Skip to main content
Skip table of contents

Pattern 13 : Traffic

Classification

Rule NameRule TypeCommon EventClassification
Pattern 13 : TrafficBase RuleGeneral Firewall LogNetwork Traffic
PIX-X-713061 : Tunnel Rej:Crypto Map Pol Not FoundSub RuleFailed Suspicious ActivityFailed Suspicious
PIX-X-713042 : IKE Initiator Unable To Find PolicySub RuleIKE Initiator Unable To Find KeyError
PIX-X-710003 : Access Denied By ACLSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-703002 : H.225 Release CompleteSub RuleGeneral InformationInformation
PIX-X-703001 : H.225 Message ReceivedSub RuleGeneral InformationInformation
PIX-X-621007 : Bad RegisterSub RuleBad PIM RegisterInformation
PIX-X-620002 : Un-Supported CTIQBE VersionSub RuleGeneral VOIP MessageInformation
PIX-X-620001 : Pre-Allocate CTIQBESub RuleGeneral VOIP MessageInformation
PIX-X-617004 : GTP Connection CreatedSub RuleGTP Connection CreatedInformation
PIX-X-617003 : GTP Tunnel CreatedSub RuleTunnel CreatedNetwork Traffic
PIX-X-617001 : GTP MessageSub RuleGeneral InformationInformation
PIX-X-616001 : Pre-Allocate MGCP ConnectionSub RuleGeneral InformationInformation
PIX-X-614002 : DNS ReplySub RuleDNS ReplyNetwork Traffic
PIX-X-614001 : DNS RequestSub RuleDNS RequestNetwork Traffic
PIX-X-611314 : Load Balancing Cluster RedirectedSub RuleGeneral InformationInformation
PIX-X-608001 : Pre-Allocate Skinny ConnectionSub RuleGeneral InformationInformation
PIX-X-607001 : Pre-Allocate SIP ConnectionSub RuleGeneral InformationInformation
PIX-X-507001 : Terminated ConnectionSub RuleConnection ClosedNetwork Traffic
PIX-X-500004 : Invalid Transport FieldSub RuleInvalid Transport FieldWarning
PIX-X-500003 : Bad TCP Header LengthSub RuleProtocol AnomalyAttack
PIX-X-500002 : Java Content ModifiedSub RuleSuspicious ActivitySuspicious
PIX-X-500001 : ActiveX Content ModifiedSub RulePacket Contains ActiveX Content And Is ModifiedCritical
PIX-X-419002 : Duplicate SYN PacketSub RuleDuplicate SYN PacketNetwork Traffic
PIX-X-419001 : Dropped PacketSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-418001 : Dropped PacketSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-416001 : Dropped PacketSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-415014 : Maximum Unanswered HTTP Requests ExcSub RuleSuspicious ActivitySuspicious
PIX-X-415013 : HTTP Transfer Encoding Vltn DetectedSub RuleSuspicious ActivitySuspicious
PIX-X-415012 : HTTP Deobfuscation Sig DetectedSub RuleSuspicious ActivitySuspicious
PIX-X-415011 : HTTP URL Length ExceededSub RuleBuffer Overflow/UnderflowAttack
PIX-X-415010 : HTTP Protocol Violation DetectedSub RuleProtocol AnomalyAttack
PIX-X-415009 : HTTP Header Length ExceededSub RuleBuffer Overflow/UnderflowAttack
PIX-X-415008 : HTTP RFC Method IllegalSub RuleSuspicious ActivitySuspicious
PIX-X-415007 : HTTP Extension Method IllegalSub RuleSuspicious ActivitySuspicious
PIX-X-415006 : Content Size Out Of RangeSub RuleSuspicious ActivitySuspicious
PIX-X-415005 : Content Type Doesnt Match Spec TypeSub RuleSuspicious ActivitySuspicious
PIX-X-415004 : Content Type Not FoundSub RuleContent Type Not FoundActivity
PIX-X-415003 : HTTP Peer-To-Peer DetectedSub RuleP2P ActivityMisuse
PIX-X-415002 : HTTP Instant Messenger DetectedSub RuleIM/Chat ActivityMisuse
PIX-X-415001 : HTTP Tunnel DetectedSub RuleAnonymizing ActivityMisuse
PIX-X-410001 : DNS Request Exceeds Packet LengthSub RuleSuspicious ActivitySuspicious
PIX-X-406002 : FTP Port Command With Diff AddressSub RuleSuspicious ActivitySuspicious
PIX-X-406001 : FTP Low Port CommandSub RuleSuspicious ActivitySuspicious
PIX-X-405201 : ILS MessageSub RuleSuspicious ActivitySuspicious
PIX-X-405105 : H323 RAS MessageSub RuleGeneral InformationInformation
PIX-X-405104 : H225 Message ReceivedSub RuleGeneral InformationInformation
PIX-X-405103 : H225 MessageSub RuleGeneral InformationInformation
PIX-X-400050 : STATd Buffer OverflowSub RuleBuffer Overflow/UnderflowAttack
PIX-X-400049 : Remote Exec Daemon AttemptSub RuleArbitrary Code ExecutionAttack
PIX-X-400048 : Remote Exec Daemon Portmap RequestSub RuleArbitrary Code ExecutionAttack
PIX-X-400047 : Mount Daemon Portmap RequestSub RuleSuspicious ActivitySuspicious
PIX-X-400046 : YP Transfer Daemon Portmap RequestSub RulePort ScanReconnaissance
PIX-X-400045 : YP Update Daemon Portmap RequestSub RulePort ScanReconnaissance
PIX-X-400044 : YP Password Daemon Portmap RequestSub RulePort ScanReconnaissance
PIX-X-400043 : YP Bind Daemon Portmap RequestSub RuleRPC Portmap YPServ RequestActivity
PIX-X-400042 : YP Server Daemon Portmap RequestSub RuleGeneral Attack ActivityAttack
PIX-X-400041 : Proxied RPC RequestSub RuleSuspicious ActivitySuspicious
PIX-X-400040 : RPC DumpSub RuleSuspicious ActivitySuspicious
PIX-X-400039 : RPC Port UnregistrationSub RuleSuspicious ActivitySuspicious
PIX-X-400038 : RPC Port RegistrationSub RuleSuspicious ActivitySuspicious
PIX-X-400037 : DNS Request For All RecordsSub RuleSuspicious ActivitySuspicious
PIX-X-400036 : DNS Zone Transfer From High PortSub RuleSuspicious ActivitySuspicious
PIX-X-400035 : DNS Zone TransferSub RuleSuspicious ActivitySuspicious
PIX-X-400034 : DNS HINFO RequestSub RuleSuspicious ActivitySuspicious
PIX-X-400033 : UDP Chargen DoS AttackSub RuleHost Denial Of ServiceDenial Of Service
PIX-X-400032 : UDP Snork AttackSub RuleGeneral Attack ActivityAttack
PIX-X-400031 : UDP Bomb AttackSub RuleGeneral Attack ActivityAttack
PIX-X-400030 : FTP Improper Port SpecifiedSub RuleSuspicious ActivitySuspicious
PIX-X-400029 : FTP Improper Address SpecifiedSub RuleSuspicious ActivitySuspicious
PIX-X-400028 : TCP FIN Only FlagsSub RuleProtocol AnomalyAttack
PIX-X-400027 : TCP SYN+FIN FlagsSub RuleProtocol AnomalyAttack
PIX-X-400026 : TCP NULL FlagsSub RuleProtocol AnomalyAttack
PIX-X-400025 : Ping Of Death AttackSub RuleGeneral Attack ActivityAttack
PIX-X-400024 : Large ICMP TrafficSub RuleProtocol AnomalyAttack
PIX-X-400023 : Fragmented ICMP TrafficSub RuleFragmented Packet ReceivedNetwork Traffic
PIX-X-400022 : ICMP Address Mask ReplySub RuleICMP Address Mask ReplyActivity
PIX-X-400021 : ICMP Address Mask RequestSub RuleICMP Address Mask RequestActivity
PIX-X-400020 : ICMP Information ReplySub RuleICMP Information ReplyActivity
PIX-X-400019 : ICMP Information RequestSub RuleICMP Information RequestActivity
PIX-X-400018 : ICMP Timestamp ReplySub RuleICMP Timestamp ReplyActivity
PIX-X-400017 : ICMP Timestamp RequestSub RuleICMP Timestamp RequestActivity
PIX-X-400016 : ICMP Parameter Problem On DatagramSub RuleProtocol AnomalyAttack
PIX-X-400015 : ICMP Time Exceeded For A DatagramSub RuleProtocol AnomalyAttack
PIX-X-400014 ICMP Echo RequestSub RuleICMP Echo RequestNetwork Traffic
PIX-X-400013 ICMP RedirectSub RuleProtocol AnomalyAttack
PIX-X-40012 ICMP Source QuenchSub RuleSuspicious ActivitySuspicious
PIX-X-400011 ICMP UnreachableSub RuleICMP: Host UnreachableActivity
PIX-X-400010 : ICMP Echo ReplySub RuleICMP Echo ReplyActivity
PIX-X-400009 : IP Fragments OverlapSub RuleProtocol AnomalyAttack
PIX-X-400008 : IP Impossible PacketSub RuleGeneral Attack ActivityAttack
PIX-X-400007 : IP Fragment AttackSub RuleGeneral Attack ActivityAttack
PIX-X-400006 : IP Options-Strict Source RouteSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-400005 : IP Options-SATNET IDSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-400004 : IP Options-Loose Source RouteSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-400003 : IP Options-SecuritySub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-400002 : IP Options-TimestampSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-400001 : IP Options-Record Packet RouteSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-400000 : IP Options-Bad Option ListSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-326007 : MRIB Entry-Update FailedSub RuleMRIB Entry-Update FailedError
PIX-X-326006 : MRIB Entry-Creation FailedSub RuleMRIB Entry-Creation FailedError
PIX-X-326005 : Mrib Notification FailedSub RuleMRIB Notification FailedError
PIX-X-324007 : Unable To Create GTP ConnectionSub RuleUnable To Create ConnectionError
PIX-X-324005 : Unable To Create TunnelSub RuleTunnel Creation FailureError
PIX-X-324004 : Packet Version Not SupportedSub RulePacket Version Not SupportedActivity
PIX-X-324003 : No Matching RequestSub RuleNo Matching Request For ResponseWarning
PIX-X-324002 : No PDP ExistsSub RuleNo PDP ExistsError
PIX-X-324001 : Packet Parsing ErrorSub RulePacket Parsing ErrorError
PIX-X-324000 : Packet DroppedSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-322004 : No Management IP ConfiguredSub RuleNo Management IP Address ConfiguredWarning
PIX-X-318005 : Inconsistency In Routing TableSub RuleInconsistency In Routing TableError
PIX-X-314001 : Pre-Allocate BackconnectionSub RulePre-Allocated RTSP ConnectionInformation
PIX-X-313005 : No Matching Connection For ICMPSub RuleNo Matching Connection For ICMP Error MessageWarning
PIX-X-313004 : Dropped PacketSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-305012 : Teardown TranslationSub RuleTranslation TeardownNetwork Traffic
PIX-X-305011 : Built TranslationSub RuleTranslation BuiltNetwork Traffic
PIX-X-305010 : Address Translation Slot DeletedSub RuleIP Network Address Translation Info MsgInformation
PIX-X-305009 : Address Translation Slot CreatedSub RuleIP Network Address Translation Info MsgInformation
PIX-X-305006 : Translation Creation FailedSub RuleRegular Translation Creation FailedError
PIX-X-305005 : No Translation Group FoundSub RuleNo Translation Group Found For ProtocolError
PIX-X-304002 : URL Access DeniedSub RuleAccess Object FailureAccess Failure
PIX-X-303004 : FTP Command Un-SupportedSub RuleFTP Command Un-SupportedInformation
PIX-X-303003 : FTP Command DeniedSub RuleFTP Command DeniedFailed Activity
PIX-X-302018 : Teardown ConnectionSub RuleConnection TeardownNetwork Traffic
PIX-X-302017 : Built ConnectionSub RuleConnection BuiltNetwork Traffic
PIX-X-302016 : Teardown ConnectionSub RuleConnection TeardownNetwork Traffic
PIX-X-302015 : Built ConnectionSub RuleConnection BuiltNetwork Traffic
PIX-X-302014 : Teardown ConnectionSub RuleConnection TeardownNetwork Traffic
PIX-X-302013 : Built ConnectionSub RuleConnection BuiltNetwork Traffic
PIX-X-302004 : Pre-Allocate BackconnectionSub RulePre-Allocate H323 BackconnectionInformation
PIX-X-212006 : Dropped SNMP RequestSub RuleDropped SNMP RequestFailed Activity
PIX-X-210010 : LU Make UDP Connection FailedSub RuleLU Make UDP Connection FailedError
PIX-X-210008 : LU No XlateSub RuleLU No XlateError
PIX-X-202011 : Connection Limit ExceededSub RuleConnection Limit ExceededWarning
PIX-X-201010 : Embryonic Connection Limit ExceededSub RuleNetwork Denial Of ServiceDenial Of Service
PIX-X-201003 : Embryonic Limit ExceededSub RuleNetwork Denial Of ServiceDenial Of Service
PIX-X-109028 : Built H245 ConnectionSub RuleConnection BuiltNetwork Traffic
PIX-X-109023 : Attempt To Use Service Before AuthSub RuleFailed Suspicious Host ActivityFailed Suspicious
PIX-X-109010 : Connection Limit ExceededSub RuleConnection Limit ExceededWarning
PIX-X-109009 : Authorization Denied (Not Auth)Sub RuleAccess Object FailureAccess Failure
PIX-X-109003 : Authorization FailedSub RuleUnable To Communicate With Authentication ServerError
PIX-X-109002 : Failed AuthenticationSub RuleUnable To Communicate With Authentication ServerError
PIX-X-108003 : Connection TerminatedSub RuleConnection ClosedNetwork Traffic
PIX-X-108002 : Invalid Char Replaced In Email MsgSub RuleReplaced Invalid Characters In Email AddressWarning
PIX-X-106020 : Drop Packet Due To Teardrop AttackSub RuleFailed Host Denial Of ServiceFailed Denial of Service
PIX-X-106018 : Packet DeniedSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-106017 : Dropped Packet Due To Land AttackSub RuleFailed Host Denial Of ServiceFailed Denial of Service
PIX-X-106016 : Dropped Packet Due To IP SpoofSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-106013 : Dropped Echo RequestSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-106012 : Denied Packet Due to IP OptionsSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-106002 : Denied ConnectionSub RuleTraffic Denied by Network FirewallNetwork Deny
PIX-X-106014 : Denied PacketSub RuleTraffic Denied by Network FirewallNetwork Deny

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData Type
N/A<vmid>Number
N/A<sip>Number
N/A<sname>Text/String
N/A<dname>Text/String
N/A<dip>Number
N/A<sport>Number
N/A<dport>Number
N/A<protname>Text/String
N/A<size>Number
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.