Exploit
The exploit category contains events where a communication or an access exploit occurred.
The following table describes the low-level event categories and associated severity levels for the exploit category.
Low-level event category |
Category ID |
Description |
Severity level (0 - 10) |
|---|---|---|---|
Unknown Exploit Attack |
5001 |
Indicates an unknown exploit attack. |
9 |
Buffer Overflow |
5002 |
Indicates a buffer overflow. |
9 |
DNS Exploit |
5003 |
Indicates a DNS exploit. |
9 |
Telnet Exploit |
5004 |
Indicates a Telnet exploit. |
9 |
Linux Exploit |
5005 |
Indicates a Linux exploit. |
9 |
UNIX Exploit |
5006 |
Indicates a UNIX exploit. |
9 |
Windows Exploit |
5007 |
Indicates a MicrosoftWindows exploit. |
9 |
Mail Exploit |
5008 |
Indicates a mail server exploit. |
9 |
Infrastructure Exploit |
5009 |
Indicates an infrastructure exploit. |
9 |
Misc Exploit |
5010 |
Indicates a miscellaneous exploit. |
9 |
Web Exploit |
5011 |
Indicates a web exploit. |
9 |
Session Hijack |
5012 |
Indicates that a session in your network was interceded. |
9 |
Worm Active |
5013 |
Indicates an active worm. |
10 |
Password Guess/Retrieve |
5014 |
Indicates that a user requested access to their password information from the database. |
9 |
FTP Exploit |
5015 |
Indicates an FTP exploit. |
9 |
RPC Exploit |
5016 |
Indicates an RPC exploit. |
9 |
SNMP Exploit |
5017 |
Indicates an SNMP exploit. |
9 |
NOOP Exploit |
5018 |
Indicates an NOOP exploit. |
9 |
Samba Exploit |
5019 |
Indicates a Samba exploit. |
9 |
SSH Exploit |
5020 |
Indicates an SSH exploit. |
9 |
Database Exploit |
5021 |
Indicates a database exploit. |
9 |
ICMP Exploit |
5022 |
Indicates an ICMP exploit. |
9 |
UDP Exploit |
5023 |
Indicates a UDP exploit. |
9 |
Browser Exploit |
5024 |
Indicates an exploit on your browser. |
9 |
DHCP Exploit |
5025 |
Indicates a DHCP exploit |
9 |
Remote Access Exploit |
5026 |
Indicates a remote access exploit |
9 |
ActiveX Exploit |
5027 |
Indicates an exploit through an ActiveX application. |
9 |
SQL Injection |
5028 |
Indicates that an SQL injection occurred. |
9 |
Cross-Site Scripting |
5029 |
Indicates a cross-site scripting vulnerability. |
9 |
Format String Vulnerability |
5030 |
Indicates a format string vulnerability. |
9 |
Input Validation Exploit |
5031 |
Indicates that an input validation exploit attempt was detected. |
9 |
Remote Code Execution |
5032 |
Indicates that a remote code execution attempt was detected. |
9 |
Memory Corruption |
5033 |
Indicates that a memory corruption exploit was detected. |
9 |
Command Execution |
5034 |
Indicates that a remote command execution attempt was detected. |
9 |
Code Injection |
5035 |
Indicates that a code injection was detected. |
9 |
Replay Attack |
5036 |
Indicates that a replay attack was detected. |
9 |