OSSIM事件类/子类 CATEGORY/ SUBCATEGORY 总结表
在数据源里可以查看详情,因为类和子类会显示在SIEM中。
事件 类/子类
|
数据源分类 |
子类 |
备注 |
|
Access |
ACL Deny |
|
|
ACL Permit |
||
|
ConnectionClosed |
||
|
ConnectionOpened |
||
|
File Access |
||
|
File Blocked |
||
|
Firewall Deny |
||
|
Firewall Misc Event |
||
|
Firewall Permit |
||
|
Timeout |
||
|
Traffic Inbound |
||
|
Traffic Outbound |
||
|
Tunnel Closed |
||
|
Tunnel Connection |
||
|
Web Appliation Access |
||
|
Alarm |
Attacks |
|
|
Bruteforce |
||
|
Dos |
||
|
Malware |
||
|
Misc |
||
|
Network |
||
|
Policy |
||
|
Scada |
||
|
Scan |
||
|
Aert |
HostIDS Alert |
|
|
IDS Alert |
||
|
IPS Alert |
||
|
Availability |
State Critical |
|
|
State Down |
||
|
State Unknown |
||
|
State Up |
||
|
State Warning |
||
|
Database |
Error |
|
|
Login |
||
|
Login Failed |
||
|
Logout |
||
|
Query |
||
|
Start |
||
|
Stop |
||
|
Recon |
Misc |
|
|
Scanner |
||
|
Application |
DHCP Error |
|
|
DHCP Request |
||
|
DNS Succesful Zone Tranfer |
||
|
DNS Zone Transfer Failed |
||
|
FTP commandExecuted |
||
|
FTPConnectionOpened |
||
|
Mail Received |
||
|
Mail Sent |
||
|
Spam Detected |
||
|
××× Closed |
||
|
××× Denied |
||
|
Web Error |
||
|
Web Denied |
||
|
Web Modified |
||
|
WebProxy |
||
|
Web Redirected |
||
|
Authentication |
Account Lockout |
|
|
Admin Access |
||
|
Brute force |
||
|
Default Credentials |
||
|
Failed |
||
|
FTP Login Failed |
||
|
FTP Login Succeeded |
||
|
Goup Added |
||
|
Goup Deleted |
||
|
Login |
||
|
Logout |
||
|
Password Change Failed |
||
|
Password Change Succeeded |
||
|
User Changed |
||
|
User Created |
||
|
User Deleted |
||
|
Exploit |
Attack Response |
|
|
Buffer Overflow |
||
|
Command Execution |
||
|
Cross Site Scripting |
||
|
Denial Of Service |
||
|
Directory Traversal |
||
|
File Inclusion |
||
|
Format String |
||
|
Spoofing |
||
|
ShellCode |
||
|
SQL Injection |
||
|
Malware |
Adware |
|
|
Backdoor |
||
|
Fake Antivirus |
||
|
Generic |
||
|
KeyLogger |
||
|
Spyware |
||
|
Trojan |
||
|
Virus |
||
|
Worm |
||
|
Policy |
Anonymity |
|
|
Check Failed |
||
|
Instant Messaging Chat |
||
|
P2P |
||
|
Phishing |
||
|
Porn |
||
|
Suspicious |
Bad Traffic |
|
|
Blacklist Address |
||
|
Database Activity |
||
|
DNS Protocol Anomaly |
||
|
FTP Protocol Anomaly |
||
|
HTTP Protocol Anomaly |
||
|
Mail Protocol Anomaly |
||
|
Netbios Activity |
||
|
Network Anomaly |
||
|
NFS Activity |
||
|
RPC Activity |
||
|
ScadaActivity |
||
|
SSH Activity |
||
|
SSH Protocol Anomaly |
||
|
Telnet Protocol Anomaly |
||
|
Threshold Exceeded |
||
|
Web Attack or Scan |
||
|
Inventory |
Mac Change |
|
|
MacDetected |
||
|
Operating System Change |
||
|
Operating System Detected |
||
|
Service Change |
||
|
Service Detected |
||
|
ServiceMisc |
