V 2.0 : Inbound SEP Malicious Activity Detected 1
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|---|---|
| N/A | <sip> | <sip> |
| N/A | N/A | <sname> |
| N/A | <dip> | <dip> |
| N/A | N/A | <dname> |
| N/A | <sport> | <sport> |
| N/A | <dport> | <dport> |
| N/A | <smac> | <smac> |
| N/A | <dmac> | <dmac> |
| N/A | <protname> | <protname> |
| N/A | N/A | <account> |
| N/A | N/A | <domainimpacted> |
| N/A | <subject> | <subject> |
| N/A | <threatname> | <threatname> |
| N/A | N/A | <threatid> |
| N/A | <hash> | <hash> |
| N/A | <url> | <url> |
| N/A | <quantity> | <quantity> |
| N/A | N/A | <tag1> |
| N/A | N/A | <tag2> |
| N/A | <vmid> | N/A |
| N/A | <severity> | N/A |
| N/A | <login> | N/A |
| N/A | <domainorigin> | N/A |
| N/A | <object> | N/A |
| N/A | <cve> | N/A |
| N/A | <group> | N/A |
| N/A | <command> | N/A |
| N/A | <sender> | N/A |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
| 1000416 | Attack Signature | Base Rule | General Attack Activity | Attack |
| VMID 21487 : MSRPC Multiple Context IDS | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 21261 : HTTP MS IE Frame Cross Site Scripting | Sub Rule | Cross-Site Scripting | Attack | |
| VMID 21679 : HTTP Webhancer Install Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21621 : 7FASST Search Activity | Sub Rule | Possible Malware Activity | Malware | |
| VMID 21620 : 7FASST User Tracking Activity | Sub Rule | Possible Malware Activity | Malware | |
| VMID 21430 : WebHancer Posting Information | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21617 : 007SPY Install Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21575 : HTTP ZSearch Instltn File Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21574 : HTTP SearchPounder Info Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21573 : Tafbar Install File Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21570 : 2020Search Configuration Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21569 : 2020Search Installation File Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21568 : 2020Search Info. Upload Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21563 : Dotcomtoolbar Instltn Files Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21558 : Megasearchbar InstallationFile Req | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21452 : Perfect InstallFIle Download | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21451 : ISearch Mistyped URL Hijack Attempt | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21450 : ISearch DNS Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21449 : ISearch Search Activity | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21447 : HTTP QuickSearch Activity | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21446 : QuickSearch DNS Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21418 : Goidr DNS Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21363 : HTTP ShopNav Uploading Reg Info | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21338 : E2Give InstallFile Request | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21337 : E2Give AppID Registry Subkey | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21329 : CometCursor Cursor Download | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21328 : CometCursor Logging Information | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21327 : CometCursor Plus Download | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21325 : HTTP Apropos Ad Activity | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21324 : HTTP Apropos Installation Activity | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21588 : PWDump Tool Activity | Sub Rule | Detected Spyware Activity | Malware | |
| VMID 21385 : SQLDict Brute Force Pswd Tool Usage | Sub Rule | Brute Force Activity | Attack | |
| VMID 20353 : HTTP Whisker/Libwhisker Scan-2 | Sub Rule | Port Scan | Reconnaissance | |
| VMID 20352 : HTTP Whisker/Libwhisker Scan-1 | Sub Rule | Port Scan | Reconnaissance | |
| VMID 20628 : MSRPC Mutiple Headers | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 20627 : MS RPC Heap Queue Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21237 : HTTP MS IE Local Resource Enumeration | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 21236 : HTTP MS IE Sysimage File Detection | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 21232 : HTTP Oracle SOAP Default Config Vuln | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 20524 : HTTP Cobalt Raq Apache Disclosure | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 20517 : HTTP ColdFusion CFM Disclosure | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 20511 : HTTP CGI Test Request | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 20508 : HTTP CGI NPH Request | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 20496 : HTTP Request Direct Perl Probe | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 20335 : HTTP MS IIS SQL Hit Disclosure | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 20334 : HTTP ISM DLL Remote Administration | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 20655 : VNC Login Failed | Sub Rule | User Logon Failure | Authentication Failure | |
| VMID 21812 : HTTP DialPlatform Activity | Sub Rule | Possible Malware Activity | Malware | |
| VMID 21805 : HTTP InstantAccess Activity | Sub Rule | Possible Malware Activity | Malware | |
| VMID 21791 : HTTP WKS Lotus 1-2-3 Remote Code Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21790 : HTTP Excel Multi Remote Code Exec-2 | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21783 : HTTP McAfee EPolicy Large Src Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21776 : HTTP WebViewFolderIcon SetSlice Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21750 : HTTP MS IE VML Fill Method Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21744 : HTTP DirectAnimation KeyFrame Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21737 : MS OLE Automation SubstringData Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21735 : HTTP MSIE IsComponentInstalled Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21734 : EMC Retrospect Client Buffer Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21732 : HTTP DirectAnimation Spline Heap Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21728 : HTTP Firefox SVG Mem Exec | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21725 : HTTP NullSoft Winamp Playlist Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21720 : HTTP Mozilla InstallVersion Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21719 : HTTP ANI File Hdr Size Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21717 : Symantec Backup Exec SelectSvc Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21551 : HTTP Embed Tag NPDSPlay DLL Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21552 : HTTP WMF Metahdr FileSize Int. Oflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21553 : MSRPC WebClient Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21662 : SMB Srv.sys Driver Rmt Code Execution | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21663 : MSRPC RRAS Buffer Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21687 : HTTP Excel Multi Remote Code Exec-1 | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21689 : Microsoft DHCP Service Options Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21698 : HTTP MSIE Content Type Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21701 : MSRPC SrvSvc NetApi Buffer Overflow-1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21702 : MSRPC SrvSvc NetApi Buffer Overflow-2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21706 : MS DNS Client ATMA Code Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21674 : HTTP PeerCast Remote Buffer Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21672 : HTTP MS Excel Unicode HLINK Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21671 : MS PPTP Server Buffer Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21668 : Alt-N WebAdmin USER Buffer Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21667 : HTTP BadBlue MFCISAPI Cmd Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21659 : HTTP MSIE MHTML URI Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21649 : Symantec AV Stack Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21532 : Cmptr Associates Lic GetConfig Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21531 : Computer Associates License GCR Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21530 : HTTP GIF Netscape Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21528 : VMware NAT FTP Commands Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21527 : MS DirectShow AVI Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21520 : RSA Agent WebRedirect Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21519 : RSA Agent Chunked Encoding Heap Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21515 : Yahoo! IM Activex Yauto.dll Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21512 : HTTP MS Frontpage Image Mapper Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21459 : Yahoo! Webcam ActiveX Control Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21397 : Snort BackOrifice Preprocessor Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21391 : Veritas Bpjava Format String Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21388 : HTTP MS Lnk File FaceName Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21386 : MS Netware NWWKS Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21387 : MS PNP Registry DeviceName Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21389 : MS MSDTC UserAllocate Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21314 : HTTP Acrobat ActX Ctrl URI Req Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21312 : HTTP RealPlayer SMIL File Stack Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21311 : HTTP MS IE MSHTML.DLL CSS Hndlng Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21260 : NetBIOS MS PnP QueryResConflist Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21259 : MS Printer Spooler Heap Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21246 : Veritas NetBackup Inv Timestamp Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21234 : HTTP Oracle 9IAS PLSQL Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21181 : ArcServe Discovery SERVICEPC Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21179 : ISS SMB Parsing Heap Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21135 : HTTP Macromedia JRun Dotcfm File Disc | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21138 : OS X Apple File Print Remote Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21137 : HTTP MS IIS Chunk Encoding Heap Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21124 : HTTP MS JET DB Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20986 : AOL IM AwayMsg Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20978 : HTTP MS IE DHTML Edit Ctrl Attack | Sub Rule | General Attack Activity | Attack | |
| VMID 20980 : MS RPC License Logging CodeExec | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20974 : RealNetwork Helix Transport Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20973 : RTSP RPlayer Helix LongMeth URI Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20971 : IMAP Server Login Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20962 : HTTP MS Word HyperlinkExt Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20833 : Veritas Backup Exec Hostname Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20752 : HTTP PHPBB URL Decode SQL Injection | Sub Rule | SQL Injection | Attack | |
| VMID 20727 : MS WINS Replication Proto Rmt Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20726 : HTTP MS Visual Studio RAD Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20678 : HTTP MS IE Malf. IFRAME/EMBED Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20645 : HTTP MS IE Instl Eng Ctl Heap Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20640 : HTTP NNTP XPAT Cmd Query Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20648 : MS RPC Network DDE Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 22888 : HTTP MS GDI JPEG Integer Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20637 : SMB MS Windows GDI+ JPEG Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20621 : MS Windows H.323 Bflo -2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20620 : MS Windows H.323 Bflo -1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20617 : MS SQL Copyscript Distributor Exec | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20631 : MSRPC Malicious LSASS DS Req Bflo -2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20615 : MSRPC Malicious LSASS DS Req Bflo -1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20533 : MS SQL PacketResolution DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20532 : MS SQL LongRequest Hello Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20530 : SSH CRC-32 Bflo Undary Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20528 : DNS NXT Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20526 : FTP AIX Remote Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20522 : POP2 UW Anonymous Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20494 : HTTP MS FPcount Bflo Attempt | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20488 : HTTP Netscape Clnt Overflow Shellcode | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20363 : MIRC Nickname Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20624 : MS RPCSS Attack-3 | Sub Rule | General Attack Activity | Attack | |
| VMID 20386 : MS RPCSS Attack-2 | Sub Rule | General Attack Activity | Attack | |
| VMID 20380 : HTTP MS FrontPage Remote Debug Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20421 : MS ASN1 Integer Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20418 : NetBIOS MS Locator Service Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20413 : Welchia Locator Service Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20399 : MS Win9x IE5/Telnet Heap Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20444 : MS RPC LSASS DS Oversized Request UDP | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20443 : MS RPC LSASS DS Oversized Request TCP | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20437 : HTTP IIS ISAPI Printer Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20445 : MS RPCSS Attack UDP | Sub Rule | General Attack Activity | Attack | |
| VMID 20390 : MSRPC DCOM RPC Bflo -5 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20388 : MSRPC DCOM RPC Bflo -4 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20387 : MSRPC DCOM RPC Bflo -3 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20385 : MSRPC DCOM RPC Bflo -2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20384 : MSRPC DCOM RPC Bflo -1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20448 : MS IIS PCT SSL Exploit Attempt | Sub Rule | General Attack Activity | Attack | |
| VMID 21185 : HTTP SMTP NTLM ASN1 Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21141 : HTTP MS IIS NTLM ASN1 Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20409 : MS ASN1 Integer Overflow TCP | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20408 : MS ASN1 Integer Overflow UDP | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20395 : MSRPC DCOM RPC Heap Bflo -2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20393 : MSRPC DCOM RPC Heap Bflo -1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20434 : BFTP SITE CHOWN Bflo -2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20433 : BFTP SITE CHOWN Bflo -1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20432 : FTP CreateDirectory Bflo -2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20431 : FTP CreateDirectory Bflo -1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20428 : HTTP IIS Welchia WebDAV SEARCH Bflo-2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20427 : HTTP IIS Welchia WebDAV SEARCH Bflo-1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20426 : HTTP IIS HTR ISAPI Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20425 : WuFTPd Realpath Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20059 : MS UPnP NOTIFY Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20057 : HTTP Knox Arkeia Rmt Stack Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20083 : MySQL Password Table Change | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20056 : Red Hat PXE Server Remote Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20626 : MS RPC Workstation Service Bflo (UDP) | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20625 : MS RPC Workstation Service Bflo (TCP) | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20354 : HTTP MS Media Services Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21204 : Veritas Backup Exec Agent Auth Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21203 : Veritas Backup Exec Agent DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21116 : HTTP Negative Content Length | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20903 : FTP Generic Command Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20339 : ICQ Guestbook DoS Long Name | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20091 : NetBIOS MS Messenger Service Bflo TCP | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20090 : NetBIOS MS Messenger Service Bflo UDP | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20055 : Kerio Remote Auth Bflo UDP | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20054 : Kerio Remote Auth Bflo TCP | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20053 : NTPD Field Value Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20066 : HTTP Cisco 2GB Integer Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20050 : Oracle XDB FTP Bflo -2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20049 : Oracle XDB FTP Bflo -1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20351 : HTTP MDAC Component Query Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20348 : HTML WinHelp Item Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20338 : HTTP PHP CGI Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20001 : DNS Tsig Bflo -2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20000 : DNS Tsig Bflo -1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20004 : WuFTPd Heap Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20330 : HTTP IIS ISAPI Extension Code Red | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20070 : SMB Trans2Open Overflow-2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20069 : SMB Trans2Open Overflow-1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20326 : HTTP IIS Webdav Exploit | Sub Rule | General Attack Activity | Attack | |
| VMID 20068 : SMB Request Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20084 : SSH BSD Auth Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20324 : HTTP Chnkd Encd Negative Length Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20006 : FTP MKD Stack Overflow | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20038 : Remote BinLogin Bflo 2 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20037 : Remote BinLogin Bflo 1 | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21545 : SMB Guest Login | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 21614 : P2P Mute Usage | Sub Rule | P2P Activity | Misuse | |
| VMID 21604 : P2P Manolito Client Usage | Sub Rule | P2P Activity | Misuse | |
| VMID 21598 : P2P SoulSeek Usage | Sub Rule | P2P Activity | Misuse | |
| VMID 21595 : P2P Peercast Application | Sub Rule | P2P Activity | Misuse | |
| VMID 21594 : P2P OpenFT File Request | Sub Rule | P2P Activity | Misuse | |
| VMID 21593 : P2P Fasttrack Network Ping Messages | Sub Rule | P2P Activity | Misuse | |
| VMID 21592 : P2P Edonkey Start Upload Request | Sub Rule | P2P Activity | Misuse | |
| VMID 21590 : P2P Edonkey Ping Message | Sub Rule | P2P Activity | Misuse | |
| VMID 21589 : P2P Overnet Search Request UDP | Sub Rule | P2P Activity | Misuse | |
| VMID 21587 : P2P DirectConnect Application | Sub Rule | P2P Activity | Misuse | |
| VMID 21586 : P2P Ares Client Connection | Sub Rule | P2P Activity | Misuse | |
| VMID 21207 : Skype Requesting Updates-2 | Sub Rule | P2P Activity | Misuse | |
| VMID 21206 : Skype Requesting Updates-1 | Sub Rule | P2P Activity | Misuse | |
| VMID 20567 : P2P BitTorrent Request | Sub Rule | P2P Activity | Misuse | |
| VMID 20566 : P2P BitTorrent Activity | Sub Rule | P2P Activity | Misuse | |
| VMID 20562 : P2P Blubster Download Setup | Sub Rule | P2P Activity | Misuse | |
| VMID 20568 : P2P Gnutella File Request | Sub Rule | P2P Activity | Misuse | |
| VMID 20561 : P2P Gnutella Connection | Sub Rule | P2P Activity | Misuse | |
| VMID 20560 : P2P Gnutella Bearshare Connection | Sub Rule | P2P Activity | Misuse | |
| VMID 20559 : P2P Gnutella Morpheus Connection | Sub Rule | P2P Activity | Misuse | |
| VMID 20569 : Kazaa File Request | Sub Rule | P2P Activity | Misuse | |
| VMID 20558 : P2P Kazaa Connection | Sub Rule | P2P Activity | Misuse | |
| VMID 20557 : Emule File Traffic Detected | Sub Rule | P2P Activity | Misuse | |
| VMID 20556 : P2P EMule Hello | Sub Rule | P2P Activity | Misuse | |
| VMID 20654 : VNC Login Success | Sub Rule | User Logon | Authentication Success | |
| VMID 20653 : VNC Server Banner | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 20594 : NetBIOS User Session Enumeration | Sub Rule | Reconnaissance Activity | Reconnaissance | |
| VMID 20593 : NetBIOS User Enumeration | Sub Rule | Reconnaissance Activity | Reconnaissance | |
| VMID 20592 : NetBIOS Transport Enumeration | Sub Rule | Reconnaissance Activity | Reconnaissance | |
| VMID 20591 : NetBIOS Share Enumeration | Sub Rule | Reconnaissance Activity | Reconnaissance | |
| VMID 20590 : NetBIOS Service Enumeration | Sub Rule | Reconnaissance Activity | Reconnaissance | |
| VMID 20589 : NetBIOS Registry Enumeration | Sub Rule | Reconnaissance Activity | Reconnaissance | |
| VMID 20588 : NetBIOS NBStat Query | Sub Rule | Reconnaissance Activity | Reconnaissance | |
| VMID 20587 : NetBIOS NBName Query | Sub Rule | Reconnaissance Activity | Reconnaissance | |
| VMID 20586 : NetBIOS Group Enumeration | Sub Rule | Reconnaissance Activity | Reconnaissance | |
| VMID 20585 : NetBIOS Disk Enumeration | Sub Rule | Reconnaissance Activity | Reconnaissance | |
| VMID 20584 : NetBIOS Date And Time Enumeration | Sub Rule | Reconnaissance Activity | Reconnaissance | |
| VMID 20602 : Quake 3 Connection | Sub Rule | Game Activity | Misuse | |
| VMID 20502 : SNMP Default Community Name Access | Sub Rule | Vuln Medium Severity : General | Vulnerability | |
| VMID 20471 : IRC Private Message Command | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20469 : IRC DCC Private Message Chat Cmd | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20465 : IRC Notice DCC Chat Command | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20467 : IRC Private Message DCC Send Cmd | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20463 : IRC Notice DCC Send Command | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20459 : IRC USER Command | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20457 : IRC NICK Command | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20455 : IRC JOIN Command | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20461 : IRC Notice Command | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 21600 : QQ IM Login Packet | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 21599 : TOC (AOL) IM Usage | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 21597 : AIM ICQ Request (OSCAR) | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 21596 : Jabber IM Client Connection | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 21130 : AOL IM Login | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20565 : AOL IM Message Received | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20564 : AOL IM Message Sent | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20570 : Yahoo! Conference Login | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20571 : Yahoo! Ping | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20553 : Yahoo! IM Activity | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20552 : Yahoo! IM Login | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20551 : Yahoo! IM File Transfer | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20550 : Yahoo! IM Conference Invite | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 21300 : HTTP MSN Messenger Login | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 20015 : MSN Messenger Login Attempt | Sub Rule | IM/Chat Activity | Misuse | |
| VMID 21273 : Telnet SoftEther VPN Software | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 20442 : Witty Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20634 : W32 Nimda Share Propagation 2 | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20435 : Nimda Worm E | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20436 : Nimda Worm A | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20094 : Sobig F Worm Master Probe | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20024 : Nebiwo Worm Propagation-3 | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20023 : Nebiwo Worm Propagation-2 | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20022 : Nebiwo Worm Propagation-1 | Sub Rule | Detected Worm Activity | Malware | |
| VMID 21602 : W32 Polip Gnutella Communication | Sub Rule | Detected Malware Activity | Malware | |
| VMID 21601 : W32 Polip Backdoor Communication | Sub Rule | Detected Backdoor Activity | Malware | |
| VMID 21651 : Trojan Barok Infostealing Activity | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20113 : Mybabypic Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20112 : Yaha Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20111 : Sircam Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20110 : Mylife J Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20109 : Lirva C Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20108 : Klez H Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20107 : Goner A Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20106 : Frethem L Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20105 : Brid A Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20104 : Aliz Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20103 : Alcarys Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20102 : Shoho Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20101 : Redesi B Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20100 : Maldal C Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20099 : Apost Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20077 : Dumaru Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 21658 : HTTP WMP Malformed PNG Handling Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21516 : HTTP MS XP HCP URI Handler Abuse | Sub Rule | General Attack Activity | Attack | |
| VMID 21421 : HTTP MS IE Dbl Backslash Local Zone | Sub Rule | General Attack Activity | Attack | |
| VMID 21420 : HTTP MS IE Dbl Backslash CHM | Sub Rule | General Attack Activity | Attack | |
| VMID 20644 : HTTP MS IE EXE In IMG Code Execution | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 20020 : NetBIOS RFPoison DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20609 : MS RPC WinNuke DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21316 : HTTP MS IE Style Tag Cmt Mem Crptn | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21514 : HTTP MS IE DHTML AnchorClick DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21802 : SMB Server Transaction Name Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21724 : HTTP NullSoft Winamp M3U Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21511 : HTTP Mozilla Firefox IFRAME DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21508 : MSRPC PnP GetDeviceList DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21424 : HTTP MS IE MSWebDVD Object DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21423 : HTTP MS IE Macromedia Flash DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21422 : HTTP MS IE Object Element Data DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21262 : MS RDP Terminal Service DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21256 : MS SQL Server 7.0 Remote DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21230 : HTTP Cobalt RAQ Service.cgi Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21190 : Outlook Express LIST Newsgroup Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21099 : HTTP MS IIS FTP Wildcard DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21006 : SMTP Domino Mail Loop DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20909 : Trend Micro Viruswall Catinfo Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20630 : HTTP MS MediaPlayer Skin File Code | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20604 : HTTP IIS WebDAV PROPFIND | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20583 : Snork DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20519 : HTTP CF GetTempDirectory Attempt | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20495 : FTP MS IIS Status DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20359 : HTTP Cisco VoIP DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20447 : MS SSL Library DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20397 : RPC DCOM GetClassObject DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20381 : HTTP MS FrontPage SmartHTML DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20051 : Oracle TNS Listener DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20048 : RAS PPTP Malformed Ctrl Packet DoS | Sub Rule | Malformed Object | Suspicious | |
| VMID 20349 : HTTP IIS %2E DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20025 : NetBIOS RFParalyze DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20026 : NetBIOS NT Winlogon DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20073 : SMTP EXPN Vintra DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 20337 : HTTP MS IIS ExAir Search DoS | Sub Rule | Host Denial Of Service | Denial Of Service | |
| VMID 21458 : Kazaa Sig2Dat Protocol Code Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21238 : Google Desktop Search Remote XSS | Sub Rule | Cross-Site Scripting | Attack | |
| VMID 21703 : MSIE FTP URI Arbitrary Cmd Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21317 : HTTP MS IE MData Foreign Dom Spoofing | Sub Rule | Spoofing Activity | Attack | |
| VMID 21239 : Google Tlbr About.HTML HTML Injection | Sub Rule | General Attack Activity | Attack | |
| VMID 21202 : HTTP MS OWC Local File Disclosure | Sub Rule | General Attack Activity | Attack | |
| VMID 21139 : OS X Help Remote Code Execution | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 20965 : HTTP Windows Sharepoint Svc Spoofing | Sub Rule | Spoofing Activity | Attack | |
| VMID 20043 : DDOS Trin00 MasterRemote Int PW | Sub Rule | Host Distributed Denial Of Service | Denial Of Service | |
| VMID 20042 : DDOS Trin00 MasterDaemon Default PW | Sub Rule | Host Distributed Denial Of Service | Denial Of Service | |
| VMID 21555 : HTTP Windows Media Player BMP Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21008 : SMTP Domino SMTP ENVID Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21571 : HTTP MSIE Action Script Handler Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20581 : HTML HR Align Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20555 : AOL IM External App Request Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20554 : AOL IM Game Request Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20537 : HTTP MS IFRAME JOB Share Redirect | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20093 : Telnet TTYPROMPT Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20081 : MS SQL Stack Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20712 : R(X)Bot Clone Commands | Sub Rule | Detected Botnet Activity | Malware | |
| VMID 20711 : R(X)Bot Nick And Kill Thread Commands | Sub Rule | Detected Botnet Activity | Malware | |
| VMID 20708 : R(X)Bot DDOS Commands | Sub Rule | Host Distributed Denial Of Service | Denial Of Service | |
| VMID 20682 : R(X)BOT Bot Scan Commands | Sub Rule | Detected Botnet Activity | Malware | |
| VMID 20681 : R(X)BOT Advanced-Scan Commands | Sub Rule | Detected Botnet Activity | Malware | |
| VMID 20680 : R(X)BOT Keylog Commands | Sub Rule | Detected Keylogger Activity | Malware | |
| VMID 20679 : R(X)BOT Videocapture Commands | Sub Rule | Detected Botnet Activity | Malware | |
| VMID 20880 : HTTP BD BugBear | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20402 : W32 Beagle A Worm Backdoor | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20401 : MyDoom A Worm Code Execution | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20400 : MyDoom A Worm Proxy | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20429 : MyDoom F Backdoor Worm Detection | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20098 : Blaster Worm UDP TFTP Backdoor | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20097 : Blaster Worm TCP TFTP Backdoor | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20088 : Deloder Worm Infection | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20885 : BD CDK | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20601 : BD WinRAT 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20600 : BD Ultimate RAT 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20599 : BD Remote Explorer 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20575 : BD Hack-A-Tack | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20595 : BD Acid Battery | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20322 : BD WinRAT 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20321 : BD School Bus 1.6 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20320 : BD Psychward | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20319 : BD OOTLT | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20318 : BD Osiris 2.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20206 : BD NetTrash 1.01 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20317 : BD NetTrash 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20316 : BD NetBus Pro 2.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20315 : BD Net Metropolitan 1.04 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20314 : BD Net Metropolitan 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20313 : BD Mosuck 2.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20312 : BD Mosucker 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20311 : BD Mosuck 1.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20310 : BD Mini Asylum 1.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20308 : BD Lithium 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20305 : BD Kuang 2.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20304 : BD Konik 0.6b | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20303 : BD Hydroleak | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20302 : BD Glacier 2.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20301 : BD Frenzy 2000 3.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20300 : BD Fore 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20299 : BD File Nail | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20298 : BD Donald Dick 1.52 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20297 : BD DeltaSource 0.7 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20296 : BD Chupacabra | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20295 : BD CGI BioNet 2.6.1a | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20294 : BD Bugs | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20293 : BD DTR 1.4.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20291 : BD Wow 23 0.3 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20290 : BD War Trojan | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20289 : BD Ripperz Controller 1.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20288 : BD Remote Process Monitor 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20287 : BD Private Port 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20286 : BD One 0.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20285 : BD NokNok 6.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20284 : BD Nirvana 1.99 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20283 : BD Nirvana 1.95 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20282 : BD Nirvana 1.94 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20281 : BD New Silencer | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20280 : BD Netcontroller | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20279 : BD Last 2000 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20278 : BD Executor | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20277 : BD Dolly 2.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20276 : BD Dolly 1.6 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20275 : BD Cyn 1.0.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20274 : BD Black Angel 1.3 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20273 : BD Bigorna 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20272 : BD Balsitix | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20271 : BD BackConstruction 2.5 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20270 : BD BackConstruction 2.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20269 : BD BackConstruction 1.5 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20268 : BD BackConstruction 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20267 : BD Asylum | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20266 : BD YAT 3.01 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20265 : BD YAT 2.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20264 : BD Y3K RAT 1.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20263 : BD Xlog 2.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20262 : BD Xanadu 1.11 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20261 : BD Xanadu 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20260 : BD Windows Mite 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20259 : BD WinCrash 2.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20258 : BD WinCrash 1.03 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20256 : BD Voodoo Doll | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20255 : BD Vampire 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20254 : BD Vagr Nocker 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20253 : BD Uploader | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20252 : BD Undetected 3.3 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20251 : BD Undetected 2.3 SE | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20250 : BD Ultors | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20249 : BD Ullysse | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20248 : BD Truva 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20247 : BD Tron | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20246 : BD Trojan Spirit 2001 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20245 : BD Trojan Cow 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20244 : BD TransScout 1.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20243 : BD Thing 1.6 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20242 : BD Thing 1.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20241 : BD The Unexplained 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20240 : BD The Flu | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20239 : BD Tcc Trojan 0.90 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20238 : BD SchneckenKorn | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20237 : BD Scarab 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20236 : BD Satan 2.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20235 : BD RUX The Tick 4.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20234 : BD Ruler 1.41 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20233 : BD Revenger 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20174 : BD Remote Revise 1.5 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20232 : BD Remote Revise 1.15 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20231 : BD Remote Revise 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20230 : BD Remote Hack 1.3 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20229 : BD Remote Hack 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20228 : BD Remote Boot Tool 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20227 : BD RatHead 2.01 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20226 : BD R3C | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20225 : BD R0xr4t 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20224 : BD Qwertos RAT 0.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20223 : BD Psychward 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20222 : BD Prosiak 0.65 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20221 : BD Prosiak 0.47 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20220 : BD Project Next 0.5.3 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20219 : BD Progenic Trojan 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20218 : BD Priority | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20217 : BD Prayer 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20216 : BD Pitfall Surprise | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20215 : BD Pitfall | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20214 : BD Phoenix 1.28 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20213 : BD Phase Zero 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20212 : BD Pest 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20211 : BD PC Invader 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20210 : BD PC Invader 0.5 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20209 : BD Oxon 1.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20208 : BD Optix Pro 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20205 : BD Oblivion 0.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20204 : BD NoSecure 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20203 : BD NokNok 7.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20202 : BD NokNok 5.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20201 : BD Network Terrorist 1.31 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20200 : BD NetTaxi 1.8 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20199 : BD NetSphere 1.27 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20198 : BD Net Spy 2.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20197 : BD Net Raider 0.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20196 : BD Net Devil 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20195 : BD Net Administrator 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20194 : BD Moon Pie 3.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20193 : BD Moon Pie 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20192 : BD MNEAH Trojan 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20191 : BD Mini Oblivion 0.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20190 : BD Millenium 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20189 : BD Microspy 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20188 : BD Michal 5.00 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20187 : BD Meet The Lamer 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20186 : BD Mavericks Matrix 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20185 : BD Massaker 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20184 : BD Mantis 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20183 : BD M2 Trojan 1.25 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20182 : BD Leszcz 5.5 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20181 : BD Le Guardien 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20180 : BD Latinus 1.3 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20179 : BD Latinus 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20178 : BD Kid Terror 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20177 : BD Intruzzo | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20176 : BD Intruder 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20175 : BD Internalrevise 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20173 : BD Insane 5.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20172 : BD Insane 4.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20171 : BD Infra Trojan | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20170 : BD Infector 1.4 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20169 : BD Infector 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20168 : BD InCommand 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20167 : BD Host Control 2.5 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20166 : BD Hellz Addiction 1.20e | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20165 : BD Hackers World 2.0.3 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20164 : BD G-Spot Tight 1.5 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20163 : BD GirlFriend 1.3 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20162 : BD Gift 2.5 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20161 : BD Ghost 2.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20160 : BD Gate Crasher 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20159 : BD Frenzy 1.0.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20158 : BD Forced Entry 1.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20157 : BD F-Backdoor 0.8 | Sub Rule | Detected Backdoor Activity | Malware | |
| VMID 20156 : BD Exploiter 1.0 | Sub Rule | General Attack Activity | Attack | |
| VMID 20154 : BD Eclypse 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20153 : BD Duddie | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20152 : BD Duddie 3.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20151 : BD Duddie 3.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20150 : BD Duddie 2.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20149 : BD Drat 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20148 : BD Dolly 1.7 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20147 : BD Dolly 1.5 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20146 : BD Digital Rootbeer | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20145 : BD DFch 1b1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20144 : BD Dark Connection 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20143 : BD Danton 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20142 : BD Crazzynet | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20141 : BD Crack Down 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20140 : BD Connection | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20139 : BD CGI BioNet 0.84 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20138 : BD Cero B1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20137 : BD Celine | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20136 : BD CAFEiN 0.8 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20135 : BD Buttman 0.9 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20134 : BD Buschtrommel 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20133 : BD Breach Pro | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20132 : BD Breach 4.5 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20131 : BD Blazer5 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20130 : BD Blade Runner 0.80a | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20129 : BD Blaaaaa 2.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20128 : BD BDDT | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20127 : BD Basic Hell 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20126 : BD Backdoor 2.0.2 | Sub Rule | Detected Backdoor Activity | Malware | |
| VMID 20125 : BD Backdoor 2.0.1 | Sub Rule | Detected Backdoor Activity | Malware | |
| VMID 20124 : BD Backage 3.1.1 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20123 : BD B.F Evolution | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20122 : BD AOL Admin | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20121 : BD Amanda | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20120 : BD Alvgus | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20118 : BD DeepThroat Client Activity | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20119 : BD NetBus Activity | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20763 : Septic Worm Infection Notification | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20767 : ElSpy Worm Are_U Req Response | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20766 : ElSpy Worm Infection Notification | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20773 : LOA Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20772 : Azaco Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20771 : Lucky Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20769 : Claw Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20768 : ElSpy Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20765 : Life Stages Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20764 : Pr0n Worm Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20706 : W32 Beagle Backdoor Auth. String | Sub Rule | Detected Backdoor Activity | Malware | |
| VMID 20531 : BD Lovgate Commands | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20403 : W32 Beagle B Worm Backdoor | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20021 : BugBear B Worm FileShare Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20309 : BD Masters Of Paradise | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20307 : BD Latinus 1.4 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20306 : BD Latinus 1.2 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20292 : BD Y3K RAT 1.6 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20076 : BugBear B Worm SMTP Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20087 : Fizzer Worm Propagation (UDP) | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20086 : Fizzer Worm Propagation (TCP) | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20074 : Fizzer Worm SMTP Propagation | Sub Rule | Detected Worm Activity | Malware | |
| VMID 20116 : BD BackOrifice Activity | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20762 : BackOrifice Speakeasy Trojan Activity | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20632 : BD BackOrifice 2000 UDP Activity | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20115 : BD BackOrifice 2000 Activity | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20714 : SpyBot Spy Commands | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20713 : SpyBot Keylogger Commands | Sub Rule | Detected Keylogger Activity | Malware | |
| VMID 20731 : Gaobot P2P Listener Hello | Sub Rule | Possible Botnet Activity | Malware | |
| VMID 20728 : Gaobot P2P Client Hello | Sub Rule | Possible Botnet Activity | Malware | |
| VMID 20667 : Gaobot Bot Logout Command | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20666 : Gaobot Generic Bot Commands | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20665 : Gaobot Variable Config Commands | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20664 : Gaobot Harvest Mail And Keys Command | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20663 : Gaobot Autostart And Service Commands | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20662 : Phatbot OS Shutdown Commands | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20661 : Gaobot Redirect Commands | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20660 : Phatbot Process Control Commands | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20659 : Gaobot DDOS Commands | Sub Rule | Host Distributed Denial Of Service | Denial Of Service | |
| VMID 20658 : Phatbot Scan Commands | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 21049 : Backdoor X ZT00 Ver 1.0 | Sub Rule | Detected Backdoor Activity | Malware | |
| VMID 21048 : BD IIlusion 1.0 | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 21047 : Backdoor MoSucker 3.0 | Sub Rule | Detected Backdoor Activity | Malware | |
| VMID 21046 : BD Guptachar | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 21044 : BD BioNet 4.00.03 BE S | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 21043 : Backdoor C.I.A | Sub Rule | Detected Backdoor Activity | Malware | |
| VMID 20760 : HTTP MS IE Help CTRL LZ Bypass | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 20618 : HTTP JJ Sample CGI Cmd Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21743 : HTTP Firefox DOM Override Code Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21584 : HTTP MDAC RDS Dataspace Code Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21583 : HTTP MS FrontPage Server Ext. XSS | Sub Rule | Cross-Site Scripting | Attack | |
| VMID 21653 : HTTP CSS Domain/Zone Info Disclosure | Sub Rule | General Attack Activity | Attack | |
| VMID 21655 : HTTP ASP.NET App Folder Info Disc | Sub Rule | General Attack Activity | Attack | |
| VMID 21657 : HTTP MSIE Multi Style Tags Code Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21656 : HTTP MovieMaker ComObj CodeExec CLSID | Sub Rule | General Attack Activity | Attack | |
| VMID 21665 : HTTP MovieMaker ComObj CodeExec | Sub Rule | General Attack Activity | Attack | |
| VMID 21690 : HTTP MS Excel XLW 4.0 WkBk CodeExec | Sub Rule | General Attack Activity | Attack | |
| VMID 21708 : HTTP DirectAnim ComObj CodeExec | Sub Rule | General Attack Activity | Attack | |
| VMID 21707 : HTTP DirectAnim ComObj CodeExec CLSID | Sub Rule | General Attack Activity | Attack | |
| VMID 21670 : HTTP MSIE ITS Protocol Zone Bypass | Sub Rule | General Attack Activity | Attack | |
| VMID 21641 : RealVNC NULL Auth Bypass Attempt | Sub Rule | General Attack Activity | Attack | |
| VMID 21585 : HTTP Sygate Policy Mgr SQL Injection | Sub Rule | SQL Injection | Attack | |
| VMID 21581 : Sendmail Async Handler Rmt Code Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21580 : HTTP MSIE CreateTextRange Code Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21537 : HTTP RPlayer Error Msg Format String | Sub Rule | General Attack Activity | Attack | |
| VMID 21526 : HTTP MS Windows WMF Code Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21513 : HTTP MS IE GetObject File Disclosure | Sub Rule | General Attack Activity | Attack | |
| VMID 21510 : HTTP MSIE JvScrpt OnLoad Rte CodeExec | Sub Rule | General Attack Activity | Attack | |
| VMID 21501 : SalesLogix File Upload Dir. Traversal | Sub Rule | Directory Traversal | Attack | |
| VMID 21500 : HTTP SalesLogix SQL Injection | Sub Rule | SQL Injection | Attack | |
| VMID 21496 : WinMail Directory Traversal | Sub Rule | Directory Traversal | Attack | |
| VMID 21457 : Firefox Favicon Link Tag Code Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21318 : HTML Domain NM Bflo (Milw0rm Exploit) | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21315 : HTTP MS IE MMS Proto Hndlr Cmd Inj | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21313 : HTTP MS IE HHCtrl ActX XDom Scripting | Sub Rule | General Attack Activity | Attack | |
| VMID 21310 : HTTP Firefox PLUGINSPAGE Remote Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21304 : HTML Domain Name Bflo (PoC) | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21296 : HP OpenView Remote Command Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21290 : HTTP MS IE MSdds.dll Code Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 21286 : HTTP Firefox Unauth Clipboard Disc | Sub Rule | General Attack Activity | Attack | |
| VMID 21280 : HTTP MS Media Player Attr Corrupt | Sub Rule | General Attack Activity | Attack | |
| VMID 21266 : Veritas Backup Exec Arb. File Dnld | Sub Rule | General Attack Activity | Attack | |
| VMID 21253 : Shoutcast Remote Format String | Sub Rule | General Attack Activity | Attack | |
| VMID 21233 : HTTP Oracle 9IAS PL/SQL Dir Trav. | Sub Rule | Directory Traversal | Attack | |
| VMID 21213 : HTTP MS Javaprxy DLL Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 21210 : HTTP MS IE FTP Proto Hndlr Loc File | Sub Rule | General Attack Activity | Attack | |
| VMID 21158 : HTTP IIS HTW Cross Site Scripting | Sub Rule | Cross-Site Scripting | Attack | |
| VMID 21132 : HTTP MS Windows MSHTA Shell Execution | Sub Rule | General Attack Activity | Attack | |
| VMID 20733 : HTTP MS FrontPage Dvwssr.dll Request | Sub Rule | General Attack Activity | Attack | |
| VMID 20704 : HTTP MS Shell File Dnld Ext. Misrep. | Sub Rule | General Attack Activity | Attack | |
| VMID 20716 : HTTP Crystal Rpts Form Viewer Trv | Sub Rule | General Attack Activity | Attack | |
| VMID 20607 : HTTP Hylafax Faxsurvey Remote PW Acc | Sub Rule | General Attack Activity | Attack | |
| VMID 20606 : HTTP MS JET DB Engine DSN Hack | Sub Rule | General Attack Activity | Attack | |
| VMID 20578 : HTTP IIS ISAPI Enumeration | Sub Rule | General Attack Activity | Attack | |
| VMID 20539 : HTTP MS IE ADODB Stream SavetoFile | Sub Rule | General Attack Activity | Attack | |
| VMID 20536 : HTTP MS Showhelp CHM Download Attempt | Sub Rule | General Attack Activity | Attack | |
| VMID 20535 : HTTP MS IE CHM Cross-Domain Redirect | Sub Rule | General Attack Activity | Attack | |
| VMID 20529 : HTTP PHP Nuke ConfigFile Request | Sub Rule | General Attack Activity | Attack | |
| VMID 20525 : Linux LPRng Format String Root | Sub Rule | General Attack Activity | Attack | |
| VMID 20521 : HTTP SGI InfoSearch Fname Exec | Sub Rule | General Attack Activity | Attack | |
| VMID 20520 : HTTP Novell CGI Convert Request | Sub Rule | General Attack Activity | Attack | |
| VMID 20518 : HTTP WEBGais Remote Command Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 20516 : HTTP AltaVista DirTraversal | Sub Rule | Directory Traversal | Attack | |
| VMID 20504 : WuFTPd Site Exec Bflo | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 20501 : HTTP Lotus Domino Password Bypass | Sub Rule | General Attack Activity | Attack | |
| VMID 20500 : HTTP MS BizTalk DTA RemoteExec | Sub Rule | General Attack Activity | Attack | |
| VMID 20499 : HTTP MS IIS ASP DataSuffix Request | Sub Rule | General Attack Activity | Attack | |
| VMID 20498 : HTTP MS IE MIME IFRAME Exec | Sub Rule | General Attack Activity | Attack | |
| VMID 20493 : HTTP MS IIS Showcode ASP Request | Sub Rule | General Attack Activity | Attack | |
| VMID 20492 : HTTP MS IIS Newdsn CGI Request | Sub Rule | General Attack Activity | Attack | |
| VMID 20382 : HTTP IE Object Type Validation | Sub Rule | General Attack Activity | Attack | |
| VMID 20355 : HTTP Anaconda Directory Traversal | Sub Rule | Directory Traversal | Attack | |
| VMID 20423 : HTTP IIS CMDExecution Access (1) | Sub Rule | General Attack Activity | Attack | |
| VMID 20347 : HTTP Bdir.htr Path Disclosure | Sub Rule | General Attack Activity | Attack | |
| VMID 20341 : HTTP Cart32 Remote Admin PW | Sub Rule | General Attack Activity | Attack | |
| VMID 20344 : HTTP Htdig File Disclosure | Sub Rule | General Attack Activity | Attack | |
| VMID 20336 : HTTP MS IIS ASP Source Disclosure | Sub Rule | General Attack Activity | Attack | |
| VMID 20333 : HTTP FrontPage PWD Service Access | Sub Rule | General Attack Activity | Attack | |
| VMID 20332 : HTTP SCO Skunkware ViewSrc Traversal | Sub Rule | General Attack Activity | Attack | |
| VMID 20331 : HTTP Htgrep CGI File Access | Sub Rule | General Attack Activity | Attack | |
| VMID 20346 : HTTP MS IIS TranslateF Request | Sub Rule | General Attack Activity | Attack | |
| VMID 20328 : HTTP FormMail Cmd Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 20327 : HTTP Info2www CGI Command Exec | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 20080 : MS SQL Registry Manipulation | Sub Rule | General Attack Activity | Attack | |
| VMID 20079 : MS SQL Job Scheduling | Sub Rule | General Attack Activity | Attack | |
| VMID 21824 : HTTP Surfsidkick Info Upload | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21822 : HTTP RCPrograms Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21814 : HTTP WinBo Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21807 : HTTP CasinoClient Install Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21801 : HTTP SmartSearch Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21788 : HTTP Adware Bonzi Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21798 : HTTP Webprefix Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21796 : HTTP DollarRevenue Download Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21792 : HTTP FastSeek Download Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21785 : HTTP Ezula Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21780 : HTTP SystemProcess Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21777 : HTTP Director Download Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21774 : HTTP SmartDove Download Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21772 : HTTP MoneyGainer Download Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21771 : HTTP IEHlpr Info Download Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21769 : HTTP IEHlpr Register Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21768 : HTTP IEHlpr CCNNLC Update Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21765 : HTTP IEHlpr SmartAllyes Update Acty | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21763 : HTTP Umaxsearch Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21760 : HTTP BBSee Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21756 : HTTP Shorty Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21751 : HTTP MessStopper Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21748 : HTTP FreeScratchWin Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21746 : HTTP FIZZLE Config Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21664 : HTTP TAFbar Install Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21666 : HTTP UCMore Install Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21640 : HTTP OfferAgent Ad Popup Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21639 : HTTP OfferAgent Install Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21634 : HTTP Zeropopup Install Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21633 : HTTP Zuvio Install Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21632 : Alexa Installation Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21631 : Alexa User Info Tracking | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21630 : HTTP Adultlinks Install Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21629 : Adbars Search Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21627 : Adbars Install Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21616 : Adroar Update Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21615 : Adroar Install Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21613 : Adblock Update Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21612 : Adblock Redirect Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21611 : Adblock Install Download | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21605 : HTTP MatrixSearch Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21603 : HTTP MatrixSearch Instltn Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21591 : P2P Emule Kademlia Request | Sub Rule | P2P Activity | Misuse | |
| VMID 21566 : HTTP EasyWWW Install File Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21476 : WildMedia WinFetch Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21475 : Webrebate Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21472 : HTTP IGetNet Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21470 : Adlogix SetupFile Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21469 : Helpexpress SetupFile Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21465 : HTTP Mediaticket FileRequest Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21466 : P2PNetworking SetupFile Request | Sub Rule | P2P Activity | Misuse | |
| VMID 21456 : HTTP SideSearch Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21453 : HTTP TargetSaver Update Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21444 : LinkMaker Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21443 : HTTP Begin2Search Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21441 : FTP MemoryMeter DLL Download | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21438 : Favoriteman Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21416 : StatBlaster Update | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21415 : SafeSearch Redirection Attempt | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21414 : HTTP BroadcastPC Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21410 : Incredifind Redirect Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21408 : Ebates Moemoney Tracking Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21407 : Ebates Moemoney Popup Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21406 : HTTP CoolWebSearch Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21434 : Clearsearch Ping Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21433 : Clearsearch InstallFiles Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21432 : HTTP Clearsearch ControlInfo Transfer | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21429 : Look2ME Updates | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21428 : BlazeFind SetupFile Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21404 : HTTP Quadro Data Transfer | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21403 : Virtumonde Requesting DLL Files | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21402 : NewDotNet Redirecting Mistyped URL | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21401 : CWSIEFEATS Data Transfer | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21400 : IEFeats Data Transfer | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21383 : GameSpyArcade Requesting StatInfo | Sub Rule | Game Activity | Misuse | |
| VMID 21382 : Gamespyarcade Version Check | Sub Rule | Game Activity | Misuse | |
| VMID 21381 : NaviHelper Update Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21380 : NaviHelper Installation Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21378 : HTTP IEDriver Popup Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21377 : MedLoad InstallFile Download | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21376 : HTTP MedLoad OCX FileDownload | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21375 : MedLoad Logging Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21374 : ZangoSearch CLSID Reg. Subkey Install | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21371 : IPInsight StubConscorr Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21370 : IPInsight StubSentry Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21369 : BookedSpace Downloading Files | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21368 : HTTP BookedSpace Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21367 : Websearch Configuration Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21366 : Websearch Reporting Log Information | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21365 : WebSearch Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21364 : SuperSpider Hijack Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21362 : Envolo AutoUpdate Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21361 : Envolo Installation Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21359 : VirtualBouncer Update Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21360 : VirtualBouncer Installation Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21358 : Starware Update Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21357 : Starware Installation Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21356 : SurfSideKick AutoUpdate Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21355 : HTTP SurfSideKick Installation Acty | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21354 : Slagent Registry CLSID | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21353 : Slagent DLL Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21351 : ShopAtHome Agent Preferences | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21350 : ShopAtHome Agent Registration | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21349 : ShopAtHome Bundle Tracking | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21348 : ShopAtHome Agent Installation Acty | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21347 : PurityScan InfoTransfer Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21346 : PurityScan Notification Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21345 : PurityScan Installation Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21344 : HTTP Windupdate Mediapass Install | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21343 : Windupdates Mediapass Installer CLSID | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21342 : HTTP LOP Toolbar Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21341 : LOP Toolbar Update | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21340 : Elitebar Update Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21339 : Elitebar Control Information Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21336 : HTTP Dealhelper Downloading Data | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21335 : DAP Daptest Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21334 : Instafinder Requesting Configuration | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21333 : Instafinder Reporting Mistyped URL | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21332 : IEPlugin Activity | Sub Rule | Detected Adware Activity | Malware | |
| SID 21331 : IEPlugin DLL Download Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21330 : HTTP CommonName Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21384 : BargainBuddy Installation Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21326 : BargainBuddy Adv Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 21323 : AdDestroyer Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20816 : Ezula Upgrade And Version Check | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20780 : Hotbar Cookie Detected | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20779 : Hotbar PopUp Ads Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20778 : HTTP Hotbar Info Transfer PopUp | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20777 : Hotbar Updates Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20776 : Hotbar Temp And Toolbar Disp Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20775 : Hotbar Installation & Upgrade Activty | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20815 : GAIN Web Cookie | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20814 : GAIN Reporting Typed URL-2 | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20813 : GAIN Reporting Typed URL | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20812 : GAIN Website Visit Data Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20811 : GAIN Communication | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20810 : GAIN New Code Info Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20809 : HTTP Avres Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20808 : HTTP Delfin Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20807 : Delfin Definition File Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20806 : Delfin Ads Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20805 : ActiveSearch Search Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20802 : HTTP Cydoor Media Files Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20801 : NetOptimizer Agent Upload | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20800 : HTTP MyWay Configuration Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20799 : HTTP MyWay Buttons Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20798 : ISTBar Fav Menu Porn Site Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20797 : HTTP ISTBar Agent Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20796 : ISTBar Configuration Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20795 : Euniverse Thunderdownload Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20794 : Euniverse Thunderdownload Instltn | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20793 : HTTP Euniverse Keenvalue PopUp Req | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20792 : HTTP Euniverse KeenValue Info Tfr | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20791 : Euniverse Flowgo Ping Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20790 : HTTP Euniverse FlowGoBar Config Req | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20789 : 180Solutions Update | Sub Rule | Possible Adware Activity | Malware | |
| VMID 20788 : 180Solutions Requesting Action URL | Sub Rule | Possible Adware Activity | Malware | |
| VMID 20787 : 180Solutions Tracking Events | Sub Rule | Possible Adware Activity | Malware | |
| VMID 20786 : 180Solutions Requesting Ads | Sub Rule | Possible Adware Activity | Malware | |
| VMID 20785 : 180Solutions Requesting Keywords | Sub Rule | Possible Adware Activity | Malware | |
| VMID 20784 : HTTP 180Solutions Config Event | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20751 : HTTP BetterInternet Install Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20750 : HTTP BetterInternet Info Upload | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20749 : MXTarget Information Upload | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20782 : Topmoxie Recoding Downloads & Offers | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20781 : TopMoxie Requesting Build Files | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20774 : Hotbar Reports Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20748 : WhenU SearchBar Sidefinder Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20747 : WhenU Request For Offers | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20746 : WhenU Update Events | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20745 : WhenU Installation Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20744 : WhenU ClockSync WeatherCast Activity | Sub Rule | Detected Adware Activity | Malware | |
| VMID 20563 : Gator Request | Sub Rule | Detected Adware Activity | Malware | |
| VMID 23663 : HTTP Trojan Mebroot Request Detected | Sub Rule | Detected Trojan Activity | Malware | |
| VMID 23179 : MSRPC Server Service BO Detected | Sub Rule | Possible Malware Activity | Malware | |
| VMID 22980 : HTTP Fake Codec Request Detected | Sub Rule | Possible Malware Activity | Malware | |
| VMID 23615 : HTTPS Tidserv Request 2 Detected | Sub Rule | Possible Malware Activity | Malware | |
| VMID 24089 : Malicious Toolkit Website 9 | Sub Rule | Detected Malware Activity | Malware | |
| VMID 23471: OS Attack: Validate Provider Callback | Sub Rule | Vuln High Severity : Denial Of Service | Vulnerability | |
| VMID 25728 : Blackhole Toolkit Website 21 | Sub Rule | General Attack Activity | Attack | |
| VMID 10000 : Portscan Blocked | Sub Rule | Port Scan | Reconnaissance | |
| VMID 23113 : RPC MS Host Integration Server Block | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 24594 : Malicious Injected JS 2 Attack Block | Sub Rule | Failed Malware Activity | Failed Malware | |
| VMID 25238 : Misleading App Website Attack Block | Sub Rule | Suspicious Network Activity | Suspicious | |
| VMID 26493 : Red Exploit Kit Website2 Attack Block | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 27160 : Magnitd Explt Kt Website Attack Block | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 27222 : PUP/Adware/Fake App Dld Block | Sub Rule | Suspicious Network Activity | Suspicious | |
| VMID 27430 : Angler Exploit Kit Website Block | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 27517 : OpenSSL Heartbleed Block | Sub Rule | Failed Protocol Anomaly | Failed Attack | |
| VMID 27564 : Trojan.Zbot Download Request Block | Sub Rule | Failed Trojan Activity | Failed Malware | |
| VMID 27576 : Malicious File Download Block | Sub Rule | Failed Malware Activity | Failed Malware | |
| VMID 27608 : Fake Flash Update Download Block | Sub Rule | Failed Malware Activity | Failed Malware | |
| VMID 70029 : Exploit Toolkit Website Block | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 70094 : Internet Explorer Attack Block | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 22799 : Malicious Redirection | Sub Rule | Incorrect Message Direction | Error | |
| VMID 22809 : Heap Spray Attack Detected | Sub Rule | Detected Virus Activity | Malware | |
| VMID 22819 : Suspicious Image Executable | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 23620 : HTML Render JS Attack | Sub Rule | Potential Vulnerability Exploit Allowed | Activity | |
| VMID 23875 : Remote Code Execution Attack Blocked | Sub Rule | Remote File Inclusion | Attack | |
| VMID 26299 : Mass Injection Detected | Sub Rule | General Attack Activity | Attack | |
| VMID 26682 : Fake Tech Support Website | Sub Rule | Fake Hostname - Forward Lookup Doesn't Exist | Warning | |
| VMID 27959 : Server Hello Attack Detected | Sub Rule | General Attack Activity | Attack | |
| VMID 28173 : Malicious Advertisement | Sub Rule | Suspicious Network Activity | Suspicious | |
| VMID 28377 : Malicious JS Redirect | Sub Rule | General Attack Activity | Attack | |
| VMID 28625 : Malicious Advertisement | Sub Rule | Suspicious Network Activity | Suspicious | |
| VMID 28931 : System Infected Adware.Gen | Sub Rule | General Virus Infected Warning | Warning | |
| VMID 28973 : System Infected Adware.Gen | Sub Rule | General Virus Infected Warning | Warning | |
| VMID 29047 : WPScan Tool Attack | Sub Rule | General Attack Activity | Attack | |
| VMID 29071 : IIS Buffer Overflow Attack | Sub Rule | Buffer Overflow/Underflow | Attack | |
| VMID 29150 : Server Hello Attack Detected | Sub Rule | General Attack Activity | Attack | |
| VMID 29173 : Fake Tech Support Website | Sub Rule | Fake Hostname - Forward Lookup Doesn't Exist | Warning | |
| VMID 30740 : Drupal RCE CVE-2018-7600 | Sub Rule | General Attack Activity | Attack | |
| VMID 30716 : Fake Browser Update 8 | Sub Rule | General Attack Activity | Attack | |
| VMID 30711 : .git Directory Information Leak | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 30703 : .DS_Store Information Leak | Sub Rule | Suspicious Activity | Suspicious | |
| VMID 30701 : Malvertisement Website Redirect 28 | Sub Rule | General Attack Activity | Attack | |
| VMID 30671 : Mass Injection Website 48 | Sub Rule | General Attack Activity | Attack | |
| VMID 30646 : JSCoinminer Download 42 | Sub Rule | General Attack Activity | Attack | |
| VMID 30628 : Malicious Payload Upload 2 | Sub Rule | General Attack Activity | Attack | |
| VMID 30610 : JSCoinminer Download 34 | Sub Rule | General Attack Activity | Attack | |
| VMID 30605 : Malvertisement Website Redirect 20 | Sub Rule | General Attack Activity | Attack | |
| VMID 30596 : JSCoinminer Download 24 | Sub Rule | General Attack Activity | Attack | |
| VMID 30595 : Malicious Payload Upload | Sub Rule | General Attack Activity | Attack | |
| VMID 30589 : JSCoinminer Download 21 | Sub Rule | General Attack Activity | Attack | |
| VMID 30568 : Oracle WebLogic RCE CVE-2017-10271 | Sub Rule | General Attack Activity | Attack | |
| VMID 30562 : Fake Tech Support Website 181 | Sub Rule | General Attack Activity | Attack | |
| VMID 30492 : JSCoinminer Download 14 | Sub Rule | General Attack Activity | Attack | |
| VMID 30486 : Malicious Redirection 21 | Sub Rule | General Attack Activity | Attack | |
| VMID 30477 : Mass Injection Website 36 | Sub Rule | General Attack Activity | Attack | |
| VMID 30455 : Adware.Gen Activity 34 | Sub Rule | Host Compromised | Compromise | |
| VMID 30429 : SMB Bruteforce Attempt | Sub Rule | Brute Force Activity | Attack | |
| VMID 30415 : JSCoinminer Download 10 | Sub Rule | General Attack Activity | Attack | |
| VMID 30413 : Passwd File Download Attempt | Sub Rule | General Attack Activity | Attack | |
| VMID 30369 : Nessus Vulnerability Scanner Activity | Sub Rule | Unauthorized Program/Process | Misuse | |
| VMID 30358 : JSCoinminer Download 8 | Sub Rule | General Attack Activity | Attack | |
| VMID 30356 : JSCoinminer Download 6 | Sub Rule | General Attack Activity | Attack | |
| VMID 30355 : JSCoinminer Download | Sub Rule | General Attack Activity | Attack | |
| VMID 30353 : JSCoinminer Download 4 | Sub Rule | Unauthorized Program/Process | Misuse | |
| VMID 30352 : JSCoinminer Download 3 | Sub Rule | Unauthorized Program/Process | Misuse | |
| VMID 30341 : JSCoinminer Download 2 | Sub Rule | Unauthorized Program/Process | Misuse | |
| VMID 30285 : Masscan Scanner Request | Sub Rule | General Attack Activity | Attack | |
| VMID 30263 : MS SMB Remote Code Execution | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 30239 : Unimplemented Trans2 Subcommand | Sub Rule | Possible Backdoor Activity | Malware | |
| VMID 30226 : Nessus Vulnerability Scanner Activity | Sub Rule | General Attack Activity | Attack | |
| VMID 30186 : Malicious Scan Request | Sub Rule | General Attack Activity | Attack | |
| VMID 30104 : Malicious OGNL Expression Upload | Sub Rule | General Attack Activity | Attack | |
| VMID 30072 : Malvertisement Website Redirect 10 | Sub Rule | General Attack Activity | Attack | |
| VMID 30068 : PSExec Utility Activity | Sub Rule | Unauthorized Program/Process | Misuse | |
| VMID 30055 : Fake Tech Support Website 62 | Sub Rule | General Attack Activity | Attack | |
| VMID 30011 : SMB Validate Provider Callback | Sub Rule | General Attack Activity | Attack | |
| VMID 30005 : Netis Router Scan 2 | Sub Rule | General Attack Activity | Attack | |
| VMID 30003 : Dahua UnAuthorized Access Request | Sub Rule | General Attack Activity | Attack | |
| VMID 29972 : Apache Struts CVE-2017-5638 | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 29741 : Telnet Default Login Credentials | Sub Rule | General Attack Activity | Attack | |
| VMID 29626 : Network Weathermap Editor | Sub Rule | General Attack Activity | Attack | |
| VMID 29464 : Nessus Vulnerability Scanner Activity | Sub Rule | General Attack Activity | Attack | |
| VMID 29236 : D-Link Router Information Disclosure | Sub Rule | General Attack Activity | Attack | |
| VMID 29027 : Joomla Remote Code Execution | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 28898 : Mass Iframe Injection Website 21 | Sub Rule | General Attack Activity | Attack | |
| VMID 28821 : Mass Injection Website 19 | Sub Rule | General Attack Activity | Attack | |
| VMID 27921 : GNU Bash CVE-2014-6278 | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 27907 : GNU Bash CVE-2014-6271 | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 26704 : WP RevSlider/ShowBiz Security ByPass | Sub Rule | General Attack Activity | Attack | |
| VMID 25928 : ZeroAccess P2P Request | Sub Rule | Host Compromised | Compromise | |
| VMID 25651 : Malicious Toolkit Website 14 | Sub Rule | General Attack Activity | Attack | |
| VMID 25557 : Fake Scan Webpage 3 | Sub Rule | General Attack Activity | Attack | |
| VMID 24125 : Malicious Cookie Activity | Sub Rule | General Attack Activity | Attack | |
| VMID 23906 : TCP MODBUS Unauthorized Read Request | Sub Rule | General Attack Activity | Attack | |
| VMID 23816 : TCP ISO-SP AB Param Is Not User Data | Sub Rule | Bad Parameter | Information | |
| VMID 23815 : TCP ISO-SP DN Param Is Not User Data | Sub Rule | Bad Parameter | Information | |
| VMID 23814 : TCP ISO-SP FN Param Is Not User Data | Sub Rule | Bad Parameter | Information | |
| VMID 23812 : TCP ISO-SP Invalid CN Parameter Code | Sub Rule | Bad Parameter | Information | |
| VMID 30740 : Drupal RCE CVE-2018-7600 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30716 : Fake Browser Update 8 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30711 : .git Directory Information Leak | Sub Rule | Failed Suspicious Activity | Failed Suspicious | |
| VMID 30703 : .DS_Store Information Leak | Sub Rule | Failed Suspicious Activity | Failed Suspicious | |
| VMID 30701 : Malvertisement Website Redirect 28 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30671 : Mass Injection Website 48 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30646 : JSCoinminer Download 42 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30628 : Malicious Payload Upload 2 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30610 : JSCoinminer Download 34 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30605 : Malvertisement Website Redirect 20 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30596 : JSCoinminer Download 24 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30595 : Malicious Payload Upload | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30589 : JSCoinminer Download 21 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30568 : Oracle WebLogic RCE CVE-2017-10271 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30562 : Fake Tech Support Website 181 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30492 : JSCoinminer Download 14 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30486 : Malicious Redirection 21 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30477 : Mass Injection Website 36 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30455 : Adware.Gen Activity 34 | Sub Rule | Host Compromised | Compromise | |
| VMID 30429 : SMB Bruteforce Attempt | Sub Rule | Failed Brute Force Activity | Failed Attack | |
| VMID 30415 : JSCoinminer Download 10 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30413 : Passwd File Download Attempt | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30369 : Nessus Vulnerability Scanner Activity | Sub Rule | Unauthorized Program/Process | Misuse | |
| VMID 30358 : JSCoinminer Download 8 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30356 : JSCoinminer Download 6 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30355 : JSCoinminer Download | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30353 : JSCoinminer Download 4 | Sub Rule | Unauthorized Program/Process | Misuse | |
| VMID 30352 : JSCoinminer Download 3 | Sub Rule | Unauthorized Program/Process | Misuse | |
| VMID 30341 : JSCoinminer Download 2 | Sub Rule | Unauthorized Program/Process | Misuse | |
| VMID 30285 : Masscan Scanner Request | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30263 : MS SMB Remote Code Execution | Sub Rule | Failed Arbitrary Code Execution | Failed Attack | |
| VMID 30239 : Unimplemented Trans2 Subcommand | Sub Rule | Possible Backdoor Activity | Malware | |
| VMID 30226 : Nessus Vulnerability Scanner Activity | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30186 : Malicious Scan Request | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30104 : Malicious OGNL Expression Upload | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30072 : Malvertisement Website Redirect 10 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30068 : PSExec Utility Activity | Sub Rule | Unauthorized Program/Process | Misuse | |
| VMID 30055 : Fake Tech Support Website 62 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30011 : SMB Validate Provider Callback | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30005 : Netis Router Scan 2 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 30003 : Dahua UnAuthorized Access Request | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 29972 : Apache Struts CVE-2017-5638 | Sub Rule | Failed Arbitrary Code Execution | Failed Attack | |
| VMID 29741 : Telnet Default Login Credentials | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 29626 : Network Weathermap Editor | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 29464 : Nessus Vulnerability Scanner Activity | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 29236 : D-Link Router Information Disclosure | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 29027 : Joomla Remote Code Execution | Sub Rule | Failed Arbitrary Code Execution | Failed Attack | |
| VMID 28898 : Mass Iframe Injection Website 21 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 28821 : Mass Injection Website 19 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 27921 : GNU Bash CVE-2014-6278 | Sub Rule | Failed Arbitrary Code Execution | Failed Attack | |
| VMID 27907 : GNU Bash CVE-2014-6271 | Sub Rule | Failed Arbitrary Code Execution | Failed Attack | |
| VMID 26704 : WP RevSlider/ShowBiz Security ByPass | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 25928 : ZeroAccess P2P Request | Sub Rule | Host Compromised | Compromise | |
| VMID 25651 : Malicious Toolkit Website 14 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 25557 : Fake Scan Webpage 3 | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 24125 : Malicious Cookie Activity | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 23906 : TCP MODBUS Unauthorized Read Request | Sub Rule | Failed General Attack Activity | Failed Attack | |
| VMID 23816 : TCP ISO-SP AB Param Is Not User Data | Sub Rule | Traffic Denied by DLP | Network Deny | |
| VMID 23815 : TCP ISO-SP DN Param Is Not User Data | Sub Rule | Traffic Denied by DLP | Network Deny | |
| VMID 23814 : TCP ISO-SP FN Param Is Not User Data | Sub Rule | Traffic Denied by DLP | Network Deny | |
| VMID 23812 : TCP ISO-SP Invalid CN Parameter Code | Sub Rule | Traffic Denied by DLP | Network Deny | |
| VMID 23877 : WebAttack: ColdFusion Remote Code Exe | Sub Rule | Remote File Inclusion | Attack | |
| VMID 26073 : Attack: Novell ZENWorks Asset Managem | Sub Rule | General Threat Message | Activity | |
| VMID 26960 : Suspicious PHP URI Location WebAttack | Sub Rule | Network Compromised | Compromise | |
| VMID 27376 : Suspicious PHP URI Location Attack | Sub Rule | Network Compromised | Compromise | |
| VMID 27847 : Wordpress Arbitrary File Download | Sub Rule | Remote File Inclusion | Attack | |
| VMID 27863 : Joomla Component Local File Inclusion | Sub Rule | phpMyAdmin Local File Inclusion (2.6.4-pl1) | Activity | |
| VMID 27973 : Web Attack: Drupal SQL Injection | Sub Rule | SQL Injection | Attack | |
| VMID 28015 : Web Attack: Allegro RomPager | Sub Rule | Security Violation | Other Security | |
| VMID 29049 : Web Attack: Wordpress Arbitrary File | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 29771 : Attack: Web CMS Think PHP RCE | Sub Rule | SQL Injection | Attack | |
| VMID 30284 : Attack: Apache Struts | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 30545 : Web Attack: GoAhead RCE | Sub Rule | General Attack Activity | Attack | |
| VMID 30573 : Malicious Serialized Object Upload | Sub Rule | Malformed Object | Suspicious | |
| VMID 30762 : Web Attack: Drupal Core RCE | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 30764 : Remote OS Command Injection Attack | Sub Rule | Unknown Command | Other Security | |
| VMID 30819 : Web Attack: Adobe Flex BlazeDS RCE | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 30910 : Web Attack: phpMyAdmin RFI | Sub Rule | Remote File Inclusion | Attack | |
| VMID 30992 : Web Attack: ECShop SQL Injection | Sub Rule | SQL Injection | Attack | |
| VMID 31448 : WordPress Plugin XSS Attempt Attack | Sub Rule | Vuln High Severity : CGI Abuses : XSS | Vulnerability | |
| VMID 31474 : Apache Tomcat Remote Code Execution | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 31593 :WordPress Plugin Path Traversal Attack | Sub Rule | Directory Traversal | Attack | |
| VMID 31811 : Malicious Scan Request Attack | Sub Rule | Vulnerability Scanner Information | Other Security | |
| VMID 31818 :vBulletin Remote Code Execution Attack | Sub Rule | Arbitrary Code Execution | Attack | |
| VMID 31212 :Web Attack: Remote Code Execution | Sub Rule | Remote File Inclusion | Attack | |
| VMID 31242:Malicious Site:Malicious Domain Request | Sub Rule | General Attack Activity | Attack | |
| VMID 31757:Audit: PUA.Downloader Download 7 | Sub Rule | Suspicious Activity | Suspicious |
LogRhythm Default v2.0
Regex ID | Rule Name | Rule Type | Common Events | Classifications |
|---|---|---|---|---|
| 1011169 | V 2.0 : Inbound SEP Malcious Activity Detected | Base Rule | General Attack Activity | Attack |
V 2.0 : Inbound SEP Identified Attack Sign. Detect | Sub Rule | General Attack Activity | Attack | |
| V 2.0 : SEP Identified Attack Sign. Detected | Sub Rule | General Attack Activity | Attack |