Skip to main content
Skip table of contents

Syslog - Imperva SecureSphere: V 2.0 : Security Events

Vendor Documentation

Classification

RuleName

RuleType

Common Event

Classification

V 2.0 : Security Events

Base Rule

General Audit Message

Other Audit

V 2.0 : Cookie Injection

Sub Rule

HTTP Cookie

Activity

V 2.0 : XSS

Sub Rule

Vuln High Severity : CGI Abuses : XSS

Vulnerability

V 2.0 : Custom Violation

Sub Rule

Security Violation

Other Security

V 2.0 : Extremely Long HTTP Request

Sub Rule

Line In HTTP Request Too Long

Warning

V 2.0 : HTTP Signature Violation

Sub Rule

General Signature Detection

Warning

V 2.0 : Illegal Byte Code Character In Header Name

Sub Rule

Illegal Characters

Error

V 2.0 : Illegal Byte Code Character In Method

Sub Rule

Illegal Characters

Error

V 2.0 : Illegal Byte Code Character In URL

Sub Rule

Illegal Characters

Error

V 2.0 : Illegal HTTP Version

Sub Rule

General HTTP Warning

Warning

V 2.0 : Unauthorized SOAP Action

Sub Rule

SOAP Message Body

Activity

V 2.0 : Unknown HTTP Request Method

Sub Rule

Invalid HTTP Request

Information

V 2.0 : Custom-Policy-Violation

Sub Rule

Security Policy Violation

Warning

V 2.0 : Malformed HTTP Header Line

Sub Rule

HTTP Header Error

Error

V 2.0 : ThreatRader - TOR IPs

Sub Rule

TOR Client Request

Activity

V 2.0 : Directory Trav (In Cookies/Parameters Val)

Sub Rule

Directory Traversal

Attack

V 2.0 : Attempt To Execute Privileged Operation

Sub Rule

Failed Suspicious User Activity

Failed Suspicious

V 2.0 : Extremely Long SQL Request

Sub Rule

General Attack Activity

Attack

V 2.0 : SQL Signature Violation

Sub Rule

General Attack Activity

Attack

V 2.0 : Unauthorized Database User

Sub Rule

Suspicious User Activity

Suspicious

V 2.0 : Unauthorized Source Application

Sub Rule

Unauthorized Program/Process

Misuse

V 2.0 : Web Profile Policy

Sub Rule

General POLICY Warning

Warning

V 2.0 : Cross Site Request Forgery

Sub Rule

Cross-Site Request Forgery

Attack

V 2.0 : HTTP/1.x Protocol Policy

Sub Rule

General Protocol Information

Information

V 2.0 : Migrated Web Protocol Policy For ServGroup

Sub Rule

Object Modified

Access Success

V 2.0 : Network Protocol Violations Policy

Sub Rule

Security Policy Violation

Warning

V 2.0 : Post Request - Missing Content Type

Sub Rule

Missing Attribute

Warning

V 2.0 : Recommended Signatures Policy For Web App

Sub Rule

General Policy

Other Audit

V 2.0 : Suspicious Response Code

Sub Rule

Suspicious Activity

Suspicious

V 2.0 : Web Correlation Policy

Sub Rule

General Policy

Other Audit

V 2.0 : Web Protocol Policy - Venture

Sub Rule

General Policy

Other Audit

V 2.0 : XSS Taylor

Sub Rule

General Protocol Information

Information

V 2.0 : SQL Login Failed

Sub Rule

SQL Login

Activity

V 2.0 : Cookie Tampering

Sub Rule

General Attack Activity

Attack

V 2.0 : Email Hoarding : Custom Violation

Sub Rule

Unauthorized E-mail

Misuse

V 2.0 : Email Hoarding

Sub Rule

Suspicious Activity

Suspicious

V 2.0 : Extremely Long Parameter

Sub Rule

Suspicious Activity

Suspicious

V 2.0 : Double URL Encoding

Sub Rule

Suspicious Activity

Suspicious

V 2.0 : NULL Character In Parameter Value

Sub Rule

Suspicious Activity

Suspicious

V 2.0 : Parameter Type Violation

Sub Rule

Suspicious Activity

Suspicious

V 2.0 : SSL Untraceable Connection

Sub Rule

Suspicious Activity

Suspicious

V 2.0 : Unauthorized Access To Service

Sub Rule

Unauthorized Program/Process

Misuse

V 2.0 : Unauthorized Method For Known URL

Sub Rule

Unauthorized Activity

Misuse

V 2.0 : Unauthorized Request Content Type

Sub Rule

Unauthorized Activity

Misuse

V 2.0 : Unauthorized URL Access

Sub Rule

Unauthorized Activity

Misuse

V 2.0 : Redundant UTF-8 Encoding

Sub Rule

General Protocol Violation

Error

V 2.0 : SQL Injection

Sub Rule

SQL Injection

Attack

V 2.0 : URL Above Root Directory

Sub Rule

Directory Traversal

Attack

V 2.0 : Web Worm

Sub Rule

Detected Worm Activity

Malware

V 2.0 : HTTP Signature Violation : Blocked

Sub Rule

Failed General Attack Activity

Failed Attack

V 2.0 : SQL Injection : Blocked

Sub Rule

Failed SQL Injection

Failed Attack

V 2.0 : Cross-Site Scripting : Blocked

Sub Rule

Failed Cross-Site Scripting

Failed Attack

V 2.0 : Cross Site Request Forgery : Blocked

Sub Rule

Failed Cross-Site Request Forgery

Failed Attack

V 2.0 : Unknown HTTP Request Method : Blocked

Sub Rule

HTTP Request Failed

Error

V 2.0 : URL Above Root Directory : Blocked

Sub Rule

Failed Directory Traversal

Failed Attack

V 2.0 : Web Worm : Blocked

Sub Rule

Failed Worm Activity

Failed Malware

V 2.0 : Illegal HTTP Version : Blocked

Sub Rule

Incorrect Version

Error

V 2.0 :Redundant UTF-8 Encoding : Blocked

Sub Rule

General Protocol Violation

Error

V 2.0 : Email Hoarding

Sub Rule

General AlertEmail Critical

Critical

V 2.0 : Recommended Sign Policy For Web App PSHR

Sub Rule

Signatures Updated

Configuration

V 2.0 : SOAP Element Vlaue Type Violation

Sub Rule

System Violation

Error

V 2.0 : Threatrader - Anonymous Proxies

Sub Rule

Failed To Refresh List Proxies

Error

V 2.0 : Threatrader - Malicious IPs

Sub Rule

General IPS/IDS Log Message

Other Security

V 2.0 : Threatrader - TOR IPs

Sub Rule

TOR Client Request

Activity

V 2.0 : Web Protcol Policy

Sub Rule

General Audit Policy Setting

Information

V 2.0 : SQL Correlation Event

Sub Rule

General Policy

Other Audit

V 2.0 : CalOptima - MSSQL Policy

Sub Rule

General Policy

Other Audit

V 2.0 : CalOptima - Sensitive Data Access

Sub Rule

Data Queue Retrieved

Information

V 2.0 : Email Hoarding

Sub Rule

Unauthorized E-mail

Misuse

V 2.0 : Cross Site Request Forgery:Custom Violatio

Sub Rule

Cross-Site Request Forgery

Attack

V 2.0 : Distributed Suspicious Response Code

Sub Rule

Suspicious Activity

Suspicious

V 2.0 : Suspicious Response Code Alert

Sub Rule

Suspicious Activity

Suspicious

V 2.0 : Parameter Read Only Violation

Sub Rule

Suspicious Activity

Suspicious

V 2.0 : Network Protocol Violation Policy

Sub Rule

Security Policy Violation

Warning

V 2.0 : Cross Site Request Forgery : Custom Violat

Sub Rule

Cross-Site Request Forgery

Attack

V 2.0 : Recommended Signature Policy For Web App

Sub Rule

Signature Information

Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

CEF:Version

N/A

N/A

N/A

N/A

N/A

N/A

Device Vendor

N/A

N/A

N/A

Device Product

N/A

<version>

Text/String/Number

Device Version

N/A

<vmid>

Text/String

deviceEventClassId

N/A

<subject>
<tag1>

Text/String

Name

N/A

<severity>

Text/String

Severity

act

<action>
<tag2>

Text/String

The immediate action performed, either block
transaction (event) or no action

dst

<dip>

IP Address

The destination IP address

dpt

<dport>

Number

The destination port

duser

<account><domainimpacted>

Text/String

The destination user. In web applications it refers to the application user logged into the application. In database applications it refers to the database user

src

<sip>

IP Address

The source IP address

spt

<sport>

Number

The source port

proto

<protname>

Text/String

The protocol used

rt

N/A

N/A

The alert time

cat

<objecttype>

Text/String

The type of event

cs1

<policy>

Text/String

The violated policy's name

cs1Label

N/A

N/A

Policy label

cs2

<group>

Text/String

The server group name

cs2Label

N/A

N/A

ServerGroup Label

cs3

<process>
OR
<result>

Text/String

alert description
or
the service name

cs3Label

N/A

N/A

Service is Service Label.
Description is Description
Label

cs4

<object>

Text/String

application name

cs4Label

N/A

N/A

Application is Service Label

cs5

<result>
<tag5>

Text/String

alert description

cs5Label

N/A

N/A

Description is Description Label

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.