OSSIM事件类/子类 CATEGORY/ SUBCATEGORY 总结表

在数据源里可以查看详情,因为类和子类会显示在SIEM中。

事件 类/子类

数据源分类

Access

ACL Deny


ACL Permit


ConnectionClosed


ConnectionOpened


File Access


File Blocked


Firewall Deny


Firewall Misc Event


Firewall Permit


Timeout


Traffic Inbound


Traffic Outbound


Tunnel Closed


Tunnel Connection


Web Appliation Access


Alarm

Attacks


Bruteforce


Dos


Malware


Misc


Network


Policy


Scada


Scan


Aert

HostIDS Alert


IDS Alert


IPS Alert


Availability

State Critical


State Down


State Unknown


State Up


State Warning


Database

Error


Login


Login Failed


Logout


Query


Start


Stop


Recon

Misc


Scanner


Application

DHCP Error


DHCP Request


DNS Succesful Zone Tranfer


DNS Zone Transfer Failed


FTP commandExecuted


FTPConnectionOpened


Mail Received


Mail Sent


Spam Detected


××× Closed


××× Denied


Web Error


Web Denied


Web Modified


WebProxy


Web Redirected


Authentication

Account Lockout


Admin Access


Brute force


Default Credentials


Failed


FTP Login Failed


FTP Login Succeeded


Goup Added


Goup Deleted


Login


Logout


Password Change Failed


Password Change Succeeded


User Changed


User Created


User Deleted


Exploit

Attack Response


Buffer Overflow


Command Execution


Cross Site Scripting


Denial Of Service


Directory Traversal


File Inclusion


Format String


Spoofing


ShellCode


SQL Injection


Malware

Adware


Backdoor


Fake Antivirus


Generic


KeyLogger


Spyware


Trojan


Virus


Worm


Policy

Anonymity


Check Failed


Instant Messaging Chat


P2P


Phishing


Porn


Suspicious

Bad Traffic


Blacklist Address


Database Activity


DNS Protocol Anomaly


FTP Protocol Anomaly


HTTP Protocol Anomaly


Mail Protocol Anomaly


Netbios Activity


Network Anomaly


NFS Activity


RPC Activity


ScadaActivity


SSH Activity


SSH Protocol Anomaly


Telnet Protocol Anomaly


Threshold Exceeded


Web Attack or Scan


Inventory

Mac Change


MacDetected


Operating System Change


Operating System Detected


Service Change


Service Detected


ServiceMisc