Skip to main content
Skip table of contents

IPS Messages

Vendor Documentation

https://www.forcepoint.com/product/ngfw-next-generation-firewall
https://help.stonesoft.com/onlinehelp/StoneGate/SMC/6.5.0/GUID-71291199-8540-496C-A4DF-52A69E8FE227.html
https://support.forcepoint.com/KBArticle?id=000015002
https://www.websense.com/content/support/library/ngfw/v64/mgmt/ngfw_640_pg_a_en-us.pdf

Classification

Rule Name

Rule Type

Common Event

Classification


IPS MessagesBase RuleGeneral IPS/IDS Log MessageOther Security
EVID 503200 : Xssauditor-Filter-Sec-Policy-BypassSub RuleVuln Low Severity : Web ServerVulnerability
EVID 502970 : File-Text_HTML-Suspicious-WebkitSub RuleVuln Low Severity : Web ServerVulnerability
EVID 502969 : File-Text_Script-In-HTML-HeadSub RuleVuln Low Severity : Web ServerVulnerability
EVID 502516 : File-Text_Invisible-Inline-FrameSub RuleVuln Low Severity : Web ServerVulnerability
EVID 501776 : HTTP_SHS-Invalid-Response-HTTP-1.0Sub RuleProtocol AnomalyAttack
EVID 501774 : HTTP_SHS-Invalid-Response-HTTP-1.1Sub RuleProtocol AnomalyAttack
EVID 501486 : Conflicting-Content-Type-Text-HTMLSub RuleVuln Low Severity : Protocol ViolationVulnerability
EVID 501485 : Binary_Conflicting-Content-Type-TextSub RuleVuln Low Severity : Protocol ViolationVulnerability
EVID 501280 : Google-Chrome-CRX-Extension-PackageSub RuleVuln Low Severity : Web ServerVulnerability
EVID 398857 : ARCserve-Bckp-Lgsrvr-Stack-Buffer-OFSub RuleHost CompromisedCompromise
EVID 398400 : Timeout-Status-Code-In-HTTP-10-RespSub RuleVuln Low Severity : Protocol ViolationVulnerability
EVID 324107 : SNMP-UDP_Def-Comm-Strng-Pblic-AccptdSub RuleVuln Low Severity : SNMPVulnerability
EVID 324106 : SNMP-UDP_Def-Community-String-RejSub RuleVuln Low Severity : SNMPVulnerability
EVID 320003 : Name-Null-Byte-Input-Validation-ErrSub RuleHost CompromisedCompromise
EVID 319510 : HTTPS_CS-SSL-3.0-Client-HelloSub RuleVuln Low Severity : Web ServerVulnerability
EVID 319501 : ChangeCipher-Before-Key-ExchangeSub RuleHost CompromisedCompromise
EVID 318509 : Out-Of-Bounds-Array-Vuln-Func-CallSub RuleVuln Low Severity : SMB / NETBIOSVulnerability
EVID 316105 : MSRPC-TCP_NTLMSSP-Auth-Null-Sess-DOSSub RuleVuln Low Severity : Denial Of ServiceVulnerability
EVID 278056 : HTTP_SHS-Server-Version-Number-DisclSub RuleVuln Low Severity : Web ServerVulnerability
EVID 275505 : HTTP_SLS-Unauthorized-Status-CodeSub RuleUser Logon FailureAuthentication Failure
EVID 267329 : Windows-NAT-Helper-DNS-Query-DOSSub RuleVuln Low Severity : Denial Of ServiceVulnerability
EVID 264753 : Shared_Microsoft-Cabnet-File-DwnloadSub RuleCompressed Executable DownloadActivity
EVID 261653 : Analyzer_Compress-SIDsSub RuleSuspicious Network ActivitySuspicious
EVID 79969 : SMB2_Unknown-Message-IdentifierSub RuleSuspicious Network ActivitySuspicious
EVID 79963 : SMB2_Unknown-Tree-IdentifierSub RuleSuspicious Network ActivitySuspicious
EVID 79917 : MSRPC_Request-Without-BindSub RuleVuln Low Severity : RPCVulnerability
EVID 79914 : MSRPC_Parsing-ErrorSub RuleVuln Low Severity : RPCVulnerability
EVID 79192 :_Client-Session-Packet-Type-UnknownSub RuleVuln Low Severity : SMB / NETBIOSVulnerability
EVID 79080 : TCP_Segment-Content-ConflictSub RuleTCP Pending Crash Or Severe ProblemCritical
EVID 76506 : File_AllowedSub RuleFile SentInformation
EVID 76461 : HTTP_Response-Version-MalformedSub RuleMalformed ObjectSuspicious
EVID 71038 : TLS_Server-Syntax-ErrorSub RuleBad Request/Invalid SyntaxError
EVID 71037 : TLS_Client-Syntax-ErrorSub RuleBad Request/Invalid SyntaxError
EVID 70977 : HTTP_Decompression-Stream-ErrorSub RuleStream Processing ErrorError
EVID 70512 : DNS_Client-UDP-QR-Wrong-DirectionSub RuleNon Compliant DNSActivity
EVID 70511 : HTTP_URL-LoggedSub RuleURL Logged - CategoryActivity
EVID 70414 : DNS_Client-QDCOUNT-Not-1Sub RuleNon Compliant DNSActivity
EVID 70080 : HTTP_Reply-Header-Line-UnparseableSub RuleHTTP Security ViolationOther Security
EVID 70061 : HTTP_Request-UnknownSub RuleVuln Low Severity : Protocol ViolationVulnerability
EVID 70026 : Connection_ProgressSub RuleGeneral Connection MessagesNetwork Traffic
EVID 70021 : Connection_ClosedSub RuleConnection ClosedNetwork Traffic
EVID 70018 : Connection_AllowedSub RuleTraffic Allowed by Network FirewallNetwork Allow
EVID 1004 : FW_Related-ConnectionSub RuleTraffic Allowed by Network FirewallNetwork Allow
EVID 500 : FW_NoticeSub RuleGeneral Firewall EventInformation
EVID 79891 : HTTP_Headerline_LFSub RuleNon Compliant DNSActivity
EVID 503093 : Mcrsft-Xml-Core-Svs-Vuln-ActivX-CtrlSub RuleVuln Low Severity : Web ServerVulnerability
EVID 502478 : Microsoft-Embedded-Font-EOT-File-RefSub RuleVuln Low Severity : Web ServerVulnerability
EVID 501770 : Mult-Products-Mult-Location-HeadersSub RuleProtocol AnomalyAttack
EVID 501657 : File-Binary_Microsoft-Cabinet-TrnsfrSub RuleVuln Low Severity : Web ServerVulnerability
EVID 501338 : PNG-Img-With-Large-Data-Length-ValueSub RuleVuln Low Severity : Web ServerVulnerability
EVID 501274 : File-Exe_Executable-File-UploadSub RuleVuln Low Severity : Web ServerVulnerability
EVID 323594 : Write-Atmt-Using-Def-Community-StrngSub RuleVuln Low Severity : SNMPVulnerability
EVID 264225 : Shared_Executable-File-UploadSub RuleCompressed Executable DownloadActivity

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData Type
Version

<version>

Number
vmid<vmid>Number
objectname<objectname>Text/String
severity<severity>Text/String/Number
spt<sport>Number
suser<login>Text/String
dmac<dmac>Text/String/Number
dst<dip>IP Address
cat<subject>Text/String
requestURL<url>Text/String
app<session>Text/String/Number
act<command>Text/String
msg<object>Text/String
deviceoutboundinterface<sinterface>Text/String/Number
deviceinboundinterface<dinterface>Text/String/Number
proto<protnum>Number
dpt<dport>Number
in<bytesin>Number
out<bytesout>Number
src<sip>IP Address
smac<smac>Text/String/Number
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close