Flow
The flow category includes events that are related to flow actions.
The following table describes the low-level event categories and associated severity levels for the flow category.
Table 1: Low-level Categories and Severity Levels for the Flow Category
Low-level event category | Category ID | Description | Severity level (0 - 10) |
|---|---|---|---|
Unidirectional Flow | 14001 | Indicates a unidirectional flow of events. | 5 |
Low number of Unidirectional Flows | 14002 | Indicates a low number of unidirectional flows of events. | 5 |
Medium number of Unidirectional Flows | 14003 | Indicates a medium number of unidirectional flows of events. | 5 |
High number of Unidirectional Flows | 14004 | Indicates a high number of unidirectional flows of events. | 5 |
Unidirectional TCP Flow | 14005 | Indicates a unidirectional TCP flow. | 5 |
Low number of Unidirectional TCP Flows | 14006 | Indicates a low number of unidirectional TCP flows. | 5 |
Medium number of Unidirectional TCP Flows | 14007 | Indicates a medium number of unidirectional TCP flows. | 5 |
High number of Unidirectional TCP Flows | 14008 | Indicates a high number of unidirectional TCP flows. | 5 |
Unidirectional ICMP Flow | 14009 | Indicates a unidirectional ICMP flow. | 5 |
Low number of Unidirectional ICMP Flows | 14010 | Indicates a low number of unidirectional ICMP flows. | 5 |
Medium number of Unidirectional ICMP Flows | 14011 | Indicates a medium number of unidirectional ICMP flows. | 5 |
High number if Unidirectional ICMP Flows | 14012 | Indicates a high number of unidirectional ICMP flows. | 5 |
Suspicious ICMP Flow | 14013 | Indicates a suspicious ICMP flow. | 5 |
Suspicious UDP Flow | 14014 | Indicates a suspicious UDP flow. | 5 |
Suspicious TCP Flow | 14015 | Indicates a suspicious TCP flow. | 5 |
Suspicious Flow | 14016 | Indicates a suspicious flow. | 5 |
Empty Packet Flows | 14017 | Indicates empty packet flows. | 5 |
Low number of Empty Packet Flows | 14018 | Indicates a low number of empty packet flows. | 5 |
Medium number of Empty Packet Flows | 14019 | Indicates a medium number of empty packet flows. | 5 |
High number of Empty Packet Flows | 14020 | Indicates a high number of empty packet flows. | 5 |
Large Payload Flows | 14021 | Indicates a large payload of flows. | 5 |
Low number of Large Payload Flows | 14022 | Indicates a low number of large payload flows. | 5 |
Medium number of Large Payload Flows | 14023 | Indicates a medium number of large payload flows. | 5 |
High number of Large Payload Flows | 14024 | Indicates a high number of large payload flows. | 5 |
One Attacker to Many Target Flows | 14025 | Indicates that one attacker is targeting many flows. | 5 |
Many Attacker to one Target Flow | 14026 | Indicates that many attackers are targeting one flow. | 5 |
Unknown Flow | 14027 | Indicates an unknown flow. | 5 |
Netflow Record | 14028 | Indicates a Netflow record. | 5 |
Flow Record | 14029 | Indicates a Flow record. | 5 |
SFlow Record | 14030 | Indicates an SFlow record. | 5 |
Packeteer Record | 14031 | Indicates a Packeteer record. | 5 |
Misc Flow | 14032 | Indicates a misc flow. | 5 |
Large Data Transfer | 14033 | Indicates a large transfer of data. | 5 |
Large Data Transfer Outbound | 14034 | Indicates a large transfer of outbound data. | 5 |
VoIP Flows | 14035 | Indicates VoIP Flows. | 5 |