Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
CommonE vent |
|---|---|---|---|
|
General Catch All Level |
Base Rule |
Information |
General Information |
|
EVID 2022: Boot Record Infection Clean Error |
Sub Rule |
Error |
General Error |
|
EVID 3006: Task Error |
Sub Rule |
Error |
General Error |
|
EVID 3008: Directory Length Access Error |
Sub Rule |
Error |
General Error |
|
EVID 3032: ErrorWhileTryingTo Open/Create Log File |
Sub Rule |
Error |
General Error |
|
EVID 3035: Error Launching A Program |
Sub Rule |
Error |
General Error |
|
EVID 3038: Error Writing To Log |
Sub Rule |
Error |
General Error |
|
EVID 3045: CA - Error While Accessing Log File |
Sub Rule |
Error |
General Error |
|
EVID 3047: CA - Directory Length Access Error |
Sub Rule |
Error |
General Error |
|
EVID 3055: Error Stopping Drivers |
Sub Rule |
Error |
General Error |
|
EVID 3026: Error Sending Information To The Driver |
Sub Rule |
Error |
General Error |
|
EVID 3027: Error Sending Folder To The Driver |
Sub Rule |
Error |
General Error |
|
EVID 3028: Error Obtaining Log Data |
Sub Rule |
Error |
General Error |
|
EVID 3029: Error Occurred While Enabling Driver |
Sub Rule |
Error |
General Error |
|
EVID 3030: Error Occurred While Disabling Driver |
Sub Rule |
Error |
General Error |
|
EVID 3031: Error While Obtaining Statistical Data |
Sub Rule |
Error |
General Error |
|
EVID 3016: Error Opening Service Manager |
Sub Rule |
Error |
General Error |
|
EVID 3017: Error Starting Drivers |
Sub Rule |
Error |
General Error |
|
EVID 3018: Error Occurred Starting Log Subsystem |
Sub Rule |
Error |
General Error |
|
EVID 3019: Error Obtaining Device Driver Versions |
Sub Rule |
Error |
General Error |
|
EVID 3021: Scan Engine Error |
Sub Rule |
Error |
General Error |
|
EVID 3025: Error Sending Options To Device Driver |
Sub Rule |
Error |
General Error |
|
EVID 1511: Abnormal Termination |
Sub Rule |
Warning |
General Warning |
|
EVID 1090: OAS Stopped |
Sub Rule |
Information |
General Information |
|
EVID 1127: Scanning Engine Disabled |
Sub Rule |
Information |
General Information |
|
EVID 1128: Scan Time Exceeded |
Sub Rule |
Information |
General Information |
|
EVID 1204: Report OS And Serial |
Sub Rule |
Information |
General Information |
|
EVID 2017: Centralized Alerting |
Sub Rule |
Information |
General Information |
|
EVID 34153: Signed Content Detected |
Sub Rule |
Information |
General Information |
|
EVID 34157: Protected Content Triggered |
Sub Rule |
Information |
General Information |
|
EVID 34158: Password Protected Content Detected |
Sub Rule |
Information |
General Information |
|
EVID 10191: Audit Results |
Sub Rule |
Information |
General Information |
|
EVID 13001:MachineCompliantOrNon-CompliantWithRul |
Sub Rule |
Information |
General Information |
|
EVID 14000: Intercept IPS Security Event |
Sub Rule |
Information |
General Information |
|
EVID 16001: Reserved For Future Use |
Sub Rule |
Information |
General Information |
|
EVID 16007: Subnet Has Become Unmonitored |
Sub Rule |
Information |
General Information |
|
EVID 34152: Mail Size Filter Rule Triggered |
Sub Rule |
Information |
General Information |
|
EVID 10111: Sentry Results Non-Verbose |
Sub Rule |
Information |
General Information |
|
EVID 10114: Informational Event |
Sub Rule |
Information |
General Information |
|
EVID 10127: IDS Testing Text |
Sub Rule |
Information |
General Information |
|
EVID 10130: Informational Event |
Sub Rule |
Information |
General Information |
|
EVID 10159: AutoDiscovery Results |
Sub Rule |
Information |
General Information |
|
EVID 10175: ThreatScan Results |
Sub Rule |
Information |
General Information |
|
EVID 10066: Informational Event |
Sub Rule |
Information |
General Information |
|
EVID 10082: Informational Event |
Sub Rule |
Information |
General Information |
|
EVID 10094: Smb Grind Status |
Sub Rule |
Information |
General Information |
|
EVID 10095: Smb Grind Result |
Sub Rule |
Information |
General Information |
|
EVID 10098: Informational Event |
Sub Rule |
Information |
General Information |
|
EVID 10110: Sentry Results Verbose |
Sub Rule |
Information |
General Information |
|
EVID 10032: Probe Start |
Sub Rule |
Information |
General Information |
|
EVID 10033: Probe Stop |
Sub Rule |
Information |
General Information |
|
EVID 10034: Informational Event |
Sub Rule |
Information |
General Information |
|
EVID 10046: Probe Results Header |
Sub Rule |
Information |
General Information |
|
EVID 10047: Probe Hop |
Sub Rule |
Information |
General Information |
|
EVID 10050: Informational Event |
Sub Rule |
Information |
General Information |
|
EVID 3037: Memory Grant Unavailable |
Sub Rule |
Information |
General Information |
|
EVID 8500: Banned Item Found |
Sub Rule |
Information |
General Information |
|
EVID 8502: Item Matched Filtering Criteria |
Sub Rule |
Information |
General Information |
|
EVID 8503: Item Matched Spam Criteria |
Sub Rule |
Information |
General Information |
|
EVID 10018: Informational Event |
Sub Rule |
Information |
General Information |
|
EVID 10031: Module Results |
Sub Rule |
Information |
General Information |
|
EVID 3014: Task Reports General System Error |
Sub Rule |
Error |
General System Error |
|
EVID 3053: CA - Scan Reports General System Error |
Sub Rule |
Error |
General System Error |
|
EVID 1200: Process Started |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10064: Crack Started |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10080: Grind Start |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10096: Sentry Started |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10097: Sentry Finished |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10112: IDS Start |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10177: Audit Stop |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 12000: Rogue System Sensor Started |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10113: IDS Stop |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10144: AutoDiscovery Start |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10145: AutoDiscovery Stop |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10157: AutoDiscovery Host Started |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10158: AutoDiscovery Host Finished |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 10176: Audit Start |
Sub Rule |
Startup and Shutdown |
Process/Service Started |
|
EVID 1032: File Moved To Quarantine Area |
Sub Rule |
Activity |
Quarantine |
|
EVID 1056: File Moved To Quarantine |
Sub Rule |
Activity |
Quarantine |
|
EVID 1501: Infected Email Quarantined |
Sub Rule |
Activity |
Quarantine |
|
EVID 2008: File Moved To Quarantine Area |
Sub Rule |
Activity |
Quarantine |
|
EVID 2018: CA- Infected FileMovedToQuarantine Area |
Sub Rule |
Activity |
Quarantine |
|
EVID 1065: Service Ended |
Sub Rule |
Startup and Shutdown |
Process/Service Stopped |
|
EVID 1201: Process Ended |
Sub Rule |
Startup and Shutdown |
Process/Service Stopped |
|
EVID 10065: Crack Finished |
Sub Rule |
Startup and Shutdown |
Process/Service Stopped |
|
EVID 10081: Grind Stop |
Sub Rule |
Startup and Shutdown |
Process/Service Stopped |
|
EVID 10189: Audit Host Started |
Sub Rule |
Startup and Shutdown |
Process/Service Stopped |
|
EVID 10190: Audit Host Finished |
Sub Rule |
Startup and Shutdown |
Process/Service Stopped |
|
EVID 12002: Rogue System Sensor Stopped |
Sub Rule |
Startup and Shutdown |
Process/Service Stopped |
|
EVID 1037: Infected Boot Record Found |
Sub Rule |
Information |
General Virus Infected |
|
EVID 1052: Infected Binder Object |
Sub Rule |
Information |
General Virus Infected |
|
EVID 1053: Infected File Found |
Sub Rule |
Information |
General Virus Infected |
|
EVID 1503: Infected Email Detected |
Sub Rule |
Information |
General Virus Infected |
|
EVID 2000: Infected File Found |
Sub Rule |
Information |
General Virus Infected |
|
EVID 2001: Infected File Cleaned |
Sub Rule |
Information |
General Virus Infected |
|
EVID 2002: Unable To Clean Infected File |
Sub Rule |
Information |
General Virus Infected |
|
EVID 2010: CA-Infected File Found |
Sub Rule |
Information |
General Virus Infected |
|
EVID 1513: Virus Quarantined And Cleaned |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 1514: Virus Quarantined (Not Cleaned) |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 1515: Virus Replaced |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 2020: Boot Record Infection Found |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 2023: New File Virus Found |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 2025: New File Virus Found But Move Failed |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 3005: Cleaned Infected Files |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 3041: CA - Virus Found In Memory |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 3042: CA - Infected Boot Record Found |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 3043: CA - Scan Found Infected Files |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 3044: CA - Cleaned Infected Files |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 8000: Infected Item Found |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 2026: New File Virus Found And Moved |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 2027: New File Virus Found But Move Failed |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 2028: MBR Virus Found |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 3002: Virus Found In Memory |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 3003: Infected Boot Record Found |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 3004: Task Found Infected Files |
Sub Rule |
Information |
General Virus Infected Information |
|
EVID 3034: Unable To Write The Activity Log File |
Sub Rule |
Warning |
Unable To Write Data |
|
EVID 1123: Upgrade Failed |
Sub Rule |
Error |
Upgrade Failed |
|
EVID 1050: Unable To Repair |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 2201: Failed To Install Software Package |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 2216: Cannot Install Software |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 2264: Property Collection Failed |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 2328: Enforce Task Failed |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 4700: Failed To Connect To CMA Updater |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 8621: Failed To Load VSAPIScanSource Module |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 8622: Failed To Load TransportScan Module |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 8625: Failed To Load DLLhost |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 8626: Product Service Failed To Start |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 12001: Rogue System Sensor Failed To Start |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 16009: AD Discovery Task Failed |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 4701: Failed To Connect To CMA Scheduler |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 4702: Failed To Save Schedule Data Into CMA |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 8602: Failed To Download DATs |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 8604: Failed To Load AV Engine |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 8605: On-demand Scan Task Failed |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 8608: Failed To Download Anti-Spam Rules |
Sub Rule |
Failed Activity |
General Failed Activity |
|
EVID 1504: Infected Mail Item Deleted |
Sub Rule |
Information |
Email Deleted |
|
EVID 1500: Infected Email Cleaned |
Sub Rule |
Information |
Email Virus Cleaned |
|
EVID 1004: Task Completed Successfully |
Sub Rule |
Information |
Task Completed |
|
EVID 1070: Task Successful |
Sub Rule |
Information |
Task Completed |
|
EVID 3000: Scan Task Completed |
Sub Rule |
Information |
Task Completed |
|
EVID 16008: AD Discovery Task Ran |
Sub Rule |
Information |
Task Completed |
|
EVID 1005: Error While Stopping Task |
Sub Rule |
Error |
Error Stopping Task |
|
EVID 1089: Scan Settings |
Sub Rule |
Warning |
Virus Scan Configuration |
|
EVID 1035: Scan Was Cancelled |
Sub Rule |
Warning |
Scan Cancelled |
|
EVID 1126: Scan Cancelled |
Sub Rule |
Warning |
Scan Cancelled |
|
EVID 3040: CA - Scan Was Cancelled |
Sub Rule |
Warning |
Scan Cancelled |
|
EVID 1040: Activity Log Error |
Sub Rule |
Error |
Activity Log Error |
|
EVID 1041: Memory Allocation Error |
Sub Rule |
Error |
Memory Allocation Error |
|
EVID 1077: Memory Allocation Error |
Sub Rule |
Error |
Memory Allocation Error |
|
EVID 3007: Task Reports Memory Allocation Error |
Sub Rule |
Error |
Memory Allocation Error |
|
EVID 3023: Memory Allocation Error |
Sub Rule |
Error |
Memory Allocation Error |
|
EVID 3046: CA - Memory Allocation Error |
Sub Rule |
Error |
Memory Allocation Error |
|
EVID 1042: Path Too Long |
Sub Rule |
Warning |
Path Too Long |
|
EVID 1043: Media Is Write Protected |
Sub Rule |
Warning |
Media Is Write Protected |
|
EVID 3009: Media Write Protected |
Sub Rule |
Warning |
Media Is Write Protected |
|
EVID 3048: CA - Media Write Protected |
Sub Rule |
Warning |
Media Is Write Protected |
|
EVID 1044: Specified Media Not Found |
Sub Rule |
Warning |
Media Not Found |
|
EVID 3010: Specified Media Not Found |
Sub Rule |
Warning |
Media Not Found |
|
EVID 3049: CA - Specified Media Not Found |
Sub Rule |
Warning |
Media Not Found |
|
EVID 1045: Specified Scan Item Invalid |
Sub Rule |
Warning |
Scan Item Invalid |
|
EVID 3011: Specified Scan Item Is Invalid |
Sub Rule |
Warning |
Scan Item Invalid |
|
EVID 3050: CA - Specified Scan Item Invalid |
Sub Rule |
Warning |
Scan Item Invalid |
|
EVID 1046: File I/O Errors |
Sub Rule |
Error |
File I/O Error |
|
EVID 3012: File I/O Errors |
Sub Rule |
Error |
File I/O Error |
|
EVID 3013: Disk I/O Errors |
Sub Rule |
Error |
File I/O Error |
|
EVID 3051: CA - File I/O Errors |
Sub Rule |
Error |
File I/O Error |
|
EVID 1047: Disk I/O Errors |
Sub Rule |
Error |
Disk I/O Error |
|
EVID 3052: CA - Disk I/O Errors |
Sub Rule |
Error |
Disk I/O Error |
|
EVID 1051: Unable To Scan |
Sub Rule |
Warning |
Scan Failure - Password Protected |
|
EVID 1059: Scan Timed Out |
Sub Rule |
Warning |
Scan Timeout |
|
EVID 1062: Error Sending Alert |
Sub Rule |
Error |
Error Sending Alert |
|
EVID 1063: Invalid Options Specified |
Sub Rule |
Warning |
Invalid Options |
|
EVID 1067: Unable To Start Scheduled Task |
Sub Rule |
Error |
Failed To Start Scheduled Task |
|
EVID 1068: Scheduled Task Stopped |
Sub Rule |
Warning |
Scheduled Task Stopped |
|
EVID 1069: Error Stopping Scheduled Task |
Sub Rule |
Error |
Error Stopping Scheduled Task |
|
EVID 1071: Task Cancelled |
Sub Rule |
Information |
Scheduled Task Canceled |
|
EVID 3001: Task Was Cancelled |
Sub Rule |
Information |
Scheduled Task Canceled |
|
EVID 1076: Error Logging Information |
Sub Rule |
Error |
Error Logging Information |
|
EVID 1086: Scan Process Error |
Sub Rule |
Error |
Scan Process Error |
|
EVID 1088: On-Access Scan Stopped |
Sub Rule |
Information |
On-Access Virus Scan Stopped |
|
EVID 16005: Distributed Reposit Replication Failed |
Sub Rule |
Error |
Replication Failed |
|
EVID 10129: Upgrade Stop |
Sub Rule |
Information |
Upgrade Stopped |
|
EVID 2204: Insufficient Disk Space To Install SW |
Sub Rule |
Warning |
Insufficient Disk Space |
|
EVID 2208: Insufficient Disk Space To Download SW |
Sub Rule |
Warning |
Insufficient Disk Space |
|
EVID 8603: Insufficient Disk Space |
Sub Rule |
Warning |
Insufficient Disk Space |
|
EVID 34154: Encrypted Content Detected |
Sub Rule |
Warning |
Encrypted / Corrupted Data Found |
|
EVID 1029: File Excluded From Scans |
Sub Rule |
Information |
Items Excluded From Scan |
|
EVID 2005: File Excluded From Scans |
Sub Rule |
Information |
Items Excluded From Scan |
|
EVID 2015: CA-File Excluded From Scans |
Sub Rule |
Information |
Items Excluded From Scan |
|
EVID 1120: Update Running |
Sub Rule |
Information |
Update Running |
|
EVID 1124: Upgrade Was Cancelled |
Sub Rule |
Warning |
Upgrade Canceled |
|
EVID 16000: Computers Are Non-Compliant |
Sub Rule |
Other Audit |
Computers Are Non-Compliant |
|
EVID 1094: Rule Violation Detected |
Sub Rule |
Warning |
Rule Violation |
|
EVID 13002: System Compliance Profiler Rule Violation |
Sub Rule |
Warning |
Rule Violation |
|
EVID 3020: Invalid Virus Signature Files |
Sub Rule |
Warning |
Invalid Signature File |
|
EVID 1507: Inbound Email Suspend |
Sub Rule |
Warning |
Inbound Email Suspend For Low Disk |
|
EVID 1508: Inbound Mail Resumed |
Sub Rule |
Information |
Inbound Mail Resumed |
|
EVID 1030: Unable To Exclude From Scans |
Sub Rule |
Warning |
Can't Exclude Items From Scan |
|
EVID 2006: Unable To Exclude From Scans |
Sub Rule |
Warning |
Can't Exclude Items From Scan |
|
EVID 2016: CA-Unable To Exclude Item From Scans |
Sub Rule |
Warning |
Can't Exclude Items From Scan |
|
EVID 1125: DAT Version Not New |
Sub Rule |
Warning |
Data Version Not New Enough |
|
EVID 8623: Postgres Process Stopped Responding |
Sub Rule |
Information |
General Process Information |
|
EVID 8624: RPCServ Process Stopped Responding |
Sub Rule |
Information |
General Process Information |
|
EVID 2232: Enforce Policy Failed |
Sub Rule |
Information |
General POLICY Information |
|
EVID 1129: Scan Shut Down By Windows |
Sub Rule |
Information |
Scan Stopped |
|
EVID 10161: ThreatScan Stop |
Sub Rule |
Information |
Scan Stopped |
|
EVID 10174: ThreatScan Host Finished |
Sub Rule |
Information |
Scan Stopped |
|
EVID 1091: Violation Detected And Blocked |
Sub Rule |
Other Security |
Security Violation |
|
EVID 4650: Detected Spam Email |
Sub Rule |
Activity |
Spam Detected |
|
EVID 4651: Spam Email Scanning Statistics |
Sub Rule |
Information |
Email And Web Statistics |
|
EVID 3022: Initialization Error With Scan Buffer |
Sub Rule |
Error |
Initialization Error |
|
EVID 3036: Error During Initialization |
Sub Rule |
Error |
Initialization Error |
|
EVID 10128: Upgrade Start |
Sub Rule |
Information |
Upgrade Started |
|
EVID 10049: Update Stop |
Sub Rule |
Information |
Update Stopped |
|
EVID 1122: Upgrade Running |
Sub Rule |
Information |
The Upgrade Is Running |
|
EVID 2402: Update Failed |
Sub Rule |
Error |
Update Failed |
|
EVID 16003: Master Repository Update Failed |
Sub Rule |
Error |
Update Failed |
|
EVID 1003: Error Starting Task |
Sub Rule |
Error |
Error Starting Task |
|
EVID 1506: Email Content Blocked |
Sub Rule |
Warning |
Email Content Denied |
|
EVID 10061: Update Results Header |
Sub Rule |
Information |
Update Event |
|
EVID 10062: Update Download File |
Sub Rule |
Information |
Update Event |
|
EVID 10063: Update Install File |
Sub Rule |
Information |
Update Event |
|
EVID 1033: Unable To Move File To Quarantine |
Sub Rule |
Failed Activity |
Quarantined Message |
|
EVID 1057: Unable To Move Infected To Quarantine |
Sub Rule |
Failed Activity |
Quarantined Message |
|
EVID 2009: Unable To Move File To Quarantine |
Sub Rule |
Failed Activity |
Quarantined Message |
|
EVID 2019: CA- Unable To Move File To Quarantine |
Sub Rule |
Failed Activity |
Quarantined Message |
|
EVID 8606: Failed To Quarantine |
Sub Rule |
Failed Activity |
Quarantined Message |
|
EVID 11002: Failed Quarantine Check |
Sub Rule |
Failed Activity |
Quarantined Message |
|
EVID 8607: Process Failed To Recreate |
Sub Rule |
Error |
Process Failed |
|
EVID 1031: Infected File Access Denied |
Sub Rule |
Warning |
Access Denied |
|
EVID 2007: Infected File Access Denied |
Sub Rule |
Warning |
Access Denied |
|
EVID 10143: Upgrade Results |
Sub Rule |
Information |
Upgrade Information |
|
EVID 34160: Statistics And Average Scan Time |
Sub Rule |
Information |
System Statistics |
|
EVID 16004: Distributed Repo Replication Succeeded |
Sub Rule |
Information |
Replication Successful |
|
EVID 3033: Activity Log File Maximum Size Reached |
Sub Rule |
Warning |
File Exceeds Defined Size Limit |
|
EVID 16002: Master Repository Update Succeeded |
Sub Rule |
Information |
Update Successful |
|
EVID 1509: Startup Request Processed |
Sub Rule |
Other Audit Success |
Request Approved |
|
EVID 1510: Shutdown Request Processed |
Sub Rule |
Other Audit Success |
Request Approved |
|
EVID 2202: Install Retry Limit Reached |
Sub Rule |
Error |
Client Limit Reached |
|
EVID 1055: Unable To Delete Infected File |
Sub Rule |
Error |
File Delete Failure |
|
EVID 2004: Unable To Delete Infected File |
Sub Rule |
Error |
File Delete Failure |
|
EVID 2014: CA-Unable To Delete Infected File |
Sub Rule |
Error |
File Delete Failure |
|
EVID 3024: Unknown Error Reported |
Sub Rule |
Error |
Unknown Error |
|
EVID 1512: A Maximum Load Occurring |
Sub Rule |
Warning |
Approaching Maximum Capacity |
|
EVID 1900: New MIB File Available |
Sub Rule |
Information |
New File Found On Network |
|
EVID 14500: Intercept Firewall Event |
Sub Rule |
Information |
General Firewall Event |
|
EVID 3039: CA - Scan Completed |
Sub Rule |
Other Audit Success |
Scan Completed |
|
EVID 10017: Scan Finished |
Sub Rule |
Other Audit Success |
Scan Completed |
|
EVID 10030: Scan Host Finished |
Sub Rule |
Other Audit Success |
Scan Completed |
|
EVID 8501: Encrypted/Corrupted Item Found |
Sub Rule |
Warning |
Damaged Object Found |
|
EVID 16006: New Rogue System Detected |
Sub Rule |
Information |
New Device Found |
|
EVID 1028: Unable To Delete Infected File |
Sub Rule |
Error |
Unable To Delete File |
|
EVID 2024: New File Virus Found And Deleted |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
EVID 16013: AD Discovery Task Removed Computers |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
EVID 16012: AD Discovery Task Added Computers |
Sub Rule |
Access Success |
Object Added |
|
EVID 34155: Corrupted Content Detected |
Sub Rule |
Warning |
Data Corrupt |
|
EVID 34150: Packer Detected |
Sub Rule |
Information |
Device Detected |
|
EVID 1505: Email Content Filtered |
Sub Rule |
Information |
Email Filter Information |
|
EVID 4600: WebShield - URL Blocked |
Sub Rule |
Information |
URL Information |
|
EVID 34159: Blocked Mime Type Detected |
Sub Rule |
Warning |
Device Blocked |
|
EVID 8601: File Reputation Failed |
Sub Rule |
Information |
General Reputation Information |
|
EVID 1093: Buffer Overflow Detected |
Sub Rule |
Attack |
Buffer Overflow/Underflow |
|
EVID 1099: Buffer Overflow Not Blocked |
Sub Rule |
Attack |
Buffer Overflow/Underflow |
|
EVID 34151: Phish Detected |
Sub Rule |
Attack |
Phishing Activity |
|
EVID 1002: Task Started Successfully |
Sub Rule |
Information |
Scheduled Task Started |
|
EVID 1066: Task Started OK |
Sub Rule |
Information |
Scheduled Task Started |
|
EVID 1049: Internal Application Error |
Sub Rule |
Error |
Application Error |
|
EVID 3015: Internal Application Error |
Sub Rule |
Error |
Application Error |
|
EVID 3054: CA - Internal Application Error |
Sub Rule |
Error |
Application Error |
|
EVID 1054: Infected File Deleted |
Sub Rule |
Information |
File Deleted |
|
EVID 2003: Infected File Deleted |
Sub Rule |
Information |
File Deleted |
|
EVID 2013: CA-Infected File Deleted |
Sub Rule |
Information |
File Deleted |
|
EVID 1025: Infected File Successfully Cleaned |
Sub Rule |
Activity |
General Threat Message |
|
EVID 1026: Unable To Clean Infected File |
Sub Rule |
Activity |
General Threat Message |
|
EVID 1036: Memory Infected |
Sub Rule |
Activity |
General Threat Message |
|
EVID 1038: Scan Found Infected Files |
Sub Rule |
Activity |
General Threat Message |
|
EVID 1039: Cleaned Infected Files |
Sub Rule |
Activity |
General Threat Message |
|
EVID 1060: Virus Cleaned |
Sub Rule |
Activity |
General Threat Message |
|
EVID 2021: Boot Record Infection Cleaned |
Sub Rule |
Activity |
General Threat Message |
|
EVID 2100: Outbreak Rule Name |
Sub Rule |
Activity |
General Threat Message |
|
EVID 11001: Intrusion Detected |
Sub Rule |
Activity |
General Threat Message |
|
EVID 1061: Error While Cleaning Virus |
Sub Rule |
Activity |
General Threat Message |
|
EVID 1100: Macro Detected In File |
Sub Rule |
Activity |
General Threat Message |
|
EVID 1101: Macro Deleted From File |
Sub Rule |
Activity |
General Threat Message |
|
EVID 1502: Unable To Clean Infected Mail |
Sub Rule |
Activity |
General Threat Message |
|
EVID 2011: CA-Infected File Cleaned |
Sub Rule |
Activity |
General Threat Message |
|
EVID 2012: CA-Unable To Clean Infected File |
Sub Rule |
Activity |
General Threat Message |
|
EVID 10016: Scan Started |
Sub Rule |
Information |
Scan Started |
|
EVID 10029: Scan Host Started |
Sub Rule |
Information |
Scan Started |
|
EVID 10160: ThreatScan Start |
Sub Rule |
Information |
Scan Started |
|
EVID 10173: ThreatScan Host Started |
Sub Rule |
Information |
Scan Started |
|
EVID 34156: Denial Of Service Triggered |
Sub Rule |
Denial Of Service |
Application Denial Of Service |
|
EVID 10048: Update Start |
Sub Rule |
Information |
Update Process Started |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
MachineName |
<dname> |
Text/String |
Name of the system hosting the detecting product. |
|
AgentGUID |
N/A |
N/A |
Unique identifier of the agent that forwarded the event. |
|
IPAddress |
<dip> |
IP Address |
IP address of the system hosting the detecting product (if given in the event). |
|
OSName |
N/A |
N/A |
N/A |
|
UserName |
<domainimpacted>
|
Text/String |
N/A |
|
TimeZoneBias |
N/A |
N/A |
N/A |
|
RawMACAddress |
<dmac> |
Text/String/Number |
MAC address of the system hosting the detecting product. |
|
ProductName |
<vendorinfo> |
Text/String |
Name of the detecting managed product. |
|
ProductVersion |
<version> |
Text/String/Number |
Version number of the detecting product. |
|
ProductFamily |
N/A |
N/A |
N/A |
|
EngineVersion |
N/A |
N/A |
Version number of the detecting product’s engine |
|
DATVersion |
N/A |
N/A |
DAT version on the system that sent the event. |
|
ScannerType |
N/A |
N/A |
N/A |
|
TaskName |
<object> |
Text/String |
N/A |
|
ProductFamily |
N/A |
N/A |
N/A |
|
ProductName |
N/A |
N/A |
Name of the detecting managed product. |
|
ProductVersion |
N/A |
N/A |
Version number of the detecting product. |
|
EventID |
<vmid> |
Number |
Unique identifier of the event class. |
|
Severity |
<severity> |
Text/String/Number |
N/A |
|
GMTTime |
N/A |
N/A |
N/A |
|
UTCTime |
N/A |
N/A |
N/A |