Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log Field

LogRhythm Default

LogRhythm Default v2.0

N/A<sip><sip>
N/AN/A<sname>
N/A<dip><dip>
N/AN/A<dname>
N/A<sport><sport>
N/A<dport><dport>
N/A<smac><smac>
N/A<dmac><dmac>
N/A<protname><protname>
N/AN/A<account>
N/AN/A<domainimpacted>
N/A<subject><subject>
N/A<threatname><threatname>
N/AN/A<threatid>
N/A<hash><hash>
N/A<url><url>
N/A<quantity><quantity>
N/AN/A<tag1>
N/AN/A<tag2>
N/A<vmid>N/A
N/A<severity>N/A
N/A<login>N/A
N/A<domainorigin>N/A
N/A<object>N/A
N/A<cve>N/A
N/A<group>N/A
N/A<command>N/A
N/A<sender>N/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID

Rule Name

Rule Type

Common Event

Classification

1000416





































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Attack SignatureBase RuleGeneral Attack ActivityAttack
VMID 21487 : MSRPC Multiple Context IDSSub RuleSuspicious ActivitySuspicious
VMID 21261 : HTTP MS IE Frame Cross Site ScriptingSub RuleCross-Site ScriptingAttack
VMID 21679 : HTTP Webhancer Install ActivitySub RuleDetected Adware ActivityMalware
VMID 21621 : 7FASST Search ActivitySub RulePossible Malware ActivityMalware
VMID 21620 : 7FASST User Tracking ActivitySub RulePossible Malware ActivityMalware
VMID 21430 : WebHancer Posting InformationSub RuleDetected Adware ActivityMalware
VMID 21617 : 007SPY Install RequestSub RuleDetected Spyware ActivityMalware
VMID 21575 : HTTP ZSearch Instltn File RequestSub RuleDetected Spyware ActivityMalware
VMID 21574 : HTTP SearchPounder Info RequestSub RuleDetected Spyware ActivityMalware
VMID 21573 : Tafbar Install File RequestSub RuleDetected Spyware ActivityMalware
VMID 21570 : 2020Search Configuration RequestSub RuleDetected Spyware ActivityMalware
VMID 21569 : 2020Search Installation File RequestSub RuleDetected Spyware ActivityMalware
VMID 21568 : 2020Search Info. Upload RequestSub RuleDetected Spyware ActivityMalware
VMID 21563 : Dotcomtoolbar Instltn Files RequestSub RuleDetected Spyware ActivityMalware
VMID 21558 : Megasearchbar InstallationFile ReqSub RuleDetected Spyware ActivityMalware
VMID 21452 : Perfect InstallFIle DownloadSub RuleDetected Spyware ActivityMalware
VMID 21451 : ISearch Mistyped URL Hijack AttemptSub RuleDetected Spyware ActivityMalware
VMID 21450 : ISearch DNS RequestSub RuleDetected Spyware ActivityMalware
VMID 21449 : ISearch Search ActivitySub RuleDetected Spyware ActivityMalware
VMID 21447 : HTTP QuickSearch ActivitySub RuleDetected Spyware ActivityMalware
VMID 21446 : QuickSearch DNS RequestSub RuleDetected Spyware ActivityMalware
VMID 21418 : Goidr DNS RequestSub RuleDetected Spyware ActivityMalware
VMID 21363 : HTTP ShopNav Uploading Reg InfoSub RuleDetected Spyware ActivityMalware
VMID 21338 : E2Give InstallFile RequestSub RuleDetected Spyware ActivityMalware
VMID 21337 : E2Give AppID Registry SubkeySub RuleDetected Spyware ActivityMalware
VMID 21329 : CometCursor Cursor DownloadSub RuleDetected Spyware ActivityMalware
VMID 21328 : CometCursor Logging InformationSub RuleDetected Spyware ActivityMalware
VMID 21327 : CometCursor Plus DownloadSub RuleDetected Spyware ActivityMalware
VMID 21325 : HTTP Apropos Ad ActivitySub RuleDetected Spyware ActivityMalware
VMID 21324 : HTTP Apropos Installation ActivitySub RuleDetected Spyware ActivityMalware
VMID 21588 : PWDump Tool ActivitySub RuleDetected Spyware ActivityMalware
VMID 21385 : SQLDict Brute Force Pswd Tool UsageSub RuleBrute Force ActivityAttack
VMID 20353 : HTTP Whisker/Libwhisker Scan-2Sub RulePort ScanReconnaissance
VMID 20352 : HTTP Whisker/Libwhisker Scan-1Sub RulePort ScanReconnaissance
VMID 20628 : MSRPC Mutiple HeadersSub RuleSuspicious ActivitySuspicious
VMID 20627 : MS RPC Heap Queue BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21237 : HTTP MS IE Local Resource EnumerationSub RuleSuspicious ActivitySuspicious
VMID 21236 : HTTP MS IE Sysimage File DetectionSub RuleSuspicious ActivitySuspicious
VMID 21232 : HTTP Oracle SOAP Default Config VulnSub RuleSuspicious ActivitySuspicious
VMID 20524 : HTTP Cobalt Raq Apache DisclosureSub RuleSuspicious ActivitySuspicious
VMID 20517 : HTTP ColdFusion CFM DisclosureSub RuleSuspicious ActivitySuspicious
VMID 20511 : HTTP CGI Test RequestSub RuleSuspicious ActivitySuspicious
VMID 20508 : HTTP CGI NPH RequestSub RuleSuspicious ActivitySuspicious
VMID 20496 : HTTP Request Direct Perl ProbeSub RuleSuspicious ActivitySuspicious
VMID 20335 : HTTP MS IIS SQL Hit DisclosureSub RuleSuspicious ActivitySuspicious
VMID 20334 : HTTP ISM DLL Remote AdministrationSub RuleSuspicious ActivitySuspicious
VMID 20655 : VNC Login FailedSub RuleUser Logon FailureAuthentication Failure
VMID 21812 : HTTP DialPlatform ActivitySub RulePossible Malware ActivityMalware
VMID 21805 : HTTP InstantAccess ActivitySub RulePossible Malware ActivityMalware
VMID 21791 : HTTP WKS Lotus 1-2-3 Remote Code ExecSub RuleArbitrary Code ExecutionAttack
VMID 21790 : HTTP Excel Multi Remote Code Exec-2Sub RuleArbitrary Code ExecutionAttack
VMID 21783 : HTTP McAfee EPolicy Large Src BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21776 : HTTP WebViewFolderIcon SetSlice BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21750 : HTTP MS IE VML Fill Method BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21744 : HTTP DirectAnimation KeyFrame BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21737 : MS OLE Automation SubstringData BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21735 : HTTP MSIE IsComponentInstalled BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21734 : EMC Retrospect Client Buffer OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 21732 : HTTP DirectAnimation Spline Heap BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21728 : HTTP Firefox SVG Mem ExecSub RuleBuffer Overflow/UnderflowAttack
VMID 21725 : HTTP NullSoft Winamp Playlist BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21720 : HTTP Mozilla InstallVersion BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21719 : HTTP ANI File Hdr Size BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21717 : Symantec Backup Exec SelectSvc BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21551 : HTTP Embed Tag NPDSPlay DLL BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21552 : HTTP WMF Metahdr FileSize Int. OfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21553 : MSRPC WebClient BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21662 : SMB Srv.sys Driver Rmt Code ExecutionSub RuleArbitrary Code ExecutionAttack
VMID 21663 : MSRPC RRAS Buffer OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 21687 : HTTP Excel Multi Remote Code Exec-1Sub RuleArbitrary Code ExecutionAttack
VMID 21689 : Microsoft DHCP Service Options BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21698 : HTTP MSIE Content Type BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21701 : MSRPC SrvSvc NetApi Buffer Overflow-1Sub RuleBuffer Overflow/UnderflowAttack
VMID 21702 : MSRPC SrvSvc NetApi Buffer Overflow-2Sub RuleBuffer Overflow/UnderflowAttack
VMID 21706 : MS DNS Client ATMA Code ExecSub RuleArbitrary Code ExecutionAttack
VMID 21674 : HTTP PeerCast Remote Buffer OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 21672 : HTTP MS Excel Unicode HLINK BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21671 : MS PPTP Server Buffer OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 21668 : Alt-N WebAdmin USER Buffer OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 21667 : HTTP BadBlue MFCISAPI Cmd BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21659 : HTTP MSIE MHTML URI BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21649 : Symantec AV Stack OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 21532 : Cmptr Associates Lic GetConfig BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21531 : Computer Associates License GCR BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21530 : HTTP GIF Netscape BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21528 : VMware NAT FTP Commands BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21527 : MS DirectShow AVI BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21520 : RSA Agent WebRedirect BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21519 : RSA Agent Chunked Encoding Heap BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21515 : Yahoo! IM Activex Yauto.dll BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21512 : HTTP MS Frontpage Image Mapper BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21459 : Yahoo! Webcam ActiveX Control BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21397 : Snort BackOrifice Preprocessor BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21391 : Veritas Bpjava Format String BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21388 : HTTP MS Lnk File FaceName BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21386 : MS Netware NWWKS BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21387 : MS PNP Registry DeviceName BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21389 : MS MSDTC UserAllocate BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21314 : HTTP Acrobat ActX Ctrl URI Req BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21312 : HTTP RealPlayer SMIL File Stack BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21311 : HTTP MS IE MSHTML.DLL CSS Hndlng BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21260 : NetBIOS MS PnP QueryResConflist BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21259 : MS Printer Spooler Heap BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21246 : Veritas NetBackup Inv Timestamp BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21234 : HTTP Oracle 9IAS PLSQL BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21181 : ArcServe Discovery SERVICEPC BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21179 : ISS SMB Parsing Heap OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 21135 : HTTP Macromedia JRun Dotcfm File DiscSub RuleBuffer Overflow/UnderflowAttack
VMID 21138 : OS X Apple File Print Remote BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21137 : HTTP MS IIS Chunk Encoding Heap BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21124 : HTTP MS JET DB BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20986 : AOL IM AwayMsg BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20978 : HTTP MS IE DHTML Edit Ctrl AttackSub RuleGeneral Attack ActivityAttack
VMID 20980 : MS RPC License Logging CodeExecSub RuleBuffer Overflow/UnderflowAttack
VMID 20974 : RealNetwork Helix Transport BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20973 : RTSP RPlayer Helix LongMeth URI BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20971 : IMAP Server Login BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20962 : HTTP MS Word HyperlinkExt BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20833 : Veritas Backup Exec Hostname BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20752 : HTTP PHPBB URL Decode SQL InjectionSub RuleSQL InjectionAttack
VMID 20727 : MS WINS Replication Proto Rmt BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20726 : HTTP MS Visual Studio RAD BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20678 : HTTP MS IE Malf. IFRAME/EMBED BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20645 : HTTP MS IE Instl Eng Ctl Heap BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20640 : HTTP NNTP XPAT Cmd Query OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 20648 : MS RPC Network DDE BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 22888 : HTTP MS GDI JPEG Integer OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 20637 : SMB MS Windows GDI+ JPEG OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 20621 : MS Windows H.323 Bflo -2Sub RuleBuffer Overflow/UnderflowAttack
VMID 20620 : MS Windows H.323 Bflo -1Sub RuleBuffer Overflow/UnderflowAttack
VMID 20617 : MS SQL Copyscript Distributor ExecSub RuleBuffer Overflow/UnderflowAttack
VMID 20631 : MSRPC Malicious LSASS DS Req Bflo -2Sub RuleBuffer Overflow/UnderflowAttack
VMID 20615 : MSRPC Malicious LSASS DS Req Bflo -1Sub RuleBuffer Overflow/UnderflowAttack
VMID 20533 : MS SQL PacketResolution DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20532 : MS SQL LongRequest Hello BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20530 : SSH CRC-32 Bflo Undary BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20528 : DNS NXT BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20526 : FTP AIX Remote BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20522 : POP2 UW Anonymous BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20494 : HTTP MS FPcount Bflo AttemptSub RuleBuffer Overflow/UnderflowAttack
VMID 20488 : HTTP Netscape Clnt Overflow ShellcodeSub RuleBuffer Overflow/UnderflowAttack
VMID 20363 : MIRC Nickname BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20624 : MS RPCSS Attack-3Sub RuleGeneral Attack ActivityAttack
VMID 20386 : MS RPCSS Attack-2Sub RuleGeneral Attack ActivityAttack
VMID 20380 : HTTP MS FrontPage Remote Debug BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20421 : MS ASN1 Integer OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 20418 : NetBIOS MS Locator Service BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20413 : Welchia Locator Service BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20399 : MS Win9x IE5/Telnet Heap OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 20444 : MS RPC LSASS DS Oversized Request UDPSub RuleBuffer Overflow/UnderflowAttack
VMID 20443 : MS RPC LSASS DS Oversized Request TCPSub RuleBuffer Overflow/UnderflowAttack
VMID 20437 : HTTP IIS ISAPI Printer BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20445 : MS RPCSS Attack UDPSub RuleGeneral Attack ActivityAttack
VMID 20390 : MSRPC DCOM RPC Bflo -5Sub RuleBuffer Overflow/UnderflowAttack
VMID 20388 : MSRPC DCOM RPC Bflo -4Sub RuleBuffer Overflow/UnderflowAttack
VMID 20387 : MSRPC DCOM RPC Bflo -3Sub RuleBuffer Overflow/UnderflowAttack
VMID 20385 : MSRPC DCOM RPC Bflo -2Sub RuleBuffer Overflow/UnderflowAttack
VMID 20384 : MSRPC DCOM RPC Bflo -1Sub RuleBuffer Overflow/UnderflowAttack
VMID 20448 : MS IIS PCT SSL Exploit AttemptSub RuleGeneral Attack ActivityAttack
VMID 21185 : HTTP SMTP NTLM ASN1 BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21141 : HTTP MS IIS NTLM ASN1 BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20409 : MS ASN1 Integer Overflow TCPSub RuleBuffer Overflow/UnderflowAttack
VMID 20408 : MS ASN1 Integer Overflow UDPSub RuleBuffer Overflow/UnderflowAttack
VMID 20395 : MSRPC DCOM RPC Heap Bflo -2Sub RuleBuffer Overflow/UnderflowAttack
VMID 20393 : MSRPC DCOM RPC Heap Bflo -1Sub RuleBuffer Overflow/UnderflowAttack
VMID 20434 : BFTP SITE CHOWN Bflo -2Sub RuleBuffer Overflow/UnderflowAttack
VMID 20433 : BFTP SITE CHOWN Bflo -1Sub RuleBuffer Overflow/UnderflowAttack
VMID 20432 : FTP CreateDirectory Bflo -2Sub RuleBuffer Overflow/UnderflowAttack
VMID 20431 : FTP CreateDirectory Bflo -1Sub RuleBuffer Overflow/UnderflowAttack
VMID 20428 : HTTP IIS Welchia WebDAV SEARCH Bflo-2Sub RuleBuffer Overflow/UnderflowAttack
VMID 20427 : HTTP IIS Welchia WebDAV SEARCH Bflo-1Sub RuleBuffer Overflow/UnderflowAttack
VMID 20426 : HTTP IIS HTR ISAPI BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20425 : WuFTPd Realpath BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20059 : MS UPnP NOTIFY BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20057 : HTTP Knox Arkeia Rmt Stack OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 20083 : MySQL Password Table ChangeSub RuleBuffer Overflow/UnderflowAttack
VMID 20056 : Red Hat PXE Server Remote BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20626 : MS RPC Workstation Service Bflo (UDP)Sub RuleBuffer Overflow/UnderflowAttack
VMID 20625 : MS RPC Workstation Service Bflo (TCP)Sub RuleBuffer Overflow/UnderflowAttack
VMID 20354 : HTTP MS Media Services BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21204 : Veritas Backup Exec Agent Auth BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21203 : Veritas Backup Exec Agent DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21116 : HTTP Negative Content LengthSub RuleBuffer Overflow/UnderflowAttack
VMID 20903 : FTP Generic Command OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 20339 : ICQ Guestbook DoS Long NameSub RuleHost Denial Of ServiceDenial Of Service
VMID 20091 : NetBIOS MS Messenger Service Bflo TCPSub RuleBuffer Overflow/UnderflowAttack
VMID 20090 : NetBIOS MS Messenger Service Bflo UDPSub RuleBuffer Overflow/UnderflowAttack
VMID 20055 : Kerio Remote Auth Bflo UDPSub RuleBuffer Overflow/UnderflowAttack
VMID 20054 : Kerio Remote Auth Bflo TCPSub RuleBuffer Overflow/UnderflowAttack
VMID 20053 : NTPD Field Value BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20066 : HTTP Cisco 2GB Integer OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 20050 : Oracle XDB FTP Bflo -2Sub RuleBuffer Overflow/UnderflowAttack
VMID 20049 : Oracle XDB FTP Bflo -1Sub RuleBuffer Overflow/UnderflowAttack
VMID 20351 : HTTP MDAC Component Query BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20348 : HTML WinHelp Item BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20338 : HTTP PHP CGI OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 20001 : DNS Tsig Bflo -2Sub RuleBuffer Overflow/UnderflowAttack
VMID 20000 : DNS Tsig Bflo -1Sub RuleBuffer Overflow/UnderflowAttack
VMID 20004 : WuFTPd Heap BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20330 : HTTP IIS ISAPI Extension Code RedSub RuleBuffer Overflow/UnderflowAttack
VMID 20070 : SMB Trans2Open Overflow-2Sub RuleBuffer Overflow/UnderflowAttack
VMID 20069 : SMB Trans2Open Overflow-1Sub RuleBuffer Overflow/UnderflowAttack
VMID 20326 : HTTP IIS Webdav ExploitSub RuleGeneral Attack ActivityAttack
VMID 20068 : SMB Request BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20084 : SSH BSD Auth BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20324 : HTTP Chnkd Encd Negative Length BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20006 : FTP MKD Stack OverflowSub RuleBuffer Overflow/UnderflowAttack
VMID 20038 : Remote BinLogin Bflo 2Sub RuleBuffer Overflow/UnderflowAttack
VMID 20037 : Remote BinLogin Bflo 1Sub RuleBuffer Overflow/UnderflowAttack
VMID 21545 : SMB Guest LoginSub RuleSuspicious ActivitySuspicious
VMID 21614 : P2P Mute UsageSub RuleP2P ActivityMisuse
VMID 21604 : P2P Manolito Client UsageSub RuleP2P ActivityMisuse
VMID 21598 : P2P SoulSeek UsageSub RuleP2P ActivityMisuse
VMID 21595 : P2P Peercast ApplicationSub RuleP2P ActivityMisuse
VMID 21594 : P2P OpenFT File RequestSub RuleP2P ActivityMisuse
VMID 21593 : P2P Fasttrack Network Ping MessagesSub RuleP2P ActivityMisuse
VMID 21592 : P2P Edonkey Start Upload RequestSub RuleP2P ActivityMisuse
VMID 21590 : P2P Edonkey Ping MessageSub RuleP2P ActivityMisuse
VMID 21589 : P2P Overnet Search Request UDPSub RuleP2P ActivityMisuse
VMID 21587 : P2P DirectConnect ApplicationSub RuleP2P ActivityMisuse
VMID 21586 : P2P Ares Client ConnectionSub RuleP2P ActivityMisuse
VMID 21207 : Skype Requesting Updates-2Sub RuleP2P ActivityMisuse
VMID 21206 : Skype Requesting Updates-1Sub RuleP2P ActivityMisuse
VMID 20567 : P2P BitTorrent RequestSub RuleP2P ActivityMisuse
VMID 20566 : P2P BitTorrent ActivitySub RuleP2P ActivityMisuse
VMID 20562 : P2P Blubster Download SetupSub RuleP2P ActivityMisuse
VMID 20568 : P2P Gnutella File RequestSub RuleP2P ActivityMisuse
VMID 20561 : P2P Gnutella ConnectionSub RuleP2P ActivityMisuse
VMID 20560 : P2P Gnutella Bearshare ConnectionSub RuleP2P ActivityMisuse
VMID 20559 : P2P Gnutella Morpheus ConnectionSub RuleP2P ActivityMisuse
VMID 20569 : Kazaa File RequestSub RuleP2P ActivityMisuse
VMID 20558 : P2P Kazaa ConnectionSub RuleP2P ActivityMisuse
VMID 20557 : Emule File Traffic DetectedSub RuleP2P ActivityMisuse
VMID 20556 : P2P EMule HelloSub RuleP2P ActivityMisuse
VMID 20654 : VNC Login SuccessSub RuleUser LogonAuthentication Success
VMID 20653 : VNC Server BannerSub RuleSuspicious ActivitySuspicious
VMID 20594 : NetBIOS User Session EnumerationSub RuleReconnaissance ActivityReconnaissance
VMID 20593 : NetBIOS User EnumerationSub RuleReconnaissance ActivityReconnaissance
VMID 20592 : NetBIOS Transport EnumerationSub RuleReconnaissance ActivityReconnaissance
VMID 20591 : NetBIOS Share EnumerationSub RuleReconnaissance ActivityReconnaissance
VMID 20590 : NetBIOS Service EnumerationSub RuleReconnaissance ActivityReconnaissance
VMID 20589 : NetBIOS Registry EnumerationSub RuleReconnaissance ActivityReconnaissance
VMID 20588 : NetBIOS NBStat QuerySub RuleReconnaissance ActivityReconnaissance
VMID 20587 : NetBIOS NBName QuerySub RuleReconnaissance ActivityReconnaissance
VMID 20586 : NetBIOS Group EnumerationSub RuleReconnaissance ActivityReconnaissance
VMID 20585 : NetBIOS Disk EnumerationSub RuleReconnaissance ActivityReconnaissance
VMID 20584 : NetBIOS Date And Time EnumerationSub RuleReconnaissance ActivityReconnaissance
VMID 20602 : Quake 3 ConnectionSub RuleGame ActivityMisuse
VMID 20502 : SNMP Default Community Name AccessSub RuleVuln Medium Severity : GeneralVulnerability
VMID 20471 : IRC Private Message CommandSub RuleIM/Chat ActivityMisuse
VMID 20469 : IRC DCC Private Message Chat CmdSub RuleIM/Chat ActivityMisuse
VMID 20465 : IRC Notice DCC Chat CommandSub RuleIM/Chat ActivityMisuse
VMID 20467 : IRC Private Message DCC Send CmdSub RuleIM/Chat ActivityMisuse
VMID 20463 : IRC Notice DCC Send CommandSub RuleIM/Chat ActivityMisuse
VMID 20459 : IRC USER CommandSub RuleIM/Chat ActivityMisuse
VMID 20457 : IRC NICK CommandSub RuleIM/Chat ActivityMisuse
VMID 20455 : IRC JOIN CommandSub RuleIM/Chat ActivityMisuse
VMID 20461 : IRC Notice CommandSub RuleIM/Chat ActivityMisuse
VMID 21600 : QQ IM Login PacketSub RuleIM/Chat ActivityMisuse
VMID 21599 : TOC (AOL) IM UsageSub RuleIM/Chat ActivityMisuse
VMID 21597 : AIM ICQ Request (OSCAR)Sub RuleIM/Chat ActivityMisuse
VMID 21596 : Jabber IM Client ConnectionSub RuleIM/Chat ActivityMisuse
VMID 21130 : AOL IM LoginSub RuleIM/Chat ActivityMisuse
VMID 20565 : AOL IM Message ReceivedSub RuleIM/Chat ActivityMisuse
VMID 20564 : AOL IM Message SentSub RuleIM/Chat ActivityMisuse
VMID 20570 : Yahoo! Conference LoginSub RuleIM/Chat ActivityMisuse
VMID 20571 : Yahoo! PingSub RuleIM/Chat ActivityMisuse
VMID 20553 : Yahoo! IM ActivitySub RuleIM/Chat ActivityMisuse
VMID 20552 : Yahoo! IM LoginSub RuleIM/Chat ActivityMisuse
VMID 20551 : Yahoo! IM File TransferSub RuleIM/Chat ActivityMisuse
VMID 20550 : Yahoo! IM Conference InviteSub RuleIM/Chat ActivityMisuse
VMID 21300 : HTTP MSN Messenger LoginSub RuleIM/Chat ActivityMisuse
VMID 20015 : MSN Messenger Login AttemptSub RuleIM/Chat ActivityMisuse
VMID 21273 : Telnet SoftEther VPN SoftwareSub RuleSuspicious ActivitySuspicious
VMID 20442 : Witty Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20634 : W32 Nimda Share Propagation 2Sub RuleDetected Worm ActivityMalware
VMID 20435 : Nimda Worm ESub RuleDetected Worm ActivityMalware
VMID 20436 : Nimda Worm ASub RuleDetected Worm ActivityMalware
VMID 20094 : Sobig F Worm Master ProbeSub RuleDetected Worm ActivityMalware
VMID 20024 : Nebiwo Worm Propagation-3Sub RuleDetected Worm ActivityMalware
VMID 20023 : Nebiwo Worm Propagation-2Sub RuleDetected Worm ActivityMalware
VMID 20022 : Nebiwo Worm Propagation-1Sub RuleDetected Worm ActivityMalware
VMID 21602 : W32 Polip Gnutella CommunicationSub RuleDetected Malware ActivityMalware
VMID 21601 : W32 Polip Backdoor CommunicationSub RuleDetected Backdoor ActivityMalware
VMID 21651 : Trojan Barok Infostealing ActivitySub RuleDetected Trojan ActivityMalware
VMID 20113 : Mybabypic Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20112 : Yaha Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20111 : Sircam Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20110 : Mylife J Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20109 : Lirva C Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20108 : Klez H Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20107 : Goner A Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20106 : Frethem L Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20105 : Brid A Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20104 : Aliz Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20103 : Alcarys Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20102 : Shoho Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20101 : Redesi B Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20100 : Maldal C Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20099 : Apost Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20077 : Dumaru Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 21658 : HTTP WMP Malformed PNG Handling BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21516 : HTTP MS XP HCP URI Handler AbuseSub RuleGeneral Attack ActivityAttack
VMID 21421 : HTTP MS IE Dbl Backslash Local ZoneSub RuleGeneral Attack ActivityAttack
VMID 21420 : HTTP MS IE Dbl Backslash CHMSub RuleGeneral Attack ActivityAttack
VMID 20644 : HTTP MS IE EXE In IMG Code ExecutionSub RuleArbitrary Code ExecutionAttack
VMID 20020 : NetBIOS RFPoison DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20609 : MS RPC WinNuke DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21316 : HTTP MS IE Style Tag Cmt Mem CrptnSub RuleHost Denial Of ServiceDenial Of Service
VMID 21514 : HTTP MS IE DHTML AnchorClick DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21802 : SMB Server Transaction Name BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21724 : HTTP NullSoft Winamp M3U BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21511 : HTTP Mozilla Firefox IFRAME DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21508 : MSRPC PnP GetDeviceList DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21424 : HTTP MS IE MSWebDVD Object DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21423 : HTTP MS IE Macromedia Flash DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21422 : HTTP MS IE Object Element Data DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21262 : MS RDP Terminal Service DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21256 : MS SQL Server 7.0 Remote DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21230 : HTTP Cobalt RAQ Service.cgi BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21190 : Outlook Express LIST Newsgroup BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21099 : HTTP MS IIS FTP Wildcard DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21006 : SMTP Domino Mail Loop DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20909 : Trend Micro Viruswall Catinfo BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20630 : HTTP MS MediaPlayer Skin File CodeSub RuleHost Denial Of ServiceDenial Of Service
VMID 20604 : HTTP IIS WebDAV PROPFINDSub RuleHost Denial Of ServiceDenial Of Service
VMID 20583 : Snork DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20519 : HTTP CF GetTempDirectory AttemptSub RuleHost Denial Of ServiceDenial Of Service
VMID 20495 : FTP MS IIS Status DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20359 : HTTP Cisco VoIP DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20447 : MS SSL Library DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20397 : RPC DCOM GetClassObject DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20381 : HTTP MS FrontPage SmartHTML DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20051 : Oracle TNS Listener DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20048 : RAS PPTP Malformed Ctrl Packet DoSSub RuleMalformed ObjectSuspicious
VMID 20349 : HTTP IIS %2E DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20025 : NetBIOS RFParalyze DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20026 : NetBIOS NT Winlogon DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20073 : SMTP EXPN Vintra DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 20337 : HTTP MS IIS ExAir Search DoSSub RuleHost Denial Of ServiceDenial Of Service
VMID 21458 : Kazaa Sig2Dat Protocol Code ExecSub RuleArbitrary Code ExecutionAttack
VMID 21238 : Google Desktop Search Remote XSSSub RuleCross-Site ScriptingAttack
VMID 21703 : MSIE FTP URI Arbitrary Cmd ExecSub RuleArbitrary Code ExecutionAttack
VMID 21317 : HTTP MS IE MData Foreign Dom SpoofingSub RuleSpoofing ActivityAttack
VMID 21239 : Google Tlbr About.HTML HTML InjectionSub RuleGeneral Attack ActivityAttack
VMID 21202 : HTTP MS OWC Local File DisclosureSub RuleGeneral Attack ActivityAttack
VMID 21139 : OS X Help Remote Code ExecutionSub RuleArbitrary Code ExecutionAttack
VMID 20965 : HTTP Windows Sharepoint Svc SpoofingSub RuleSpoofing ActivityAttack
VMID 20043 : DDOS Trin00 MasterRemote Int PWSub RuleHost Distributed Denial Of ServiceDenial Of Service
VMID 20042 : DDOS Trin00 MasterDaemon Default PWSub RuleHost Distributed Denial Of ServiceDenial Of Service
VMID 21555 : HTTP Windows Media Player BMP BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21008 : SMTP Domino SMTP ENVID BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21571 : HTTP MSIE Action Script Handler BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20581 : HTML HR Align BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20555 : AOL IM External App Request BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20554 : AOL IM Game Request BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20537 : HTTP MS IFRAME JOB Share RedirectSub RuleBuffer Overflow/UnderflowAttack
VMID 20093 : Telnet TTYPROMPT BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20081 : MS SQL Stack BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20712 : R(X)Bot Clone CommandsSub RuleDetected Botnet ActivityMalware
VMID 20711 : R(X)Bot Nick And Kill Thread CommandsSub RuleDetected Botnet ActivityMalware
VMID 20708 : R(X)Bot DDOS CommandsSub RuleHost Distributed Denial Of ServiceDenial Of Service
VMID 20682 : R(X)BOT Bot Scan CommandsSub RuleDetected Botnet ActivityMalware
VMID 20681 : R(X)BOT Advanced-Scan CommandsSub RuleDetected Botnet ActivityMalware
VMID 20680 : R(X)BOT Keylog CommandsSub RuleDetected Keylogger ActivityMalware
VMID 20679 : R(X)BOT Videocapture CommandsSub RuleDetected Botnet ActivityMalware
VMID 20880 : HTTP BD BugBearSub RuleDetected Worm ActivityMalware
VMID 20402 : W32 Beagle A Worm BackdoorSub RuleDetected Worm ActivityMalware
VMID 20401 : MyDoom A Worm Code ExecutionSub RuleDetected Worm ActivityMalware
VMID 20400 : MyDoom A Worm ProxySub RuleDetected Worm ActivityMalware
VMID 20429 : MyDoom F Backdoor Worm DetectionSub RuleDetected Worm ActivityMalware
VMID 20098 : Blaster Worm UDP TFTP BackdoorSub RuleDetected Worm ActivityMalware
VMID 20097 : Blaster Worm TCP TFTP BackdoorSub RuleDetected Worm ActivityMalware
VMID 20088 : Deloder Worm InfectionSub RuleDetected Worm ActivityMalware
VMID 20885 : BD CDKSub RuleDetected Trojan ActivityMalware
VMID 20601 : BD WinRAT 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20600 : BD Ultimate RAT 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20599 : BD Remote Explorer 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20575 : BD Hack-A-TackSub RuleDetected Trojan ActivityMalware
VMID 20595 : BD Acid BatterySub RuleDetected Trojan ActivityMalware
VMID 20322 : BD WinRAT 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20321 : BD School Bus 1.6Sub RuleDetected Trojan ActivityMalware
VMID 20320 : BD PsychwardSub RuleDetected Trojan ActivityMalware
VMID 20319 : BD OOTLTSub RuleDetected Trojan ActivityMalware
VMID 20318 : BD Osiris 2.0Sub RuleDetected Trojan ActivityMalware
VMID 20206 : BD NetTrash 1.01Sub RuleDetected Trojan ActivityMalware
VMID 20317 : BD NetTrash 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20316 : BD NetBus Pro 2.0Sub RuleDetected Trojan ActivityMalware
VMID 20315 : BD Net Metropolitan 1.04Sub RuleDetected Trojan ActivityMalware
VMID 20314 : BD Net Metropolitan 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20313 : BD Mosuck 2.0Sub RuleDetected Trojan ActivityMalware
VMID 20312 : BD Mosucker 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20311 : BD Mosuck 1.1Sub RuleDetected Trojan ActivityMalware
VMID 20310 : BD Mini Asylum 1.1Sub RuleDetected Trojan ActivityMalware
VMID 20308 : BD Lithium 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20305 : BD Kuang 2.0Sub RuleDetected Trojan ActivityMalware
VMID 20304 : BD Konik 0.6bSub RuleDetected Trojan ActivityMalware
VMID 20303 : BD HydroleakSub RuleDetected Trojan ActivityMalware
VMID 20302 : BD Glacier 2.2Sub RuleDetected Trojan ActivityMalware
VMID 20301 : BD Frenzy 2000 3.0Sub RuleDetected Trojan ActivityMalware
VMID 20300 : BD Fore 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20299 : BD File NailSub RuleDetected Trojan ActivityMalware
VMID 20298 : BD Donald Dick 1.52Sub RuleDetected Trojan ActivityMalware
VMID 20297 : BD DeltaSource 0.7Sub RuleDetected Trojan ActivityMalware
VMID 20296 : BD ChupacabraSub RuleDetected Trojan ActivityMalware
VMID 20295 : BD CGI BioNet 2.6.1aSub RuleDetected Trojan ActivityMalware
VMID 20294 : BD BugsSub RuleDetected Trojan ActivityMalware
VMID 20293 : BD DTR 1.4.2Sub RuleDetected Trojan ActivityMalware
VMID 20291 : BD Wow 23 0.3Sub RuleDetected Trojan ActivityMalware
VMID 20290 : BD War TrojanSub RuleDetected Trojan ActivityMalware
VMID 20289 : BD Ripperz Controller 1.1Sub RuleDetected Trojan ActivityMalware
VMID 20288 : BD Remote Process Monitor 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20287 : BD Private Port 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20286 : BD One 0.1Sub RuleDetected Trojan ActivityMalware
VMID 20285 : BD NokNok 6.0Sub RuleDetected Trojan ActivityMalware
VMID 20284 : BD Nirvana 1.99Sub RuleDetected Trojan ActivityMalware
VMID 20283 : BD Nirvana 1.95Sub RuleDetected Trojan ActivityMalware
VMID 20282 : BD Nirvana 1.94Sub RuleDetected Trojan ActivityMalware
VMID 20281 : BD New SilencerSub RuleDetected Trojan ActivityMalware
VMID 20280 : BD NetcontrollerSub RuleDetected Trojan ActivityMalware
VMID 20279 : BD Last 2000Sub RuleDetected Trojan ActivityMalware
VMID 20278 : BD ExecutorSub RuleDetected Trojan ActivityMalware
VMID 20277 : BD Dolly 2.0Sub RuleDetected Trojan ActivityMalware
VMID 20276 : BD Dolly 1.6Sub RuleDetected Trojan ActivityMalware
VMID 20275 : BD Cyn 1.0.1Sub RuleDetected Trojan ActivityMalware
VMID 20274 : BD Black Angel 1.3Sub RuleDetected Trojan ActivityMalware
VMID 20273 : BD Bigorna 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20272 : BD BalsitixSub RuleDetected Trojan ActivityMalware
VMID 20271 : BD BackConstruction 2.5Sub RuleDetected Trojan ActivityMalware
VMID 20270 : BD BackConstruction 2.1Sub RuleDetected Trojan ActivityMalware
VMID 20269 : BD BackConstruction 1.5Sub RuleDetected Trojan ActivityMalware
VMID 20268 : BD BackConstruction 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20267 : BD AsylumSub RuleDetected Trojan ActivityMalware
VMID 20266 : BD YAT 3.01Sub RuleDetected Trojan ActivityMalware
VMID 20265 : BD YAT 2.1Sub RuleDetected Trojan ActivityMalware
VMID 20264 : BD Y3K RAT 1.1Sub RuleDetected Trojan ActivityMalware
VMID 20263 : BD Xlog 2.2Sub RuleDetected Trojan ActivityMalware
VMID 20262 : BD Xanadu 1.11Sub RuleDetected Trojan ActivityMalware
VMID 20261 : BD Xanadu 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20260 : BD Windows Mite 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20259 : BD WinCrash 2.0Sub RuleDetected Trojan ActivityMalware
VMID 20258 : BD WinCrash 1.03Sub RuleDetected Trojan ActivityMalware
VMID 20256 : BD Voodoo DollSub RuleDetected Trojan ActivityMalware
VMID 20255 : BD Vampire 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20254 : BD Vagr Nocker 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20253 : BD UploaderSub RuleDetected Trojan ActivityMalware
VMID 20252 : BD Undetected 3.3Sub RuleDetected Trojan ActivityMalware
VMID 20251 : BD Undetected 2.3 SESub RuleDetected Trojan ActivityMalware
VMID 20250 : BD UltorsSub RuleDetected Trojan ActivityMalware
VMID 20249 : BD UllysseSub RuleDetected Trojan ActivityMalware
VMID 20248 : BD Truva 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20247 : BD TronSub RuleDetected Trojan ActivityMalware
VMID 20246 : BD Trojan Spirit 2001 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20245 : BD Trojan Cow 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20244 : BD TransScout 1.1Sub RuleDetected Trojan ActivityMalware
VMID 20243 : BD Thing 1.6Sub RuleDetected Trojan ActivityMalware
VMID 20242 : BD Thing 1.1Sub RuleDetected Trojan ActivityMalware
VMID 20241 : BD The Unexplained 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20240 : BD The FluSub RuleDetected Trojan ActivityMalware
VMID 20239 : BD Tcc Trojan 0.90Sub RuleDetected Trojan ActivityMalware
VMID 20238 : BD SchneckenKornSub RuleDetected Trojan ActivityMalware
VMID 20237 : BD Scarab 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20236 : BD Satan 2.0Sub RuleDetected Trojan ActivityMalware
VMID 20235 : BD RUX The Tick 4.0Sub RuleDetected Trojan ActivityMalware
VMID 20234 : BD Ruler 1.41Sub RuleDetected Trojan ActivityMalware
VMID 20233 : BD Revenger 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20174 : BD Remote Revise 1.5Sub RuleDetected Trojan ActivityMalware
VMID 20232 : BD Remote Revise 1.15Sub RuleDetected Trojan ActivityMalware
VMID 20231 : BD Remote Revise 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20230 : BD Remote Hack 1.3Sub RuleDetected Trojan ActivityMalware
VMID 20229 : BD Remote Hack 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20228 : BD Remote Boot Tool 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20227 : BD RatHead 2.01Sub RuleDetected Trojan ActivityMalware
VMID 20226 : BD R3CSub RuleDetected Trojan ActivityMalware
VMID 20225 : BD R0xr4t 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20224 : BD Qwertos RAT 0.2Sub RuleDetected Trojan ActivityMalware
VMID 20223 : BD Psychward 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20222 : BD Prosiak 0.65Sub RuleDetected Trojan ActivityMalware
VMID 20221 : BD Prosiak 0.47Sub RuleDetected Trojan ActivityMalware
VMID 20220 : BD Project Next 0.5.3Sub RuleDetected Trojan ActivityMalware
VMID 20219 : BD Progenic Trojan 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20218 : BD PrioritySub RuleDetected Trojan ActivityMalware
VMID 20217 : BD Prayer 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20216 : BD Pitfall SurpriseSub RuleDetected Trojan ActivityMalware
VMID 20215 : BD PitfallSub RuleDetected Trojan ActivityMalware
VMID 20214 : BD Phoenix 1.28Sub RuleDetected Trojan ActivityMalware
VMID 20213 : BD Phase Zero 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20212 : BD Pest 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20211 : BD PC Invader 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20210 : BD PC Invader 0.5Sub RuleDetected Trojan ActivityMalware
VMID 20209 : BD Oxon 1.1Sub RuleDetected Trojan ActivityMalware
VMID 20208 : BD Optix Pro 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20205 : BD Oblivion 0.1Sub RuleDetected Trojan ActivityMalware
VMID 20204 : BD NoSecure 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20203 : BD NokNok 7.0Sub RuleDetected Trojan ActivityMalware
VMID 20202 : BD NokNok 5.0Sub RuleDetected Trojan ActivityMalware
VMID 20201 : BD Network Terrorist 1.31Sub RuleDetected Trojan ActivityMalware
VMID 20200 : BD NetTaxi 1.8Sub RuleDetected Trojan ActivityMalware
VMID 20199 : BD NetSphere 1.27Sub RuleDetected Trojan ActivityMalware
VMID 20198 : BD Net Spy 2.0Sub RuleDetected Trojan ActivityMalware
VMID 20197 : BD Net Raider 0.0Sub RuleDetected Trojan ActivityMalware
VMID 20196 : BD Net Devil 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20195 : BD Net Administrator 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20194 : BD Moon Pie 3.0Sub RuleDetected Trojan ActivityMalware
VMID 20193 : BD Moon Pie 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20192 : BD MNEAH Trojan 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20191 : BD Mini Oblivion 0.1Sub RuleDetected Trojan ActivityMalware
VMID 20190 : BD Millenium 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20189 : BD Microspy 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20188 : BD Michal 5.00Sub RuleDetected Trojan ActivityMalware
VMID 20187 : BD Meet The Lamer 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20186 : BD Mavericks Matrix 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20185 : BD Massaker 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20184 : BD Mantis 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20183 : BD M2 Trojan 1.25Sub RuleDetected Trojan ActivityMalware
VMID 20182 : BD Leszcz 5.5Sub RuleDetected Trojan ActivityMalware
VMID 20181 : BD Le Guardien 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20180 : BD Latinus 1.3Sub RuleDetected Trojan ActivityMalware
VMID 20179 : BD Latinus 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20178 : BD Kid Terror 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20177 : BD IntruzzoSub RuleDetected Trojan ActivityMalware
VMID 20176 : BD Intruder 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20175 : BD Internalrevise 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20173 : BD Insane 5.0Sub RuleDetected Trojan ActivityMalware
VMID 20172 : BD Insane 4.0Sub RuleDetected Trojan ActivityMalware
VMID 20171 : BD Infra TrojanSub RuleDetected Trojan ActivityMalware
VMID 20170 : BD Infector 1.4Sub RuleDetected Trojan ActivityMalware
VMID 20169 : BD Infector 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20168 : BD InCommand 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20167 : BD Host Control 2.5Sub RuleDetected Trojan ActivityMalware
VMID 20166 : BD Hellz Addiction 1.20eSub RuleDetected Trojan ActivityMalware
VMID 20165 : BD Hackers World 2.0.3Sub RuleDetected Trojan ActivityMalware
VMID 20164 : BD G-Spot Tight 1.5Sub RuleDetected Trojan ActivityMalware
VMID 20163 : BD GirlFriend 1.3Sub RuleDetected Trojan ActivityMalware
VMID 20162 : BD Gift 2.5Sub RuleDetected Trojan ActivityMalware
VMID 20161 : BD Ghost 2.2Sub RuleDetected Trojan ActivityMalware
VMID 20160 : BD Gate Crasher 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20159 : BD Frenzy 1.0.1Sub RuleDetected Trojan ActivityMalware
VMID 20158 : BD Forced Entry 1.1Sub RuleDetected Trojan ActivityMalware
VMID 20157 : BD F-Backdoor 0.8Sub RuleDetected Backdoor ActivityMalware
VMID 20156 : BD Exploiter 1.0Sub RuleGeneral Attack ActivityAttack
VMID 20154 : BD Eclypse 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20153 : BD DuddieSub RuleDetected Trojan ActivityMalware
VMID 20152 : BD Duddie 3.2Sub RuleDetected Trojan ActivityMalware
VMID 20151 : BD Duddie 3.1Sub RuleDetected Trojan ActivityMalware
VMID 20150 : BD Duddie 2.0Sub RuleDetected Trojan ActivityMalware
VMID 20149 : BD Drat 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20148 : BD Dolly 1.7Sub RuleDetected Trojan ActivityMalware
VMID 20147 : BD Dolly 1.5Sub RuleDetected Trojan ActivityMalware
VMID 20146 : BD Digital RootbeerSub RuleDetected Trojan ActivityMalware
VMID 20145 : BD DFch 1b1Sub RuleDetected Trojan ActivityMalware
VMID 20144 : BD Dark Connection 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20143 : BD Danton 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20142 : BD CrazzynetSub RuleDetected Trojan ActivityMalware
VMID 20141 : BD Crack Down 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20140 : BD ConnectionSub RuleDetected Trojan ActivityMalware
VMID 20139 : BD CGI BioNet 0.84Sub RuleDetected Trojan ActivityMalware
VMID 20138 : BD Cero B1Sub RuleDetected Trojan ActivityMalware
VMID 20137 : BD CelineSub RuleDetected Trojan ActivityMalware
VMID 20136 : BD CAFEiN 0.8Sub RuleDetected Trojan ActivityMalware
VMID 20135 : BD Buttman 0.9Sub RuleDetected Trojan ActivityMalware
VMID 20134 : BD Buschtrommel 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20133 : BD Breach ProSub RuleDetected Trojan ActivityMalware
VMID 20132 : BD Breach 4.5Sub RuleDetected Trojan ActivityMalware
VMID 20131 : BD Blazer5Sub RuleDetected Trojan ActivityMalware
VMID 20130 : BD Blade Runner 0.80aSub RuleDetected Trojan ActivityMalware
VMID 20129 : BD Blaaaaa 2.0Sub RuleDetected Trojan ActivityMalware
VMID 20128 : BD BDDTSub RuleDetected Trojan ActivityMalware
VMID 20127 : BD Basic Hell 1.0Sub RuleDetected Trojan ActivityMalware
VMID 20126 : BD Backdoor 2.0.2Sub RuleDetected Backdoor ActivityMalware
VMID 20125 : BD Backdoor 2.0.1Sub RuleDetected Backdoor ActivityMalware
VMID 20124 : BD Backage 3.1.1Sub RuleDetected Trojan ActivityMalware
VMID 20123 : BD B.F EvolutionSub RuleDetected Trojan ActivityMalware
VMID 20122 : BD AOL AdminSub RuleDetected Trojan ActivityMalware
VMID 20121 : BD AmandaSub RuleDetected Trojan ActivityMalware
VMID 20120 : BD AlvgusSub RuleDetected Trojan ActivityMalware
VMID 20118 : BD DeepThroat Client ActivitySub RuleDetected Trojan ActivityMalware
VMID 20119 : BD NetBus ActivitySub RuleDetected Trojan ActivityMalware
VMID 20763 : Septic Worm Infection NotificationSub RuleDetected Worm ActivityMalware
VMID 20767 : ElSpy Worm Are_U Req ResponseSub RuleDetected Worm ActivityMalware
VMID 20766 : ElSpy Worm Infection NotificationSub RuleDetected Worm ActivityMalware
VMID 20773 : LOA Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20772 : Azaco Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20771 : Lucky Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20769 : Claw Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20768 : ElSpy Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20765 : Life Stages Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20764 : Pr0n Worm PropagationSub RuleDetected Worm ActivityMalware
VMID 20706 : W32 Beagle Backdoor Auth. StringSub RuleDetected Backdoor ActivityMalware
VMID 20531 : BD Lovgate CommandsSub RuleDetected Trojan ActivityMalware
VMID 20403 : W32 Beagle B Worm BackdoorSub RuleDetected Worm ActivityMalware
VMID 20021 : BugBear B Worm FileShare PropagationSub RuleDetected Worm ActivityMalware
VMID 20309 : BD Masters Of ParadiseSub RuleDetected Trojan ActivityMalware
VMID 20307 : BD Latinus 1.4Sub RuleDetected Trojan ActivityMalware
VMID 20306 : BD Latinus 1.2Sub RuleDetected Trojan ActivityMalware
VMID 20292 : BD Y3K RAT 1.6Sub RuleDetected Trojan ActivityMalware
VMID 20076 : BugBear B Worm SMTP PropagationSub RuleDetected Worm ActivityMalware
VMID 20087 : Fizzer Worm Propagation (UDP)Sub RuleDetected Worm ActivityMalware
VMID 20086 : Fizzer Worm Propagation (TCP)Sub RuleDetected Worm ActivityMalware
VMID 20074 : Fizzer Worm SMTP PropagationSub RuleDetected Worm ActivityMalware
VMID 20116 : BD BackOrifice ActivitySub RuleDetected Trojan ActivityMalware
VMID 20762 : BackOrifice Speakeasy Trojan ActivitySub RuleDetected Trojan ActivityMalware
VMID 20632 : BD BackOrifice 2000 UDP ActivitySub RuleDetected Trojan ActivityMalware
VMID 20115 : BD BackOrifice 2000 ActivitySub RuleDetected Trojan ActivityMalware
VMID 20714 : SpyBot Spy CommandsSub RuleDetected Trojan ActivityMalware
VMID 20713 : SpyBot Keylogger CommandsSub RuleDetected Keylogger ActivityMalware
VMID 20731 : Gaobot P2P Listener HelloSub RulePossible Botnet ActivityMalware
VMID 20728 : Gaobot P2P Client HelloSub RulePossible Botnet ActivityMalware
VMID 20667 : Gaobot Bot Logout CommandSub RuleDetected Trojan ActivityMalware
VMID 20666 : Gaobot Generic Bot CommandsSub RuleDetected Trojan ActivityMalware
VMID 20665 : Gaobot Variable Config CommandsSub RuleDetected Trojan ActivityMalware
VMID 20664 : Gaobot Harvest Mail And Keys CommandSub RuleDetected Trojan ActivityMalware
VMID 20663 : Gaobot Autostart And Service CommandsSub RuleDetected Trojan ActivityMalware
VMID 20662 : Phatbot OS Shutdown CommandsSub RuleDetected Trojan ActivityMalware
VMID 20661 : Gaobot Redirect CommandsSub RuleDetected Trojan ActivityMalware
VMID 20660 : Phatbot Process Control CommandsSub RuleDetected Trojan ActivityMalware
VMID 20659 : Gaobot DDOS CommandsSub RuleHost Distributed Denial Of ServiceDenial Of Service
VMID 20658 : Phatbot Scan CommandsSub RuleDetected Trojan ActivityMalware
VMID 21049 : Backdoor X ZT00 Ver 1.0Sub RuleDetected Backdoor ActivityMalware
VMID 21048 : BD IIlusion 1.0Sub RuleDetected Trojan ActivityMalware
VMID 21047 : Backdoor MoSucker 3.0Sub RuleDetected Backdoor ActivityMalware
VMID 21046 : BD GuptacharSub RuleDetected Trojan ActivityMalware
VMID 21044 : BD BioNet 4.00.03 BE SSub RuleDetected Trojan ActivityMalware
VMID 21043 : Backdoor C.I.ASub RuleDetected Backdoor ActivityMalware
VMID 20760 : HTTP MS IE Help CTRL LZ BypassSub RuleDetected Trojan ActivityMalware
VMID 20618 : HTTP JJ Sample CGI Cmd ExecSub RuleArbitrary Code ExecutionAttack
VMID 21743 : HTTP Firefox DOM Override Code ExecSub RuleArbitrary Code ExecutionAttack
VMID 21584 : HTTP MDAC RDS Dataspace Code ExecSub RuleArbitrary Code ExecutionAttack
VMID 21583 : HTTP MS FrontPage Server Ext. XSSSub RuleCross-Site ScriptingAttack
VMID 21653 : HTTP CSS Domain/Zone Info DisclosureSub RuleGeneral Attack ActivityAttack
VMID 21655 : HTTP ASP.NET App Folder Info DiscSub RuleGeneral Attack ActivityAttack
VMID 21657 : HTTP MSIE Multi Style Tags Code ExecSub RuleArbitrary Code ExecutionAttack
VMID 21656 : HTTP MovieMaker ComObj CodeExec CLSIDSub RuleGeneral Attack ActivityAttack
VMID 21665 : HTTP MovieMaker ComObj CodeExecSub RuleGeneral Attack ActivityAttack
VMID 21690 : HTTP MS Excel XLW 4.0 WkBk CodeExecSub RuleGeneral Attack ActivityAttack
VMID 21708 : HTTP DirectAnim ComObj CodeExecSub RuleGeneral Attack ActivityAttack
VMID 21707 : HTTP DirectAnim ComObj CodeExec CLSIDSub RuleGeneral Attack ActivityAttack
VMID 21670 : HTTP MSIE ITS Protocol Zone BypassSub RuleGeneral Attack ActivityAttack
VMID 21641 : RealVNC NULL Auth Bypass AttemptSub RuleGeneral Attack ActivityAttack
VMID 21585 : HTTP Sygate Policy Mgr SQL InjectionSub RuleSQL InjectionAttack
VMID 21581 : Sendmail Async Handler Rmt Code ExecSub RuleArbitrary Code ExecutionAttack
VMID 21580 : HTTP MSIE CreateTextRange Code ExecSub RuleArbitrary Code ExecutionAttack
VMID 21537 : HTTP RPlayer Error Msg Format StringSub RuleGeneral Attack ActivityAttack
VMID 21526 : HTTP MS Windows WMF Code ExecSub RuleArbitrary Code ExecutionAttack
VMID 21513 : HTTP MS IE GetObject File DisclosureSub RuleGeneral Attack ActivityAttack
VMID 21510 : HTTP MSIE JvScrpt OnLoad Rte CodeExecSub RuleGeneral Attack ActivityAttack
VMID 21501 : SalesLogix File Upload Dir. TraversalSub RuleDirectory TraversalAttack
VMID 21500 : HTTP SalesLogix SQL InjectionSub RuleSQL InjectionAttack
VMID 21496 : WinMail Directory TraversalSub RuleDirectory TraversalAttack
VMID 21457 : Firefox Favicon Link Tag Code ExecSub RuleArbitrary Code ExecutionAttack
VMID 21318 : HTML Domain NM Bflo (Milw0rm Exploit)Sub RuleBuffer Overflow/UnderflowAttack
VMID 21315 : HTTP MS IE MMS Proto Hndlr Cmd InjSub RuleArbitrary Code ExecutionAttack
VMID 21313 : HTTP MS IE HHCtrl ActX XDom ScriptingSub RuleGeneral Attack ActivityAttack
VMID 21310 : HTTP Firefox PLUGINSPAGE Remote ExecSub RuleArbitrary Code ExecutionAttack
VMID 21304 : HTML Domain Name Bflo (PoC)Sub RuleBuffer Overflow/UnderflowAttack
VMID 21296 : HP OpenView Remote Command ExecSub RuleArbitrary Code ExecutionAttack
VMID 21290 : HTTP MS IE MSdds.dll Code ExecSub RuleArbitrary Code ExecutionAttack
VMID 21286 : HTTP Firefox Unauth Clipboard DiscSub RuleGeneral Attack ActivityAttack
VMID 21280 : HTTP MS Media Player Attr CorruptSub RuleGeneral Attack ActivityAttack
VMID 21266 : Veritas Backup Exec Arb. File DnldSub RuleGeneral Attack ActivityAttack
VMID 21253 : Shoutcast Remote Format StringSub RuleGeneral Attack ActivityAttack
VMID 21233 : HTTP Oracle 9IAS PL/SQL Dir Trav.Sub RuleDirectory TraversalAttack
VMID 21213 : HTTP MS Javaprxy DLL BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 21210 : HTTP MS IE FTP Proto Hndlr Loc FileSub RuleGeneral Attack ActivityAttack
VMID 21158 : HTTP IIS HTW Cross Site ScriptingSub RuleCross-Site ScriptingAttack
VMID 21132 : HTTP MS Windows MSHTA Shell ExecutionSub RuleGeneral Attack ActivityAttack
VMID 20733 : HTTP MS FrontPage Dvwssr.dll RequestSub RuleGeneral Attack ActivityAttack
VMID 20704 : HTTP MS Shell File Dnld Ext. Misrep.Sub RuleGeneral Attack ActivityAttack
VMID 20716 : HTTP Crystal Rpts Form Viewer TrvSub RuleGeneral Attack ActivityAttack
VMID 20607 : HTTP Hylafax Faxsurvey Remote PW AccSub RuleGeneral Attack ActivityAttack
VMID 20606 : HTTP MS JET DB Engine DSN HackSub RuleGeneral Attack ActivityAttack
VMID 20578 : HTTP IIS ISAPI EnumerationSub RuleGeneral Attack ActivityAttack
VMID 20539 : HTTP MS IE ADODB Stream SavetoFileSub RuleGeneral Attack ActivityAttack
VMID 20536 : HTTP MS Showhelp CHM Download AttemptSub RuleGeneral Attack ActivityAttack
VMID 20535 : HTTP MS IE CHM Cross-Domain RedirectSub RuleGeneral Attack ActivityAttack
VMID 20529 : HTTP PHP Nuke ConfigFile RequestSub RuleGeneral Attack ActivityAttack
VMID 20525 : Linux LPRng Format String RootSub RuleGeneral Attack ActivityAttack
VMID 20521 : HTTP SGI InfoSearch Fname ExecSub RuleGeneral Attack ActivityAttack
VMID 20520 : HTTP Novell CGI Convert RequestSub RuleGeneral Attack ActivityAttack
VMID 20518 : HTTP WEBGais Remote Command ExecSub RuleArbitrary Code ExecutionAttack
VMID 20516 : HTTP AltaVista DirTraversalSub RuleDirectory TraversalAttack
VMID 20504 : WuFTPd Site Exec BfloSub RuleBuffer Overflow/UnderflowAttack
VMID 20501 : HTTP Lotus Domino Password BypassSub RuleGeneral Attack ActivityAttack
VMID 20500 : HTTP MS BizTalk DTA RemoteExecSub RuleGeneral Attack ActivityAttack
VMID 20499 : HTTP MS IIS ASP DataSuffix RequestSub RuleGeneral Attack ActivityAttack
VMID 20498 : HTTP MS IE MIME IFRAME ExecSub RuleGeneral Attack ActivityAttack
VMID 20493 : HTTP MS IIS Showcode ASP RequestSub RuleGeneral Attack ActivityAttack
VMID 20492 : HTTP MS IIS Newdsn CGI RequestSub RuleGeneral Attack ActivityAttack
VMID 20382 : HTTP IE Object Type ValidationSub RuleGeneral Attack ActivityAttack
VMID 20355 : HTTP Anaconda Directory TraversalSub RuleDirectory TraversalAttack
VMID 20423 : HTTP IIS CMDExecution Access (1)Sub RuleGeneral Attack ActivityAttack
VMID 20347 : HTTP Bdir.htr Path DisclosureSub RuleGeneral Attack ActivityAttack
VMID 20341 : HTTP Cart32 Remote Admin PWSub RuleGeneral Attack ActivityAttack
VMID 20344 : HTTP Htdig File DisclosureSub RuleGeneral Attack ActivityAttack
VMID 20336 : HTTP MS IIS ASP Source DisclosureSub RuleGeneral Attack ActivityAttack
VMID 20333 : HTTP FrontPage PWD Service AccessSub RuleGeneral Attack ActivityAttack
VMID 20332 : HTTP SCO Skunkware ViewSrc TraversalSub RuleGeneral Attack ActivityAttack
VMID 20331 : HTTP Htgrep CGI File AccessSub RuleGeneral Attack ActivityAttack
VMID 20346 : HTTP MS IIS TranslateF RequestSub RuleGeneral Attack ActivityAttack
VMID 20328 : HTTP FormMail Cmd ExecSub RuleArbitrary Code ExecutionAttack
VMID 20327 : HTTP Info2www CGI Command ExecSub RuleArbitrary Code ExecutionAttack
VMID 20080 : MS SQL Registry ManipulationSub RuleGeneral Attack ActivityAttack
VMID 20079 : MS SQL Job SchedulingSub RuleGeneral Attack ActivityAttack
VMID 21824 : HTTP Surfsidkick Info UploadSub RuleDetected Adware ActivityMalware
VMID 21822 : HTTP RCPrograms ActivitySub RuleDetected Adware ActivityMalware
VMID 21814 : HTTP WinBo ActivitySub RuleDetected Adware ActivityMalware
VMID 21807 : HTTP CasinoClient Install RequestSub RuleDetected Adware ActivityMalware
VMID 21801 : HTTP SmartSearch ActivitySub RuleDetected Adware ActivityMalware
VMID 21788 : HTTP Adware Bonzi ActivitySub RuleDetected Adware ActivityMalware
VMID 21798 : HTTP Webprefix ActivitySub RuleDetected Adware ActivityMalware
VMID 21796 : HTTP DollarRevenue Download ActivitySub RuleDetected Adware ActivityMalware
VMID 21792 : HTTP FastSeek Download ActivitySub RuleDetected Adware ActivityMalware
VMID 21785 : HTTP Ezula ActivitySub RuleDetected Adware ActivityMalware
VMID 21780 : HTTP SystemProcess ActivitySub RuleDetected Adware ActivityMalware
VMID 21777 : HTTP Director Download ActivitySub RuleDetected Adware ActivityMalware
VMID 21774 : HTTP SmartDove Download RequestSub RuleDetected Adware ActivityMalware
VMID 21772 : HTTP MoneyGainer Download ActivitySub RuleDetected Adware ActivityMalware
VMID 21771 : HTTP IEHlpr Info Download ActivitySub RuleDetected Adware ActivityMalware
VMID 21769 : HTTP IEHlpr Register ActivitySub RuleDetected Adware ActivityMalware
VMID 21768 : HTTP IEHlpr CCNNLC Update ActivitySub RuleDetected Adware ActivityMalware
VMID 21765 : HTTP IEHlpr SmartAllyes Update ActySub RuleDetected Adware ActivityMalware
VMID 21763 : HTTP Umaxsearch ActivitySub RuleDetected Adware ActivityMalware
VMID 21760 : HTTP BBSee ActivitySub RuleDetected Adware ActivityMalware
VMID 21756 : HTTP Shorty ActivitySub RuleDetected Adware ActivityMalware
VMID 21751 : HTTP MessStopper ActivitySub RuleDetected Adware ActivityMalware
VMID 21748 : HTTP FreeScratchWin ActivitySub RuleDetected Adware ActivityMalware
VMID 21746 : HTTP FIZZLE Config RequestSub RuleDetected Adware ActivityMalware
VMID 21664 : HTTP TAFbar Install RequestSub RuleDetected Adware ActivityMalware
VMID 21666 : HTTP UCMore Install RequestSub RuleDetected Adware ActivityMalware
VMID 21640 : HTTP OfferAgent Ad Popup ActivitySub RuleDetected Adware ActivityMalware
VMID 21639 : HTTP OfferAgent Install RequestSub RuleDetected Adware ActivityMalware
VMID 21634 : HTTP Zeropopup Install RequestSub RuleDetected Adware ActivityMalware
VMID 21633 : HTTP Zuvio Install RequestSub RuleDetected Adware ActivityMalware
VMID 21632 : Alexa Installation RequestSub RuleDetected Adware ActivityMalware
VMID 21631 : Alexa User Info TrackingSub RuleDetected Adware ActivityMalware
VMID 21630 : HTTP Adultlinks Install RequestSub RuleDetected Adware ActivityMalware
VMID 21629 : Adbars Search ActivitySub RuleDetected Adware ActivityMalware
VMID 21627 : Adbars Install RequestSub RuleDetected Adware ActivityMalware
VMID 21616 : Adroar Update ActivitySub RuleDetected Adware ActivityMalware
VMID 21615 : Adroar Install RequestSub RuleDetected Adware ActivityMalware
VMID 21613 : Adblock Update ActivitySub RuleDetected Adware ActivityMalware
VMID 21612 : Adblock Redirect ActivitySub RuleDetected Adware ActivityMalware
VMID 21611 : Adblock Install DownloadSub RuleDetected Adware ActivityMalware
VMID 21605 : HTTP MatrixSearch ActivitySub RuleDetected Adware ActivityMalware
VMID 21603 : HTTP MatrixSearch Instltn RequestSub RuleDetected Adware ActivityMalware
VMID 21591 : P2P Emule Kademlia RequestSub RuleP2P ActivityMisuse
VMID 21566 : HTTP EasyWWW Install File RequestSub RuleDetected Adware ActivityMalware
VMID 21476 : WildMedia WinFetch ActivitySub RuleDetected Adware ActivityMalware
VMID 21475 : Webrebate ActivitySub RuleDetected Adware ActivityMalware
VMID 21472 : HTTP IGetNet ActivitySub RuleDetected Adware ActivityMalware
VMID 21470 : Adlogix SetupFile RequestSub RuleDetected Adware ActivityMalware
VMID 21469 : Helpexpress SetupFile RequestSub RuleDetected Adware ActivityMalware
VMID 21465 : HTTP Mediaticket FileRequest ActivitySub RuleDetected Adware ActivityMalware
VMID 21466 : P2PNetworking SetupFile RequestSub RuleP2P ActivityMisuse
VMID 21456 : HTTP SideSearch ActivitySub RuleDetected Adware ActivityMalware
VMID 21453 : HTTP TargetSaver Update ActivitySub RuleDetected Adware ActivityMalware
VMID 21444 : LinkMaker ActivitySub RuleDetected Adware ActivityMalware
VMID 21443 : HTTP Begin2Search ActivitySub RuleDetected Adware ActivityMalware
VMID 21441 : FTP MemoryMeter DLL DownloadSub RuleDetected Adware ActivityMalware
VMID 21438 : Favoriteman ActivitySub RuleDetected Adware ActivityMalware
VMID 21416 : StatBlaster UpdateSub RuleDetected Adware ActivityMalware
VMID 21415 : SafeSearch Redirection AttemptSub RuleDetected Adware ActivityMalware
VMID 21414 : HTTP BroadcastPC ActivitySub RuleDetected Adware ActivityMalware
VMID 21410 : Incredifind Redirect ActivitySub RuleDetected Adware ActivityMalware
VMID 21408 : Ebates Moemoney Tracking ActivitySub RuleDetected Adware ActivityMalware
VMID 21407 : Ebates Moemoney Popup ActivitySub RuleDetected Adware ActivityMalware
VMID 21406 : HTTP CoolWebSearch ActivitySub RuleDetected Adware ActivityMalware
VMID 21434 : Clearsearch Ping RequestSub RuleDetected Adware ActivityMalware
VMID 21433 : Clearsearch InstallFiles RequestSub RuleDetected Adware ActivityMalware
VMID 21432 : HTTP Clearsearch ControlInfo TransferSub RuleDetected Adware ActivityMalware
VMID 21429 : Look2ME UpdatesSub RuleDetected Adware ActivityMalware
VMID 21428 : BlazeFind SetupFile RequestSub RuleDetected Adware ActivityMalware
VMID 21404 : HTTP Quadro Data TransferSub RuleDetected Adware ActivityMalware
VMID 21403 : Virtumonde Requesting DLL FilesSub RuleDetected Adware ActivityMalware
VMID 21402 : NewDotNet Redirecting Mistyped URLSub RuleDetected Adware ActivityMalware
VMID 21401 : CWSIEFEATS Data TransferSub RuleDetected Adware ActivityMalware
VMID 21400 : IEFeats Data TransferSub RuleDetected Adware ActivityMalware
VMID 21383 : GameSpyArcade Requesting StatInfoSub RuleGame ActivityMisuse
VMID 21382 : Gamespyarcade Version CheckSub RuleGame ActivityMisuse
VMID 21381 : NaviHelper Update ActivitySub RuleDetected Adware ActivityMalware
VMID 21380 : NaviHelper Installation ActivitySub RuleDetected Adware ActivityMalware
VMID 21378 : HTTP IEDriver Popup ActivitySub RuleDetected Adware ActivityMalware
VMID 21377 : MedLoad InstallFile DownloadSub RuleDetected Adware ActivityMalware
VMID 21376 : HTTP MedLoad OCX FileDownloadSub RuleDetected Adware ActivityMalware
VMID 21375 : MedLoad Logging ActivitySub RuleDetected Adware ActivityMalware
VMID 21374 : ZangoSearch CLSID Reg. Subkey InstallSub RuleDetected Adware ActivityMalware
VMID 21371 : IPInsight StubConscorr ActivitySub RuleDetected Adware ActivityMalware
VMID 21370 : IPInsight StubSentry ActivitySub RuleDetected Adware ActivityMalware
VMID 21369 : BookedSpace Downloading FilesSub RuleDetected Adware ActivityMalware
VMID 21368 : HTTP BookedSpace ActivitySub RuleDetected Adware ActivityMalware
VMID 21367 : Websearch Configuration RequestSub RuleDetected Adware ActivityMalware
VMID 21366 : Websearch Reporting Log InformationSub RuleDetected Adware ActivityMalware
VMID 21365 : WebSearch ActivitySub RuleDetected Adware ActivityMalware
VMID 21364 : SuperSpider Hijack ActivitySub RuleDetected Adware ActivityMalware
VMID 21362 : Envolo AutoUpdate ActivitySub RuleDetected Adware ActivityMalware
VMID 21361 : Envolo Installation ActivitySub RuleDetected Adware ActivityMalware
VMID 21359 : VirtualBouncer Update ActivitySub RuleDetected Adware ActivityMalware
VMID 21360 : VirtualBouncer Installation ActivitySub RuleDetected Adware ActivityMalware
VMID 21358 : Starware Update ActivitySub RuleDetected Adware ActivityMalware
VMID 21357 : Starware Installation ActivitySub RuleDetected Adware ActivityMalware
VMID 21356 : SurfSideKick AutoUpdate ActivitySub RuleDetected Adware ActivityMalware
VMID 21355 : HTTP SurfSideKick Installation ActySub RuleDetected Adware ActivityMalware
VMID 21354 : Slagent Registry CLSIDSub RuleDetected Adware ActivityMalware
VMID 21353 : Slagent DLL RequestSub RuleDetected Adware ActivityMalware
VMID 21351 : ShopAtHome Agent PreferencesSub RuleDetected Adware ActivityMalware
VMID 21350 : ShopAtHome Agent RegistrationSub RuleDetected Adware ActivityMalware
VMID 21349 : ShopAtHome Bundle TrackingSub RuleDetected Adware ActivityMalware
VMID 21348 : ShopAtHome Agent Installation ActySub RuleDetected Adware ActivityMalware
VMID 21347 : PurityScan InfoTransfer ActivitySub RuleDetected Adware ActivityMalware
VMID 21346 : PurityScan Notification ActivitySub RuleDetected Adware ActivityMalware
VMID 21345 : PurityScan Installation ActivitySub RuleDetected Adware ActivityMalware
VMID 21344 : HTTP Windupdate Mediapass InstallSub RuleDetected Adware ActivityMalware
VMID 21343 : Windupdates Mediapass Installer CLSIDSub RuleDetected Adware ActivityMalware
VMID 21342 : HTTP LOP Toolbar ActivitySub RuleDetected Adware ActivityMalware
VMID 21341 : LOP Toolbar UpdateSub RuleDetected Adware ActivityMalware
VMID 21340 : Elitebar Update ActivitySub RuleDetected Adware ActivityMalware
VMID 21339 : Elitebar Control Information ActivitySub RuleDetected Adware ActivityMalware
VMID 21336 : HTTP Dealhelper Downloading DataSub RuleDetected Adware ActivityMalware
VMID 21335 : DAP Daptest ActivitySub RuleDetected Adware ActivityMalware
VMID 21334 : Instafinder Requesting ConfigurationSub RuleDetected Adware ActivityMalware
VMID 21333 : Instafinder Reporting Mistyped URLSub RuleDetected Adware ActivityMalware
VMID 21332 : IEPlugin ActivitySub RuleDetected Adware ActivityMalware
SID 21331 : IEPlugin DLL Download RequestSub RuleDetected Adware ActivityMalware
VMID 21330 : HTTP CommonName ActivitySub RuleDetected Adware ActivityMalware
VMID 21384 : BargainBuddy Installation ActivitySub RuleDetected Adware ActivityMalware
VMID 21326 : BargainBuddy Adv ActivitySub RuleDetected Adware ActivityMalware
VMID 21323 : AdDestroyer ActivitySub RuleDetected Adware ActivityMalware
VMID 20816 : Ezula Upgrade And Version CheckSub RuleDetected Adware ActivityMalware
VMID 20780 : Hotbar Cookie DetectedSub RuleDetected Adware ActivityMalware
VMID 20779 : Hotbar PopUp Ads RequestSub RuleDetected Adware ActivityMalware
VMID 20778 : HTTP Hotbar Info Transfer PopUpSub RuleDetected Adware ActivityMalware
VMID 20777 : Hotbar Updates ActivitySub RuleDetected Adware ActivityMalware
VMID 20776 : Hotbar Temp And Toolbar Disp ActivitySub RuleDetected Adware ActivityMalware
VMID 20775 : Hotbar Installation & Upgrade ActivtySub RuleDetected Adware ActivityMalware
VMID 20815 : GAIN Web CookieSub RuleDetected Adware ActivityMalware
VMID 20814 : GAIN Reporting Typed URL-2Sub RuleDetected Adware ActivityMalware
VMID 20813 : GAIN Reporting Typed URLSub RuleDetected Adware ActivityMalware
VMID 20812 : GAIN Website Visit Data RequestSub RuleDetected Adware ActivityMalware
VMID 20811 : GAIN CommunicationSub RuleDetected Adware ActivityMalware
VMID 20810 : GAIN New Code Info RequestSub RuleDetected Adware ActivityMalware
VMID 20809 : HTTP Avres ActivitySub RuleDetected Adware ActivityMalware
VMID 20808 : HTTP Delfin ActivitySub RuleDetected Adware ActivityMalware
VMID 20807 : Delfin Definition File RequestSub RuleDetected Adware ActivityMalware
VMID 20806 : Delfin Ads RequestSub RuleDetected Adware ActivityMalware
VMID 20805 : ActiveSearch Search ActivitySub RuleDetected Adware ActivityMalware
VMID 20802 : HTTP Cydoor Media Files RequestSub RuleDetected Adware ActivityMalware
VMID 20801 : NetOptimizer Agent UploadSub RuleDetected Adware ActivityMalware
VMID 20800 : HTTP MyWay Configuration RequestSub RuleDetected Adware ActivityMalware
VMID 20799 : HTTP MyWay Buttons RequestSub RuleDetected Adware ActivityMalware
VMID 20798 : ISTBar Fav Menu Porn Site RequestSub RuleDetected Adware ActivityMalware
VMID 20797 : HTTP ISTBar Agent ActivitySub RuleDetected Adware ActivityMalware
VMID 20796 : ISTBar Configuration RequestSub RuleDetected Adware ActivityMalware
VMID 20795 : Euniverse Thunderdownload ActivitySub RuleDetected Adware ActivityMalware
VMID 20794 : Euniverse Thunderdownload InstltnSub RuleDetected Adware ActivityMalware
VMID 20793 : HTTP Euniverse Keenvalue PopUp ReqSub RuleDetected Adware ActivityMalware
VMID 20792 : HTTP Euniverse KeenValue Info TfrSub RuleDetected Adware ActivityMalware
VMID 20791 : Euniverse Flowgo Ping RequestSub RuleDetected Adware ActivityMalware
VMID 20790 : HTTP Euniverse FlowGoBar Config ReqSub RuleDetected Adware ActivityMalware
VMID 20789 : 180Solutions UpdateSub RulePossible Adware ActivityMalware
VMID 20788 : 180Solutions Requesting Action URLSub RulePossible Adware ActivityMalware
VMID 20787 : 180Solutions Tracking EventsSub RulePossible Adware ActivityMalware
VMID 20786 : 180Solutions Requesting AdsSub RulePossible Adware ActivityMalware
VMID 20785 : 180Solutions Requesting KeywordsSub RulePossible Adware ActivityMalware
VMID 20784 : HTTP 180Solutions Config EventSub RuleDetected Adware ActivityMalware
VMID 20751 : HTTP BetterInternet Install ActivitySub RuleDetected Adware ActivityMalware
VMID 20750 : HTTP BetterInternet Info UploadSub RuleDetected Adware ActivityMalware
VMID 20749 : MXTarget Information UploadSub RuleDetected Adware ActivityMalware
VMID 20782 : Topmoxie Recoding Downloads & OffersSub RuleDetected Adware ActivityMalware
VMID 20781 : TopMoxie Requesting Build FilesSub RuleDetected Adware ActivityMalware
VMID 20774 : Hotbar Reports ActivitySub RuleDetected Adware ActivityMalware
VMID 20748 : WhenU SearchBar Sidefinder ActivitySub RuleDetected Adware ActivityMalware
VMID 20747 : WhenU Request For OffersSub RuleDetected Adware ActivityMalware
VMID 20746 : WhenU Update EventsSub RuleDetected Adware ActivityMalware
VMID 20745 : WhenU Installation ActivitySub RuleDetected Adware ActivityMalware
VMID 20744 : WhenU ClockSync WeatherCast ActivitySub RuleDetected Adware ActivityMalware
VMID 20563 : Gator RequestSub RuleDetected Adware ActivityMalware
VMID 23663 : HTTP Trojan Mebroot Request DetectedSub RuleDetected Trojan ActivityMalware
VMID 23179 : MSRPC Server Service BO DetectedSub RulePossible Malware ActivityMalware
VMID 22980 : HTTP Fake Codec Request DetectedSub RulePossible Malware ActivityMalware
VMID 23615 : HTTPS Tidserv Request 2 DetectedSub RulePossible Malware ActivityMalware
VMID 24089 : Malicious Toolkit Website 9Sub RuleDetected Malware ActivityMalware
VMID 23471: OS Attack: Validate Provider CallbackSub RuleVuln High Severity : Denial Of ServiceVulnerability
VMID 25728 : Blackhole Toolkit Website 21Sub RuleGeneral Attack ActivityAttack
VMID 10000 : Portscan BlockedSub RulePort ScanReconnaissance
VMID 23113 : RPC MS Host Integration Server BlockSub RuleFailed General Attack ActivityFailed Attack
VMID 24594 : Malicious Injected JS 2 Attack BlockSub RuleFailed Malware ActivityFailed Malware
VMID 25238 : Misleading App Website Attack BlockSub RuleSuspicious Network ActivitySuspicious
VMID 26493 : Red Exploit Kit Website2 Attack BlockSub RuleFailed General Attack ActivityFailed Attack
VMID 27160 : Magnitd Explt Kt Website Attack BlockSub RuleFailed General Attack ActivityFailed Attack
VMID 27222 : PUP/Adware/Fake App Dld BlockSub RuleSuspicious Network ActivitySuspicious
VMID 27430 : Angler Exploit Kit Website BlockSub RuleFailed General Attack ActivityFailed Attack
VMID 27517 : OpenSSL Heartbleed BlockSub RuleFailed Protocol AnomalyFailed Attack
VMID 27564 : Trojan.Zbot Download Request BlockSub RuleFailed Trojan ActivityFailed Malware
VMID 27576 : Malicious File Download BlockSub RuleFailed Malware ActivityFailed Malware
VMID 27608 : Fake Flash Update Download BlockSub RuleFailed Malware ActivityFailed Malware
VMID 70029 : Exploit Toolkit Website BlockSub RuleFailed General Attack ActivityFailed Attack
VMID 70094 : Internet Explorer Attack BlockSub RuleFailed General Attack ActivityFailed Attack
VMID 22799 : Malicious RedirectionSub RuleIncorrect Message DirectionError
VMID 22809 : Heap Spray Attack DetectedSub RuleDetected Virus ActivityMalware
VMID 22819 : Suspicious Image ExecutableSub RuleSuspicious ActivitySuspicious
VMID 23620 : HTML Render JS AttackSub RulePotential Vulnerability Exploit AllowedActivity
VMID 23875 : Remote Code Execution Attack BlockedSub RuleRemote File InclusionAttack
VMID 26299 : Mass Injection DetectedSub RuleGeneral Attack ActivityAttack
VMID 26682 : Fake Tech Support WebsiteSub RuleFake Hostname - Forward Lookup Doesn't ExistWarning
VMID 27959 : Server Hello Attack DetectedSub RuleGeneral Attack ActivityAttack
VMID 28173 : Malicious AdvertisementSub RuleSuspicious Network ActivitySuspicious
VMID 28377 : Malicious JS RedirectSub RuleGeneral Attack ActivityAttack
VMID 28625 : Malicious AdvertisementSub RuleSuspicious Network ActivitySuspicious
VMID 28931 : System Infected Adware.GenSub RuleGeneral Virus Infected WarningWarning
VMID 28973 : System Infected Adware.GenSub RuleGeneral Virus Infected WarningWarning
VMID 29047 : WPScan Tool AttackSub RuleGeneral Attack ActivityAttack
VMID 29071 : IIS Buffer Overflow AttackSub RuleBuffer Overflow/UnderflowAttack
VMID 29150 : Server Hello Attack DetectedSub RuleGeneral Attack ActivityAttack
VMID 29173 : Fake Tech Support WebsiteSub RuleFake Hostname - Forward Lookup Doesn't ExistWarning
VMID 30740 : Drupal RCE CVE-2018-7600Sub RuleGeneral Attack ActivityAttack
VMID 30716 : Fake Browser Update 8Sub RuleGeneral Attack ActivityAttack
VMID 30711 : .git Directory Information LeakSub RuleSuspicious ActivitySuspicious
VMID 30703 : .DS_Store Information LeakSub RuleSuspicious ActivitySuspicious
VMID 30701 : Malvertisement Website Redirect 28Sub RuleGeneral Attack ActivityAttack
VMID 30671 : Mass Injection Website 48Sub RuleGeneral Attack ActivityAttack
VMID 30646 : JSCoinminer Download 42Sub RuleGeneral Attack ActivityAttack
VMID 30628 : Malicious Payload Upload 2Sub RuleGeneral Attack ActivityAttack
VMID 30610 : JSCoinminer Download 34Sub RuleGeneral Attack ActivityAttack
VMID 30605 : Malvertisement Website Redirect 20Sub RuleGeneral Attack ActivityAttack
VMID 30596 : JSCoinminer Download 24Sub RuleGeneral Attack ActivityAttack
VMID 30595 : Malicious Payload UploadSub RuleGeneral Attack ActivityAttack
VMID 30589 : JSCoinminer Download 21Sub RuleGeneral Attack ActivityAttack
VMID 30568 : Oracle WebLogic RCE CVE-2017-10271Sub RuleGeneral Attack ActivityAttack
VMID 30562 : Fake Tech Support Website 181Sub RuleGeneral Attack ActivityAttack
VMID 30492 : JSCoinminer Download 14Sub RuleGeneral Attack ActivityAttack
VMID 30486 : Malicious Redirection 21Sub RuleGeneral Attack ActivityAttack
VMID 30477 : Mass Injection Website 36Sub RuleGeneral Attack ActivityAttack
VMID 30455 : Adware.Gen Activity 34Sub RuleHost CompromisedCompromise
VMID 30429 : SMB Bruteforce AttemptSub RuleBrute Force ActivityAttack
VMID 30415 : JSCoinminer Download 10Sub RuleGeneral Attack ActivityAttack
VMID 30413 : Passwd File Download AttemptSub RuleGeneral Attack ActivityAttack
VMID 30369 : Nessus Vulnerability Scanner ActivitySub RuleUnauthorized Program/ProcessMisuse
VMID 30358 : JSCoinminer Download 8Sub RuleGeneral Attack ActivityAttack
VMID 30356 : JSCoinminer Download 6Sub RuleGeneral Attack ActivityAttack
VMID 30355 : JSCoinminer DownloadSub RuleGeneral Attack ActivityAttack
VMID 30353 : JSCoinminer Download 4Sub RuleUnauthorized Program/ProcessMisuse
VMID 30352 : JSCoinminer Download 3Sub RuleUnauthorized Program/ProcessMisuse
VMID 30341 : JSCoinminer Download 2Sub RuleUnauthorized Program/ProcessMisuse
VMID 30285 : Masscan Scanner RequestSub RuleGeneral Attack ActivityAttack
VMID 30263 : MS SMB Remote Code ExecutionSub RuleArbitrary Code ExecutionAttack
VMID 30239 : Unimplemented Trans2 SubcommandSub RulePossible Backdoor ActivityMalware
VMID 30226 : Nessus Vulnerability Scanner ActivitySub RuleGeneral Attack ActivityAttack
VMID 30186 : Malicious Scan RequestSub RuleGeneral Attack ActivityAttack
VMID 30104 : Malicious OGNL Expression UploadSub RuleGeneral Attack ActivityAttack
VMID 30072 : Malvertisement Website Redirect 10Sub RuleGeneral Attack ActivityAttack
VMID 30068 : PSExec Utility ActivitySub RuleUnauthorized Program/ProcessMisuse
VMID 30055 : Fake Tech Support Website 62Sub RuleGeneral Attack ActivityAttack
VMID 30011 : SMB Validate Provider CallbackSub RuleGeneral Attack ActivityAttack
VMID 30005 : Netis Router Scan 2Sub RuleGeneral Attack ActivityAttack
VMID 30003 : Dahua UnAuthorized Access RequestSub RuleGeneral Attack ActivityAttack
VMID 29972 : Apache Struts CVE-2017-5638Sub RuleArbitrary Code ExecutionAttack
VMID 29741 : Telnet Default Login CredentialsSub RuleGeneral Attack ActivityAttack
VMID 29626 : Network Weathermap EditorSub RuleGeneral Attack ActivityAttack
VMID 29464 : Nessus Vulnerability Scanner ActivitySub RuleGeneral Attack ActivityAttack
VMID 29236 : D-Link Router Information DisclosureSub RuleGeneral Attack ActivityAttack
VMID 29027 : Joomla Remote Code ExecutionSub RuleArbitrary Code ExecutionAttack
VMID 28898 : Mass Iframe Injection Website 21Sub RuleGeneral Attack ActivityAttack
VMID 28821 : Mass Injection Website 19Sub RuleGeneral Attack ActivityAttack
VMID 27921 : GNU Bash CVE-2014-6278Sub RuleArbitrary Code ExecutionAttack
VMID 27907 : GNU Bash CVE-2014-6271Sub RuleArbitrary Code ExecutionAttack
VMID 26704 : WP RevSlider/ShowBiz Security ByPassSub RuleGeneral Attack ActivityAttack
VMID 25928 : ZeroAccess P2P RequestSub RuleHost CompromisedCompromise
VMID 25651 : Malicious Toolkit Website 14Sub RuleGeneral Attack ActivityAttack
VMID 25557 : Fake Scan Webpage 3Sub RuleGeneral Attack ActivityAttack
VMID 24125 : Malicious Cookie ActivitySub RuleGeneral Attack ActivityAttack
VMID 23906 : TCP MODBUS Unauthorized Read RequestSub RuleGeneral Attack ActivityAttack
VMID 23816 : TCP ISO-SP AB Param Is Not User DataSub RuleBad ParameterInformation
VMID 23815 : TCP ISO-SP DN Param Is Not User DataSub RuleBad ParameterInformation
VMID 23814 : TCP ISO-SP FN Param Is Not User DataSub RuleBad ParameterInformation
VMID 23812 : TCP ISO-SP Invalid CN Parameter CodeSub RuleBad ParameterInformation
VMID 30740 : Drupal RCE CVE-2018-7600Sub RuleFailed General Attack ActivityFailed Attack
VMID 30716 : Fake Browser Update 8Sub RuleFailed General Attack ActivityFailed Attack
VMID 30711 : .git Directory Information LeakSub RuleFailed Suspicious ActivityFailed Suspicious
VMID 30703 : .DS_Store Information LeakSub RuleFailed Suspicious ActivityFailed Suspicious
VMID 30701 : Malvertisement Website Redirect 28Sub RuleFailed General Attack ActivityFailed Attack
VMID 30671 : Mass Injection Website 48Sub RuleFailed General Attack ActivityFailed Attack
VMID 30646 : JSCoinminer Download 42Sub RuleFailed General Attack ActivityFailed Attack
VMID 30628 : Malicious Payload Upload 2Sub RuleFailed General Attack ActivityFailed Attack
VMID 30610 : JSCoinminer Download 34Sub RuleFailed General Attack ActivityFailed Attack
VMID 30605 : Malvertisement Website Redirect 20Sub RuleFailed General Attack ActivityFailed Attack
VMID 30596 : JSCoinminer Download 24Sub RuleFailed General Attack ActivityFailed Attack
VMID 30595 : Malicious Payload UploadSub RuleFailed General Attack ActivityFailed Attack
VMID 30589 : JSCoinminer Download 21Sub RuleFailed General Attack ActivityFailed Attack
VMID 30568 : Oracle WebLogic RCE CVE-2017-10271Sub RuleFailed General Attack ActivityFailed Attack
VMID 30562 : Fake Tech Support Website 181Sub RuleFailed General Attack ActivityFailed Attack
VMID 30492 : JSCoinminer Download 14Sub RuleFailed General Attack ActivityFailed Attack
VMID 30486 : Malicious Redirection 21Sub RuleFailed General Attack ActivityFailed Attack
VMID 30477 : Mass Injection Website 36Sub RuleFailed General Attack ActivityFailed Attack
VMID 30455 : Adware.Gen Activity 34Sub RuleHost CompromisedCompromise
VMID 30429 : SMB Bruteforce AttemptSub RuleFailed Brute Force ActivityFailed Attack
VMID 30415 : JSCoinminer Download 10Sub RuleFailed General Attack ActivityFailed Attack
VMID 30413 : Passwd File Download AttemptSub RuleFailed General Attack ActivityFailed Attack
VMID 30369 : Nessus Vulnerability Scanner ActivitySub RuleUnauthorized Program/ProcessMisuse
VMID 30358 : JSCoinminer Download 8Sub RuleFailed General Attack ActivityFailed Attack
VMID 30356 : JSCoinminer Download 6Sub RuleFailed General Attack ActivityFailed Attack
VMID 30355 : JSCoinminer DownloadSub RuleFailed General Attack ActivityFailed Attack
VMID 30353 : JSCoinminer Download 4Sub RuleUnauthorized Program/ProcessMisuse
VMID 30352 : JSCoinminer Download 3Sub RuleUnauthorized Program/ProcessMisuse
VMID 30341 : JSCoinminer Download 2Sub RuleUnauthorized Program/ProcessMisuse
VMID 30285 : Masscan Scanner RequestSub RuleFailed General Attack ActivityFailed Attack
VMID 30263 : MS SMB Remote Code ExecutionSub RuleFailed Arbitrary Code ExecutionFailed Attack
VMID 30239 : Unimplemented Trans2 SubcommandSub RulePossible Backdoor ActivityMalware
VMID 30226 : Nessus Vulnerability Scanner ActivitySub RuleFailed General Attack ActivityFailed Attack
VMID 30186 : Malicious Scan RequestSub RuleFailed General Attack ActivityFailed Attack
VMID 30104 : Malicious OGNL Expression UploadSub RuleFailed General Attack ActivityFailed Attack
VMID 30072 : Malvertisement Website Redirect 10Sub RuleFailed General Attack ActivityFailed Attack
VMID 30068 : PSExec Utility ActivitySub RuleUnauthorized Program/ProcessMisuse
VMID 30055 : Fake Tech Support Website 62Sub RuleFailed General Attack ActivityFailed Attack
VMID 30011 : SMB Validate Provider CallbackSub RuleFailed General Attack ActivityFailed Attack
VMID 30005 : Netis Router Scan 2Sub RuleFailed General Attack ActivityFailed Attack
VMID 30003 : Dahua UnAuthorized Access RequestSub RuleFailed General Attack ActivityFailed Attack
VMID 29972 : Apache Struts CVE-2017-5638Sub RuleFailed Arbitrary Code ExecutionFailed Attack
VMID 29741 : Telnet Default Login CredentialsSub RuleFailed General Attack ActivityFailed Attack
VMID 29626 : Network Weathermap EditorSub RuleFailed General Attack ActivityFailed Attack
VMID 29464 : Nessus Vulnerability Scanner ActivitySub RuleFailed General Attack ActivityFailed Attack
VMID 29236 : D-Link Router Information DisclosureSub RuleFailed General Attack ActivityFailed Attack
VMID 29027 : Joomla Remote Code ExecutionSub RuleFailed Arbitrary Code ExecutionFailed Attack
VMID 28898 : Mass Iframe Injection Website 21Sub RuleFailed General Attack ActivityFailed Attack
VMID 28821 : Mass Injection Website 19Sub RuleFailed General Attack ActivityFailed Attack
VMID 27921 : GNU Bash CVE-2014-6278Sub RuleFailed Arbitrary Code ExecutionFailed Attack
VMID 27907 : GNU Bash CVE-2014-6271Sub RuleFailed Arbitrary Code ExecutionFailed Attack
VMID 26704 : WP RevSlider/ShowBiz Security ByPassSub RuleFailed General Attack ActivityFailed Attack
VMID 25928 : ZeroAccess P2P RequestSub RuleHost CompromisedCompromise
VMID 25651 : Malicious Toolkit Website 14Sub RuleFailed General Attack ActivityFailed Attack
VMID 25557 : Fake Scan Webpage 3Sub RuleFailed General Attack ActivityFailed Attack
VMID 24125 : Malicious Cookie ActivitySub RuleFailed General Attack ActivityFailed Attack
VMID 23906 : TCP MODBUS Unauthorized Read RequestSub RuleFailed General Attack ActivityFailed Attack
VMID 23816 : TCP ISO-SP AB Param Is Not User DataSub RuleTraffic Denied by DLPNetwork Deny
VMID 23815 : TCP ISO-SP DN Param Is Not User DataSub RuleTraffic Denied by DLPNetwork Deny
VMID 23814 : TCP ISO-SP FN Param Is Not User DataSub RuleTraffic Denied by DLPNetwork Deny
VMID 23812 : TCP ISO-SP Invalid CN Parameter CodeSub RuleTraffic Denied by DLPNetwork Deny
VMID 23877 : WebAttack: ColdFusion Remote Code ExeSub RuleRemote File InclusionAttack
VMID 26073 : Attack: Novell ZENWorks Asset ManagemSub RuleGeneral Threat MessageActivity
VMID 26960 : Suspicious PHP URI Location WebAttackSub RuleNetwork CompromisedCompromise
VMID 27376 : Suspicious PHP URI Location AttackSub RuleNetwork CompromisedCompromise
VMID 27847 : Wordpress Arbitrary File DownloadSub RuleRemote File InclusionAttack
VMID 27863 : Joomla Component Local File InclusionSub RulephpMyAdmin Local File Inclusion (2.6.4-pl1)Activity
VMID 27973 : Web Attack: Drupal SQL InjectionSub RuleSQL InjectionAttack
VMID 28015 : Web Attack: Allegro RomPagerSub RuleSecurity ViolationOther Security
VMID 29049 : Web Attack: Wordpress Arbitrary FileSub RuleArbitrary Code ExecutionAttack
VMID 29771 : Attack: Web CMS Think PHP RCESub RuleSQL InjectionAttack
VMID 30284 : Attack: Apache StrutsSub RuleArbitrary Code ExecutionAttack
VMID 30545 : Web Attack: GoAhead RCESub RuleGeneral Attack ActivityAttack
VMID 30573 : Malicious Serialized Object UploadSub RuleMalformed ObjectSuspicious
VMID 30762 : Web Attack: Drupal Core RCESub RuleArbitrary Code ExecutionAttack
VMID 30764 : Remote OS Command Injection AttackSub RuleUnknown CommandOther Security
VMID 30819 : Web Attack: Adobe Flex BlazeDS RCESub RuleArbitrary Code ExecutionAttack
VMID 30910 : Web Attack: phpMyAdmin RFISub RuleRemote File InclusionAttack
VMID 30992 : Web Attack: ECShop SQL InjectionSub RuleSQL InjectionAttack
VMID 31448 : WordPress Plugin XSS Attempt AttackSub RuleVuln High Severity : CGI Abuses : XSSVulnerability
VMID 31474 : Apache Tomcat Remote Code ExecutionSub RuleArbitrary Code ExecutionAttack
VMID 31593 :WordPress Plugin Path Traversal AttackSub RuleDirectory TraversalAttack
VMID 31811 : Malicious Scan Request AttackSub RuleVulnerability Scanner InformationOther Security
VMID 31818 :vBulletin Remote Code Execution AttackSub RuleArbitrary Code ExecutionAttack
VMID 31212 :Web Attack: Remote Code ExecutionSub RuleRemote File InclusionAttack
VMID 31242:Malicious Site:Malicious Domain RequestSub RuleGeneral Attack ActivityAttack
VMID 31757:Audit: PUA.Downloader Download 7Sub RuleSuspicious ActivitySuspicious

LogRhythm Default v2.0

Regex ID

Rule Name

Rule Type

Common Events

Classifications

1011169

V 2.0 : Inbound SEP Malcious Activity DetectedBase RuleGeneral Attack ActivityAttack

V 2.0 : Inbound SEP Identified Attack Sign. Detect

Sub RuleGeneral Attack ActivityAttack