Exploit
The exploit category contains events where a communication or an access exploit occurred.
The following table describes the low-level event categories and associated severity levels for the exploit category.
Low-level event category | Category ID | Description | Severity level (0 - 10) |
---|---|---|---|
Unknown Exploit Attack | 5001 | Indicates an unknown exploit attack. | 9 |
Buffer Overflow | 5002 | Indicates a buffer overflow. | 9 |
DNS Exploit | 5003 | Indicates a DNS exploit. | 9 |
Telnet Exploit | 5004 | Indicates a Telnet exploit. | 9 |
Linux® Exploit | 5005 | Indicates a Linux exploit. | 9 |
UNIX Exploit | 5006 | Indicates a UNIX exploit. | 9 |
Windows Exploit | 5007 | Indicates a Microsoft Windows exploit. | 9 |
Mail Exploit | 5008 | Indicates a mail server exploit. | 9 |
Infrastructure Exploit | 5009 | Indicates an infrastructure exploit. | 9 |
Misc Exploit | 5010 | Indicates a miscellaneous exploit. | 9 |
Web Exploit | 5011 | Indicates a web exploit. | 9 |
Session Hijack | 5012 | Indicates that a session in your network was interceded. | 9 |
Worm Active | 5013 | Indicates an active worm. | 10 |
Password Guess/Retrieve | 5014 | Indicates that a user requested access to their password information from the database. | 9 |
FTP Exploit | 5015 | Indicates an FTP exploit. | 9 |
RPC Exploit | 5016 | Indicates an RPC exploit. | 9 |
SNMP Exploit | 5017 | Indicates an SNMP exploit. | 9 |
NOOP Exploit | 5018 | Indicates an NOOP exploit. | 9 |
Samba Exploit | 5019 | Indicates a Samba exploit. | 9 |
SSH Exploit | 5020 | Indicates an SSH exploit. | 9 |
Database Exploit | 5021 | Indicates a database exploit. | 9 |
ICMP Exploit | 5022 | Indicates an ICMP exploit. | 9 |
UDP Exploit | 5023 | Indicates a UDP exploit. | 9 |
Browser Exploit | 5024 | Indicates an exploit on your browser. | 9 |
DHCP Exploit | 5025 | Indicates a DHCP exploit | 9 |
Remote Access Exploit | 5026 | Indicates a remote access exploit | 9 |
ActiveX Exploit | 5027 | Indicates an exploit through an ActiveX application. | 9 |
SQL Injection | 5028 | Indicates that an SQL injection occurred. | 9 |
Cross-Site Scripting | 5029 | Indicates a cross-site scripting vulnerability. | 9 |
Format String Vulnerability | 5030 | Indicates a format string vulnerability. | 9 |
Input Validation Exploit | 5031 | Indicates that an input validation exploit attempt was detected. | 9 |
Remote Code Execution | 5032 | Indicates that a remote code execution attempt was detected. | 9 |
Memory Corruption | 5033 | Indicates that a memory corruption exploit was detected. | 9 |
Command Execution | 5034 | Indicates that a remote command execution attempt was detected. | 9 |
Code Injection | 5035 | Indicates that a code injection was detected. | 9 |
Replay Attack | 5036 | Indicates that a replay attack was detected. | 9 |