Unique ID | Event Source | Abbreviation |
---|---|---|
100000-199999 | DHCP Server | DHCP |
200000-299999 | Active Directory | AD |
300000-399999 | General Network Attacks | NET |
400000-499999 | File Servers | FTP |
500000-599999 | DNS Servers | DNS |
600000-699999 | VOIP Serer | VOIP |
800000-899999 | Web Server | WEB |
Categories
- Suspect: Indication of potentially malicious activity, requires investigation to determine is malicious or not.
- Policy: Violation of security policy that requires investigation.
- Malware: Indicators of malicious files and activity
Report names are in the format:
{UNIQUE_ID}-{HF,INV}-{ShortName}-{REPORT_CATEGORY}