Overview
Here is a list of the event types we classify during parsing. This is helpful when building Case Groups and other inbound rules and filters.
|
Type
|
Mapping
|
|
Copyright
|
|
|
|
|
|
Content
|
|
|
Activity
|
|
|
Vulnerability
|
|
|
Open
|
|
|
MailRelayAttempt
|
|
|
Bot
|
|
|
|
|
|
MalwareHosting
|
|
|
|
|
|
NotSpam?
|
|
|
Spamvertised?
|
|
|
Trademark
|
|
|
PortScan
|
|
|
|
|
|
DDosAmplification
|
|
|
IpSpoof
|
|
|
LoginAttack
|
|
|
IPReclamation
|
|
|
DNSProblems
|
|
|
Exploit
|
|
|
ChildAbuse
|
|
|
RPZ
|
|
|
Trap
|
|
|
CompromisedAccount
|
|
|
CompromisedServer
|
|
|
CompromisedWebsite
|
|
|
CVE
|
|
|
Backdoor
|
|
|
Fraud
|
|
|
Defacement
|
|
|
RogueDNS
|
|
|
Doxing
|
|
|
WebHack
|
|
|
WebCrawler
|
|
|
AuthFailure
|
|
|
Censorship
|
|
|
CompromisedMicrosoftExchange
|
|
|
DNSBlocklist
|
|
|
SSLPoodle
|
|
|
OutdatedDNSSEC
|
|
|
SSLFreak
|
|
|
Propaganda
|
|
|
Violence
|
|
|
DeviceIdentification
|
|
|
IllegalAdvertisement
|
|
|
MaliciousActivity
|
|
|
Harassment
|
|
Open Subtypes
Each open event signifies the existence of open ports, with the corresponding sub-events providing details about the services associated with these open ports.
|
Type
|
Mapping
|
|
socks
|
|
|
proxy
|
|
|
router
|
|
|
redis
|
|
|
mongodb
|
|
|
elasticsearch
|
|
|
portmapper
|
|
|
snmp
|
|
|
ntp
|
|
|
tftp
|
|
|
ftp
|
|
|
rdp
|
|
|
rsync
|
|
|
netbios
|
|
|
mqtt
|
|
|
mc_sqlr
|
|
|
mdns_resolver
|
|
|
dns_resolver
|
|
|
ipmi
|
|
|
ldap
|
|
|
adb
|
|
|
afp
|
|
|
ard
|
|
|
ipp
|
|
|
ssl
|
|
|
|
|
|
vpn
|
|
|
cwmp
|
|
|
ms_exchange
|
|
|
chargen
|
|
|
memcached
|
|
|
mssql
|
|
|
natpmp
|
|
|
qotd
|
|
|
ssdp
|
|
|
isakmp
|
|
|
vnc
|
|
|
telnet
|
|
|
xdmcp
|
|
|
db2
|
|
|
smb
|
|
|
hadoop
|
|
|
cisco_smart_install
|
|
|
mail_server
|
|
|
grafana
|
|
|
bitbucket
|
|
|
apache_server
|
|
|
gitlab_server
|
|
|
imap
|
|
|
pop3
|
|
|
http
|
|
|
radmin
|
|
|
ubiquiti
|
|
|
|
|
|
coap
|
|
|
vpn
|
|
|
smi
|
|
|
bosmon
|
|
|
ms_sharepoint
|
|
|
secvest_alarm_system
|
|
|
directory_listing
|
|
|
citrix
|
|
|
amqp
|
|
|
modbus
|
|
|
kubernetes_api_server
|
|
|
epmd
|
|
|
postgresql
|
|
|
quic
|
|
|
couchdb
|
|
|
docker
|
|
|
sip
|
|
|
stun
|
|
|
dvr
|
|
|
ics
|
|
|
hp_ilo
|
|
|
smarter_mail_server
|
|
|
log4j
|
|
|
zimbra_server
|
|
|
sap
|
|
|
bacnet
|
|
|
qnap
|
|
|
confluence
|
|
|
sophos
|
|
|
h2_web_console
|
|
|
fortigate
|
|
|
ivanti
|
|
|
fortios
|
|
|
canon
|
|
|
ws-discovery
|
|
|
slp
|
|
|
msmq
|
|
Send us a message
Having trouble with your set up or a technical issue? Get in touch with our team of Abusix experts.
Click the chat button at the bottom and send us your questions. Alternatively, you can email us at [email protected]
also, follow our LinkedIn Channel for updates & subscribe to our YouTube Channel for the latest Abusix how-to-videos.