Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Potential Exploit

 

The potential exploit category contains events that are related to potential application exploits and buffer overflow attempts.

The following table describes the low-level event categories and associated severity levels for the potential exploit category.

Table 1: Low-level Categories and Severity Levels for the Potential Exploit Category

Low-level event category

Category ID

Description

Severity level (0 - 10)

Unknown Potential Exploit Attack

13001

Indicates that a potential exploitative attack was detected.

7

Potential Buffer Overflow

13002

Indicates that a potential buffer overflow was detected.

7

Potential DNS Exploit

13003

Indicates that a potentially exploitative attack through the DNS server was detected.

7

Potential Telnet Exploit

13004

Indicates that a potentially exploitative attack through Telnet was detected.

7

Potential Linux Exploit

13005

Indicates that a potentially exploitative attack through Linux wasLinux detected.

7

Potential UNIX Exploit

13006

Indicates that a potentially exploitative attack through UNIX was detected.

7

Potential Windows Exploit

13007

Indicates that a potentially exploitative attack through Windows wasWindows detected.

7

Potential Mail Exploit

13008

Indicates that a potentially exploitative attack through mail was detected.

7

Potential Infrastructure Exploit

13009

Indicates that a potential exploitative attack on the system infrastructure was detected.

7

Potential Misc Exploit

13010

Indicates that a potentially exploitative attack was detected.

7

Potential Web Exploit

13011

Indicates that a potentially exploitative attack through the web was detected.

7

Potential Botnet Connection

13012

Indicates a potentially exploitative attack that uses botnet was detected.

6

Potential Worm Activity

13013

Indicates a potential attack that uses worm activity was detected.

6

Related Documentation