General Catch All Level
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | CommonE vent |
|---|---|---|---|
General Catch All Level | Base Rule | Information | General Information |
EVID 2022: Boot Record Infection Clean Error | Sub Rule | Error | General Error |
EVID 3006: Task Error | Sub Rule | Error | General Error |
EVID 3008: Directory Length Access Error | Sub Rule | Error | General Error |
EVID 3032: ErrorWhileTryingTo Open/Create Log File | Sub Rule | Error | General Error |
EVID 3035: Error Launching A Program | Sub Rule | Error | General Error |
EVID 3038: Error Writing To Log | Sub Rule | Error | General Error |
EVID 3045: CA - Error While Accessing Log File | Sub Rule | Error | General Error |
EVID 3047: CA - Directory Length Access Error | Sub Rule | Error | General Error |
EVID 3055: Error Stopping Drivers | Sub Rule | Error | General Error |
EVID 3026: Error Sending Information To The Driver | Sub Rule | Error | General Error |
EVID 3027: Error Sending Folder To The Driver | Sub Rule | Error | General Error |
EVID 3028: Error Obtaining Log Data | Sub Rule | Error | General Error |
EVID 3029: Error Occurred While Enabling Driver | Sub Rule | Error | General Error |
EVID 3030: Error Occurred While Disabling Driver | Sub Rule | Error | General Error |
EVID 3031: Error While Obtaining Statistical Data | Sub Rule | Error | General Error |
EVID 3016: Error Opening Service Manager | Sub Rule | Error | General Error |
EVID 3017: Error Starting Drivers | Sub Rule | Error | General Error |
EVID 3018: Error Occurred Starting Log Subsystem | Sub Rule | Error | General Error |
EVID 3019: Error Obtaining Device Driver Versions | Sub Rule | Error | General Error |
EVID 3021: Scan Engine Error | Sub Rule | Error | General Error |
EVID 3025: Error Sending Options To Device Driver | Sub Rule | Error | General Error |
EVID 1511: Abnormal Termination | Sub Rule | Warning | General Warning |
EVID 1090: OAS Stopped | Sub Rule | Information | General Information |
EVID 1127: Scanning Engine Disabled | Sub Rule | Information | General Information |
EVID 1128: Scan Time Exceeded | Sub Rule | Information | General Information |
EVID 1204: Report OS And Serial | Sub Rule | Information | General Information |
EVID 2017: Centralized Alerting | Sub Rule | Information | General Information |
EVID 34153: Signed Content Detected | Sub Rule | Information | General Information |
EVID 34157: Protected Content Triggered | Sub Rule | Information | General Information |
EVID 34158: Password Protected Content Detected | Sub Rule | Information | General Information |
EVID 10191: Audit Results | Sub Rule | Information | General Information |
EVID 13001:MachineCompliantOrNon-CompliantWithRul | Sub Rule | Information | General Information |
EVID 14000: Intercept IPS Security Event | Sub Rule | Information | General Information |
EVID 16001: Reserved For Future Use | Sub Rule | Information | General Information |
EVID 16007: Subnet Has Become Unmonitored | Sub Rule | Information | General Information |
EVID 34152: Mail Size Filter Rule Triggered | Sub Rule | Information | General Information |
EVID 10111: Sentry Results Non-Verbose | Sub Rule | Information | General Information |
EVID 10114: Informational Event | Sub Rule | Information | General Information |
EVID 10127: IDS Testing Text | Sub Rule | Information | General Information |
EVID 10130: Informational Event | Sub Rule | Information | General Information |
EVID 10159: AutoDiscovery Results | Sub Rule | Information | General Information |
EVID 10175: ThreatScan Results | Sub Rule | Information | General Information |
EVID 10066: Informational Event | Sub Rule | Information | General Information |
EVID 10082: Informational Event | Sub Rule | Information | General Information |
EVID 10094: Smb Grind Status | Sub Rule | Information | General Information |
EVID 10095: Smb Grind Result | Sub Rule | Information | General Information |
EVID 10098: Informational Event | Sub Rule | Information | General Information |
EVID 10110: Sentry Results Verbose | Sub Rule | Information | General Information |
EVID 10032: Probe Start | Sub Rule | Information | General Information |
EVID 10033: Probe Stop | Sub Rule | Information | General Information |
EVID 10034: Informational Event | Sub Rule | Information | General Information |
EVID 10046: Probe Results Header | Sub Rule | Information | General Information |
EVID 10047: Probe Hop | Sub Rule | Information | General Information |
EVID 10050: Informational Event | Sub Rule | Information | General Information |
EVID 3037: Memory Grant Unavailable | Sub Rule | Information | General Information |
EVID 8500: Banned Item Found | Sub Rule | Information | General Information |
EVID 8502: Item Matched Filtering Criteria | Sub Rule | Information | General Information |
EVID 8503: Item Matched Spam Criteria | Sub Rule | Information | General Information |
EVID 10018: Informational Event | Sub Rule | Information | General Information |
EVID 10031: Module Results | Sub Rule | Information | General Information |
EVID 3014: Task Reports General System Error | Sub Rule | Error | General System Error |
EVID 3053: CA - Scan Reports General System Error | Sub Rule | Error | General System Error |
EVID 1200: Process Started | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10064: Crack Started | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10080: Grind Start | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10096: Sentry Started | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10097: Sentry Finished | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10112: IDS Start | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10177: Audit Stop | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 12000: Rogue System Sensor Started | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10113: IDS Stop | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10144: AutoDiscovery Start | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10145: AutoDiscovery Stop | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10157: AutoDiscovery Host Started | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10158: AutoDiscovery Host Finished | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 10176: Audit Start | Sub Rule | Startup and Shutdown | Process/Service Started |
EVID 1032: File Moved To Quarantine Area | Sub Rule | Activity | Quarantine |
EVID 1056: File Moved To Quarantine | Sub Rule | Activity | Quarantine |
EVID 1501: Infected Email Quarantined | Sub Rule | Activity | Quarantine |
EVID 2008: File Moved To Quarantine Area | Sub Rule | Activity | Quarantine |
EVID 2018: CA- Infected FileMovedToQuarantine Area | Sub Rule | Activity | Quarantine |
EVID 1065: Service Ended | Sub Rule | Startup and Shutdown | Process/Service Stopped |
EVID 1201: Process Ended | Sub Rule | Startup and Shutdown | Process/Service Stopped |
EVID 10065: Crack Finished | Sub Rule | Startup and Shutdown | Process/Service Stopped |
EVID 10081: Grind Stop | Sub Rule | Startup and Shutdown | Process/Service Stopped |
EVID 10189: Audit Host Started | Sub Rule | Startup and Shutdown | Process/Service Stopped |
EVID 10190: Audit Host Finished | Sub Rule | Startup and Shutdown | Process/Service Stopped |
EVID 12002: Rogue System Sensor Stopped | Sub Rule | Startup and Shutdown | Process/Service Stopped |
EVID 1037: Infected Boot Record Found | Sub Rule | Information | General Virus Infected |
EVID 1052: Infected Binder Object | Sub Rule | Information | General Virus Infected |
EVID 1053: Infected File Found | Sub Rule | Information | General Virus Infected |
EVID 1503: Infected Email Detected | Sub Rule | Information | General Virus Infected |
EVID 2000: Infected File Found | Sub Rule | Information | General Virus Infected |
EVID 2001: Infected File Cleaned | Sub Rule | Information | General Virus Infected |
EVID 2002: Unable To Clean Infected File | Sub Rule | Information | General Virus Infected |
EVID 2010: CA-Infected File Found | Sub Rule | Information | General Virus Infected |
EVID 1513: Virus Quarantined And Cleaned | Sub Rule | Information | General Virus Infected Information |
EVID 1514: Virus Quarantined (Not Cleaned) | Sub Rule | Information | General Virus Infected Information |
EVID 1515: Virus Replaced | Sub Rule | Information | General Virus Infected Information |
EVID 2020: Boot Record Infection Found | Sub Rule | Information | General Virus Infected Information |
EVID 2023: New File Virus Found | Sub Rule | Information | General Virus Infected Information |
EVID 2025: New File Virus Found But Move Failed | Sub Rule | Information | General Virus Infected Information |
EVID 3005: Cleaned Infected Files | Sub Rule | Information | General Virus Infected Information |
EVID 3041: CA - Virus Found In Memory | Sub Rule | Information | General Virus Infected Information |
EVID 3042: CA - Infected Boot Record Found | Sub Rule | Information | General Virus Infected Information |
EVID 3043: CA - Scan Found Infected Files | Sub Rule | Information | General Virus Infected Information |
EVID 3044: CA - Cleaned Infected Files | Sub Rule | Information | General Virus Infected Information |
EVID 8000: Infected Item Found | Sub Rule | Information | General Virus Infected Information |
EVID 2026: New File Virus Found And Moved | Sub Rule | Information | General Virus Infected Information |
EVID 2027: New File Virus Found But Move Failed | Sub Rule | Information | General Virus Infected Information |
EVID 2028: MBR Virus Found | Sub Rule | Information | General Virus Infected Information |
EVID 3002: Virus Found In Memory | Sub Rule | Information | General Virus Infected Information |
EVID 3003: Infected Boot Record Found | Sub Rule | Information | General Virus Infected Information |
EVID 3004: Task Found Infected Files | Sub Rule | Information | General Virus Infected Information |
EVID 3034: Unable To Write The Activity Log File | Sub Rule | Warning | Unable To Write Data |
EVID 1123: Upgrade Failed | Sub Rule | Error | Upgrade Failed |
EVID 1050: Unable To Repair | Sub Rule | Failed Activity | General Failed Activity |
EVID 2201: Failed To Install Software Package | Sub Rule | Failed Activity | General Failed Activity |
EVID 2216: Cannot Install Software | Sub Rule | Failed Activity | General Failed Activity |
EVID 2264: Property Collection Failed | Sub Rule | Failed Activity | General Failed Activity |
EVID 2328: Enforce Task Failed | Sub Rule | Failed Activity | General Failed Activity |
EVID 4700: Failed To Connect To CMA Updater | Sub Rule | Failed Activity | General Failed Activity |
EVID 8621: Failed To Load VSAPIScanSource Module | Sub Rule | Failed Activity | General Failed Activity |
EVID 8622: Failed To Load TransportScan Module | Sub Rule | Failed Activity | General Failed Activity |
EVID 8625: Failed To Load DLLhost | Sub Rule | Failed Activity | General Failed Activity |
EVID 8626: Product Service Failed To Start | Sub Rule | Failed Activity | General Failed Activity |
EVID 12001: Rogue System Sensor Failed To Start | Sub Rule | Failed Activity | General Failed Activity |
EVID 16009: AD Discovery Task Failed | Sub Rule | Failed Activity | General Failed Activity |
EVID 4701: Failed To Connect To CMA Scheduler | Sub Rule | Failed Activity | General Failed Activity |
EVID 4702: Failed To Save Schedule Data Into CMA | Sub Rule | Failed Activity | General Failed Activity |
EVID 8602: Failed To Download DATs | Sub Rule | Failed Activity | General Failed Activity |
EVID 8604: Failed To Load AV Engine | Sub Rule | Failed Activity | General Failed Activity |
EVID 8605: On-demand Scan Task Failed | Sub Rule | Failed Activity | General Failed Activity |
EVID 8608: Failed To Download Anti-Spam Rules | Sub Rule | Failed Activity | General Failed Activity |
EVID 1504: Infected Mail Item Deleted | Sub Rule | Information | Email Deleted |
EVID 1500: Infected Email Cleaned | Sub Rule | Information | Email Virus Cleaned |
EVID 1004: Task Completed Successfully | Sub Rule | Information | Task Completed |
EVID 1070: Task Successful | Sub Rule | Information | Task Completed |
EVID 3000: Scan Task Completed | Sub Rule | Information | Task Completed |
EVID 16008: AD Discovery Task Ran | Sub Rule | Information | Task Completed |
EVID 1005: Error While Stopping Task | Sub Rule | Error | Error Stopping Task |
EVID 1089: Scan Settings | Sub Rule | Warning | Virus Scan Configuration |
EVID 1035: Scan Was Cancelled | Sub Rule | Warning | Scan Cancelled |
EVID 1126: Scan Cancelled | Sub Rule | Warning | Scan Cancelled |
EVID 3040: CA - Scan Was Cancelled | Sub Rule | Warning | Scan Cancelled |
EVID 1040: Activity Log Error | Sub Rule | Error | Activity Log Error |
EVID 1041: Memory Allocation Error | Sub Rule | Error | Memory Allocation Error |
EVID 1077: Memory Allocation Error | Sub Rule | Error | Memory Allocation Error |
EVID 3007: Task Reports Memory Allocation Error | Sub Rule | Error | Memory Allocation Error |
EVID 3023: Memory Allocation Error | Sub Rule | Error | Memory Allocation Error |
EVID 3046: CA - Memory Allocation Error | Sub Rule | Error | Memory Allocation Error |
EVID 1042: Path Too Long | Sub Rule | Warning | Path Too Long |
EVID 1043: Media Is Write Protected | Sub Rule | Warning | Media Is Write Protected |
EVID 3009: Media Write Protected | Sub Rule | Warning | Media Is Write Protected |
EVID 3048: CA - Media Write Protected | Sub Rule | Warning | Media Is Write Protected |
EVID 1044: Specified Media Not Found | Sub Rule | Warning | Media Not Found |
EVID 3010: Specified Media Not Found | Sub Rule | Warning | Media Not Found |
EVID 3049: CA - Specified Media Not Found | Sub Rule | Warning | Media Not Found |
EVID 1045: Specified Scan Item Invalid | Sub Rule | Warning | Scan Item Invalid |
EVID 3011: Specified Scan Item Is Invalid | Sub Rule | Warning | Scan Item Invalid |
EVID 3050: CA - Specified Scan Item Invalid | Sub Rule | Warning | Scan Item Invalid |
EVID 1046: File I/O Errors | Sub Rule | Error | File I/O Error |
EVID 3012: File I/O Errors | Sub Rule | Error | File I/O Error |
EVID 3013: Disk I/O Errors | Sub Rule | Error | File I/O Error |
EVID 3051: CA - File I/O Errors | Sub Rule | Error | File I/O Error |
EVID 1047: Disk I/O Errors | Sub Rule | Error | Disk I/O Error |
EVID 3052: CA - Disk I/O Errors | Sub Rule | Error | Disk I/O Error |
EVID 1051: Unable To Scan | Sub Rule | Warning | Scan Failure - Password Protected |
EVID 1059: Scan Timed Out | Sub Rule | Warning | Scan Timeout |
EVID 1062: Error Sending Alert | Sub Rule | Error | Error Sending Alert |
EVID 1063: Invalid Options Specified | Sub Rule | Warning | Invalid Options |
EVID 1067: Unable To Start Scheduled Task | Sub Rule | Error | Failed To Start Scheduled Task |
EVID 1068: Scheduled Task Stopped | Sub Rule | Warning | Scheduled Task Stopped |
EVID 1069: Error Stopping Scheduled Task | Sub Rule | Error | Error Stopping Scheduled Task |
EVID 1071: Task Cancelled | Sub Rule | Information | Scheduled Task Canceled |
EVID 3001: Task Was Cancelled | Sub Rule | Information | Scheduled Task Canceled |
EVID 1076: Error Logging Information | Sub Rule | Error | Error Logging Information |
EVID 1086: Scan Process Error | Sub Rule | Error | Scan Process Error |
EVID 1088: On-Access Scan Stopped | Sub Rule | Information | On-Access Virus Scan Stopped |
EVID 16005: Distributed Reposit Replication Failed | Sub Rule | Error | Replication Failed |
EVID 10129: Upgrade Stop | Sub Rule | Information | Upgrade Stopped |
EVID 2204: Insufficient Disk Space To Install SW | Sub Rule | Warning | Insufficient Disk Space |
EVID 2208: Insufficient Disk Space To Download SW | Sub Rule | Warning | Insufficient Disk Space |
EVID 8603: Insufficient Disk Space | Sub Rule | Warning | Insufficient Disk Space |
EVID 34154: Encrypted Content Detected | Sub Rule | Warning | Encrypted / Corrupted Data Found |
EVID 1029: File Excluded From Scans | Sub Rule | Information | Items Excluded From Scan |
EVID 2005: File Excluded From Scans | Sub Rule | Information | Items Excluded From Scan |
EVID 2015: CA-File Excluded From Scans | Sub Rule | Information | Items Excluded From Scan |
EVID 1120: Update Running | Sub Rule | Information | Update Running |
EVID 1124: Upgrade Was Cancelled | Sub Rule | Warning | Upgrade Canceled |
EVID 16000: Computers Are Non-Compliant | Sub Rule | Other Audit | Computers Are Non-Compliant |
EVID 1094: Rule Violation Detected | Sub Rule | Warning | Rule Violation |
EVID 13002: System Compliance Profiler Rule Violation | Sub Rule | Warning | Rule Violation |
EVID 3020: Invalid Virus Signature Files | Sub Rule | Warning | Invalid Signature File |
EVID 1507: Inbound Email Suspend | Sub Rule | Warning | Inbound Email Suspend For Low Disk |
EVID 1508: Inbound Mail Resumed | Sub Rule | Information | Inbound Mail Resumed |
EVID 1030: Unable To Exclude From Scans | Sub Rule | Warning | Can't Exclude Items From Scan |
EVID 2006: Unable To Exclude From Scans | Sub Rule | Warning | Can't Exclude Items From Scan |
EVID 2016: CA-Unable To Exclude Item From Scans | Sub Rule | Warning | Can't Exclude Items From Scan |
EVID 1125: DAT Version Not New | Sub Rule | Warning | Data Version Not New Enough |
EVID 8623: Postgres Process Stopped Responding | Sub Rule | Information | General Process Information |
EVID 8624: RPCServ Process Stopped Responding | Sub Rule | Information | General Process Information |
EVID 2232: Enforce Policy Failed | Sub Rule | Information | General POLICY Information |
EVID 1129: Scan Shut Down By Windows | Sub Rule | Information | Scan Stopped |
EVID 10161: ThreatScan Stop | Sub Rule | Information | Scan Stopped |
EVID 10174: ThreatScan Host Finished | Sub Rule | Information | Scan Stopped |
EVID 1091: Violation Detected And Blocked | Sub Rule | Other Security | Security Violation |
EVID 4650: Detected Spam Email | Sub Rule | Activity | Spam Detected |
EVID 4651: Spam Email Scanning Statistics | Sub Rule | Information | Email And Web Statistics |
EVID 3022: Initialization Error With Scan Buffer | Sub Rule | Error | Initialization Error |
EVID 3036: Error During Initialization | Sub Rule | Error | Initialization Error |
EVID 10128: Upgrade Start | Sub Rule | Information | Upgrade Started |
EVID 10049: Update Stop | Sub Rule | Information | Update Stopped |
EVID 1122: Upgrade Running | Sub Rule | Information | The Upgrade Is Running |
EVID 2402: Update Failed | Sub Rule | Error | Update Failed |
EVID 16003: Master Repository Update Failed | Sub Rule | Error | Update Failed |
EVID 1003: Error Starting Task | Sub Rule | Error | Error Starting Task |
EVID 1506: Email Content Blocked | Sub Rule | Warning | Email Content Denied |
EVID 10061: Update Results Header | Sub Rule | Information | Update Event |
EVID 10062: Update Download File | Sub Rule | Information | Update Event |
EVID 10063: Update Install File | Sub Rule | Information | Update Event |
EVID 1033: Unable To Move File To Quarantine | Sub Rule | Failed Activity | Quarantined Message |
EVID 1057: Unable To Move Infected To Quarantine | Sub Rule | Failed Activity | Quarantined Message |
EVID 2009: Unable To Move File To Quarantine | Sub Rule | Failed Activity | Quarantined Message |
EVID 2019: CA- Unable To Move File To Quarantine | Sub Rule | Failed Activity | Quarantined Message |
EVID 8606: Failed To Quarantine | Sub Rule | Failed Activity | Quarantined Message |
EVID 11002: Failed Quarantine Check | Sub Rule | Failed Activity | Quarantined Message |
EVID 8607: Process Failed To Recreate | Sub Rule | Error | Process Failed |
EVID 1031: Infected File Access Denied | Sub Rule | Warning | Access Denied |
EVID 2007: Infected File Access Denied | Sub Rule | Warning | Access Denied |
EVID 10143: Upgrade Results | Sub Rule | Information | Upgrade Information |
EVID 34160: Statistics And Average Scan Time | Sub Rule | Information | System Statistics |
EVID 16004: Distributed Repo Replication Succeeded | Sub Rule | Information | Replication Successful |
EVID 3033: Activity Log File Maximum Size Reached | Sub Rule | Warning | File Exceeds Defined Size Limit |
EVID 16002: Master Repository Update Succeeded | Sub Rule | Information | Update Successful |
EVID 1509: Startup Request Processed | Sub Rule | Other Audit Success | Request Approved |
EVID 1510: Shutdown Request Processed | Sub Rule | Other Audit Success | Request Approved |
EVID 2202: Install Retry Limit Reached | Sub Rule | Error | Client Limit Reached |
EVID 1055: Unable To Delete Infected File | Sub Rule | Error | File Delete Failure |
EVID 2004: Unable To Delete Infected File | Sub Rule | Error | File Delete Failure |
EVID 2014: CA-Unable To Delete Infected File | Sub Rule | Error | File Delete Failure |
EVID 3024: Unknown Error Reported | Sub Rule | Error | Unknown Error |
EVID 1512: A Maximum Load Occurring | Sub Rule | Warning | Approaching Maximum Capacity |
EVID 1900: New MIB File Available | Sub Rule | Information | New File Found On Network |
EVID 14500: Intercept Firewall Event | Sub Rule | Information | General Firewall Event |
EVID 3039: CA - Scan Completed | Sub Rule | Other Audit Success | Scan Completed |
EVID 10017: Scan Finished | Sub Rule | Other Audit Success | Scan Completed |
EVID 10030: Scan Host Finished | Sub Rule | Other Audit Success | Scan Completed |
EVID 8501: Encrypted/Corrupted Item Found | Sub Rule | Warning | Damaged Object Found |
EVID 16006: New Rogue System Detected | Sub Rule | Information | New Device Found |
EVID 1028: Unable To Delete Infected File | Sub Rule | Error | Unable To Delete File |
EVID 2024: New File Virus Found And Deleted | Sub Rule | Access Success | Object Deleted/Removed |
EVID 16013: AD Discovery Task Removed Computers | Sub Rule | Access Success | Object Deleted/Removed |
EVID 16012: AD Discovery Task Added Computers | Sub Rule | Access Success | Object Added |
EVID 34155: Corrupted Content Detected | Sub Rule | Warning | Data Corrupt |
EVID 34150: Packer Detected | Sub Rule | Information | Device Detected |
EVID 1505: Email Content Filtered | Sub Rule | Information | Email Filter Information |
EVID 4600: WebShield - URL Blocked | Sub Rule | Information | URL Information |
EVID 34159: Blocked Mime Type Detected | Sub Rule | Warning | Device Blocked |
EVID 8601: File Reputation Failed | Sub Rule | Information | General Reputation Information |
EVID 1093: Buffer Overflow Detected | Sub Rule | Attack | Buffer Overflow/Underflow |
EVID 1099: Buffer Overflow Not Blocked | Sub Rule | Attack | Buffer Overflow/Underflow |
EVID 34151: Phish Detected | Sub Rule | Attack | Phishing Activity |
EVID 1002: Task Started Successfully | Sub Rule | Information | Scheduled Task Started |
EVID 1066: Task Started OK | Sub Rule | Information | Scheduled Task Started |
EVID 1049: Internal Application Error | Sub Rule | Error | Application Error |
EVID 3015: Internal Application Error | Sub Rule | Error | Application Error |
EVID 3054: CA - Internal Application Error | Sub Rule | Error | Application Error |
EVID 1054: Infected File Deleted | Sub Rule | Information | File Deleted |
EVID 2003: Infected File Deleted | Sub Rule | Information | File Deleted |
EVID 2013: CA-Infected File Deleted | Sub Rule | Information | File Deleted |
EVID 1025: Infected File Successfully Cleaned | Sub Rule | Activity | General Threat Message |
EVID 1026: Unable To Clean Infected File | Sub Rule | Activity | General Threat Message |
EVID 1036: Memory Infected | Sub Rule | Activity | General Threat Message |
EVID 1038: Scan Found Infected Files | Sub Rule | Activity | General Threat Message |
EVID 1039: Cleaned Infected Files | Sub Rule | Activity | General Threat Message |
EVID 1060: Virus Cleaned | Sub Rule | Activity | General Threat Message |
EVID 2021: Boot Record Infection Cleaned | Sub Rule | Activity | General Threat Message |
EVID 2100: Outbreak Rule Name | Sub Rule | Activity | General Threat Message |
EVID 11001: Intrusion Detected | Sub Rule | Activity | General Threat Message |
EVID 1061: Error While Cleaning Virus | Sub Rule | Activity | General Threat Message |
EVID 1100: Macro Detected In File | Sub Rule | Activity | General Threat Message |
EVID 1101: Macro Deleted From File | Sub Rule | Activity | General Threat Message |
EVID 1502: Unable To Clean Infected Mail | Sub Rule | Activity | General Threat Message |
EVID 2011: CA-Infected File Cleaned | Sub Rule | Activity | General Threat Message |
EVID 2012: CA-Unable To Clean Infected File | Sub Rule | Activity | General Threat Message |
EVID 10016: Scan Started | Sub Rule | Information | Scan Started |
EVID 10029: Scan Host Started | Sub Rule | Information | Scan Started |
EVID 10160: ThreatScan Start | Sub Rule | Information | Scan Started |
EVID 10173: ThreatScan Host Started | Sub Rule | Information | Scan Started |
EVID 34156: Denial Of Service Triggered | Sub Rule | Denial Of Service | Application Denial Of Service |
EVID 10048: Update Start | Sub Rule | Information | Update Process Started |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
MachineName | <dname> | Text/String | Name of the system hosting the detecting product. |
AgentGUID | N/A | N/A | Unique identifier of the agent that forwarded the event. |
IPAddress | <dip> | IP Address | IP address of the system hosting the detecting product (if given in the event). |
OSName | N/A | N/A | N/A |
UserName | <domainimpacted> | Text/String | N/A |
TimeZoneBias | N/A | N/A | N/A |
RawMACAddress | <dmac> | Text/String/Number | MAC address of the system hosting the detecting product. |
ProductName | <vendorinfo> | Text/String | Name of the detecting managed product. |
ProductVersion | <version> | Text/String/Number | Version number of the detecting product. |
ProductFamily | N/A | N/A | N/A |
EngineVersion | N/A | N/A | Version number of the detecting product’s engine |
DATVersion | N/A | N/A | DAT version on the system that sent the event. |
ScannerType | N/A | N/A | N/A |
TaskName | <object> | Text/String | N/A |
ProductFamily | N/A | N/A | N/A |
ProductName | N/A | N/A | Name of the detecting managed product. |
ProductVersion | N/A | N/A | Version number of the detecting product. |
EventID | <vmid> | Number | Unique identifier of the event class. |
Severity | <severity> | Text/String/Number | N/A |
GMTTime | N/A | N/A | N/A |
UTCTime | N/A | N/A | N/A |