Class type | Description | Priority |
Attempted-admin | Attempted administrator privilege gain | 1 |
Attempted-user | Attempted user privilege gain | 1 |
Inappropriate-content | Inappropriate content was detected | 1 |
Policy-violation | Potential corporate privacy violation | 1 |
Shellcode-detect | Executable code was detected | 1 |
Successful-admin | Successful administrator privilege gain | 1 |
Successful-user | Successful user privilege gain | 1 |
Trojan-activity | A network trojan was detected | 1 |
Unsuccessful-user | Unsuccessful user privilege gain | 1 |
Web-application-attack | Web application attack | 1 |
Attempted-dos | Attempted denial of service | 2 |
Attempted-recon | Attempted information leak | 2 |
Bad-unknown | Potentially bad traffic | 2 |
Default-login-attempt | Attempt to login by a default username and password | 2 |
Denial-of-service | Detection of a denial of service attack | 2 |
Misc-attack | Misc attack | 2 |
Non-standard-protocol | Detection of a non-standard protocol or event | 2 |
Rpc-portmap-decode | Decode of an RPC query | 2 |
Successful-dos | Denial of service | 2 |
Successful-recon-largescale | Large scale information leak | 2 |
Successful-recon-limited | Information leak | 2 |
Suspicious-filename-detect | A suspicious filename was detected | 2 |
Suspicious-login | An attempted login using a suspicious username was detected | 2 |
System-call-detect | A system call was detected | 2 |
Unusual-client-port-connection | A client was using an unusual port | 2 |
Web-application-activity | Access to a potentially vulnerable web application | 2 |
Icmp-event | Generic ICMP event | 3 |
Misc-activity | Misc activity | 3 |
Network-scan | Detection of a network scan | 3 |
Not-suspicious | Not suspicious traffic | 3 |
Protocol-command-decode | Generic protocol command decode | 3 |
String-detect | A suspicious string was detected | 3 |
Unknown | Unknown traffic | 3 |
Tcp-connection | A TCP connection was detected | 4 |