​OSSIM事件分类/子类总结表

数据源分类

子类

备注

Access

ACL Deny

ACL Permit

ConnectionClosed

ConnectionOpened

File Access

File Blocked

Firewall Deny

Firewall Misc Event

Firewall Permit

Timeout

Traffic Inbound

Traffic Outbound

Tunnel Closed

Tunnel Connection

Web Appliation Access

Alarm

Attacks

Bruteforce

Dos

Malware

Misc

Network

Policy

Scada

Scan

Aert

HostIDS Alert

IDS Alert

IPS Alert

Availability

State Critical

State Down

State Unknown

State Up

State Warning

Database

Error

Login

Login Failed

Logout

Query

Start

Stop

Recon

Misc

Scanner

Application

DHCP Error

DHCP Request

DNS Succesful Zone Tranfer

DNS Zone Transfer Failed

FTP commandExecuted

FTPConnectionOpened

Mail Received

Mail Sent

Spam Detected

VPN Closed

VPN Denied

Web Error

Web Denied

Web Modified

WebProxy

Web Redirected

Authentication

Account Lockout

Admin Access

Brute force

Default Credentials

Failed

FTP Login Failed

FTP Login Succeeded

Goup Added

Goup Deleted

Login

Logout

Password Change Failed

Password Change Succeeded

User Changed

User Created

User Deleted

Exploit

Attack Response

Buffer Overflow

Command Execution

Cross Site Scripting

Denial Of Service

Directory Traversal

File Inclusion

Format String

Spoofing

ShellCode

SQL Injection

Malware

Adware

Backdoor

Fake Antivirus

Generic

KeyLogger

Spyware

Trojan

Virus

Worm

Policy

Anonymity

Check Failed

Instant Messaging Chat

P2P

Phishing

Porn

Suspicious

Bad Traffic

Blacklist Address

Database Activity

DNS Protocol Anomaly

FTP Protocol Anomaly

HTTP Protocol Anomaly

Mail Protocol Anomaly

Netbios Activity

Network Anomaly

NFS Activity

RPC Activity

ScadaActivity

SSH Activity

SSH Protocol Anomaly

Telnet Protocol Anomaly

Threshold Exceeded

Web Attack or Scan

Inventory

Mac Change

MacDetected

Operating System Change

Operating System Detected

Service Change

Service Detected

ServiceMisc