detecting product.

AnalyzerHostName

N/A

N/A

Name of the system hosting the detecting product.

AnalyzerDetectionMethod

N/A

N/A

The name of the task or task type that was responsible for detecting the threat.

EventID

<vmid>

Number

Unique identifier of the event class.

Severity

N/A

N/A

N/A

GMTTime

N/A

N/A

N/A

ThreatCategory

<subject>

Text/String

Category of the event. Possible categories depend on the product.

ThreatEventID

N/A

N/A

N/A

ThreatName

<threatname>

Text/String

Name of the threat.

ThreatType

N/A

N/A

Class of the threat.

ThreatActionTaken

<action>

Text/String

The action taken by the product in response to the threat.

ThreatHandled

<result>

Text/String

Specifies whether the action taken was successful.

TargetHostName

<dname>

Text/String

Name of the system that created the event.

TargetUserName

<domainimpacted>
<account>

Text/String

The threat source user name or email address.

TargetProcessName

<process>

Text/String

The target process name (if given in the event).

TargetFileName

<object>

Text/String

Location of the threat on the detecting system.

ThreatSeverity

<severity>

Text/String/Number

The severity of the detected threat as defined by each managed product.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.