V 2.0 : Inbound SEP Malicious Activity Detected 1

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log Field	LogRhythm Default	LogRhythm Default v2.0
N/A	<sip>	<sip>
N/A	N/A	<sname>
N/A	<dip>	<dip>
N/A	N/A	<dname>
N/A	<sport>	<sport>
N/A	<dport>	<dport>
N/A	<smac>	<smac>
N/A	<dmac>	<dmac>
N/A	<protname>	<protname>
N/A	N/A	<account>
N/A	N/A	<domainimpacted>
N/A	<subject>	<subject>
N/A	<threatname>	<threatname>
N/A	N/A	<threatid>
N/A	<hash>	<hash>
N/A	<url>	<url>
N/A	<quantity>	<quantity>
N/A	N/A	<tag1>
N/A	N/A	<tag2>
N/A	<vmid>	N/A
N/A	<severity>	N/A
N/A	<login>	N/A
N/A	<domainorigin>	N/A
N/A	<object>	N/A
N/A	<cve>	N/A
N/A	<group>	N/A
N/A	<command>	N/A
N/A	<sender>	N/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID	Rule Name	Rule Type	Common Event	Classification
1000416	Attack Signature	Base Rule	General Attack Activity	Attack
	VMID 21487 : MSRPC Multiple Context IDS	Sub Rule	Suspicious Activity	Suspicious
	VMID 21261 : HTTP MS IE Frame Cross Site Scripting	Sub Rule	Cross-Site Scripting	Attack
	VMID 21679 : HTTP Webhancer Install Activity	Sub Rule	Detected Adware Activity	Malware
	VMID 21621 : 7FASST Search Activity	Sub Rule	Possible Malware Activity	Malware
	VMID 21620 : 7FASST User Tracking Activity	Sub Rule	Possible Malware Activity	Malware
	VMID 21430 : WebHancer Posting Information	Sub Rule	Detected Adware Activity	Malware
	VMID 21617 : 007SPY Install Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21575 : HTTP ZSearch Instltn File Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21574 : HTTP SearchPounder Info Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21573 : Tafbar Install File Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21570 : 2020Search Configuration Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21569 : 2020Search Installation File Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21568 : 2020Search Info. Upload Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21563 : Dotcomtoolbar Instltn Files Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21558 : Megasearchbar InstallationFile Req	Sub Rule	Detected Spyware Activity	Malware
	VMID 21452 : Perfect InstallFIle Download	Sub Rule	Detected Spyware Activity	Malware
	VMID 21451 : ISearch Mistyped URL Hijack Attempt	Sub Rule	Detected Spyware Activity	Malware
	VMID 21450 : ISearch DNS Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21449 : ISearch Search Activity	Sub Rule	Detected Spyware Activity	Malware
	VMID 21447 : HTTP QuickSearch Activity	Sub Rule	Detected Spyware Activity	Malware
	VMID 21446 : QuickSearch DNS Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21418 : Goidr DNS Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21363 : HTTP ShopNav Uploading Reg Info	Sub Rule	Detected Spyware Activity	Malware
	VMID 21338 : E2Give InstallFile Request	Sub Rule	Detected Spyware Activity	Malware
	VMID 21337 : E2Give AppID Registry Subkey	Sub Rule	Detected Spyware Activity	Malware
	VMID 21329 : CometCursor Cursor Download	Sub Rule	Detected Spyware Activity	Malware
	VMID 21328 : CometCursor Logging Information	Sub Rule	Detected Spyware Activity	Malware
	VMID 21327 : CometCursor Plus Download	Sub Rule	Detected Spyware Activity	Malware
	VMID 21325 : HTTP Apropos Ad Activity	Sub Rule	Detected Spyware Activity	Malware
	VMID 21324 : HTTP Apropos Installation Activity	Sub Rule	Detected Spyware Activity	Malware
	VMID 21588 : PWDump Tool Activity	Sub Rule	Detected Spyware Activity	Malware
	VMID 21385 : SQLDict Brute Force Pswd Tool Usage	Sub Rule	Brute Force Activity	Attack
	VMID 20353 : HTTP Whisker/Libwhisker Scan-2	Sub Rule	Port Scan	Reconnaissance
	VMID 20352 : HTTP Whisker/Libwhisker Scan-1	Sub Rule	Port Scan	Reconnaissance
	VMID 20628 : MSRPC Mutiple Headers	Sub Rule	Suspicious Activity	Suspicious
	VMID 20627 : MS RPC Heap Queue Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21237 : HTTP MS IE Local Resource Enumeration	Sub Rule	Suspicious Activity	Suspicious
	VMID 21236 : HTTP MS IE Sysimage File Detection	Sub Rule	Suspicious Activity	Suspicious
	VMID 21232 : HTTP Oracle SOAP Default Config Vuln	Sub Rule	Suspicious Activity	Suspicious
	VMID 20524 : HTTP Cobalt Raq Apache Disclosure	Sub Rule	Suspicious Activity	Suspicious
	VMID 20517 : HTTP ColdFusion CFM Disclosure	Sub Rule	Suspicious Activity	Suspicious
	VMID 20511 : HTTP CGI Test Request	Sub Rule	Suspicious Activity	Suspicious
	VMID 20508 : HTTP CGI NPH Request	Sub Rule	Suspicious Activity	Suspicious
	VMID 20496 : HTTP Request Direct Perl Probe	Sub Rule	Suspicious Activity	Suspicious
	VMID 20335 : HTTP MS IIS SQL Hit Disclosure	Sub Rule	Suspicious Activity	Suspicious
	VMID 20334 : HTTP ISM DLL Remote Administration	Sub Rule	Suspicious Activity	Suspicious
	VMID 20655 : VNC Login Failed	Sub Rule	User Logon Failure	Authentication Failure
	VMID 21812 : HTTP DialPlatform Activity	Sub Rule	Possible Malware Activity	Malware
	VMID 21805 : HTTP InstantAccess Activity	Sub Rule	Possible Malware Activity	Malware
	VMID 21791 : HTTP WKS Lotus 1-2-3 Remote Code Exec	Sub Rule	Arbitrary Code Execution	Attack
	VMID 21790 : HTTP Excel Multi Remote Code Exec-2	Sub Rule	Arbitrary Code Execution	Attack
	VMID 21783 : HTTP McAfee EPolicy Large Src Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21776 : HTTP WebViewFolderIcon SetSlice Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21750 : HTTP MS IE VML Fill Method Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21744 : HTTP DirectAnimation KeyFrame Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21737 : MS OLE Automation SubstringData Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21735 : HTTP MSIE IsComponentInstalled Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21734 : EMC Retrospect Client Buffer Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21732 : HTTP DirectAnimation Spline Heap Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21728 : HTTP Firefox SVG Mem Exec	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21725 : HTTP NullSoft Winamp Playlist Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21720 : HTTP Mozilla InstallVersion Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
	VMID 21719 : HTTP ANI File Hdr Size Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21717 : Symantec Backup Exec SelectSvc Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21551 : HTTP Embed Tag NPDSPlay DLL Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21552 : HTTP WMF Metahdr FileSize Int. Oflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21553 : MSRPC WebClient Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21662 : SMB Srv.sys Driver Rmt Code Execution	Sub Rule	Arbitrary Code Execution	Attack
VMID 21663 : MSRPC RRAS Buffer Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21687 : HTTP Excel Multi Remote Code Exec-1	Sub Rule	Arbitrary Code Execution	Attack
VMID 21689 : Microsoft DHCP Service Options Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21698 : HTTP MSIE Content Type Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21701 : MSRPC SrvSvc NetApi Buffer Overflow-1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21702 : MSRPC SrvSvc NetApi Buffer Overflow-2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21706 : MS DNS Client ATMA Code Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21674 : HTTP PeerCast Remote Buffer Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21672 : HTTP MS Excel Unicode HLINK Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21671 : MS PPTP Server Buffer Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21668 : Alt-N WebAdmin USER Buffer Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21667 : HTTP BadBlue MFCISAPI Cmd Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21659 : HTTP MSIE MHTML URI Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21649 : Symantec AV Stack Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21532 : Cmptr Associates Lic GetConfig Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21531 : Computer Associates License GCR Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21530 : HTTP GIF Netscape Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21528 : VMware NAT FTP Commands Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21527 : MS DirectShow AVI Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21520 : RSA Agent WebRedirect Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21519 : RSA Agent Chunked Encoding Heap Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21515 : Yahoo! IM Activex Yauto.dll Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21512 : HTTP MS Frontpage Image Mapper Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21459 : Yahoo! Webcam ActiveX Control Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21397 : Snort BackOrifice Preprocessor Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21391 : Veritas Bpjava Format String Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21388 : HTTP MS Lnk File FaceName Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21386 : MS Netware NWWKS Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21387 : MS PNP Registry DeviceName Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21389 : MS MSDTC UserAllocate Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21314 : HTTP Acrobat ActX Ctrl URI Req Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21312 : HTTP RealPlayer SMIL File Stack Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21311 : HTTP MS IE MSHTML.DLL CSS Hndlng Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21260 : NetBIOS MS PnP QueryResConflist Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21259 : MS Printer Spooler Heap Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21246 : Veritas NetBackup Inv Timestamp Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21234 : HTTP Oracle 9IAS PLSQL Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21181 : ArcServe Discovery SERVICEPC Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21179 : ISS SMB Parsing Heap Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21135 : HTTP Macromedia JRun Dotcfm File Disc	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21138 : OS X Apple File Print Remote Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21137 : HTTP MS IIS Chunk Encoding Heap Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21124 : HTTP MS JET DB Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20986 : AOL IM AwayMsg Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20978 : HTTP MS IE DHTML Edit Ctrl Attack	Sub Rule	General Attack Activity	Attack
VMID 20980 : MS RPC License Logging CodeExec	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20974 : RealNetwork Helix Transport Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20973 : RTSP RPlayer Helix LongMeth URI Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20971 : IMAP Server Login Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20962 : HTTP MS Word HyperlinkExt Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20833 : Veritas Backup Exec Hostname Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20752 : HTTP PHPBB URL Decode SQL Injection	Sub Rule	SQL Injection	Attack
VMID 20727 : MS WINS Replication Proto Rmt Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20726 : HTTP MS Visual Studio RAD Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20678 : HTTP MS IE Malf. IFRAME/EMBED Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20645 : HTTP MS IE Instl Eng Ctl Heap Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20640 : HTTP NNTP XPAT Cmd Query Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20648 : MS RPC Network DDE Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 22888 : HTTP MS GDI JPEG Integer Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20637 : SMB MS Windows GDI+ JPEG Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20621 : MS Windows H.323 Bflo -2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20620 : MS Windows H.323 Bflo -1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20617 : MS SQL Copyscript Distributor Exec	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20631 : MSRPC Malicious LSASS DS Req Bflo -2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20615 : MSRPC Malicious LSASS DS Req Bflo -1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20533 : MS SQL PacketResolution DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20532 : MS SQL LongRequest Hello Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20530 : SSH CRC-32 Bflo Undary Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20528 : DNS NXT Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20526 : FTP AIX Remote Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20522 : POP2 UW Anonymous Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20494 : HTTP MS FPcount Bflo Attempt	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20488 : HTTP Netscape Clnt Overflow Shellcode	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20363 : MIRC Nickname Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20624 : MS RPCSS Attack-3	Sub Rule	General Attack Activity	Attack
VMID 20386 : MS RPCSS Attack-2	Sub Rule	General Attack Activity	Attack
VMID 20380 : HTTP MS FrontPage Remote Debug Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20421 : MS ASN1 Integer Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20418 : NetBIOS MS Locator Service Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20413 : Welchia Locator Service Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20399 : MS Win9x IE5/Telnet Heap Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20444 : MS RPC LSASS DS Oversized Request UDP	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20443 : MS RPC LSASS DS Oversized Request TCP	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20437 : HTTP IIS ISAPI Printer Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20445 : MS RPCSS Attack UDP	Sub Rule	General Attack Activity	Attack
VMID 20390 : MSRPC DCOM RPC Bflo -5	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20388 : MSRPC DCOM RPC Bflo -4	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20387 : MSRPC DCOM RPC Bflo -3	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20385 : MSRPC DCOM RPC Bflo -2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20384 : MSRPC DCOM RPC Bflo -1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20448 : MS IIS PCT SSL Exploit Attempt	Sub Rule	General Attack Activity	Attack
VMID 21185 : HTTP SMTP NTLM ASN1 Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21141 : HTTP MS IIS NTLM ASN1 Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20409 : MS ASN1 Integer Overflow TCP	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20408 : MS ASN1 Integer Overflow UDP	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20395 : MSRPC DCOM RPC Heap Bflo -2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20393 : MSRPC DCOM RPC Heap Bflo -1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20434 : BFTP SITE CHOWN Bflo -2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20433 : BFTP SITE CHOWN Bflo -1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20432 : FTP CreateDirectory Bflo -2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20431 : FTP CreateDirectory Bflo -1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20428 : HTTP IIS Welchia WebDAV SEARCH Bflo-2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20427 : HTTP IIS Welchia WebDAV SEARCH Bflo-1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20426 : HTTP IIS HTR ISAPI Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20425 : WuFTPd Realpath Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20059 : MS UPnP NOTIFY Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20057 : HTTP Knox Arkeia Rmt Stack Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20083 : MySQL Password Table Change	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20056 : Red Hat PXE Server Remote Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20626 : MS RPC Workstation Service Bflo (UDP)	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20625 : MS RPC Workstation Service Bflo (TCP)	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20354 : HTTP MS Media Services Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21204 : Veritas Backup Exec Agent Auth Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21203 : Veritas Backup Exec Agent DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21116 : HTTP Negative Content Length	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20903 : FTP Generic Command Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20339 : ICQ Guestbook DoS Long Name	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20091 : NetBIOS MS Messenger Service Bflo TCP	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20090 : NetBIOS MS Messenger Service Bflo UDP	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20055 : Kerio Remote Auth Bflo UDP	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20054 : Kerio Remote Auth Bflo TCP	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20053 : NTPD Field Value Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20066 : HTTP Cisco 2GB Integer Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20050 : Oracle XDB FTP Bflo -2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20049 : Oracle XDB FTP Bflo -1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20351 : HTTP MDAC Component Query Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20348 : HTML WinHelp Item Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20338 : HTTP PHP CGI Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20001 : DNS Tsig Bflo -2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20000 : DNS Tsig Bflo -1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20004 : WuFTPd Heap Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20330 : HTTP IIS ISAPI Extension Code Red	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20070 : SMB Trans2Open Overflow-2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20069 : SMB Trans2Open Overflow-1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20326 : HTTP IIS Webdav Exploit	Sub Rule	General Attack Activity	Attack
VMID 20068 : SMB Request Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20084 : SSH BSD Auth Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20324 : HTTP Chnkd Encd Negative Length Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20006 : FTP MKD Stack Overflow	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20038 : Remote BinLogin Bflo 2	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20037 : Remote BinLogin Bflo 1	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21545 : SMB Guest Login	Sub Rule	Suspicious Activity	Suspicious
VMID 21614 : P2P Mute Usage	Sub Rule	P2P Activity	Misuse
VMID 21604 : P2P Manolito Client Usage	Sub Rule	P2P Activity	Misuse
VMID 21598 : P2P SoulSeek Usage	Sub Rule	P2P Activity	Misuse
VMID 21595 : P2P Peercast Application	Sub Rule	P2P Activity	Misuse
VMID 21594 : P2P OpenFT File Request	Sub Rule	P2P Activity	Misuse
VMID 21593 : P2P Fasttrack Network Ping Messages	Sub Rule	P2P Activity	Misuse
VMID 21592 : P2P Edonkey Start Upload Request	Sub Rule	P2P Activity	Misuse
VMID 21590 : P2P Edonkey Ping Message	Sub Rule	P2P Activity	Misuse
VMID 21589 : P2P Overnet Search Request UDP	Sub Rule	P2P Activity	Misuse
VMID 21587 : P2P DirectConnect Application	Sub Rule	P2P Activity	Misuse
VMID 21586 : P2P Ares Client Connection	Sub Rule	P2P Activity	Misuse
VMID 21207 : Skype Requesting Updates-2	Sub Rule	P2P Activity	Misuse
VMID 21206 : Skype Requesting Updates-1	Sub Rule	P2P Activity	Misuse
VMID 20567 : P2P BitTorrent Request	Sub Rule	P2P Activity	Misuse
VMID 20566 : P2P BitTorrent Activity	Sub Rule	P2P Activity	Misuse
VMID 20562 : P2P Blubster Download Setup	Sub Rule	P2P Activity	Misuse
VMID 20568 : P2P Gnutella File Request	Sub Rule	P2P Activity	Misuse
VMID 20561 : P2P Gnutella Connection	Sub Rule	P2P Activity	Misuse
VMID 20560 : P2P Gnutella Bearshare Connection	Sub Rule	P2P Activity	Misuse
VMID 20559 : P2P Gnutella Morpheus Connection	Sub Rule	P2P Activity	Misuse
VMID 20569 : Kazaa File Request	Sub Rule	P2P Activity	Misuse
VMID 20558 : P2P Kazaa Connection	Sub Rule	P2P Activity	Misuse
VMID 20557 : Emule File Traffic Detected	Sub Rule	P2P Activity	Misuse
VMID 20556 : P2P EMule Hello	Sub Rule	P2P Activity	Misuse
VMID 20654 : VNC Login Success	Sub Rule	User Logon	Authentication Success
VMID 20653 : VNC Server Banner	Sub Rule	Suspicious Activity	Suspicious
VMID 20594 : NetBIOS User Session Enumeration	Sub Rule	Reconnaissance Activity	Reconnaissance
VMID 20593 : NetBIOS User Enumeration	Sub Rule	Reconnaissance Activity	Reconnaissance
VMID 20592 : NetBIOS Transport Enumeration	Sub Rule	Reconnaissance Activity	Reconnaissance
VMID 20591 : NetBIOS Share Enumeration	Sub Rule	Reconnaissance Activity	Reconnaissance
VMID 20590 : NetBIOS Service Enumeration	Sub Rule	Reconnaissance Activity	Reconnaissance
VMID 20589 : NetBIOS Registry Enumeration	Sub Rule	Reconnaissance Activity	Reconnaissance
VMID 20588 : NetBIOS NBStat Query	Sub Rule	Reconnaissance Activity	Reconnaissance
VMID 20587 : NetBIOS NBName Query	Sub Rule	Reconnaissance Activity	Reconnaissance
VMID 20586 : NetBIOS Group Enumeration	Sub Rule	Reconnaissance Activity	Reconnaissance
VMID 20585 : NetBIOS Disk Enumeration	Sub Rule	Reconnaissance Activity	Reconnaissance
VMID 20584 : NetBIOS Date And Time Enumeration	Sub Rule	Reconnaissance Activity	Reconnaissance
VMID 20602 : Quake 3 Connection	Sub Rule	Game Activity	Misuse
VMID 20502 : SNMP Default Community Name Access	Sub Rule	Vuln Medium Severity : General	Vulnerability
VMID 20471 : IRC Private Message Command	Sub Rule	IM/Chat Activity	Misuse
VMID 20469 : IRC DCC Private Message Chat Cmd	Sub Rule	IM/Chat Activity	Misuse
VMID 20465 : IRC Notice DCC Chat Command	Sub Rule	IM/Chat Activity	Misuse
VMID 20467 : IRC Private Message DCC Send Cmd	Sub Rule	IM/Chat Activity	Misuse
VMID 20463 : IRC Notice DCC Send Command	Sub Rule	IM/Chat Activity	Misuse
VMID 20459 : IRC USER Command	Sub Rule	IM/Chat Activity	Misuse
VMID 20457 : IRC NICK Command	Sub Rule	IM/Chat Activity	Misuse
VMID 20455 : IRC JOIN Command	Sub Rule	IM/Chat Activity	Misuse
VMID 20461 : IRC Notice Command	Sub Rule	IM/Chat Activity	Misuse
VMID 21600 : QQ IM Login Packet	Sub Rule	IM/Chat Activity	Misuse
VMID 21599 : TOC (AOL) IM Usage	Sub Rule	IM/Chat Activity	Misuse
VMID 21597 : AIM ICQ Request (OSCAR)	Sub Rule	IM/Chat Activity	Misuse
VMID 21596 : Jabber IM Client Connection	Sub Rule	IM/Chat Activity	Misuse
VMID 21130 : AOL IM Login	Sub Rule	IM/Chat Activity	Misuse
VMID 20565 : AOL IM Message Received	Sub Rule	IM/Chat Activity	Misuse
VMID 20564 : AOL IM Message Sent	Sub Rule	IM/Chat Activity	Misuse
VMID 20570 : Yahoo! Conference Login	Sub Rule	IM/Chat Activity	Misuse
VMID 20571 : Yahoo! Ping	Sub Rule	IM/Chat Activity	Misuse
VMID 20553 : Yahoo! IM Activity	Sub Rule	IM/Chat Activity	Misuse
VMID 20552 : Yahoo! IM Login	Sub Rule	IM/Chat Activity	Misuse
VMID 20551 : Yahoo! IM File Transfer	Sub Rule	IM/Chat Activity	Misuse
VMID 20550 : Yahoo! IM Conference Invite	Sub Rule	IM/Chat Activity	Misuse
VMID 21300 : HTTP MSN Messenger Login	Sub Rule	IM/Chat Activity	Misuse
VMID 20015 : MSN Messenger Login Attempt	Sub Rule	IM/Chat Activity	Misuse
VMID 21273 : Telnet SoftEther VPN Software	Sub Rule	Suspicious Activity	Suspicious
VMID 20442 : Witty Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20634 : W32 Nimda Share Propagation 2	Sub Rule	Detected Worm Activity	Malware
VMID 20435 : Nimda Worm E	Sub Rule	Detected Worm Activity	Malware
VMID 20436 : Nimda Worm A	Sub Rule	Detected Worm Activity	Malware
VMID 20094 : Sobig F Worm Master Probe	Sub Rule	Detected Worm Activity	Malware
VMID 20024 : Nebiwo Worm Propagation-3	Sub Rule	Detected Worm Activity	Malware
VMID 20023 : Nebiwo Worm Propagation-2	Sub Rule	Detected Worm Activity	Malware
VMID 20022 : Nebiwo Worm Propagation-1	Sub Rule	Detected Worm Activity	Malware
VMID 21602 : W32 Polip Gnutella Communication	Sub Rule	Detected Malware Activity	Malware
VMID 21601 : W32 Polip Backdoor Communication	Sub Rule	Detected Backdoor Activity	Malware
VMID 21651 : Trojan Barok Infostealing Activity	Sub Rule	Detected Trojan Activity	Malware
VMID 20113 : Mybabypic Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20112 : Yaha Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20111 : Sircam Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20110 : Mylife J Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20109 : Lirva C Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20108 : Klez H Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20107 : Goner A Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20106 : Frethem L Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20105 : Brid A Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20104 : Aliz Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20103 : Alcarys Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20102 : Shoho Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20101 : Redesi B Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20100 : Maldal C Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20099 : Apost Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20077 : Dumaru Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 21658 : HTTP WMP Malformed PNG Handling Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21516 : HTTP MS XP HCP URI Handler Abuse	Sub Rule	General Attack Activity	Attack
VMID 21421 : HTTP MS IE Dbl Backslash Local Zone	Sub Rule	General Attack Activity	Attack
VMID 21420 : HTTP MS IE Dbl Backslash CHM	Sub Rule	General Attack Activity	Attack
VMID 20644 : HTTP MS IE EXE In IMG Code Execution	Sub Rule	Arbitrary Code Execution	Attack
VMID 20020 : NetBIOS RFPoison DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20609 : MS RPC WinNuke DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21316 : HTTP MS IE Style Tag Cmt Mem Crptn	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21514 : HTTP MS IE DHTML AnchorClick DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21802 : SMB Server Transaction Name Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21724 : HTTP NullSoft Winamp M3U Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21511 : HTTP Mozilla Firefox IFRAME DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21508 : MSRPC PnP GetDeviceList DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21424 : HTTP MS IE MSWebDVD Object DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21423 : HTTP MS IE Macromedia Flash DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21422 : HTTP MS IE Object Element Data DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21262 : MS RDP Terminal Service DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21256 : MS SQL Server 7.0 Remote DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21230 : HTTP Cobalt RAQ Service.cgi Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21190 : Outlook Express LIST Newsgroup Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21099 : HTTP MS IIS FTP Wildcard DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21006 : SMTP Domino Mail Loop DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20909 : Trend Micro Viruswall Catinfo Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20630 : HTTP MS MediaPlayer Skin File Code	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20604 : HTTP IIS WebDAV PROPFIND	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20583 : Snork DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20519 : HTTP CF GetTempDirectory Attempt	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20495 : FTP MS IIS Status DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20359 : HTTP Cisco VoIP DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20447 : MS SSL Library DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20397 : RPC DCOM GetClassObject DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20381 : HTTP MS FrontPage SmartHTML DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20051 : Oracle TNS Listener DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20048 : RAS PPTP Malformed Ctrl Packet DoS	Sub Rule	Malformed Object	Suspicious
VMID 20349 : HTTP IIS %2E DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20025 : NetBIOS RFParalyze DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20026 : NetBIOS NT Winlogon DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20073 : SMTP EXPN Vintra DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 20337 : HTTP MS IIS ExAir Search DoS	Sub Rule	Host Denial Of Service	Denial Of Service
VMID 21458 : Kazaa Sig2Dat Protocol Code Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21238 : Google Desktop Search Remote XSS	Sub Rule	Cross-Site Scripting	Attack
VMID 21703 : MSIE FTP URI Arbitrary Cmd Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21317 : HTTP MS IE MData Foreign Dom Spoofing	Sub Rule	Spoofing Activity	Attack
VMID 21239 : Google Tlbr About.HTML HTML Injection	Sub Rule	General Attack Activity	Attack
VMID 21202 : HTTP MS OWC Local File Disclosure	Sub Rule	General Attack Activity	Attack
VMID 21139 : OS X Help Remote Code Execution	Sub Rule	Arbitrary Code Execution	Attack
VMID 20965 : HTTP Windows Sharepoint Svc Spoofing	Sub Rule	Spoofing Activity	Attack
VMID 20043 : DDOS Trin00 MasterRemote Int PW	Sub Rule	Host Distributed Denial Of Service	Denial Of Service
VMID 20042 : DDOS Trin00 MasterDaemon Default PW	Sub Rule	Host Distributed Denial Of Service	Denial Of Service
VMID 21555 : HTTP Windows Media Player BMP Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21008 : SMTP Domino SMTP ENVID Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21571 : HTTP MSIE Action Script Handler Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20581 : HTML HR Align Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20555 : AOL IM External App Request Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20554 : AOL IM Game Request Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20537 : HTTP MS IFRAME JOB Share Redirect	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20093 : Telnet TTYPROMPT Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20081 : MS SQL Stack Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20712 : R(X)Bot Clone Commands	Sub Rule	Detected Botnet Activity	Malware
VMID 20711 : R(X)Bot Nick And Kill Thread Commands	Sub Rule	Detected Botnet Activity	Malware
VMID 20708 : R(X)Bot DDOS Commands	Sub Rule	Host Distributed Denial Of Service	Denial Of Service
VMID 20682 : R(X)BOT Bot Scan Commands	Sub Rule	Detected Botnet Activity	Malware
VMID 20681 : R(X)BOT Advanced-Scan Commands	Sub Rule	Detected Botnet Activity	Malware
VMID 20680 : R(X)BOT Keylog Commands	Sub Rule	Detected Keylogger Activity	Malware
VMID 20679 : R(X)BOT Videocapture Commands	Sub Rule	Detected Botnet Activity	Malware
VMID 20880 : HTTP BD BugBear	Sub Rule	Detected Worm Activity	Malware
VMID 20402 : W32 Beagle A Worm Backdoor	Sub Rule	Detected Worm Activity	Malware
VMID 20401 : MyDoom A Worm Code Execution	Sub Rule	Detected Worm Activity	Malware
VMID 20400 : MyDoom A Worm Proxy	Sub Rule	Detected Worm Activity	Malware
VMID 20429 : MyDoom F Backdoor Worm Detection	Sub Rule	Detected Worm Activity	Malware
VMID 20098 : Blaster Worm UDP TFTP Backdoor	Sub Rule	Detected Worm Activity	Malware
VMID 20097 : Blaster Worm TCP TFTP Backdoor	Sub Rule	Detected Worm Activity	Malware
VMID 20088 : Deloder Worm Infection	Sub Rule	Detected Worm Activity	Malware
VMID 20885 : BD CDK	Sub Rule	Detected Trojan Activity	Malware
VMID 20601 : BD WinRAT 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20600 : BD Ultimate RAT 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20599 : BD Remote Explorer 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20575 : BD Hack-A-Tack	Sub Rule	Detected Trojan Activity	Malware
VMID 20595 : BD Acid Battery	Sub Rule	Detected Trojan Activity	Malware
VMID 20322 : BD WinRAT 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20321 : BD School Bus 1.6	Sub Rule	Detected Trojan Activity	Malware
VMID 20320 : BD Psychward	Sub Rule	Detected Trojan Activity	Malware
VMID 20319 : BD OOTLT	Sub Rule	Detected Trojan Activity	Malware
VMID 20318 : BD Osiris 2.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20206 : BD NetTrash 1.01	Sub Rule	Detected Trojan Activity	Malware
VMID 20317 : BD NetTrash 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20316 : BD NetBus Pro 2.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20315 : BD Net Metropolitan 1.04	Sub Rule	Detected Trojan Activity	Malware
VMID 20314 : BD Net Metropolitan 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20313 : BD Mosuck 2.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20312 : BD Mosucker 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20311 : BD Mosuck 1.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20310 : BD Mini Asylum 1.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20308 : BD Lithium 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20305 : BD Kuang 2.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20304 : BD Konik 0.6b	Sub Rule	Detected Trojan Activity	Malware
VMID 20303 : BD Hydroleak	Sub Rule	Detected Trojan Activity	Malware
VMID 20302 : BD Glacier 2.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20301 : BD Frenzy 2000 3.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20300 : BD Fore 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20299 : BD File Nail	Sub Rule	Detected Trojan Activity	Malware
VMID 20298 : BD Donald Dick 1.52	Sub Rule	Detected Trojan Activity	Malware
VMID 20297 : BD DeltaSource 0.7	Sub Rule	Detected Trojan Activity	Malware
VMID 20296 : BD Chupacabra	Sub Rule	Detected Trojan Activity	Malware
VMID 20295 : BD CGI BioNet 2.6.1a	Sub Rule	Detected Trojan Activity	Malware
VMID 20294 : BD Bugs	Sub Rule	Detected Trojan Activity	Malware
VMID 20293 : BD DTR 1.4.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20291 : BD Wow 23 0.3	Sub Rule	Detected Trojan Activity	Malware
VMID 20290 : BD War Trojan	Sub Rule	Detected Trojan Activity	Malware
VMID 20289 : BD Ripperz Controller 1.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20288 : BD Remote Process Monitor 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20287 : BD Private Port 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20286 : BD One 0.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20285 : BD NokNok 6.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20284 : BD Nirvana 1.99	Sub Rule	Detected Trojan Activity	Malware
VMID 20283 : BD Nirvana 1.95	Sub Rule	Detected Trojan Activity	Malware
VMID 20282 : BD Nirvana 1.94	Sub Rule	Detected Trojan Activity	Malware
VMID 20281 : BD New Silencer	Sub Rule	Detected Trojan Activity	Malware
VMID 20280 : BD Netcontroller	Sub Rule	Detected Trojan Activity	Malware
VMID 20279 : BD Last 2000	Sub Rule	Detected Trojan Activity	Malware
VMID 20278 : BD Executor	Sub Rule	Detected Trojan Activity	Malware
VMID 20277 : BD Dolly 2.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20276 : BD Dolly 1.6	Sub Rule	Detected Trojan Activity	Malware
VMID 20275 : BD Cyn 1.0.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20274 : BD Black Angel 1.3	Sub Rule	Detected Trojan Activity	Malware
VMID 20273 : BD Bigorna 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20272 : BD Balsitix	Sub Rule	Detected Trojan Activity	Malware
VMID 20271 : BD BackConstruction 2.5	Sub Rule	Detected Trojan Activity	Malware
VMID 20270 : BD BackConstruction 2.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20269 : BD BackConstruction 1.5	Sub Rule	Detected Trojan Activity	Malware
VMID 20268 : BD BackConstruction 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20267 : BD Asylum	Sub Rule	Detected Trojan Activity	Malware
VMID 20266 : BD YAT 3.01	Sub Rule	Detected Trojan Activity	Malware
VMID 20265 : BD YAT 2.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20264 : BD Y3K RAT 1.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20263 : BD Xlog 2.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20262 : BD Xanadu 1.11	Sub Rule	Detected Trojan Activity	Malware
VMID 20261 : BD Xanadu 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20260 : BD Windows Mite 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20259 : BD WinCrash 2.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20258 : BD WinCrash 1.03	Sub Rule	Detected Trojan Activity	Malware
VMID 20256 : BD Voodoo Doll	Sub Rule	Detected Trojan Activity	Malware
VMID 20255 : BD Vampire 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20254 : BD Vagr Nocker 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20253 : BD Uploader	Sub Rule	Detected Trojan Activity	Malware
VMID 20252 : BD Undetected 3.3	Sub Rule	Detected Trojan Activity	Malware
VMID 20251 : BD Undetected 2.3 SE	Sub Rule	Detected Trojan Activity	Malware
VMID 20250 : BD Ultors	Sub Rule	Detected Trojan Activity	Malware
VMID 20249 : BD Ullysse	Sub Rule	Detected Trojan Activity	Malware
VMID 20248 : BD Truva 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20247 : BD Tron	Sub Rule	Detected Trojan Activity	Malware
VMID 20246 : BD Trojan Spirit 2001 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20245 : BD Trojan Cow 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20244 : BD TransScout 1.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20243 : BD Thing 1.6	Sub Rule	Detected Trojan Activity	Malware
VMID 20242 : BD Thing 1.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20241 : BD The Unexplained 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20240 : BD The Flu	Sub Rule	Detected Trojan Activity	Malware
VMID 20239 : BD Tcc Trojan 0.90	Sub Rule	Detected Trojan Activity	Malware
VMID 20238 : BD SchneckenKorn	Sub Rule	Detected Trojan Activity	Malware
VMID 20237 : BD Scarab 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20236 : BD Satan 2.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20235 : BD RUX The Tick 4.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20234 : BD Ruler 1.41	Sub Rule	Detected Trojan Activity	Malware
VMID 20233 : BD Revenger 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20174 : BD Remote Revise 1.5	Sub Rule	Detected Trojan Activity	Malware
VMID 20232 : BD Remote Revise 1.15	Sub Rule	Detected Trojan Activity	Malware
VMID 20231 : BD Remote Revise 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20230 : BD Remote Hack 1.3	Sub Rule	Detected Trojan Activity	Malware
VMID 20229 : BD Remote Hack 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20228 : BD Remote Boot Tool 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20227 : BD RatHead 2.01	Sub Rule	Detected Trojan Activity	Malware
VMID 20226 : BD R3C	Sub Rule	Detected Trojan Activity	Malware
VMID 20225 : BD R0xr4t 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20224 : BD Qwertos RAT 0.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20223 : BD Psychward 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20222 : BD Prosiak 0.65	Sub Rule	Detected Trojan Activity	Malware
VMID 20221 : BD Prosiak 0.47	Sub Rule	Detected Trojan Activity	Malware
VMID 20220 : BD Project Next 0.5.3	Sub Rule	Detected Trojan Activity	Malware
VMID 20219 : BD Progenic Trojan 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20218 : BD Priority	Sub Rule	Detected Trojan Activity	Malware
VMID 20217 : BD Prayer 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20216 : BD Pitfall Surprise	Sub Rule	Detected Trojan Activity	Malware
VMID 20215 : BD Pitfall	Sub Rule	Detected Trojan Activity	Malware
VMID 20214 : BD Phoenix 1.28	Sub Rule	Detected Trojan Activity	Malware
VMID 20213 : BD Phase Zero 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20212 : BD Pest 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20211 : BD PC Invader 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20210 : BD PC Invader 0.5	Sub Rule	Detected Trojan Activity	Malware
VMID 20209 : BD Oxon 1.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20208 : BD Optix Pro 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20205 : BD Oblivion 0.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20204 : BD NoSecure 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20203 : BD NokNok 7.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20202 : BD NokNok 5.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20201 : BD Network Terrorist 1.31	Sub Rule	Detected Trojan Activity	Malware
VMID 20200 : BD NetTaxi 1.8	Sub Rule	Detected Trojan Activity	Malware
VMID 20199 : BD NetSphere 1.27	Sub Rule	Detected Trojan Activity	Malware
VMID 20198 : BD Net Spy 2.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20197 : BD Net Raider 0.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20196 : BD Net Devil 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20195 : BD Net Administrator 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20194 : BD Moon Pie 3.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20193 : BD Moon Pie 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20192 : BD MNEAH Trojan 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20191 : BD Mini Oblivion 0.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20190 : BD Millenium 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20189 : BD Microspy 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20188 : BD Michal 5.00	Sub Rule	Detected Trojan Activity	Malware
VMID 20187 : BD Meet The Lamer 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20186 : BD Mavericks Matrix 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20185 : BD Massaker 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20184 : BD Mantis 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20183 : BD M2 Trojan 1.25	Sub Rule	Detected Trojan Activity	Malware
VMID 20182 : BD Leszcz 5.5	Sub Rule	Detected Trojan Activity	Malware
VMID 20181 : BD Le Guardien 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20180 : BD Latinus 1.3	Sub Rule	Detected Trojan Activity	Malware
VMID 20179 : BD Latinus 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20178 : BD Kid Terror 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20177 : BD Intruzzo	Sub Rule	Detected Trojan Activity	Malware
VMID 20176 : BD Intruder 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20175 : BD Internalrevise 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20173 : BD Insane 5.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20172 : BD Insane 4.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20171 : BD Infra Trojan	Sub Rule	Detected Trojan Activity	Malware
VMID 20170 : BD Infector 1.4	Sub Rule	Detected Trojan Activity	Malware
VMID 20169 : BD Infector 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20168 : BD InCommand 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20167 : BD Host Control 2.5	Sub Rule	Detected Trojan Activity	Malware
VMID 20166 : BD Hellz Addiction 1.20e	Sub Rule	Detected Trojan Activity	Malware
VMID 20165 : BD Hackers World 2.0.3	Sub Rule	Detected Trojan Activity	Malware
VMID 20164 : BD G-Spot Tight 1.5	Sub Rule	Detected Trojan Activity	Malware
VMID 20163 : BD GirlFriend 1.3	Sub Rule	Detected Trojan Activity	Malware
VMID 20162 : BD Gift 2.5	Sub Rule	Detected Trojan Activity	Malware
VMID 20161 : BD Ghost 2.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20160 : BD Gate Crasher 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20159 : BD Frenzy 1.0.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20158 : BD Forced Entry 1.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20157 : BD F-Backdoor 0.8	Sub Rule	Detected Backdoor Activity	Malware
VMID 20156 : BD Exploiter 1.0	Sub Rule	General Attack Activity	Attack
VMID 20154 : BD Eclypse 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20153 : BD Duddie	Sub Rule	Detected Trojan Activity	Malware
VMID 20152 : BD Duddie 3.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20151 : BD Duddie 3.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20150 : BD Duddie 2.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20149 : BD Drat 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20148 : BD Dolly 1.7	Sub Rule	Detected Trojan Activity	Malware
VMID 20147 : BD Dolly 1.5	Sub Rule	Detected Trojan Activity	Malware
VMID 20146 : BD Digital Rootbeer	Sub Rule	Detected Trojan Activity	Malware
VMID 20145 : BD DFch 1b1	Sub Rule	Detected Trojan Activity	Malware
VMID 20144 : BD Dark Connection 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20143 : BD Danton 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20142 : BD Crazzynet	Sub Rule	Detected Trojan Activity	Malware
VMID 20141 : BD Crack Down 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20140 : BD Connection	Sub Rule	Detected Trojan Activity	Malware
VMID 20139 : BD CGI BioNet 0.84	Sub Rule	Detected Trojan Activity	Malware
VMID 20138 : BD Cero B1	Sub Rule	Detected Trojan Activity	Malware
VMID 20137 : BD Celine	Sub Rule	Detected Trojan Activity	Malware
VMID 20136 : BD CAFEiN 0.8	Sub Rule	Detected Trojan Activity	Malware
VMID 20135 : BD Buttman 0.9	Sub Rule	Detected Trojan Activity	Malware
VMID 20134 : BD Buschtrommel 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20133 : BD Breach Pro	Sub Rule	Detected Trojan Activity	Malware
VMID 20132 : BD Breach 4.5	Sub Rule	Detected Trojan Activity	Malware
VMID 20131 : BD Blazer5	Sub Rule	Detected Trojan Activity	Malware
VMID 20130 : BD Blade Runner 0.80a	Sub Rule	Detected Trojan Activity	Malware
VMID 20129 : BD Blaaaaa 2.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20128 : BD BDDT	Sub Rule	Detected Trojan Activity	Malware
VMID 20127 : BD Basic Hell 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 20126 : BD Backdoor 2.0.2	Sub Rule	Detected Backdoor Activity	Malware
VMID 20125 : BD Backdoor 2.0.1	Sub Rule	Detected Backdoor Activity	Malware
VMID 20124 : BD Backage 3.1.1	Sub Rule	Detected Trojan Activity	Malware
VMID 20123 : BD B.F Evolution	Sub Rule	Detected Trojan Activity	Malware
VMID 20122 : BD AOL Admin	Sub Rule	Detected Trojan Activity	Malware
VMID 20121 : BD Amanda	Sub Rule	Detected Trojan Activity	Malware
VMID 20120 : BD Alvgus	Sub Rule	Detected Trojan Activity	Malware
VMID 20118 : BD DeepThroat Client Activity	Sub Rule	Detected Trojan Activity	Malware
VMID 20119 : BD NetBus Activity	Sub Rule	Detected Trojan Activity	Malware
VMID 20763 : Septic Worm Infection Notification	Sub Rule	Detected Worm Activity	Malware
VMID 20767 : ElSpy Worm Are_U Req Response	Sub Rule	Detected Worm Activity	Malware
VMID 20766 : ElSpy Worm Infection Notification	Sub Rule	Detected Worm Activity	Malware
VMID 20773 : LOA Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20772 : Azaco Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20771 : Lucky Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20769 : Claw Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20768 : ElSpy Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20765 : Life Stages Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20764 : Pr0n Worm Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20706 : W32 Beagle Backdoor Auth. String	Sub Rule	Detected Backdoor Activity	Malware
VMID 20531 : BD Lovgate Commands	Sub Rule	Detected Trojan Activity	Malware
VMID 20403 : W32 Beagle B Worm Backdoor	Sub Rule	Detected Worm Activity	Malware
VMID 20021 : BugBear B Worm FileShare Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20309 : BD Masters Of Paradise	Sub Rule	Detected Trojan Activity	Malware
VMID 20307 : BD Latinus 1.4	Sub Rule	Detected Trojan Activity	Malware
VMID 20306 : BD Latinus 1.2	Sub Rule	Detected Trojan Activity	Malware
VMID 20292 : BD Y3K RAT 1.6	Sub Rule	Detected Trojan Activity	Malware
VMID 20076 : BugBear B Worm SMTP Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20087 : Fizzer Worm Propagation (UDP)	Sub Rule	Detected Worm Activity	Malware
VMID 20086 : Fizzer Worm Propagation (TCP)	Sub Rule	Detected Worm Activity	Malware
VMID 20074 : Fizzer Worm SMTP Propagation	Sub Rule	Detected Worm Activity	Malware
VMID 20116 : BD BackOrifice Activity	Sub Rule	Detected Trojan Activity	Malware
VMID 20762 : BackOrifice Speakeasy Trojan Activity	Sub Rule	Detected Trojan Activity	Malware
VMID 20632 : BD BackOrifice 2000 UDP Activity	Sub Rule	Detected Trojan Activity	Malware
VMID 20115 : BD BackOrifice 2000 Activity	Sub Rule	Detected Trojan Activity	Malware
VMID 20714 : SpyBot Spy Commands	Sub Rule	Detected Trojan Activity	Malware
VMID 20713 : SpyBot Keylogger Commands	Sub Rule	Detected Keylogger Activity	Malware
VMID 20731 : Gaobot P2P Listener Hello	Sub Rule	Possible Botnet Activity	Malware
VMID 20728 : Gaobot P2P Client Hello	Sub Rule	Possible Botnet Activity	Malware
VMID 20667 : Gaobot Bot Logout Command	Sub Rule	Detected Trojan Activity	Malware
VMID 20666 : Gaobot Generic Bot Commands	Sub Rule	Detected Trojan Activity	Malware
VMID 20665 : Gaobot Variable Config Commands	Sub Rule	Detected Trojan Activity	Malware
VMID 20664 : Gaobot Harvest Mail And Keys Command	Sub Rule	Detected Trojan Activity	Malware
VMID 20663 : Gaobot Autostart And Service Commands	Sub Rule	Detected Trojan Activity	Malware
VMID 20662 : Phatbot OS Shutdown Commands	Sub Rule	Detected Trojan Activity	Malware
VMID 20661 : Gaobot Redirect Commands	Sub Rule	Detected Trojan Activity	Malware
VMID 20660 : Phatbot Process Control Commands	Sub Rule	Detected Trojan Activity	Malware
VMID 20659 : Gaobot DDOS Commands	Sub Rule	Host Distributed Denial Of Service	Denial Of Service
VMID 20658 : Phatbot Scan Commands	Sub Rule	Detected Trojan Activity	Malware
VMID 21049 : Backdoor X ZT00 Ver 1.0	Sub Rule	Detected Backdoor Activity	Malware
VMID 21048 : BD IIlusion 1.0	Sub Rule	Detected Trojan Activity	Malware
VMID 21047 : Backdoor MoSucker 3.0	Sub Rule	Detected Backdoor Activity	Malware
VMID 21046 : BD Guptachar	Sub Rule	Detected Trojan Activity	Malware
VMID 21044 : BD BioNet 4.00.03 BE S	Sub Rule	Detected Trojan Activity	Malware
VMID 21043 : Backdoor C.I.A	Sub Rule	Detected Backdoor Activity	Malware
VMID 20760 : HTTP MS IE Help CTRL LZ Bypass	Sub Rule	Detected Trojan Activity	Malware
VMID 20618 : HTTP JJ Sample CGI Cmd Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21743 : HTTP Firefox DOM Override Code Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21584 : HTTP MDAC RDS Dataspace Code Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21583 : HTTP MS FrontPage Server Ext. XSS	Sub Rule	Cross-Site Scripting	Attack
VMID 21653 : HTTP CSS Domain/Zone Info Disclosure	Sub Rule	General Attack Activity	Attack
VMID 21655 : HTTP ASP.NET App Folder Info Disc	Sub Rule	General Attack Activity	Attack
VMID 21657 : HTTP MSIE Multi Style Tags Code Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21656 : HTTP MovieMaker ComObj CodeExec CLSID	Sub Rule	General Attack Activity	Attack
VMID 21665 : HTTP MovieMaker ComObj CodeExec	Sub Rule	General Attack Activity	Attack
VMID 21690 : HTTP MS Excel XLW 4.0 WkBk CodeExec	Sub Rule	General Attack Activity	Attack
VMID 21708 : HTTP DirectAnim ComObj CodeExec	Sub Rule	General Attack Activity	Attack
VMID 21707 : HTTP DirectAnim ComObj CodeExec CLSID	Sub Rule	General Attack Activity	Attack
VMID 21670 : HTTP MSIE ITS Protocol Zone Bypass	Sub Rule	General Attack Activity	Attack
VMID 21641 : RealVNC NULL Auth Bypass Attempt	Sub Rule	General Attack Activity	Attack
VMID 21585 : HTTP Sygate Policy Mgr SQL Injection	Sub Rule	SQL Injection	Attack
VMID 21581 : Sendmail Async Handler Rmt Code Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21580 : HTTP MSIE CreateTextRange Code Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21537 : HTTP RPlayer Error Msg Format String	Sub Rule	General Attack Activity	Attack
VMID 21526 : HTTP MS Windows WMF Code Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21513 : HTTP MS IE GetObject File Disclosure	Sub Rule	General Attack Activity	Attack
VMID 21510 : HTTP MSIE JvScrpt OnLoad Rte CodeExec	Sub Rule	General Attack Activity	Attack
VMID 21501 : SalesLogix File Upload Dir. Traversal	Sub Rule	Directory Traversal	Attack
VMID 21500 : HTTP SalesLogix SQL Injection	Sub Rule	SQL Injection	Attack
VMID 21496 : WinMail Directory Traversal	Sub Rule	Directory Traversal	Attack
VMID 21457 : Firefox Favicon Link Tag Code Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21318 : HTML Domain NM Bflo (Milw0rm Exploit)	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21315 : HTTP MS IE MMS Proto Hndlr Cmd Inj	Sub Rule	Arbitrary Code Execution	Attack
VMID 21313 : HTTP MS IE HHCtrl ActX XDom Scripting	Sub Rule	General Attack Activity	Attack
VMID 21310 : HTTP Firefox PLUGINSPAGE Remote Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21304 : HTML Domain Name Bflo (PoC)	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21296 : HP OpenView Remote Command Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21290 : HTTP MS IE MSdds.dll Code Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 21286 : HTTP Firefox Unauth Clipboard Disc	Sub Rule	General Attack Activity	Attack
VMID 21280 : HTTP MS Media Player Attr Corrupt	Sub Rule	General Attack Activity	Attack
VMID 21266 : Veritas Backup Exec Arb. File Dnld	Sub Rule	General Attack Activity	Attack
VMID 21253 : Shoutcast Remote Format String	Sub Rule	General Attack Activity	Attack
VMID 21233 : HTTP Oracle 9IAS PL/SQL Dir Trav.	Sub Rule	Directory Traversal	Attack
VMID 21213 : HTTP MS Javaprxy DLL Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 21210 : HTTP MS IE FTP Proto Hndlr Loc File	Sub Rule	General Attack Activity	Attack
VMID 21158 : HTTP IIS HTW Cross Site Scripting	Sub Rule	Cross-Site Scripting	Attack
VMID 21132 : HTTP MS Windows MSHTA Shell Execution	Sub Rule	General Attack Activity	Attack
VMID 20733 : HTTP MS FrontPage Dvwssr.dll Request	Sub Rule	General Attack Activity	Attack
VMID 20704 : HTTP MS Shell File Dnld Ext. Misrep.	Sub Rule	General Attack Activity	Attack
VMID 20716 : HTTP Crystal Rpts Form Viewer Trv	Sub Rule	General Attack Activity	Attack
VMID 20607 : HTTP Hylafax Faxsurvey Remote PW Acc	Sub Rule	General Attack Activity	Attack
VMID 20606 : HTTP MS JET DB Engine DSN Hack	Sub Rule	General Attack Activity	Attack
VMID 20578 : HTTP IIS ISAPI Enumeration	Sub Rule	General Attack Activity	Attack
VMID 20539 : HTTP MS IE ADODB Stream SavetoFile	Sub Rule	General Attack Activity	Attack
VMID 20536 : HTTP MS Showhelp CHM Download Attempt	Sub Rule	General Attack Activity	Attack
VMID 20535 : HTTP MS IE CHM Cross-Domain Redirect	Sub Rule	General Attack Activity	Attack
VMID 20529 : HTTP PHP Nuke ConfigFile Request	Sub Rule	General Attack Activity	Attack
VMID 20525 : Linux LPRng Format String Root	Sub Rule	General Attack Activity	Attack
VMID 20521 : HTTP SGI InfoSearch Fname Exec	Sub Rule	General Attack Activity	Attack
VMID 20520 : HTTP Novell CGI Convert Request	Sub Rule	General Attack Activity	Attack
VMID 20518 : HTTP WEBGais Remote Command Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 20516 : HTTP AltaVista DirTraversal	Sub Rule	Directory Traversal	Attack
VMID 20504 : WuFTPd Site Exec Bflo	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 20501 : HTTP Lotus Domino Password Bypass	Sub Rule	General Attack Activity	Attack
VMID 20500 : HTTP MS BizTalk DTA RemoteExec	Sub Rule	General Attack Activity	Attack
VMID 20499 : HTTP MS IIS ASP DataSuffix Request	Sub Rule	General Attack Activity	Attack
VMID 20498 : HTTP MS IE MIME IFRAME Exec	Sub Rule	General Attack Activity	Attack
VMID 20493 : HTTP MS IIS Showcode ASP Request	Sub Rule	General Attack Activity	Attack
VMID 20492 : HTTP MS IIS Newdsn CGI Request	Sub Rule	General Attack Activity	Attack
VMID 20382 : HTTP IE Object Type Validation	Sub Rule	General Attack Activity	Attack
VMID 20355 : HTTP Anaconda Directory Traversal	Sub Rule	Directory Traversal	Attack
VMID 20423 : HTTP IIS CMDExecution Access (1)	Sub Rule	General Attack Activity	Attack
VMID 20347 : HTTP Bdir.htr Path Disclosure	Sub Rule	General Attack Activity	Attack
VMID 20341 : HTTP Cart32 Remote Admin PW	Sub Rule	General Attack Activity	Attack
VMID 20344 : HTTP Htdig File Disclosure	Sub Rule	General Attack Activity	Attack
VMID 20336 : HTTP MS IIS ASP Source Disclosure	Sub Rule	General Attack Activity	Attack
VMID 20333 : HTTP FrontPage PWD Service Access	Sub Rule	General Attack Activity	Attack
VMID 20332 : HTTP SCO Skunkware ViewSrc Traversal	Sub Rule	General Attack Activity	Attack
VMID 20331 : HTTP Htgrep CGI File Access	Sub Rule	General Attack Activity	Attack
VMID 20346 : HTTP MS IIS TranslateF Request	Sub Rule	General Attack Activity	Attack
VMID 20328 : HTTP FormMail Cmd Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 20327 : HTTP Info2www CGI Command Exec	Sub Rule	Arbitrary Code Execution	Attack
VMID 20080 : MS SQL Registry Manipulation	Sub Rule	General Attack Activity	Attack
VMID 20079 : MS SQL Job Scheduling	Sub Rule	General Attack Activity	Attack
VMID 21824 : HTTP Surfsidkick Info Upload	Sub Rule	Detected Adware Activity	Malware
VMID 21822 : HTTP RCPrograms Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21814 : HTTP WinBo Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21807 : HTTP CasinoClient Install Request	Sub Rule	Detected Adware Activity	Malware
VMID 21801 : HTTP SmartSearch Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21788 : HTTP Adware Bonzi Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21798 : HTTP Webprefix Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21796 : HTTP DollarRevenue Download Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21792 : HTTP FastSeek Download Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21785 : HTTP Ezula Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21780 : HTTP SystemProcess Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21777 : HTTP Director Download Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21774 : HTTP SmartDove Download Request	Sub Rule	Detected Adware Activity	Malware
VMID 21772 : HTTP MoneyGainer Download Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21771 : HTTP IEHlpr Info Download Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21769 : HTTP IEHlpr Register Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21768 : HTTP IEHlpr CCNNLC Update Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21765 : HTTP IEHlpr SmartAllyes Update Acty	Sub Rule	Detected Adware Activity	Malware
VMID 21763 : HTTP Umaxsearch Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21760 : HTTP BBSee Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21756 : HTTP Shorty Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21751 : HTTP MessStopper Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21748 : HTTP FreeScratchWin Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21746 : HTTP FIZZLE Config Request	Sub Rule	Detected Adware Activity	Malware
VMID 21664 : HTTP TAFbar Install Request	Sub Rule	Detected Adware Activity	Malware
VMID 21666 : HTTP UCMore Install Request	Sub Rule	Detected Adware Activity	Malware
VMID 21640 : HTTP OfferAgent Ad Popup Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21639 : HTTP OfferAgent Install Request	Sub Rule	Detected Adware Activity	Malware
VMID 21634 : HTTP Zeropopup Install Request	Sub Rule	Detected Adware Activity	Malware
VMID 21633 : HTTP Zuvio Install Request	Sub Rule	Detected Adware Activity	Malware
VMID 21632 : Alexa Installation Request	Sub Rule	Detected Adware Activity	Malware
VMID 21631 : Alexa User Info Tracking	Sub Rule	Detected Adware Activity	Malware
VMID 21630 : HTTP Adultlinks Install Request	Sub Rule	Detected Adware Activity	Malware
VMID 21629 : Adbars Search Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21627 : Adbars Install Request	Sub Rule	Detected Adware Activity	Malware
VMID 21616 : Adroar Update Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21615 : Adroar Install Request	Sub Rule	Detected Adware Activity	Malware
VMID 21613 : Adblock Update Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21612 : Adblock Redirect Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21611 : Adblock Install Download	Sub Rule	Detected Adware Activity	Malware
VMID 21605 : HTTP MatrixSearch Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21603 : HTTP MatrixSearch Instltn Request	Sub Rule	Detected Adware Activity	Malware
VMID 21591 : P2P Emule Kademlia Request	Sub Rule	P2P Activity	Misuse
VMID 21566 : HTTP EasyWWW Install File Request	Sub Rule	Detected Adware Activity	Malware
VMID 21476 : WildMedia WinFetch Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21475 : Webrebate Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21472 : HTTP IGetNet Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21470 : Adlogix SetupFile Request	Sub Rule	Detected Adware Activity	Malware
VMID 21469 : Helpexpress SetupFile Request	Sub Rule	Detected Adware Activity	Malware
VMID 21465 : HTTP Mediaticket FileRequest Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21466 : P2PNetworking SetupFile Request	Sub Rule	P2P Activity	Misuse
VMID 21456 : HTTP SideSearch Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21453 : HTTP TargetSaver Update Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21444 : LinkMaker Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21443 : HTTP Begin2Search Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21441 : FTP MemoryMeter DLL Download	Sub Rule	Detected Adware Activity	Malware
VMID 21438 : Favoriteman Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21416 : StatBlaster Update	Sub Rule	Detected Adware Activity	Malware
VMID 21415 : SafeSearch Redirection Attempt	Sub Rule	Detected Adware Activity	Malware
VMID 21414 : HTTP BroadcastPC Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21410 : Incredifind Redirect Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21408 : Ebates Moemoney Tracking Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21407 : Ebates Moemoney Popup Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21406 : HTTP CoolWebSearch Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21434 : Clearsearch Ping Request	Sub Rule	Detected Adware Activity	Malware
VMID 21433 : Clearsearch InstallFiles Request	Sub Rule	Detected Adware Activity	Malware
VMID 21432 : HTTP Clearsearch ControlInfo Transfer	Sub Rule	Detected Adware Activity	Malware
VMID 21429 : Look2ME Updates	Sub Rule	Detected Adware Activity	Malware
VMID 21428 : BlazeFind SetupFile Request	Sub Rule	Detected Adware Activity	Malware
VMID 21404 : HTTP Quadro Data Transfer	Sub Rule	Detected Adware Activity	Malware
VMID 21403 : Virtumonde Requesting DLL Files	Sub Rule	Detected Adware Activity	Malware
VMID 21402 : NewDotNet Redirecting Mistyped URL	Sub Rule	Detected Adware Activity	Malware
VMID 21401 : CWSIEFEATS Data Transfer	Sub Rule	Detected Adware Activity	Malware
VMID 21400 : IEFeats Data Transfer	Sub Rule	Detected Adware Activity	Malware
VMID 21383 : GameSpyArcade Requesting StatInfo	Sub Rule	Game Activity	Misuse
VMID 21382 : Gamespyarcade Version Check	Sub Rule	Game Activity	Misuse
VMID 21381 : NaviHelper Update Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21380 : NaviHelper Installation Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21378 : HTTP IEDriver Popup Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21377 : MedLoad InstallFile Download	Sub Rule	Detected Adware Activity	Malware
VMID 21376 : HTTP MedLoad OCX FileDownload	Sub Rule	Detected Adware Activity	Malware
VMID 21375 : MedLoad Logging Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21374 : ZangoSearch CLSID Reg. Subkey Install	Sub Rule	Detected Adware Activity	Malware
VMID 21371 : IPInsight StubConscorr Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21370 : IPInsight StubSentry Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21369 : BookedSpace Downloading Files	Sub Rule	Detected Adware Activity	Malware
VMID 21368 : HTTP BookedSpace Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21367 : Websearch Configuration Request	Sub Rule	Detected Adware Activity	Malware
VMID 21366 : Websearch Reporting Log Information	Sub Rule	Detected Adware Activity	Malware
VMID 21365 : WebSearch Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21364 : SuperSpider Hijack Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21362 : Envolo AutoUpdate Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21361 : Envolo Installation Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21359 : VirtualBouncer Update Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21360 : VirtualBouncer Installation Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21358 : Starware Update Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21357 : Starware Installation Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21356 : SurfSideKick AutoUpdate Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21355 : HTTP SurfSideKick Installation Acty	Sub Rule	Detected Adware Activity	Malware
VMID 21354 : Slagent Registry CLSID	Sub Rule	Detected Adware Activity	Malware
VMID 21353 : Slagent DLL Request	Sub Rule	Detected Adware Activity	Malware
VMID 21351 : ShopAtHome Agent Preferences	Sub Rule	Detected Adware Activity	Malware
VMID 21350 : ShopAtHome Agent Registration	Sub Rule	Detected Adware Activity	Malware
VMID 21349 : ShopAtHome Bundle Tracking	Sub Rule	Detected Adware Activity	Malware
VMID 21348 : ShopAtHome Agent Installation Acty	Sub Rule	Detected Adware Activity	Malware
VMID 21347 : PurityScan InfoTransfer Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21346 : PurityScan Notification Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21345 : PurityScan Installation Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21344 : HTTP Windupdate Mediapass Install	Sub Rule	Detected Adware Activity	Malware
VMID 21343 : Windupdates Mediapass Installer CLSID	Sub Rule	Detected Adware Activity	Malware
VMID 21342 : HTTP LOP Toolbar Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21341 : LOP Toolbar Update	Sub Rule	Detected Adware Activity	Malware
VMID 21340 : Elitebar Update Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21339 : Elitebar Control Information Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21336 : HTTP Dealhelper Downloading Data	Sub Rule	Detected Adware Activity	Malware
VMID 21335 : DAP Daptest Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21334 : Instafinder Requesting Configuration	Sub Rule	Detected Adware Activity	Malware
VMID 21333 : Instafinder Reporting Mistyped URL	Sub Rule	Detected Adware Activity	Malware
VMID 21332 : IEPlugin Activity	Sub Rule	Detected Adware Activity	Malware
SID 21331 : IEPlugin DLL Download Request	Sub Rule	Detected Adware Activity	Malware
VMID 21330 : HTTP CommonName Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21384 : BargainBuddy Installation Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21326 : BargainBuddy Adv Activity	Sub Rule	Detected Adware Activity	Malware
VMID 21323 : AdDestroyer Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20816 : Ezula Upgrade And Version Check	Sub Rule	Detected Adware Activity	Malware
VMID 20780 : Hotbar Cookie Detected	Sub Rule	Detected Adware Activity	Malware
VMID 20779 : Hotbar PopUp Ads Request	Sub Rule	Detected Adware Activity	Malware
VMID 20778 : HTTP Hotbar Info Transfer PopUp	Sub Rule	Detected Adware Activity	Malware
VMID 20777 : Hotbar Updates Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20776 : Hotbar Temp And Toolbar Disp Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20775 : Hotbar Installation & Upgrade Activty	Sub Rule	Detected Adware Activity	Malware
VMID 20815 : GAIN Web Cookie	Sub Rule	Detected Adware Activity	Malware
VMID 20814 : GAIN Reporting Typed URL-2	Sub Rule	Detected Adware Activity	Malware
VMID 20813 : GAIN Reporting Typed URL	Sub Rule	Detected Adware Activity	Malware
VMID 20812 : GAIN Website Visit Data Request	Sub Rule	Detected Adware Activity	Malware
VMID 20811 : GAIN Communication	Sub Rule	Detected Adware Activity	Malware
VMID 20810 : GAIN New Code Info Request	Sub Rule	Detected Adware Activity	Malware
VMID 20809 : HTTP Avres Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20808 : HTTP Delfin Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20807 : Delfin Definition File Request	Sub Rule	Detected Adware Activity	Malware
VMID 20806 : Delfin Ads Request	Sub Rule	Detected Adware Activity	Malware
VMID 20805 : ActiveSearch Search Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20802 : HTTP Cydoor Media Files Request	Sub Rule	Detected Adware Activity	Malware
VMID 20801 : NetOptimizer Agent Upload	Sub Rule	Detected Adware Activity	Malware
VMID 20800 : HTTP MyWay Configuration Request	Sub Rule	Detected Adware Activity	Malware
VMID 20799 : HTTP MyWay Buttons Request	Sub Rule	Detected Adware Activity	Malware
VMID 20798 : ISTBar Fav Menu Porn Site Request	Sub Rule	Detected Adware Activity	Malware
VMID 20797 : HTTP ISTBar Agent Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20796 : ISTBar Configuration Request	Sub Rule	Detected Adware Activity	Malware
VMID 20795 : Euniverse Thunderdownload Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20794 : Euniverse Thunderdownload Instltn	Sub Rule	Detected Adware Activity	Malware
VMID 20793 : HTTP Euniverse Keenvalue PopUp Req	Sub Rule	Detected Adware Activity	Malware
VMID 20792 : HTTP Euniverse KeenValue Info Tfr	Sub Rule	Detected Adware Activity	Malware
VMID 20791 : Euniverse Flowgo Ping Request	Sub Rule	Detected Adware Activity	Malware
VMID 20790 : HTTP Euniverse FlowGoBar Config Req	Sub Rule	Detected Adware Activity	Malware
VMID 20789 : 180Solutions Update	Sub Rule	Possible Adware Activity	Malware
VMID 20788 : 180Solutions Requesting Action URL	Sub Rule	Possible Adware Activity	Malware
VMID 20787 : 180Solutions Tracking Events	Sub Rule	Possible Adware Activity	Malware
VMID 20786 : 180Solutions Requesting Ads	Sub Rule	Possible Adware Activity	Malware
VMID 20785 : 180Solutions Requesting Keywords	Sub Rule	Possible Adware Activity	Malware
VMID 20784 : HTTP 180Solutions Config Event	Sub Rule	Detected Adware Activity	Malware
VMID 20751 : HTTP BetterInternet Install Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20750 : HTTP BetterInternet Info Upload	Sub Rule	Detected Adware Activity	Malware
VMID 20749 : MXTarget Information Upload	Sub Rule	Detected Adware Activity	Malware
VMID 20782 : Topmoxie Recoding Downloads & Offers	Sub Rule	Detected Adware Activity	Malware
VMID 20781 : TopMoxie Requesting Build Files	Sub Rule	Detected Adware Activity	Malware
VMID 20774 : Hotbar Reports Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20748 : WhenU SearchBar Sidefinder Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20747 : WhenU Request For Offers	Sub Rule	Detected Adware Activity	Malware
VMID 20746 : WhenU Update Events	Sub Rule	Detected Adware Activity	Malware
VMID 20745 : WhenU Installation Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20744 : WhenU ClockSync WeatherCast Activity	Sub Rule	Detected Adware Activity	Malware
VMID 20563 : Gator Request	Sub Rule	Detected Adware Activity	Malware
VMID 23663 : HTTP Trojan Mebroot Request Detected	Sub Rule	Detected Trojan Activity	Malware
VMID 23179 : MSRPC Server Service BO Detected	Sub Rule	Possible Malware Activity	Malware
VMID 22980 : HTTP Fake Codec Request Detected	Sub Rule	Possible Malware Activity	Malware
VMID 23615 : HTTPS Tidserv Request 2 Detected	Sub Rule	Possible Malware Activity	Malware
VMID 24089 : Malicious Toolkit Website 9	Sub Rule	Detected Malware Activity	Malware
VMID 23471: OS Attack: Validate Provider Callback	Sub Rule	Vuln High Severity : Denial Of Service	Vulnerability
VMID 25728 : Blackhole Toolkit Website 21	Sub Rule	General Attack Activity	Attack
VMID 10000 : Portscan Blocked	Sub Rule	Port Scan	Reconnaissance
VMID 23113 : RPC MS Host Integration Server Block	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 24594 : Malicious Injected JS 2 Attack Block	Sub Rule	Failed Malware Activity	Failed Malware
VMID 25238 : Misleading App Website Attack Block	Sub Rule	Suspicious Network Activity	Suspicious
VMID 26493 : Red Exploit Kit Website2 Attack Block	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 27160 : Magnitd Explt Kt Website Attack Block	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 27222 : PUP/Adware/Fake App Dld Block	Sub Rule	Suspicious Network Activity	Suspicious
VMID 27430 : Angler Exploit Kit Website Block	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 27517 : OpenSSL Heartbleed Block	Sub Rule	Failed Protocol Anomaly	Failed Attack
VMID 27564 : Trojan.Zbot Download Request Block	Sub Rule	Failed Trojan Activity	Failed Malware
VMID 27576 : Malicious File Download Block	Sub Rule	Failed Malware Activity	Failed Malware
VMID 27608 : Fake Flash Update Download Block	Sub Rule	Failed Malware Activity	Failed Malware
VMID 70029 : Exploit Toolkit Website Block	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 70094 : Internet Explorer Attack Block	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 22799 : Malicious Redirection	Sub Rule	Incorrect Message Direction	Error
VMID 22809 : Heap Spray Attack Detected	Sub Rule	Detected Virus Activity	Malware
VMID 22819 : Suspicious Image Executable	Sub Rule	Suspicious Activity	Suspicious
VMID 23620 : HTML Render JS Attack	Sub Rule	Potential Vulnerability Exploit Allowed	Activity
VMID 23875 : Remote Code Execution Attack Blocked	Sub Rule	Remote File Inclusion	Attack
VMID 26299 : Mass Injection Detected	Sub Rule	General Attack Activity	Attack
VMID 26682 : Fake Tech Support Website	Sub Rule	Fake Hostname - Forward Lookup Doesn't Exist	Warning
VMID 27959 : Server Hello Attack Detected	Sub Rule	General Attack Activity	Attack
VMID 28173 : Malicious Advertisement	Sub Rule	Suspicious Network Activity	Suspicious
VMID 28377 : Malicious JS Redirect	Sub Rule	General Attack Activity	Attack
VMID 28625 : Malicious Advertisement	Sub Rule	Suspicious Network Activity	Suspicious
VMID 28931 : System Infected Adware.Gen	Sub Rule	General Virus Infected Warning	Warning
VMID 28973 : System Infected Adware.Gen	Sub Rule	General Virus Infected Warning	Warning
VMID 29047 : WPScan Tool Attack	Sub Rule	General Attack Activity	Attack
VMID 29071 : IIS Buffer Overflow Attack	Sub Rule	Buffer Overflow/Underflow	Attack
VMID 29150 : Server Hello Attack Detected	Sub Rule	General Attack Activity	Attack
VMID 29173 : Fake Tech Support Website	Sub Rule	Fake Hostname - Forward Lookup Doesn't Exist	Warning
VMID 30740 : Drupal RCE CVE-2018-7600	Sub Rule	General Attack Activity	Attack
VMID 30716 : Fake Browser Update 8	Sub Rule	General Attack Activity	Attack
VMID 30711 : .git Directory Information Leak	Sub Rule	Suspicious Activity	Suspicious
VMID 30703 : .DS_Store Information Leak	Sub Rule	Suspicious Activity	Suspicious
VMID 30701 : Malvertisement Website Redirect 28	Sub Rule	General Attack Activity	Attack
VMID 30671 : Mass Injection Website 48	Sub Rule	General Attack Activity	Attack
VMID 30646 : JSCoinminer Download 42	Sub Rule	General Attack Activity	Attack
VMID 30628 : Malicious Payload Upload 2	Sub Rule	General Attack Activity	Attack
VMID 30610 : JSCoinminer Download 34	Sub Rule	General Attack Activity	Attack
VMID 30605 : Malvertisement Website Redirect 20	Sub Rule	General Attack Activity	Attack
VMID 30596 : JSCoinminer Download 24	Sub Rule	General Attack Activity	Attack
VMID 30595 : Malicious Payload Upload	Sub Rule	General Attack Activity	Attack
VMID 30589 : JSCoinminer Download 21	Sub Rule	General Attack Activity	Attack
VMID 30568 : Oracle WebLogic RCE CVE-2017-10271	Sub Rule	General Attack Activity	Attack
VMID 30562 : Fake Tech Support Website 181	Sub Rule	General Attack Activity	Attack
VMID 30492 : JSCoinminer Download 14	Sub Rule	General Attack Activity	Attack
VMID 30486 : Malicious Redirection 21	Sub Rule	General Attack Activity	Attack
VMID 30477 : Mass Injection Website 36	Sub Rule	General Attack Activity	Attack
VMID 30455 : Adware.Gen Activity 34	Sub Rule	Host Compromised	Compromise
VMID 30429 : SMB Bruteforce Attempt	Sub Rule	Brute Force Activity	Attack
VMID 30415 : JSCoinminer Download 10	Sub Rule	General Attack Activity	Attack
VMID 30413 : Passwd File Download Attempt	Sub Rule	General Attack Activity	Attack
VMID 30369 : Nessus Vulnerability Scanner Activity	Sub Rule	Unauthorized Program/Process	Misuse
VMID 30358 : JSCoinminer Download 8	Sub Rule	General Attack Activity	Attack
VMID 30356 : JSCoinminer Download 6	Sub Rule	General Attack Activity	Attack
VMID 30355 : JSCoinminer Download	Sub Rule	General Attack Activity	Attack
VMID 30353 : JSCoinminer Download 4	Sub Rule	Unauthorized Program/Process	Misuse
VMID 30352 : JSCoinminer Download 3	Sub Rule	Unauthorized Program/Process	Misuse
VMID 30341 : JSCoinminer Download 2	Sub Rule	Unauthorized Program/Process	Misuse
VMID 30285 : Masscan Scanner Request	Sub Rule	General Attack Activity	Attack
VMID 30263 : MS SMB Remote Code Execution	Sub Rule	Arbitrary Code Execution	Attack
VMID 30239 : Unimplemented Trans2 Subcommand	Sub Rule	Possible Backdoor Activity	Malware
VMID 30226 : Nessus Vulnerability Scanner Activity	Sub Rule	General Attack Activity	Attack
VMID 30186 : Malicious Scan Request	Sub Rule	General Attack Activity	Attack
VMID 30104 : Malicious OGNL Expression Upload	Sub Rule	General Attack Activity	Attack
VMID 30072 : Malvertisement Website Redirect 10	Sub Rule	General Attack Activity	Attack
VMID 30068 : PSExec Utility Activity	Sub Rule	Unauthorized Program/Process	Misuse
VMID 30055 : Fake Tech Support Website 62	Sub Rule	General Attack Activity	Attack
VMID 30011 : SMB Validate Provider Callback	Sub Rule	General Attack Activity	Attack
VMID 30005 : Netis Router Scan 2	Sub Rule	General Attack Activity	Attack
VMID 30003 : Dahua UnAuthorized Access Request	Sub Rule	General Attack Activity	Attack
VMID 29972 : Apache Struts CVE-2017-5638	Sub Rule	Arbitrary Code Execution	Attack
VMID 29741 : Telnet Default Login Credentials	Sub Rule	General Attack Activity	Attack
VMID 29626 : Network Weathermap Editor	Sub Rule	General Attack Activity	Attack
VMID 29464 : Nessus Vulnerability Scanner Activity	Sub Rule	General Attack Activity	Attack
VMID 29236 : D-Link Router Information Disclosure	Sub Rule	General Attack Activity	Attack
VMID 29027 : Joomla Remote Code Execution	Sub Rule	Arbitrary Code Execution	Attack
VMID 28898 : Mass Iframe Injection Website 21	Sub Rule	General Attack Activity	Attack
VMID 28821 : Mass Injection Website 19	Sub Rule	General Attack Activity	Attack
VMID 27921 : GNU Bash CVE-2014-6278	Sub Rule	Arbitrary Code Execution	Attack
VMID 27907 : GNU Bash CVE-2014-6271	Sub Rule	Arbitrary Code Execution	Attack
VMID 26704 : WP RevSlider/ShowBiz Security ByPass	Sub Rule	General Attack Activity	Attack
VMID 25928 : ZeroAccess P2P Request	Sub Rule	Host Compromised	Compromise
VMID 25651 : Malicious Toolkit Website 14	Sub Rule	General Attack Activity	Attack
VMID 25557 : Fake Scan Webpage 3	Sub Rule	General Attack Activity	Attack
VMID 24125 : Malicious Cookie Activity	Sub Rule	General Attack Activity	Attack
VMID 23906 : TCP MODBUS Unauthorized Read Request	Sub Rule	General Attack Activity	Attack
VMID 23816 : TCP ISO-SP AB Param Is Not User Data	Sub Rule	Bad Parameter	Information
VMID 23815 : TCP ISO-SP DN Param Is Not User Data	Sub Rule	Bad Parameter	Information
VMID 23814 : TCP ISO-SP FN Param Is Not User Data	Sub Rule	Bad Parameter	Information
VMID 23812 : TCP ISO-SP Invalid CN Parameter Code	Sub Rule	Bad Parameter	Information
VMID 30740 : Drupal RCE CVE-2018-7600	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30716 : Fake Browser Update 8	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30711 : .git Directory Information Leak	Sub Rule	Failed Suspicious Activity	Failed Suspicious
VMID 30703 : .DS_Store Information Leak	Sub Rule	Failed Suspicious Activity	Failed Suspicious
VMID 30701 : Malvertisement Website Redirect 28	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30671 : Mass Injection Website 48	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30646 : JSCoinminer Download 42	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30628 : Malicious Payload Upload 2	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30610 : JSCoinminer Download 34	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30605 : Malvertisement Website Redirect 20	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30596 : JSCoinminer Download 24	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30595 : Malicious Payload Upload	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30589 : JSCoinminer Download 21	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30568 : Oracle WebLogic RCE CVE-2017-10271	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30562 : Fake Tech Support Website 181	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30492 : JSCoinminer Download 14	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30486 : Malicious Redirection 21	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30477 : Mass Injection Website 36	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30455 : Adware.Gen Activity 34	Sub Rule	Host Compromised	Compromise
VMID 30429 : SMB Bruteforce Attempt	Sub Rule	Failed Brute Force Activity	Failed Attack
VMID 30415 : JSCoinminer Download 10	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30413 : Passwd File Download Attempt	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30369 : Nessus Vulnerability Scanner Activity	Sub Rule	Unauthorized Program/Process	Misuse
VMID 30358 : JSCoinminer Download 8	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30356 : JSCoinminer Download 6	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30355 : JSCoinminer Download	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30353 : JSCoinminer Download 4	Sub Rule	Unauthorized Program/Process	Misuse
VMID 30352 : JSCoinminer Download 3	Sub Rule	Unauthorized Program/Process	Misuse
VMID 30341 : JSCoinminer Download 2	Sub Rule	Unauthorized Program/Process	Misuse
VMID 30285 : Masscan Scanner Request	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30263 : MS SMB Remote Code Execution	Sub Rule	Failed Arbitrary Code Execution	Failed Attack
VMID 30239 : Unimplemented Trans2 Subcommand	Sub Rule	Possible Backdoor Activity	Malware
VMID 30226 : Nessus Vulnerability Scanner Activity	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30186 : Malicious Scan Request	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30104 : Malicious OGNL Expression Upload	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30072 : Malvertisement Website Redirect 10	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30068 : PSExec Utility Activity	Sub Rule	Unauthorized Program/Process	Misuse
VMID 30055 : Fake Tech Support Website 62	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30011 : SMB Validate Provider Callback	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30005 : Netis Router Scan 2	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 30003 : Dahua UnAuthorized Access Request	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 29972 : Apache Struts CVE-2017-5638	Sub Rule	Failed Arbitrary Code Execution	Failed Attack
VMID 29741 : Telnet Default Login Credentials	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 29626 : Network Weathermap Editor	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 29464 : Nessus Vulnerability Scanner Activity	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 29236 : D-Link Router Information Disclosure	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 29027 : Joomla Remote Code Execution	Sub Rule	Failed Arbitrary Code Execution	Failed Attack
VMID 28898 : Mass Iframe Injection Website 21	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 28821 : Mass Injection Website 19	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 27921 : GNU Bash CVE-2014-6278	Sub Rule	Failed Arbitrary Code Execution	Failed Attack
VMID 27907 : GNU Bash CVE-2014-6271	Sub Rule	Failed Arbitrary Code Execution	Failed Attack
VMID 26704 : WP RevSlider/ShowBiz Security ByPass	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 25928 : ZeroAccess P2P Request	Sub Rule	Host Compromised	Compromise
VMID 25651 : Malicious Toolkit Website 14	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 25557 : Fake Scan Webpage 3	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 24125 : Malicious Cookie Activity	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 23906 : TCP MODBUS Unauthorized Read Request	Sub Rule	Failed General Attack Activity	Failed Attack
VMID 23816 : TCP ISO-SP AB Param Is Not User Data	Sub Rule	Traffic Denied by DLP	Network Deny
VMID 23815 : TCP ISO-SP DN Param Is Not User Data	Sub Rule	Traffic Denied by DLP	Network Deny
VMID 23814 : TCP ISO-SP FN Param Is Not User Data	Sub Rule	Traffic Denied by DLP	Network Deny
VMID 23812 : TCP ISO-SP Invalid CN Parameter Code	Sub Rule	Traffic Denied by DLP	Network Deny
VMID 23877 : WebAttack: ColdFusion Remote Code Exe	Sub Rule	Remote File Inclusion	Attack
VMID 26073 : Attack: Novell ZENWorks Asset Managem	Sub Rule	General Threat Message	Activity
VMID 26960 : Suspicious PHP URI Location WebAttack	Sub Rule	Network Compromised	Compromise
VMID 27376 : Suspicious PHP URI Location Attack	Sub Rule	Network Compromised	Compromise
VMID 27847 : Wordpress Arbitrary File Download	Sub Rule	Remote File Inclusion	Attack
VMID 27863 : Joomla Component Local File Inclusion	Sub Rule	phpMyAdmin Local File Inclusion (2.6.4-pl1)	Activity
VMID 27973 : Web Attack: Drupal SQL Injection	Sub Rule	SQL Injection	Attack
VMID 28015 : Web Attack: Allegro RomPager	Sub Rule	Security Violation	Other Security
VMID 29049 : Web Attack: Wordpress Arbitrary File	Sub Rule	Arbitrary Code Execution	Attack
VMID 29771 : Attack: Web CMS Think PHP RCE	Sub Rule	SQL Injection	Attack
VMID 30284 : Attack: Apache Struts	Sub Rule	Arbitrary Code Execution	Attack
VMID 30545 : Web Attack: GoAhead RCE	Sub Rule	General Attack Activity	Attack
VMID 30573 : Malicious Serialized Object Upload	Sub Rule	Malformed Object	Suspicious
VMID 30762 : Web Attack: Drupal Core RCE	Sub Rule	Arbitrary Code Execution	Attack
VMID 30764 : Remote OS Command Injection Attack	Sub Rule	Unknown Command	Other Security
VMID 30819 : Web Attack: Adobe Flex BlazeDS RCE	Sub Rule	Arbitrary Code Execution	Attack
VMID 30910 : Web Attack: phpMyAdmin RFI	Sub Rule	Remote File Inclusion	Attack
VMID 30992 : Web Attack: ECShop SQL Injection	Sub Rule	SQL Injection	Attack
VMID 31448 : WordPress Plugin XSS Attempt Attack	Sub Rule	Vuln High Severity : CGI Abuses : XSS	Vulnerability
VMID 31474 : Apache Tomcat Remote Code Execution	Sub Rule	Arbitrary Code Execution	Attack
VMID 31593 :WordPress Plugin Path Traversal Attack	Sub Rule	Directory Traversal	Attack
VMID 31811 : Malicious Scan Request Attack	Sub Rule	Vulnerability Scanner Information	Other Security
VMID 31818 :vBulletin Remote Code Execution Attack	Sub Rule	Arbitrary Code Execution	Attack
VMID 31212 :Web Attack: Remote Code Execution	Sub Rule	Remote File Inclusion	Attack
VMID 31242:Malicious Site:Malicious Domain Request	Sub Rule	General Attack Activity	Attack
VMID 31757:Audit: PUA.Downloader Download 7	Sub Rule	Suspicious Activity	Suspicious

LogRhythm Default v2.0

Regex ID	Rule Name	Rule Type	Common Events	Classifications
1011169	V 2.0 : Inbound SEP Malcious Activity Detected	Base Rule	General Attack Activity	Attack
	V 2.0 : Inbound SEP Identified Attack Sign. Detect	Sub Rule	General Attack Activity	Attack
	V 2.0 : SEP Identified Attack Sign. Detected	Sub Rule	General Attack Activity	Attack