Skip to main content
Skip table of contents

EVID : 18060 : EPO - Exploit Attempt Detected

Vendor Documentation

Classification

Rule Name

Rule Type

Classification

Common Event

EVID : 18060 : EPO - Exploit Attempt Detected

Base Rule

Failed Attack

Failed General Attack Activity

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
MachineNameN/AN/AName of the system hosting the detecting product.
AgentGUIDN/AN/AUnique identifier of the agent that forwarded the event.
IPAddressN/AN/AIP address of the system hosting the detecting product (if given in the event).
OSNameN/AN/AN/A
UserNameN/AN/AN/A
TimeZoneBiasN/AN/AN/A
RawMACAddressN/AN/AMAC address of the system hosting the detecting product.
ProductName<vendorinfo>Text/StringName of the detecting managed product.
ProductVersion<version>Text/String/NumberVersion number of the detecting product.
ProductFamilyN/AN/AN/A
AnalyzerN/AN/AN/A
AnalyzerNameN/AN/AName of the detecting managed product.
AnalyzerVersionN/AN/AVersion number of the detecting product.
AnalyzerHostNameN/AN/AName of the system hosting the detecting product.
AnalyzerDetectionMethodN/AN/AThe name of the task or task type that was responsible for detecting the threat.
EventID<vmid>NumberUnique identifier of the event class.
SeverityN/AN/AN/A
GMTTimeN/AN/AN/A
ThreatCategory<subject>Text/StringCategory of the event. Possible categories depend on the product.
ThreatEventIDN/AN/AUnique identifier of the event class.
ThreatName<threatname>Text/StringName of the threat.
ThreatTypeN/AN/AClass of the threat.
DetectedUTCN/AN/AN/A
ThreatActionTaken<action>Text/StringThe action taken by the product in response to the threat.
ThreatHandled<result>Text/StringSpecifies whether the action taken was successful.
SourceUserName<domainorigin>
<login>
Text/StringUser name from which the threat originated (if given in the event).
SourceProcessName<process>Text/StringThe process name from which the threat originated.
SourceIPV4<sip>IP AddressIPv4 address of the system from which the threat originated (if given in the event).
SourceMAC<smac>Text/StringMAC address of the system from which the threat originated (if given in the event).
TargetHostName<dname>Text/StringName of the system that created the event.
TargetUserName<account>Text/StringThe threat source user name or email address.
TargetFileName<object>Text/StringLocation of the threat on the detecting system.
TargetIPV4<dip>IP AddressIPv4 address of the system that sent the event.
TargetPort<dport>NumberThe threat target port for threat classes.
TargetMAC<dmac>Text/StringMAC address of the system that sent the event.
ThreatSeverity<severity>Text/String/NumberThe severity of the detected threat as defined by each managed product.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.