Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
Pattern 13 : Traffic |
Base Rule |
General Firewall Log |
Network Traffic |
|
PIX-X-713061 : Tunnel Rej:Crypto Map Pol Not Found |
Sub Rule |
Failed Suspicious Activity |
Failed Suspicious |
|
PIX-X-713042 : IKE Initiator Unable To Find Policy |
Sub Rule |
IKE Initiator Unable To Find Key |
Error |
|
PIX-X-710003 : Access Denied By ACL |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-703002 : H.225 Release Complete |
Sub Rule |
General Information |
Information |
|
PIX-X-703001 : H.225 Message Received |
Sub Rule |
General Information |
Information |
|
PIX-X-621007 : Bad Register |
Sub Rule |
Bad PIM Register |
Information |
|
PIX-X-620002 : Un-Supported CTIQBE Version |
Sub Rule |
General VOIP Message |
Information |
|
PIX-X-620001 : Pre-Allocate CTIQBE |
Sub Rule |
General VOIP Message |
Information |
|
PIX-X-617004 : GTP Connection Created |
Sub Rule |
GTP Connection Created |
Information |
|
PIX-X-617003 : GTP Tunnel Created |
Sub Rule |
Tunnel Created |
Network Traffic |
|
PIX-X-617001 : GTP Message |
Sub Rule |
General Information |
Information |
|
PIX-X-616001 : Pre-Allocate MGCP Connection |
Sub Rule |
General Information |
Information |
|
PIX-X-614002 : DNS Reply |
Sub Rule |
DNS Reply |
Network Traffic |
|
PIX-X-614001 : DNS Request |
Sub Rule |
DNS Request |
Network Traffic |
|
PIX-X-611314 : Load Balancing Cluster Redirected |
Sub Rule |
General Information |
Information |
|
PIX-X-608001 : Pre-Allocate Skinny Connection |
Sub Rule |
General Information |
Information |
|
PIX-X-607001 : Pre-Allocate SIP Connection |
Sub Rule |
General Information |
Information |
|
PIX-X-507001 : Terminated Connection |
Sub Rule |
Connection Closed |
Network Traffic |
|
PIX-X-500004 : Invalid Transport Field |
Sub Rule |
Invalid Transport Field |
Warning |
|
PIX-X-500003 : Bad TCP Header Length |
Sub Rule |
Protocol Anomaly |
Attack |
|
PIX-X-500002 : Java Content Modified |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-500001 : ActiveX Content Modified |
Sub Rule |
Packet Contains ActiveX Content And Is Modified |
Critical |
|
PIX-X-419002 : Duplicate SYN Packet |
Sub Rule |
Duplicate SYN Packet |
Network Traffic |
|
PIX-X-419001 : Dropped Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-418001 : Dropped Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-416001 : Dropped Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-415014 : Maximum Unanswered HTTP Requests Exc |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-415013 : HTTP Transfer Encoding Vltn Detected |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-415012 : HTTP Deobfuscation Sig Detected |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-415011 : HTTP URL Length Exceeded |
Sub Rule |
Buffer Overflow/Underflow |
Attack |
|
PIX-X-415010 : HTTP Protocol Violation Detected |
Sub Rule |
Protocol Anomaly |
Attack |
|
PIX-X-415009 : HTTP Header Length Exceeded |
Sub Rule |
Buffer Overflow/Underflow |
Attack |
|
PIX-X-415008 : HTTP RFC Method Illegal |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-415007 : HTTP Extension Method Illegal |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-415006 : Content Size Out Of Range |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-415005 : Content Type Doesnt Match Spec Type |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-415004 : Content Type Not Found |
Sub Rule |
Content Type Not Found |
Activity |
|
PIX-X-415003 : HTTP Peer-To-Peer Detected |
Sub Rule |
P2P Activity |
Misuse |
|
PIX-X-415002 : HTTP Instant Messenger Detected |
Sub Rule |
IM/Chat Activity |
Misuse |
|
PIX-X-415001 : HTTP Tunnel Detected |
Sub Rule |
Anonymizing Activity |
Misuse |
|
PIX-X-410001 : DNS Request Exceeds Packet Length |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-406002 : FTP Port Command With Diff Address |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-406001 : FTP Low Port Command |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-405201 : ILS Message |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-405105 : H323 RAS Message |
Sub Rule |
General Information |
Information |
|
PIX-X-405104 : H225 Message Received |
Sub Rule |
General Information |
Information |
|
PIX-X-405103 : H225 Message |
Sub Rule |
General Information |
Information |
|
PIX-X-400050 : STATd Buffer Overflow |
Sub Rule |
Buffer Overflow/Underflow |
Attack |
|
PIX-X-400049 : Remote Exec Daemon Attempt |
Sub Rule |
Arbitrary Code Execution |
Attack |
|
PIX-X-400048 : Remote Exec Daemon Portmap Request |
Sub Rule |
Arbitrary Code Execution |
Attack |
|
PIX-X-400047 : Mount Daemon Portmap Request |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400046 : YP Transfer Daemon Portmap Request |
Sub Rule |
Port Scan |
Reconnaissance |
|
PIX-X-400045 : YP Update Daemon Portmap Request |
Sub Rule |
Port Scan |
Reconnaissance |
|
PIX-X-400044 : YP Password Daemon Portmap Request |
Sub Rule |
Port Scan |
Reconnaissance |
|
PIX-X-400043 : YP Bind Daemon Portmap Request |
Sub Rule |
RPC Portmap YPServ Request |
Activity |
|
PIX-X-400042 : YP Server Daemon Portmap Request |
Sub Rule |
General Attack Activity |
Attack |
|
PIX-X-400041 : Proxied RPC Request |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400040 : RPC Dump |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400039 : RPC Port Unregistration |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400038 : RPC Port Registration |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400037 : DNS Request For All Records |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400036 : DNS Zone Transfer From High Port |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400035 : DNS Zone Transfer |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400034 : DNS HINFO Request |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400033 : UDP Chargen DoS Attack |
Sub Rule |
Host Denial Of Service |
Denial Of Service |
|
PIX-X-400032 : UDP Snork Attack |
Sub Rule |
General Attack Activity |
Attack |
|
PIX-X-400031 : UDP Bomb Attack |
Sub Rule |
General Attack Activity |
Attack |
|
PIX-X-400030 : FTP Improper Port Specified |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400029 : FTP Improper Address Specified |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400028 : TCP FIN Only Flags |
Sub Rule |
Protocol Anomaly |
Attack |
|
PIX-X-400027 : TCP SYN+FIN Flags |
Sub Rule |
Protocol Anomaly |
Attack |
|
PIX-X-400026 : TCP NULL Flags |
Sub Rule |
Protocol Anomaly |
Attack |
|
PIX-X-400025 : Ping Of Death Attack |
Sub Rule |
General Attack Activity |
Attack |
|
PIX-X-400024 : Large ICMP Traffic |
Sub Rule |
Protocol Anomaly |
Attack |
|
PIX-X-400023 : Fragmented ICMP Traffic |
Sub Rule |
Fragmented Packet Received |
Network Traffic |
|
PIX-X-400022 : ICMP Address Mask Reply |
Sub Rule |
ICMP Address Mask Reply |
Activity |
|
PIX-X-400021 : ICMP Address Mask Request |
Sub Rule |
ICMP Address Mask Request |
Activity |
|
PIX-X-400020 : ICMP Information Reply |
Sub Rule |
ICMP Information Reply |
Activity |
|
PIX-X-400019 : ICMP Information Request |
Sub Rule |
ICMP Information Request |
Activity |
|
PIX-X-400018 : ICMP Timestamp Reply |
Sub Rule |
ICMP Timestamp Reply |
Activity |
|
PIX-X-400017 : ICMP Timestamp Request |
Sub Rule |
ICMP Timestamp Request |
Activity |
|
PIX-X-400016 : ICMP Parameter Problem On Datagram |
Sub Rule |
Protocol Anomaly |
Attack |
|
PIX-X-400015 : ICMP Time Exceeded For A Datagram |
Sub Rule |
Protocol Anomaly |
Attack |
|
PIX-X-400014 ICMP Echo Request |
Sub Rule |
ICMP Echo Request |
Network Traffic |
|
PIX-X-400013 ICMP Redirect |
Sub Rule |
Protocol Anomaly |
Attack |
|
PIX-X-40012 ICMP Source Quench |
Sub Rule |
Suspicious Activity |
Suspicious |
|
PIX-X-400011 ICMP Unreachable |
Sub Rule |
ICMP: Host Unreachable |
Activity |
|
PIX-X-400010 : ICMP Echo Reply |
Sub Rule |
ICMP Echo Reply |
Activity |
|
PIX-X-400009 : IP Fragments Overlap |
Sub Rule |
Protocol Anomaly |
Attack |
|
PIX-X-400008 : IP Impossible Packet |
Sub Rule |
General Attack Activity |
Attack |
|
PIX-X-400007 : IP Fragment Attack |
Sub Rule |
General Attack Activity |
Attack |
|
PIX-X-400006 : IP Options-Strict Source Route |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-400005 : IP Options-SATNET ID |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-400004 : IP Options-Loose Source Route |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-400003 : IP Options-Security |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-400002 : IP Options-Timestamp |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-400001 : IP Options-Record Packet Route |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-400000 : IP Options-Bad Option List |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-326007 : MRIB Entry-Update Failed |
Sub Rule |
MRIB Entry-Update Failed |
Error |
|
PIX-X-326006 : MRIB Entry-Creation Failed |
Sub Rule |
MRIB Entry-Creation Failed |
Error |
|
PIX-X-326005 : Mrib Notification Failed |
Sub Rule |
MRIB Notification Failed |
Error |
|
PIX-X-324007 : Unable To Create GTP Connection |
Sub Rule |
Unable To Create Connection |
Error |
|
PIX-X-324005 : Unable To Create Tunnel |
Sub Rule |
Tunnel Creation Failure |
Error |
|
PIX-X-324004 : Packet Version Not Supported |
Sub Rule |
Packet Version Not Supported |
Activity |
|
PIX-X-324003 : No Matching Request |
Sub Rule |
No Matching Request For Response |
Warning |
|
PIX-X-324002 : No PDP Exists |
Sub Rule |
No PDP Exists |
Error |
|
PIX-X-324001 : Packet Parsing Error |
Sub Rule |
Packet Parsing Error |
Error |
|
PIX-X-324000 : Packet Dropped |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-322004 : No Management IP Configured |
Sub Rule |
No Management IP Address Configured |
Warning |
|
PIX-X-318005 : Inconsistency In Routing Table |
Sub Rule |
Inconsistency In Routing Table |
Error |
|
PIX-X-314001 : Pre-Allocate Backconnection |
Sub Rule |
Pre-Allocated RTSP Connection |
Information |
|
PIX-X-313005 : No Matching Connection For ICMP |
Sub Rule |
No Matching Connection For ICMP Error Message |
Warning |
|
PIX-X-313004 : Dropped Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-305012 : Teardown Translation |
Sub Rule |
Translation Teardown |
Network Traffic |
|
PIX-X-305011 : Built Translation |
Sub Rule |
Translation Built |
Network Traffic |
|
PIX-X-305010 : Address Translation Slot Deleted |
Sub Rule |
IP Network Address Translation Info Msg |
Information |
|
PIX-X-305009 : Address Translation Slot Created |
Sub Rule |
IP Network Address Translation Info Msg |
Information |
|
PIX-X-305006 : Translation Creation Failed |
Sub Rule |
Regular Translation Creation Failed |
Error |
|
PIX-X-305005 : No Translation Group Found |
Sub Rule |
No Translation Group Found For Protocol |
Error |
|
PIX-X-304002 : URL Access Denied |
Sub Rule |
Access Object Failure |
Access Failure |
|
PIX-X-303004 : FTP Command Un-Supported |
Sub Rule |
FTP Command Un-Supported |
Information |
|
PIX-X-303003 : FTP Command Denied |
Sub Rule |
FTP Command Denied |
Failed Activity |
|
PIX-X-302018 : Teardown Connection |
Sub Rule |
Connection Teardown |
Network Traffic |
|
PIX-X-302017 : Built Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-302016 : Teardown Connection |
Sub Rule |
Connection Teardown |
Network Traffic |
|
PIX-X-302015 : Built Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-302014 : Teardown Connection |
Sub Rule |
Connection Teardown |
Network Traffic |
|
PIX-X-302013 : Built Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-302004 : Pre-Allocate Backconnection |
Sub Rule |
Pre-Allocate H323 Backconnection |
Information |
|
PIX-X-212006 : Dropped SNMP Request |
Sub Rule |
Dropped SNMP Request |
Failed Activity |
|
PIX-X-210010 : LU Make UDP Connection Failed |
Sub Rule |
LU Make UDP Connection Failed |
Error |
|
PIX-X-210008 : LU No Xlate |
Sub Rule |
LU No Xlate |
Error |
|
PIX-X-202011 : Connection Limit Exceeded |
Sub Rule |
Connection Limit Exceeded |
Warning |
|
PIX-X-201010 : Embryonic Connection Limit Exceeded |
Sub Rule |
Network Denial Of Service |
Denial Of Service |
|
PIX-X-201003 : Embryonic Limit Exceeded |
Sub Rule |
Network Denial Of Service |
Denial Of Service |
|
PIX-X-109028 : Built H245 Connection |
Sub Rule |
Connection Built |
Network Traffic |
|
PIX-X-109023 : Attempt To Use Service Before Auth |
Sub Rule |
Failed Suspicious Host Activity |
Failed Suspicious |
|
PIX-X-109010 : Connection Limit Exceeded |
Sub Rule |
Connection Limit Exceeded |
Warning |
|
PIX-X-109009 : Authorization Denied (Not Auth) |
Sub Rule |
Access Object Failure |
Access Failure |
|
PIX-X-109003 : Authorization Failed |
Sub Rule |
Unable To Communicate With Authentication Server |
Error |
|
PIX-X-109002 : Failed Authentication |
Sub Rule |
Unable To Communicate With Authentication Server |
Error |
|
PIX-X-108003 : Connection Terminated |
Sub Rule |
Connection Closed |
Network Traffic |
|
PIX-X-108002 : Invalid Char Replaced In Email Msg |
Sub Rule |
Replaced Invalid Characters In Email Address |
Warning |
|
PIX-X-106020 : Drop Packet Due To Teardrop Attack |
Sub Rule |
Failed Host Denial Of Service |
Failed Denial of Service |
|
PIX-X-106018 : Packet Denied |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-106017 : Dropped Packet Due To Land Attack |
Sub Rule |
Failed Host Denial Of Service |
Failed Denial of Service |
|
PIX-X-106016 : Dropped Packet Due To IP Spoof |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-106013 : Dropped Echo Request |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-106012 : Denied Packet Due to IP Options |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-106002 : Denied Connection |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
PIX-X-106014 : Denied Packet |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Number
|
|
N/A |
<sip> |
Number |
|
N/A |
<sname> |
Text/String |
|
N/A |
<dname> |
Text/String |
|
N/A |
<dip> |
Number |
|
N/A |
<sport> |
Number |
|
N/A |
<dport> |
Number |
|
N/A |
<protname> |
Text/String |
|
N/A |
<size> |
Number |