Exploit
The exploit category contains events where a communication or an access exploit occurred.
The following table describes the low-level event categories and associated severity levels for the exploit category.
| Low-level event category | Category ID | Description | Severity level (0 - 10) |
|---|---|---|---|
| Unknown Exploit Attack | 5001 | Indicates an unknown exploit attack. | 9 |
| Buffer Overflow | 5002 | Indicates a buffer overflow. | 9 |
| DNS Exploit | 5003 | Indicates a DNS exploit. | 9 |
| Telnet Exploit | 5004 | Indicates a Telnet exploit. | 9 |
| Linux® Exploit | 5005 | Indicates a Linux exploit. | 9 |
| UNIX Exploit | 5006 | Indicates a UNIX exploit. | 9 |
| Windows Exploit | 5007 | Indicates a Microsoft Windows exploit. | 9 |
| Mail Exploit | 5008 | Indicates a mail server exploit. | 9 |
| Infrastructure Exploit | 5009 | Indicates an infrastructure exploit. | 9 |
| Misc Exploit | 5010 | Indicates a miscellaneous exploit. | 9 |
| Web Exploit | 5011 | Indicates a web exploit. | 9 |
| Session Hijack | 5012 | Indicates that a session in your network was interceded. | 9 |
| Worm Active | 5013 | Indicates an active worm. | 10 |
| Password Guess/Retrieve | 5014 | Indicates that a user requested access to their password information from the database. | 9 |
| FTP Exploit | 5015 | Indicates an FTP exploit. | 9 |
| RPC Exploit | 5016 | Indicates an RPC exploit. | 9 |
| SNMP Exploit | 5017 | Indicates an SNMP exploit. | 9 |
| NOOP Exploit | 5018 | Indicates an NOOP exploit. | 9 |
| Samba Exploit | 5019 | Indicates a Samba exploit. | 9 |
| SSH Exploit | 5020 | Indicates an SSH exploit. | 9 |
| Database Exploit | 5021 | Indicates a database exploit. | 9 |
| ICMP Exploit | 5022 | Indicates an ICMP exploit. | 9 |
| UDP Exploit | 5023 | Indicates a UDP exploit. | 9 |
| Browser Exploit | 5024 | Indicates an exploit on your browser. | 9 |
| DHCP Exploit | 5025 | Indicates a DHCP exploit | 9 |
| Remote Access Exploit | 5026 | Indicates a remote access exploit | 9 |
| ActiveX Exploit | 5027 | Indicates an exploit through an ActiveX application. | 9 |
| SQL Injection | 5028 | Indicates that an SQL injection occurred. | 9 |
| Cross-Site Scripting | 5029 | Indicates a cross-site scripting vulnerability. | 9 |
| Format String Vulnerability | 5030 | Indicates a format string vulnerability. | 9 |
| Input Validation Exploit | 5031 | Indicates that an input validation exploit attempt was detected. | 9 |
| Remote Code Execution | 5032 | Indicates that a remote code execution attempt was detected. | 9 |
| Memory Corruption | 5033 | Indicates that a memory corruption exploit was detected. | 9 |
| Command Execution | 5034 | Indicates that a remote command execution attempt was detected. | 9 |
| Code Injection | 5035 | Indicates that a code injection was detected. | 9 |
| Replay Attack | 5036 | Indicates that a replay attack was detected. | 9 |