Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Flow

The flow category includes events that are related to flow actions.

The following table describes the low-level event categories and associated severity levels for the flow category.

Table 1: Low-level Categories and Severity Levels for the Flow Category

Low-level event category

Category ID

Description

Severity level (0 - 10)

Unidirectional Flow

14001

Indicates a unidirectional flow of events.

5

Low number of Unidirectional Flows

14002

Indicates a low number of unidirectional flows of events.

5

Medium number of Unidirectional Flows

14003

Indicates a medium number of unidirectional flows of events.

5

High number of Unidirectional Flows

14004

Indicates a high number of unidirectional flows of events.

5

Unidirectional TCP Flow

14005

Indicates a unidirectional TCP flow.

5

Low number of Unidirectional TCP Flows

14006

Indicates a low number of unidirectional TCP flows.

5

Medium number of Unidirectional TCP Flows

14007

Indicates a medium number of unidirectional TCP flows.

5

High number of Unidirectional TCP Flows

14008

Indicates a high number of unidirectional TCP flows.

5

Unidirectional ICMP Flow

14009

Indicates a unidirectional ICMP flow.

5

Low number of Unidirectional ICMP Flows

14010

Indicates a low number of unidirectional ICMP flows.

5

Medium number of Unidirectional ICMP Flows

14011

Indicates a medium number of unidirectional ICMP flows.

5

High number if Unidirectional ICMP Flows

14012

Indicates a high number of unidirectional ICMP flows.

5

Suspicious ICMP Flow

14013

Indicates a suspicious ICMP flow.

5

Suspicious UDP Flow

14014

Indicates a suspicious UDP flow.

5

Suspicious TCP Flow

14015

Indicates a suspicious TCP flow.

5

Suspicious Flow

14016

Indicates a suspicious flow.

5

Empty Packet Flows

14017

Indicates empty packet flows.

5

Low number of Empty Packet Flows

14018

Indicates a low number of empty packet flows.

5

Medium number of Empty Packet Flows

14019

Indicates a medium number of empty packet flows.

5

High number of Empty Packet Flows

14020

Indicates a high number of empty packet flows.

5

Large Payload Flows

14021

Indicates a large payload of flows.

5

Low number of Large Payload Flows

14022

Indicates a low number of large payload flows.

5

Medium number of Large Payload Flows

14023

Indicates a medium number of large payload flows.

5

High number of Large Payload Flows

14024

Indicates a high number of large payload flows.

5

One Attacker to Many Target Flows

14025

Indicates that one attacker is targeting many flows.

5

Many Attacker to one Target Flow

14026

Indicates that many attackers are targeting one flow.

5

Unknown Flow

14027

Indicates an unknown flow.

5

Netflow Record

14028

Indicates a Netflow record.

5

Flow Record

14029

Indicates a Flow record.

5

SFlow Record

14030

Indicates an SFlow record.

5

Packeteer Record

14031

Indicates a Packeteer record.

5

Misc Flow

14032

Indicates a misc flow.

5

Large Data Transfer

14033

Indicates a large transfer of data.

5

Large Data Transfer Outbound

14034

Indicates a large transfer of outbound data.

5

VoIP Flows

14035

Indicates VoIP Flows.

5

Related Documentation