| Rule Name | Rule Type | Common Event | Classification |
| Pattern 1 : PIX Traffic Messages | Base Rule | Network Traffic | Network Traffic |
| PIX-2-106013 : Dropped Echo Request | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| PIX-2-106016 : Dropped Packet Due to IP Spoof | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| PIX-2-106017 : Dropped Packet Due to Land Attack | Sub Rule | Failed Host Denial of Service | Failed Denial of Service |
| PIX-2-106020 : Drop Packet Due to Teardrop Attack | Sub Rule | Failed Host Denial of Service | Failed Denial of Service |
| PIX-3-109023 : Attempt to Use Service Before Auth | Sub Rule | Failed Suspicious Host Activity | Failed Suspicious |
| PIX-4-400013 : ICMP Redirect | Sub Rule | Protocol Anomaly | Attack |
| PIX-4-400014 : ICMP Echo Request | Sub Rule | ICMP Echo Request | Network Traffic |
| PIX-4-400011 : ICMP Unreachable | Sub Rule | ICMP: Host Unreachable | Activity |
| PIX-4-40012 : ICMP Source Quench | Sub Rule | Suspicious Activity | Suspicious |
| PIX-3-109003 : Authorization Failed | Sub Rule | Unable to Communicate with Authentication Server | Error |
| PIX-3-109002 : Failed Authentication | Sub Rule | Unable to Communicate with Authentication Server | Error |
| PIX-6-109009 : Authorization Denied (Not Auth) | Sub Rule | Access Object Failure | Access Failure |
| PIX-X-713061 : Tunnel Rej:Crypto Map Pol Not Found | Sub Rule | Failed Suspicious Activity | Failed Suspicious |
| PIX-X-713042 : IKE Initiator Unable to Find Policy | Sub Rule | IKE Initiator Unable to Find Key | Error |
| PIX-X-703002 : H.225 Release Complete | Sub Rule | General Information | Information |
| PIX-X-703001 : H.225 Message Received | Sub Rule | General Information | Information |
| PIX-X-621007 : Bad Register | Sub Rule | Bad PIM Register | Information |
| PIX-X-620002 : Un-Supported CTIQBE Version | Sub Rule | General VOIP Message | Information |
| PIX-X-620001 : Pre-Allocate CTIQBE | Sub Rule | General VOIP Message | Information |
| PIX-X-617004 : GTP Connection Created | Sub Rule | GTP Connection Created | Information |
| PIX-X-617003 : GTP Tunnel Created | Sub Rule | Tunnel Created | Network Traffic |
| PIX-X-617001 : GTP Message | Sub Rule | General Information | Information |
| PIX-X-616001 : Pre-Allocate MGCP Connection | Sub Rule | General Information | Information |
| PIX-X-611314 : Load Balancing Cluster Redirected | Sub Rule | General Information | Information |
| PIX-X-608001 : Pre-Allocate Skinny Connection | Sub Rule | General Information | Information |
| PIX-X-607001 : Pre-Allocate SIP Connection | Sub Rule | General Information | Information |
| PIX-X-500002 : Java Content Modified | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-500001 : ActiveX Content Modified | Sub Rule | Packet Contains ActiveX Content and Is Modified | Critical |
| PIX-X-415014 : Max Unanswered HTTP Reqs Exceeded | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-415013 : HTTP Transfer Encoding Vuln Detected | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-415012 : HTTP Deobfuscation Signature Detected | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-415011 : HTTP URL Length Exceeded | Sub Rule | Buffer Overflow/Underflow | Attack |
| PIX-X-415010 : HTTP Protocol Violation Detected | Sub Rule | Protocol Anomaly | Attack |
| PIX-X-415009 : HTTP Header Length Exceeded | Sub Rule | Buffer Overflow/Underflow | Attack |
| PIX-X-415008 : HTTP RFC Method Illegal | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-415007 : HTTP Extension Method Illegal | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-415006 : Content Size Out of Range | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-415005 : Content No Match for Specified Type | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-415004 : Content Type Not Found | Sub Rule | Content Type Not Found | Activity |
| PIX-X-415003 : HTTP Peer-To-Peer Detected | Sub Rule | P2P Activity | Misuse |
| PIX-X-415002 : HTTP Instant Messenger Detected | Sub Rule | IM/Chat Activity | Misuse |
| PIX-X-415001 : HTTP Tunnel Detected | Sub Rule | Anonymizing Activity | Misuse |
| PIX-X-406002 : FTP Port Cmd with Different Address | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-406001 : FTP Low Port Command | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-405201 : ILS Message | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-405105 : H323 RAS Message | Sub Rule | General Information | Information |
| PIX-X-405104 : H225 Message Received | Sub Rule | General Information | Information |
| PIX-X-405103 : H225 Message | Sub Rule | General Information | Information |
| PIX-X-400050 : STATd Buffer Overflow | Sub Rule | Buffer Overflow/Underflow | Attack |
| PIX-X-400049 : Remote Exec Daemon Attempt | Sub Rule | Arbitrary Code Execution | Attack |
| PIX-X-400048 : Remote Exec Daemon Portmap Request | Sub Rule | Arbitrary Code Execution | Attack |
| PIX-X-400047 : Mount Daemon Portmap Request | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-400046 : YP Transfer Daemon Portmap Request | Sub Rule | Port Scan | Reconnaissance |
| PIX-X-400045 : YP Update Daemon Portmap Request | Sub Rule | Port Scan | Reconnaissance |
| PIX-X-400044 : YP Password Daemon Portmap Request | Sub Rule | Port Scan | Reconnaissance |
| PIX-X-400043 : YP Bind Daemon Portmap Request | Sub Rule | RPC Portmap YPServ Request | Activity |
| PIX-X-400042 : YP Server Daemon Portmap Request | Sub Rule | Port Scan | Reconnaissance |
| PIX-X-400041 : Proxied RPC Request | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-400040 : RPC Dump | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-400039 : RPC Port Unregistration | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-400038 : RPC Port Registration | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-400037 : DNS Request for All Records | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-400036 : DNS Zone Transfer From High Port | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-400035 : DNS Zone Transfer | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-400034 : DNS HINFO Request | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-400033 : UDP Chargen DoS Attack | Sub Rule | Host Denial of Service | Denial of Service |
| PIX-X-400032 : UDP Snork Attack | Sub Rule | General Attack Activity | Attack |
| PIX-X-400031 : UDP Bomb Attack | Sub Rule | General Attack Activity | Attack |
| PIX-X-400030 : FTP Improper Port Specified | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-400029 : FTP Improper Address Specified | Sub Rule | Suspicious Activity | Suspicious |
| PIX-X-400028 : TCP FIN Only Flags | Sub Rule | Protocol Anomaly | Attack |
| PIX-X-400027 : TCP SYN+FIN Flags | Sub Rule | Protocol Anomaly | Attack |
| PIX-X-400026 : TCP NULL Flags | Sub Rule | Protocol Anomaly | Attack |
| PIX-X-400025 : Ping of Death Attack | Sub Rule | General Attack Activity | Attack |
| PIX-X-400024 : Large ICMP Traffic | Sub Rule | Protocol Anomaly | Attack |
| PIX-X-400023 : Fragmented ICMP Traffic | Sub Rule | Fragmented Packet Received | Network Traffic |
| PIX-X-400022 : ICMP Address Mask Reply | Sub Rule | ICMP Address Mask Reply | Activity |
| PIX-X-400021 : ICMP Address Mask Request | Sub Rule | ICMP Address Mask Request | Activity |
| PIX-X-400020 : ICMP Information Reply | Sub Rule | ICMP Information Reply | Activity |
| PIX-X-400019 : ICMP Information Request | Sub Rule | ICMP Information Request | Activity |
| PIX-X-400018 : ICMP Timestamp Reply | Sub Rule | ICMP Timestamp Reply | Activity |
| PIX-X-400017 : ICMP Timestamp Request | Sub Rule | ICMP Timestamp Request | Activity |
| PIX-X-400016 : ICMP Parameter Problem on Datagram | Sub Rule | Protocol Anomaly | Attack |
| PIX-X-400015 : ICMP Time Exceeded for a Datagram | Sub Rule | Protocol Anomaly | Attack |
| PIX-X-400010 : ICMP Echo Reply | Sub Rule | ICMP Echo Reply | Activity |
| PIX-X-400009 : IP Fragments Overlap | Sub Rule | Protocol Anomaly | Attack |
| PIX-X-400008 : IP Impossible Packet | Sub Rule | General Attack Activity | Attack |
| PIX-X-400007 : IP Fragment Attack | Sub Rule | General Attack Activity | Attack |
| PIX-X-400006 : IP Options-Strict Source Route | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| PIX-X-400005 : IP Options-SATNET ID | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| PIX-X-400004 : IP Options-Loose Source Route | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| PIX-X-400003 : IP Options-Security | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| PIX-X-400002 : IP Options-Timestamp | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| PIX-X-400001 : IP Options-Record Packet Route | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| PIX-X-400000 : IP Options-Bad Option List | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| PIX-X-324007 : Unable to Create GTP Connection | Sub Rule | Unable to Create Connection | Error |
| PIX-X-324005 : Unable to Create Tunnel | Sub Rule | Tunnel Creation Failure | Error |
| PIX-X-324004 : Packet Version Not Supported | Sub Rule | Packet Version Not Supported | Activity |
| PIX-X-324003 : No Matching Request | Sub Rule | No Matching Request for Response | Warning |
| PIX-X-324002 : No PDP Exists | Sub Rule | No PDP Exists | Error |
| PIX-X-324001 : Packet Parsing Error | Sub Rule | Packet Parsing Error | Error |
| PIX-X-324000 : Packet Dropped | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| PIX-X-305010 : Address Translation Slot Deleted | Sub Rule | IP Network Address Translation Info Msg | Information |
| PIX-X-305009 : Address Translation Slot Created | Sub Rule | IP Network Address Translation Info Msg | Information |
| PIX-X-305006 : Translation Creation Failed | Sub Rule | Regular Translation Creation Failed | Error |
| PIX-X-305005 : No Translation Group Found | Sub Rule | No Translation Group Found for Protocol | Error |
| PIX-X-304002 : URL Access Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| PIX-X-303004 : FTP Command Un-Supported | Sub Rule | FTP Command Un-Supported | Information |
| PIX-X-303003 : FTP Command Denied | Sub Rule | FTP Command Denied | Failed Activity |
| PIX-X-202011 : Connection Limit Exceeded | Sub Rule | Connection Limit Exceeded | Warning |
| PIX-X-201010 : Embryonic Connection Limit Exceeded | Sub Rule | Network Denial of Service | Denial of Service |
| PIX-X-109028 : Built H245 Connection | Sub Rule | Connection Built | Network Traffic |
| PIX-X-109010 : Connection Limit Exceeded | Sub Rule | Connection Limit Exceeded | Warning |
| PIX-X-108002 : Invalid Char Replaced in Email Msg | Sub Rule | Replaced Invalid Characters in Email Address | Warning |
| PIX-X-106012 : Denied Packet Due to IP Options | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| No Matching Connection for ICMP Error Message | Sub Rule | No Matching Connection for ICMP Error Message | Warning |
| PIX-X-106014 : Denied Packet | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
