Potential Exploit
The potential exploit category contains events that are related to potential application exploits and buffer overflow attempts.
The following table describes the low-level event categories and associated severity levels for the potential exploit category.
Low-level event category |
Category ID |
Description |
Severity level (0 - 10) |
|---|---|---|---|
Unknown Potential Exploit Attack |
13001 |
Indicates that a potential exploitative attack was detected. |
7 |
Potential Buffer Overflow |
13002 |
Indicates that a potential buffer overflow was detected. |
7 |
Potential DNS Exploit |
13003 |
Indicates that a potentially exploitative attack through the DNS server was detected. |
7 |
Potential Telnet Exploit |
13004 |
Indicates that a potentially exploitative attack through Telnet was detected. |
7 |
Potential Linux Exploit |
13005 |
Indicates that a potentially exploitative attack through Linux was detected. |
7 |
Potential UNIX Exploit |
13006 |
Indicates that a potentially exploitative attack through UNIX was detected. |
7 |
Potential Windows Exploit |
13007 |
Indicates that a potentially exploitative attack through Windows was detected. |
7 |
Potential Mail Exploit |
13008 |
Indicates that a potentially exploitative attack through mail was detected. |
7 |
Potential Infrastructure Exploit |
13009 |
Indicates that a potential exploitative attack on the system infrastructure was detected. |
7 |
Potential Misc Exploit |
13010 |
Indicates that a potentially exploitative attack was detected. |
7 |
Potential Web Exploit |
13011 |
Indicates that a potentially exploitative attack through the web was detected. |
7 |
Potential Botnet Connection |
13012 |
Indicates a potentially exploitative attack that uses botnet was detected. |
6 |
Potential Worm Activity |
13013 |
Indicates a potential attack that uses worm activity was detected. |
6 |