Skip to main content
Skip table of contents

EVID 430001: Intrusion Event

Classification

Rule Name

Rule Type

Common Event

Classification

EVID 430001: Intrusion EventBase RuleIntrusion Monitor MessageOther Security
SID 16431 : Generic SQL Injection AttemptSub RuleSQL InjectionAttack
SID 19438 : SQL URL Ending In Comment CharactersSub RuleSQL InjectionAttack
SID 19439 : SQL 1=1Sub RuleSQL InjectionAttack
SID 21516 : JBoss JMX Console AccessSub RuleGeneral Attack ActivityAttack
SID 24342 : WEB-MISC JBoss Web Console Acc AtmtSub RuleGeneral Attack ActivityAttack
SID 24343 : WEB-MISC JBoss JMXInvokrSrvlt Acc AtmtSub RuleGeneral Attack ActivityAttack
SID 25975 : Adb CldFsion Admin Interface Acc AtmtSub RuleGeneral Attack ActivityAttack
SID 26275 : DD-WRT Httpd Cgi-bin Rmt Cmd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 27572 : ApacheStruts Wldcrd Mtch OGNL RmtCdExeSub RuleArbitrary Code ExecutionAttack
SID 27574 : ApchStrutOGNL GtRntime.execStatcMthAccSub RuleGeneral Attack ActivityAttack
SID 31978 : Bash CGI Env Variable Inj AtmtSub RuleArbitrary Code ExecutionAttack
SID 37078 : JDbDrivrMysqli Unserialize Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 38352 : WinOrchTrjnOrchNetWrdRC Vrnt Chk LogsSub RuleDetected Trojan ActivityMalware
SID 39058 : JSP Webshell Backdoor DetctSub RuleDetected Backdoor ActivityMalware
SID 39190 : Apache Struts Rmt Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 39191 : Apache Struts Rmt Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 41818 : Apache Struts Rmt Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 41819 : Apache Struts Rmt Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 42857 : MVPower DVR Shell Arbtry Cmd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 44315 : Java XML Deserlz Rmt Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 44531 : Apache Tomcat Rmt JSP File Upload AtmtSub RuleSuspicious Host ActivitySuspicious
SID 44687 : Netgear Router Auth Bypass AtmtSub RuleGeneral Attack ActivityAttack
SID 44688 : Netgear Router Arbtry Cmd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 45749 : PHPUnit PHP Rmt Cd Exe Atmt Sub RuleArbitrary Code ExecutionAttack
SID 46316 : Drupal 8 Rmt Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 46486 : Slimware Utilities Var Outbnd ConnSub RuleDetected Adware ActivityMalware
SID 46624 : GPON Router Authen Bypass Cmd Inj AtmtSub RuleArbitrary Code ExecutionAttack
SID 47567 : WinTrjnZegost Var Outbnd ConnSub RuleDetected Trojan ActivityMalware
SID 47634 : OGNL GetRntimeexe Static Mthd Acc AtmtSub RuleGeneral Attack ActivityAttack
SID 47649 : Apache Struts Rmt Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 47684 : RouterOS Directory Traversal AtmtSub RuleGeneral Attack ActivityAttack
SID 49376 : Apache Struts Rmt Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 49666 : SQL HTTP URI Blind Injection AttemptSub RuleSQL InjectionAttack
SID 51390 : Pulse Sec SSL VPN Version Chk AtmtSub RuleGeneral Attack ActivityAttack
SID 51620 : VBulletin Pre-Auth Cmd Inj AtmtSub RuleArbitrary Code ExecutionAttack
SID 52512 : Citrix ADC Gateway Arbtry Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 52603 : Citrix ADC Gateway Arbtry Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 52620 : Citrix ADC Gateway Arbtry Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 53589 : SERVER-WEBAPP DrayTek Multi Prod CmdSub RuleArbitrary Code ExecutionAttack
SID 53590 : SERVER-WEBAPP DrayTek Multi Prod CmdSub RuleArbitrary Code ExecutionAttack
SID 54307 : Js.Adware.Agent Varnt RedirectSub RuleDetected Adware ActivityMalware
SID 54768 : Vbulletin Template Render Cd Exe AtmtSub RuleArbitrary Code ExecutionAttack
SID 54794 : Zeroshell Linux RouterCmd Inj AtmtSub RuleArbitrary Code ExecutionAttack

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

SID<vmid>Number
DeviceUUID<vendorinfo>Text/String
N/A<severity>String
SrcIP<sip>Number
IngressZone<sname>String
DstIP<dip>Number
EgressZone<dname>String
srcport<sport>Number
dstport<dport>Number
IngressInterface<sinterface>String
EgressInterface<dinterface>String
Protocol<protname>String
User<login>String
NAPPolicy<process>String
Classification<object>String
Message<subject>String
VLAN_ID<serialnumber>Number
Client<useragent>String
ACPolicy<policy>String
GID<group>String
ApplicationProtocol<command>String
IntrusionPolicy<action>String
InlineResult<result>String
HTTPResponse<responsecode>Number
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close