Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Exploit

 

The exploit category contains events where a communication or an access exploit occurred.

The following table describes the low-level event categories and associated severity levels for the exploit category.

Table 1: Low-level Categories and Severity Levels for the Exploit Events Category

Low-level event category

Category ID

Description

Severity level (0 - 10)

Unknown Exploit Attack

5001

Indicates an unknown exploit attack.

9

Buffer Overflow

5002

Indicates a buffer overflow.

9

DNS Exploit

5003

Indicates a DNS exploit.

9

Telnet Exploit

5004

Indicates a Telnet exploit.

9

Linux Exploit

5005

Indicates a Linux exploit.

9

UNIX Exploit

5006

Indicates a UNIX exploit.

9

Windows Exploit

5007

Indicates a MicrosoftWindows exploit.

9

Mail Exploit

5008

Indicates a mail server exploit.

9

Infrastructure Exploit

5009

Indicates an infrastructure exploit.

9

Misc Exploit

5010

Indicates a miscellaneous exploit.

9

Web Exploit

5011

Indicates a web exploit.

9

Session Hijack

5012

Indicates that a session in your network was interceded.

9

Worm Active

5013

Indicates an active worm.

10

Password Guess/Retrieve

5014

Indicates that a user requested access to their password information from the database.

9

FTP Exploit

5015

Indicates an FTP exploit.

9

RPC Exploit

5016

Indicates an RPC exploit.

9

SNMP Exploit

5017

Indicates an SNMP exploit.

9

NOOP Exploit

5018

Indicates an NOOP exploit.

9

Samba Exploit

5019

Indicates a Samba exploit.

9

SSH Exploit

5020

Indicates an SSH exploit.

9

Database Exploit

5021

Indicates a database exploit.

9

ICMP Exploit

5022

Indicates an ICMP exploit.

9

UDP Exploit

5023

Indicates a UDP exploit.

9

Browser Exploit

5024

Indicates an exploit on your browser.

9

DHCP Exploit

5025

Indicates a DHCP exploit

9

Remote Access Exploit

5026

Indicates a remote access exploit

9

ActiveX Exploit

5027

Indicates an exploit through an ActiveX application.

9

SQL Injection

5028

Indicates that an SQL injection occurred.

9

Cross-Site Scripting

5029

Indicates a cross-site scripting vulnerability.

9

Format String Vulnerability

5030

Indicates a format string vulnerability.

9

Input Validation Exploit

5031

Indicates that an input validation exploit attempt was detected.

9

Remote Code Execution

5032

Indicates that a remote code execution attempt was detected.

9

Memory Corruption

5033

Indicates that a memory corruption exploit was detected.

9

Command Execution

5034

Indicates that a remote command execution attempt was detected.

9

Code Injection

5035

Indicates that a code injection was detected.

9

Replay Attack

5036

Indicates that a replay attack was detected.

9

Related Documentation