# # (LCE) THUNDER PRM LIBRARY # Copyright 2006-2009 Tenable Network Security # This library may only be used with the LCE server and may not # be used with other products or open source projects # $Date: 2011/09/27 19:30:36 n # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_airport.prm # # 3500=Airport-Group_Key_Rotated system # 3501=Airport-Station_Association_Attempt system # 3502=Airport-Station_Bad_WPA_Key error # 3503=Airport-Station_Deauthentication system # 3504=Airport-Station_Disassociated system # 3505=Airport-Station_Authenticated system # 3506=Airport-Admin_Access_Denied login-failure # 3507=Airport-Admin_Access_Granted login # 3508=Airport-Base_Station_Restart restart # 3509=Airport-Base_Station_Config_Change system # 3510=Airport-Station_Re-association system # 3511=Airport-Station_Authentication_Failed error # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_buffalo.prm # # 400=BuffaloWAP-Associated_MAC system # 401=BuffaloWAP-DeAuthentication_MAC system # 402=BuffaloWAP-DHCP_Address_Offer dhcp # 403=BuffaloWAP-DHCP_Address_ACK dhcp # 404=BuffaloWAP-Attack_Detected intrusion # 405=BuffaloWAP-ReAssociated_MAC system # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_cisco.prm # # 1900=CiscoAironet-Out_Of_Memory error # 1901=CiscoAironet-Failed_IP_Change system # 1902=CiscoAironet-Rogue_Access_Point intrusion # 1903=CiscoAironet-WLAN_Attack intrusion # 1905=CiscoAironet-Control_Attack intrusion # 1906=CiscoAironet-Plaintext_Traffic_Detected error # 1907=CiscoAironet-Rogue_Host_Assumed_Valid_MAC intrusion # 1908=CiscoAironet-Rogue_Host_Sending_Frames intrusion # 1909=CiscoAironet-Rogue_Host_Sending_Frames intrusion # 1910=CiscoAironet_Rogue_Host_Sending_Frames intrusion # 1911=CiscoAironet-Cannot_Access_DNS error # 1912=CiscoAironet-Out_of_Memory error # 1913=CiscoAironet-Failed_Admin_Function error # 1914=CiscoAironet-NULL_MAC_Address error # 1915=CiscoAironet-NULL_IP_Address error # 1917=CiscoAironet-Firmware_Upgrade_Reboot restart # 1918=CiscoAironet-New_Interface_Reboot restart # 1919=CiscoAironet-Factory_Restore_Reboot restart # 1920=CiscoAironet-Hardware_Address_Reboot restart # 1921=CiscoAironet-Trace_Buffer_Reboot restart # 1922=CiscoAironet-Rogue_Device_Assumed_AP_IP_Address intrusion # 1923=CiscoAironet-WEP_Encryption_Error error # 1924=CiscoAironet-Misconfigured_WEP error # 1925=CiscoAironet-Misconfigured_WEP error # 1926=CiscoAironet-Rogue_802_11_Traffic intrusion # 1927=CiscoAironet-Hot_Standby_Taking_Over restart # 1928=CiscoAironet-Denied_Authentication access-denied # 1929=CiscoAironet-Lack_Of_Memory_Reboot error # 1930=CiscoAironet-Client_Authentication_Unmatched error # 1931=CiscoAironet-Failed_Radius_Authentication login-failure # 1932=CiscoAironet-Multiple_SSH_Failed_Logins login-failure # 1933=CiscoAironet-SSH_CRC_Attack intrusion # 1934=CiscoAironet-Rogue_Access_Point intrusion # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_cisco_wireless_lan_controller.prm # # 7769=CiscoWireless-Delete_Username_Failed error # 7770=CiscoWireless-Retransmissions_Exceeded error # 7771=CiscoWireless-ACL_Not_Found error # 7772=CiscoWireless-Bind_Error error # 7773=CiscoWireless-Big_Nav_Attack intrusion # 7774=CiscoWireless-Error_Processing_RSN_WARP error # 7775=CiscoWireless-No_Heartbeat error # 7776=CiscoWireless-Not_Advertising_SSID system # 7777=CiscoWireless-AP_Not_Added_ToDebug_Database system # 7778=CiscoWireless-Cannot_Contain_Rogue intrusion # 7779=CiscoWireless-Invalid_WPA_Key_State error # 7780=CiscoWireless-CCKM_Updated system # 7781=CiscoWireless-MAX_EAP_Exceeded_Client error # 7782=CiscoWireless-System_Call_Failed error # 7783=CiscoWireless-Time_Set system # 7784=CiscoWireless-Invalid_Replay_Counter error # 7785=CiscoWireless-User_Login login # 7786=CiscoWireless-Validate_CCKM_Failed error # 7787=CiscoWireless-Client_Not_Found error # 7788=CiscoWireless-Radius_Override_Disabled system # 7789=CiscoWireless-MAC_Add_Not_Found error # 7790=CiscoWireless-Max_EAP_Retrans_Exceeded error # 7791=CiscoWireless-Authentication_Failed login-failure # 7792=CiscoWireless-Radius_Server_Not_Found error # 7793=CiscoWireless-Login_Failed login-failure # 7794=CiscoWireless-User_Passwd login-failure # 7795=CiscoWireless-IP_Add_On_MSCB_Failed error # 7796=CiscoWireless-Max_Reached_Configure_Command error # 7797=CiscoWireless-AP_Not_Found error # 7798=CiscoWireless-Invalid_Slot error # 7799=CiscoWireless-Received_Action_Frame system # 7800=CiscoWireless-MAC_Mgmt_Failed error # 7801=CiscoWireless-Link_Failure_Rebooted restart # 7802=CiscoWireless-Failed_Get error # 7803=CiscoWireless-Invalid_Country_Code error # 7804=CiscoWireless-Country_Code_Changed system # 7805=CiscoWireless-Controller_Boot restart # 7806=CiscoWireless-Replay_Error error # 7807=CiscoWireless-OTAP_Disabled error # 7808=CiscoWireless-Discovery_Request error # 7809=CiscoWireless-Conflicting_Rates error # 7810=CiscoWireless-Invalid_DOT1x_Or_CB error # 7811=CiscoWireless-Radius_Failed error # 7813=CiscoWireless-Send_Failure error # 7814=CiscoWireless-Login_Failed login-failure # 7815=CiscoWireless-Config_Error error # 7816=CiscoWireless-Packet_Rejected error # 7817=CiscoWireless-Process_Request_Failed error # 7818=CiscoWireless-UsmDbWcpGet_Non_Doberman system # 7819=CiscoWireless-ACL_Does_Not_Exist error # 7820=CiscoWireless-Bad_Packets error # 7821=CiscoWireless-No_Acceptable_Pkts error # 7822=CiscoWireless-No_CLients_In_Database system # 7823=CiscoWireless-Invalid_Sequence_Number error # 7824=CiscoWireless-Invalid_WPA_State error # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_generic.prm # # 145=Wireless-Notice_Station_Authenticated system # 146=Wireless-Notice_Station_Forwarding system # 147=Wireless-Notice_Station_Associated system # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_hipath_siemens_wireless.prm # # 10369=SeimensWireless-Radius_Authentication login # 10370=SiemensWireless-Client_Authorized system # 10371=SiemensWireless-MAC_Authorized system # 10372=SiemensWireless-Registration_Succeeded system # 10373=SiemensWireless-Client_Roaming system # 10374=SiemensWireless-AP_Connects_For_Registration system # 10375=SiemensWireless-AP_Authenticated system # 10376=SiemensWireless-AP_Succeeded system # 10377=SiemensWireless-Sensor_Upgrade system # # Plugins for file /usr/thunder/daemons/plugins/as400_powertech.prm # # 10250=PowerTech-Interact_Transaction_Rejected login-failure # 10251=PowerTech-Interact_Transaction_Allowed login # 10252=PowerTech-Interact_System_i_Transaction_Allowed login # 10253=PowerTech-Interact_Invalid_Password login-failure # 10254=PowerTech-Interact_Potential_Intrusion intrusion # 10255=PowerTech-Interact_New_Library_Created system # 10256=PowerTech-Interact_Profile_Changed system # 10257=PowerTech-Interact_System_Value_Changed system # 10258=PowerTech-Interact_Profile_Disabled system # 10259=PowerTech-Interact_System_i_Transaction_Rejected login-failure # 10260=PowerTech-Interact_Invalid_Username login-failure # # Plugins for file /usr/thunder/daemons/plugins/asset_lists.prm # # # Plugins for file /usr/thunder/daemons/plugins/auth_bluesocket.prm # # 1025=BlueSocket-Added_Unregistered_User dhcp # 1026=BlueSocket-DHCP-Request_From_Wrong_Network error # 1027=BlueSocket-Login_Failure login-failure # 1028=BlueSocket-DHCP-Request dhcp # 1029=BlueSocket-DHCPPACK dhcp # 1030=BlueSocket-Action_Command dhcp # 1031=BlueSocket-User_Logout logout # 1032=BlueSocket-User_Login login # # Plugins for file /usr/thunder/daemons/plugins/auth_cisco_acs.prm # # 12000=CiscoACS-Passed_Authentication login # 12001=CiscoACS-Failed_Authentication login-failure # 12002=CiscoACS-Radius_Access_Known_ID system # 12003=CiscoACS-Radius_Access_Known_Station_ID system # 12004=CiscoACS-Radius_Access_Unknown_ID error # 12005=CiscoACS-TACACS_Accounting system # 12006=CiscoACS-TACACS_Admin system # 12007=CiscoACS-VoIP_Accounting system # 12008=CiscoACS-Backup_Activity system # 12009=CiscoACS-Database_Replication system # 12010=CiscoACS-Administrator_Login login # 12011=CiscoACS-User_Modified system # 12012=CiscoACS-Config_Change system # 12013=CiscoACS-Administrator_Activity system # 12014=CiscoACS-Administrator_Logout logout # 12015=CiscoACS-User_Password_Change system # 12016=CiscoACS-Service_Monitor system # 12017=CiscoACS-Acount_Disabled_Activity login-failure # 12018=CiscoACS-Service_Application_Admin system # 12019=CiscoACS-Session_Disconnected logout # 12020=CiscoACS-Passed_Authentication login # 12021=CiscoACS-Failed_Authentication login-failure # 12022=CiscoACS-Failed_Authentication login-failure # # Plugins for file /usr/thunder/daemons/plugins/chat_irc.prm # # 54701=IRC-Chat_Connect connection # 54702=IRC-Chat_Disconnect application # 54703=IRC-Forced_Join application # 54704=IRC-Rename_Virtual_Host application # 54705=IRC-Rename_Virtual_Identity application # 54706=IRC-Operator_Override application # 54707=IRC-Operator_Kick_User application # # Plugins for file /usr/thunder/daemons/plugins/compliance.prm # # # Plugins for file /usr/thunder/daemons/plugins/dhcp.prm # # 2955=DHCP-Request dhcp # 2956=DHCP-Request_Windows dhcp # 2957=DHCP-Request dhcp # 2958=DHCP-Request dhcp # 3600=DHCPCLIENT-No_Offers error # 3601=DHCPCLIENT-No_Working_Leases error # 3602=DHCPCLIENT-Address_Leased dhcp # 3603=DHCP-Request dhcp # 3604=DHCP-Packet_Too_Small error # 3605=DHCP-Discover dhcp # 3606=DHCP-Offer dhcp # 3607=DHCP-Inform dhcp # 3608=DHCP-Ack dhcp # 3609=DHCP-Reverse_Map_Added dhcp # 3610=DHCP-Lease_Duplicate dhcp # 3611=DHCP-Timed_Out error # 3612=DHCP-BOOTREQUEST dhcp # 3613=DHCP-ACK dhcp # 3614=DHCP-No_DHCID error # 3615=DHCP-Leases_Running_Out error # 3616=DHCP-Inform dhcp # 3617=DHCP-Leases_Present dhcp # # Plugins for file /usr/thunder/daemons/plugins/dns_bind.prm # # 1500=Bind-Version_Query application # 1501=Bind-Denied_Version_Query application # 1502=Bind-Denied_Version_Query access-denied # 1503=Bind-Zone_Transfer_Deny access-denied # 1504=Bind-Zone_Transfer application # 1505=Bind-Refused_Query access-denied # 1506=Bind-Port_Zero_Packet access-denied # 1507=Bind-Unapproved_Update access-denied # 1508=Bind-Unapproved_Recursive_Query access-denied # 1509=Bind-Fatal_Exit process # 1510=Bind-Unexpected_Response error # 1511=Bind-Potential_Attack intrusion # 1512=Bind-Potential_Attack intrusion # 1513=Bind-Segmentation_Fault error # 1514=Bind-Zone_Transfer_started application # 1515=Bind-Update_Denied access-denied # 1516=Bind-Update_Failed access-denied # 1517=Bind-Lame_NameServer_Resolution error # 1518=Bind-Unexpected_Return_Code dns # 1519=Bind-Resolve_Error dns # 1520=Bind-Running restart # 1521=Bind-Shut-Down restart # 1522=Bind-Query_Denied access-denied # 1523=Bind-Zone_Update application # 1524=Bind-Extra_Info_Sent application # 1525=Bind-Bad_Referral error # 1526=Bind-Query_IPv4 dns # 1527=Bind-Query_IPv6 dns # 1528=Bind-Query_Domain dns # 1529=Bind-Query_TXT dns # 1530=Bind-Query_Mail_Server dns # 1531=Bind-Query_Service_Locator dns # 1532=Bind-Query_Start_Of_Authority dns # 1533=Bind-Query_Transaction_Key dns # 1534=Bind-Zone_Transfer_Query application # 1535=Bind-Zone_Notify application # 1536=Bind-Transfer application # 1537=Bind-Master_File_Dump_Denied access-denied # 1538=Bind-Failed_Transfer access-denied # 1539=Bind-Transfer_Ended application # 1540=Bind-Bad_Owner_Name error # 1541=Bind-Refresh_In_Progress application # 1542=Bind-Process_Exit restart # 1543=Bind-Query_Name_Server dns # 1544=Bind-Lame_NameServer_Unexpected_RCODE dns # 1545=Bind-Network_Unreachable error # 1546=Bind-Client_Query_Denied access-denied # 1547=Bind-Time_Modification_Denied error # 1548=Bind-DNS_Format_Error_Invalid_Response dns # 1549=Bind-FORMERR_Response_Error dns # 1550=Bind-Response_From_Internet dns # 3300=Bind-Success_After_Disabling_EDNS dns # 3301=Bind-Zone_Transfer_Complete dns # # Plugins for file /usr/thunder/daemons/plugins/dns_windows.prm # # 10200=Windows-DNS_Probe intrusion # 10201=Windows-DNS_Lookup_Success dns # 10202=Windows-DNS_Lookup_Norecord_For_Host dns # 10203=Windows-DNS_Lookup_Not_Authoritative_For_Domain dns # 10204=Windows-DNS_Lookup_Servfail_Temp_Error dns # 10205=Windows-DNS_Lookup_Security_Error access-denied # # Plugins for file /usr/thunder/daemons/plugins/firewall_adtran.prm # # 16250=Adtran-Allowed_UDP_Connection connection # 16251=Adtran-Connection_Timed_Out_UDP firewall # 16252=Adtran-Allowed_TCP_Connection connection # 16253=Adtran-TCP_Connection_Closed connection # 16254=Adtran-Allowed_ICMP_Connection connection # 16255=Adtran-Connection_Timed_Out_ICMP firewall # 16256=Adtran-Allowed_LDAP_Connection connection # 16257=Adtran-Allowed_SMTP_Connection connection # 16258=Adtran-Allowed_Web_Connection connection # 16259=Adtran-Web_Connection_Closed connection # 16260=Adtran-Allowed_Telnet_Connection connection # 16261=Adtran-Telnet_Connection_Closed firewall # 16262=Adtran-Allowed_FTP_Connection connection # 16263=Adtran-FTP_Connection_Closed connection # 16280=Adtran-Invalid_TCP_Session firewall # 16281=Adtran-Dropped_Invalid_Packet firewall # 16282=Adtran-Spoofing_Detected firewall # 16283=Adtran-Zero_Byte_Connection firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_arkoon.prm # # 9550=Arkoon-UDP_Deny firewall # 9551=Arkoon-TCP_Deny firewall # 9555=Arkoon-Portscan_Detected scanning # # Plugins for file /usr/thunder/daemons/plugins/firewall_astaro.prm # # 2301=Astaro-UDP_Dropped firewall # 2302=Astaro-TCP_Dropped firewall # 2303=Astaro-TCP_Accepted connection # 2304=Astaro-UDP_Accepted connection # 2305=Astaro-ICMP_Accepted firewall # 2306=Astaro-ICMP_Dropped firewall # 2307=Astaro-UDP_Dropped firewall # 2308=Astaro-TCP_Dropped firewall # 2309=Astaro-TCP_Accepted connection # 2310=Astaro-UDP_Accepted connection # 2311=Astaro-ASG_Web-Blocked firewall # 2312=Astaro-Connection_Logged connection # 2313=Astaro-AFC_Connection_Logged connection # 2314=Astaro-ASG_Web-Session web-access # 2315=Astaro-AFC_Connection_Blocked firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_checkpoint.prm # # 1250=Checkpoint-Accepted_UDP connection # 1251=Checkpoint-Accepted_TCP connection # 1252=Checkpoint-Accepted_ICMP connection # 1253=Checkpoint-Blocked_UDP firewall # 1254=Checkpoint-Blocked_TCP firewall # 1255=Checkpoint-Blocked_ICMP firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_checkpoint_loggrabber.prm # # 3025=Checkpoint-Accepted_UDP connection # 3026=Checkpoint-Accepted_TCP connection # 3027=Checkpoint-Blocked_TCP firewall # 3028=Checkpoint-Blocked_UDP firewall # 3029=Checkpoint-Blocked_ICMP firewall # 3030=Checkpoint-Accepted_ICMP connection # 3031=Checkpoint-Dropped_TCP firewall # 3032=Checkpoint-Droppeed_UDP firewall # 3033=Checkpoint-Dropped_ICMP firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_cisco_asa.prm # # 13001=CiscoASA-Blocked_UDP firewall # 13002=CiscoASA-Blocked_TCP firewall # 13003=CiscoASA-Blocked_ICMP firewall # 13004=CiscoASA-Blocked_UDP firewall # 13005=CiscoASA-Blocked_TCP firewall # 13006=CiscoASA-Blocked_ICMP firewall # 13007=CiscoASA-Blocked_Inbound_TCP_Noxlate firewall # 13008=CiscoASA-Blocked_Inbound_ICMP_Noxlate firewall # 13009=CiscoASA-Blocked_UDP firewall # 13010=CiscoASA-Blocked_TCP firewall # 13011=CiscoASA-Blocked_ICMP firewall # 13012=CiscoASA-Blocked_ICMP firewall # 13013=CiscoASA-Blocked_IP_Options firewall # 13014=CiscoASA-Blocked_TCP firewall # 13015=CiscoASA-Blocked_UDP firewall # 13016=CiscoASA-Blocked_UDP firewall # 13017=CiscoASA-Blocked_TCP firewall # 13018=CiscoASA-Blocked_TCP firewall # 13019=CiscoASA-Blocked_Protocol firewall # 13020=CiscoASA-Allowed_TCP connection # 13021=CiscoASA-Allowed_UDP connection # 13022=CiscoASA-User_Log_Out logout # 13023=CiscoASA-User_Authentication_Failure login-failure # 13024=CiscoASA-User_Log_In login # 13025=CiscoASA-User_Privilege_Change system # 13026=CiscoASA-Admin_Permited login # 13027=CiscoASA-Admin_Permited_Console login # 13028=CiscoASA-Admin_Denied login-failure # 13029=CiscoASA-Admin_Denied_Console login-failure # 13030=CiscoASA-PPP_User_AAA_Status login # 13031=CiscoASA-SSH_Disconnect logout # 13032=CiscoASA-SSH_Bad_Password login-failure # 13033=CiscoASA-Multiple_Enable_Failures login-failure # 13034=CiscoASA-User_Authorization_Denied login-failure # 13035=CiscoASA-User_Authorization_Allowed login # 13036=CiscoASA-User_Authorization_Allowed login # 13037=CiscoASA-Too_Many_Users error # 13038=CiscoASA-Split_DNS error # 13039=CiscoASA-Split_DNS error # 13040=CiscoASA-OSPF_IP_Area_Change system # 13041=CiscoASA-Interface_Zero_Bandwidth error # 13042=CiscoASA-Auto_Update_Failure error # 13043=CiscoASA-Command_Failure access-denied # 13044=CiscoASA-Bad_NTP_Packet access-denied # 13045=CiscoASA-NTP_Packet_Denied firewall # 13046=CiscoASA-Duplicate_Router_ID error # 13047=CiscoASA-Duplicate_Router_ID error # 13048=CiscoASA-Invalid_OSPF_Packet error # 13049=CiscoASA-Invalid_OSPF_Packet error # 13050=CiscoASA-Routing_Limit_Reached error # 13051=CiscoASA-Manager_Connection login # 13052=CiscoASA-High_CPU error # 13053=CiscoASA-Config_Modification system # 13054=CiscoASA-Potential_DOS_Attack dos # 13055=CiscoASA-VPN_Rollover intrusion # 13056=CiscoASA-PPTP_Out_Of_Sequence_Packet error # 13057=CiscoASA-DNS_Overflow intrusion # 13058=CiscoASA-DNS_Overflow intrusion # 13059=CiscoASA-DNS_Overflow intrusion # 13060=CiscoASA-DNS_Overflow intrusion # 13061=CiscoASA-DOS_Attack dos # 13062=CiscoASA-FTP_Port_Rewrite intrusion # 13063=CiscoASA-FTP_Low_Port intrusion # 13064=CiscoASA-ARP_Poison intrusion # 13065=CiscoASA-Spoofed_PPTP_Packet intrusion # 13066=CiscoASA-Spoofed_IPSEC_Packet error # 13067=CiscoASA-Spoofed_IPSEC_Packet error # 13068=CiscoASA-Invalid_ICMP_Error_Destination firewall # 13069=CiscoASA-Invalid_RIP_Header firewall # 13070=CiscoASA-Invalid_RIP_Header firewall # 13071=CiscoASA-Potential_Manager_Session_Attack intrusion # 13072=CiscoASA-Potential_SNMP_Overflow_Attempt intrusion # 13073=CiscoASA-IP_Frag_Drop_Too_Many_Elements dos # 13074=CiscoASA-IP_Frag_Drop_Max_Size_Exceeded dos # 13075=CiscoASA-IP_Frag_Database_Exceeded dos # 13076=CiscoASA-WebSense_URL_Server_Not_Responding error # 13077=CiscoASA-Websense_Leaving_Allow_mode system # 13078=CiscoASA-Built_Outbound_TCP_Connection connection # 13079=CiscoASA-Built_Outbound_UDP_Connection connection # 13080=CiscoASA-Deny_IP_Teardrop_Fragment dos # 13081=CiscoASA-No_Translation_Group_Found firewall # 13082=CiscoASA-Deny_UDP_Reverse_Path_Check firewall # 13083=CiscoASA-Built_Inbound_TCP_Connection connection # 13084=CiscoASA-Accessed_URL web-access # 13085=CiscoASA-Built-Dynamic_TCP_Translation connection # 13086=CiscoASA-Teardown_TCP_Connection connection # 13087=CiscoASA-Teardown_LocalHost connection # 13088=CiscoASA-Teardown_Dynamic_TCP_Translation firewall # 13089=CiscoASA-Accessed_Denied_URL web-error # 13090=CiscoASA-Teardown_UDP_Connection connection # 13091=CiscoASA-Blocked_UDP firewall # 13092=CiscoASA-Blocked_UDP firewall # 13093=CiscoASA-Terminating_Proxy firewall # 13094=CiscoASA-Translation_Creation_Failed firewall # 13095=CiscoASA-Invalid_Transport firewall # 13096=CiscoASA-Built-Dynamic_UDP_Translation connection # 13097=CiscoASA-DNS_Overflow intrusion # 13098=CiscoASA-Started_SSL_Handshake connection # 13099=CiscoASA-Completed_SSL_Handshake connection # 13100=CiscoASA-Resume_Previous_Session connection # 13101=CiscoASA-Session_Terminated connection # 13102=CiscoASA-Failed_Handshake login-failure # 13103=CiscoASA-Built_Outbound_ICMP_Connection connection # 13104=CiscoASA-Teardown_ICMP_Connection connection # 13105=CiscoASA-Built-Dynamic_ICMP_Translation connection # 13106=CiscoASA-Built_Inbound_ICMP_Connection connection # 13107=CiscoASA-AAA_Invalid_Password login-failure # 13108=CiscoASA-AAA_Logon_Successful login # 13109=CiscoASA-AAA_WebVPN_Session_Started login # 13110=CiscoASA-AAA_Port_Forwarding_Started connection # 13111=CiscoASA-AAA_WebVPN_Session_Terminated logout # 13112=CiscoASA-AAA_Logon_Successful login # 13113=CiscoASA-AAA_Authentication_Failed login-failure # 13114=CiscoASA-User_Executed_Commands system # 13115=CiscoASA-Session_Timeout logout # 13116=CiscoASA-Session_Disconnected logout # 13117=CiscoASA-Blacklisted_Source_Address threatlist # 13118=CiscoASA-Blacklisted_Destination_Address threatlist # 13119=CiscoASA-Blacklisted_Source_Address threatlist # 13120=CiscoASA-Blacklisted_Destination_Address threatlist # 13121=CiscoASA-Whitelisted_Source_Address threatlist # 13122=CiscoASA-Whitelisted_Destination_Address threatlist # 13123=CiscoASA-Whitelisted_Source_Address threatlist # 13124=CiscoASA-Whitelisted_Destination_Address threatlist # 13125=CiscoASA-Greylisted_Source_Address threatlist # 13126=CiscoASA-Greylisted_Destination_Address threatlist # 13127=CiscoASA-Intercepted_DNS_Reply threatlist # 13128=CiscoASA-Added_Rule system # 13129=CiscoASA-Removed_Rule system # 13130=CiscoASA-Filter_Data_Download_Success system # 13131=CiscoASA-Filter_Data_Download_Failed error # 13132=CiscoASA-Failed_Authentication error # 13133=CiscoASA-Failed_Decryption error # 13134=CiscoASA-Dynamically_Changed_Updater_Server system # 13135=CiscoASA-Dynamic_Filter_Updater_Not_Supported error # 13136=CiscoASA-Failed_Update error # 13137=CiscoASA-Built_Inbound_UDP_Connection connection # 13138=CiscoASA-Deny_Hopopt_Reverse_Path_Check firewall # 13139=CiscoASA-Built_ICMP_Connection connection # 13140=CiscoASA-Dropped_TCP firewall # 13141=CiscoASA-ACL_UDP_Permit connection # 13142=CiscoASA-FTP_Connection connection # 13143=CiscoASA-Blocked_TCP_Reverse_Path_Check firewall # 13144=CiscoASA-No_Matching_Connection error # 13145=CiscoASA-Duplicate_TCP_Syn error # 13146=CiscoASA-Blocked_ICMP_Reverse_Path_Check firewall # 13147=CiscoASA-Drop_Rate_Exceeded error # 13148=CiscoASA-Blocked_ICMP_No_Matching_Session firewall # 13149=CiscoASA-Testing_Interface system # 13150=CiscoASA-Interface_Up system # 13151=CiscoASA-Interface_Changed_State system # 13152=CiscoASA-Monitoring_Interface system # 13153=CiscoASA-No_Response_From_Other_Firewall error # 13154=CiscoASA-Other_Firewall_Failure error # 13155=CiscoASA-Blocked_IP_Spoof intrusion # 13156=CiscoASA-Memory_Request error # 13157=CiscoASA-Blocked_TCP firewall # 13158=CiscoASA-Switching system # 13159=CiscoASA-Configuration_Replication system # 13160=CiscoASA-Failed_Login login-failure # 13161=CiscoASA-Enabling_Failover system # 13162=CiscoASA-Stateful_Failover error # 13163=CiscoASA-Begin_Configuration system # 13165=CiscoASA-Built_Connection connection # 13166=CiscoASA-AAA_Operation_Failed login-failure # 13167=CiscoASA-ACL_TCP_Permitted connection # 13168=CiscoASA-Begin_Config system # 13169=CiscoASA-User_Executed_Cmd system # 13170=CiscoASA-Login_Permitted login # 13171=CiscoASA-Sending_New_Key system # 13172=CiscoASA-Login_Denied login-failure # 13173=CiscoASA-Allowed_TCP_Session connection # 13174=CiscoASA-Cipher_Types_Suported system # 13175=CiscoASA-Retrieved_Data web-access # 13176=CiscoASA-AAA_Status_Accept system # 13177=CiscoASA-Changed_State system # 13178=CiscoASA-Size_Violation error # 13179=CiscoASA-AAA_Successful_Operation system # 13180=CiscoASA-Statistics system # 13181=CiscoASA-Cipher_Choice system # 13182=CiscoASA-Receiving_New_Key system # 13183=CiscoASA-Configuration_Failed error # 13184=CiscoASA-Configuration_Ended_OK system # 13185=CiscoASA-ACL_UDP_Permit connection # 13186=CiscoASA-TCP_Flow_Ended_Unconditionally connection # 13187=CiscoASA-UDP_Failed_To_Locate_Egress_Interface error # 13189=CiscoASA-LAN-to-LAN_Negotiation_Complete system # 13190=CiscoASA-IPSEC_Outbound_LAN-to-LAN_Created connection # 13191=CiscoASA-IPSEC_Inbound_LAN-to-LAN_Created connection # 13192=CiscoASA-Phase_2_Completed system # 13193=CiscoASA-IPSEC_Inbound_LAN-to-LAN_Deleted connection # 13194=CiscoASA-IPSEC_Outbound_LAN-to-LAN_Deleted connection # 13195=CiscoASA-Phase_1_Completed system # 13196=CiscoASA-Deny_IP firewall # 13197=CiscoASA-Group_Not_Found firewall # 13198=CiscoASA-Statistics system # 13199=CiscoASA-UDP_Pre-allocate_backconnection connection # 13300=CiscoASA-IPsec_Session_Disconnect connection # 13301=CiscoASA-IPAA_Freeing_Address system # 13302=CiscoASA-IPsec_Message system # 13303=CiscoASA-Phase_1_Failure error # 13304=CiscoASA-Automatic_NAT_Detection_Status system # 13305=CiscoASA-AAA_Retrieved_Default_Policy system # 13306=CiscoASA-DAP_IPSec_Connection connection # 13307=CiscoASA-Unsupported_Transaction error # 13308=CiscoASA-Client_Type system # 13309=CiscoASA-IPAA_DHCP_Configured system # 13310=CiscoASA-IPAA_Client_Assigned dhcp # 13311=CiscoASA-IPAA_Local_Pool_Request_Suceeded system # 13312=CiscoASA-Assigned_Private_IP_Address system # 13313=CiscoASA-TCP_Flow_Terminated firewall # 13314=CiscoASA-ESMTP_Dropped_Connection firewall # 13315=CiscoASA-Payload_Error firewall # 13316=CiscoASA-Peer_Table_Match_Failed firewall # 13317=CiscoASA-Peer_Table_Remove_Error firewall # 13318=CiscoASA-Contructing_Hash_Payload system # 13319=CiscoASA-IKE_Message system # 13320=CiscoASA-Sending_Keep_Alive firewall # 13321=CiscoASA-Payload_Processed firewall # 13322=CiscoASA-Received_Key_Message system # 13323=CiscoASA-Key_Messages system # 13324=CiscoASA-Blocked_Protocol firewall # 13325=CiscoASA-Starting_P2_Rekey system # 13326=CiscoASA-Receiving_SA_Active_Message system # 13327=CiscoASA-Computing_Hash system # 13328=CiscoASA-Delete_Event system # 13329=CiscoASA-Phase2_Terminate_Message firewall # 13330=CiscoASA-Added_Static_Route firewall # 13331=CiscoASA-Subnet_Id_Received system # 13332=CiscoASA-Received_Remote_Data system # 13333=CiscoASA-Received_Local_Data system # 13334=CiscoASA-Map_Check system # 13335=CiscoASA-Map_Check_ACL_Not_Matched error # 13336=CiscoASA-Drop_Rate_Exceeded error # 13337=CiscoASA-Tunnel_Manager_Failed error # 13338=CiscoASA-Setting_Up_Proxy_ID firewall # 13339=CiscoASA-IKE_Message system # 13340=CiscoASA-Received_Wrong_Sequence_Number error # 13341=CiscoASA-Tunnel_Manager_Removed_Entry system # 13342=CiscoASA-Sent_Received_VID system # 13343=CiscoASA-Keep_Alive_Message system # 13344=CiscoASA-Processing_Vendor_Payload system # 13345=CiscoASA-Send_Receive_Vid system # 13346=CiscoASA-Duplicate_Entry system # 13347=CiscoASA-Dropping_Packet system # 13348=CiscoASA-Teardown_Dynamic_UDP_Translation firewall # 13349=CiscoASA-WebVPN_Created firewall # 13350=CiscoASA-UDP_Allowed firewall # 13351=CiscoASA-Call_Home error # 13352=CiscoASA-DHCP_Guest_Access_Granted firewall # 13353=CiscoASA-Large_Packet_Transmitted firewall # 13354=CiscoASA-WebVPN_Session_Terminated firewall # 13355=CiscoASA-No_Proposal_Chosen firewall # 13356=CiscoASA-Ciphers_Proposed firewall # 13357=CiscoASA-WebVPN_Deleted firewall # 13358=CiscoASA-DaP_User firewall # 13359=CiscoASA-WebVPN_UDP_Connection connection # 13360=CiscoASA-WebVPN_UDP_Connection_No_Compresion connection # 13361=CiscoASA-Static_Route_Deleted system # 13362=CiscoASA-IPSEC_Received_ESP_Packet login-failure # 13363=CiscoASA-SSL_Lib_Error error # 13364=CiscoASA-WebVPN_User_Disconnect connection # 13365=CiscoASA-WebVPN_User_Disconnected_Without_Compression connection # 13366=CiscoASA-WebVPN_User_DPD_Failure connection # 13367=CiscoASA-Session_Torn_Down error # 13368=CiscoASA-Ciphers_Proposed system # 13369=CiscoASA-Cipher_Chosen system # 13370=CiscoASA-Certificate_Requested system # 13371=CiscoASA-AAA_Group_Policy_Set system # 13372=CiscoASA-AAA_Group_Policy_Retrieved system # 13373=CiscoASA-Duplicate_First_Packet error # 13374=CiscoASA-NAT-T_Keepalive system # 13375=CiscoASA-Failed_To_Update_Runtime error # 13376=CiscoASA-Duplicate_Packet error # 13377=CiscoASA-Anyconnect_Lost_Connection error # 13378=CiscoASA-Assigned_To_Session system # 13379=CiscoASA-IPAA_Message_Received system # 13380=CiscoASA-IPAA_DHCP_Configured system # 13381=CiscoASA-Recovering_From_error error # 13382=CiscoASA-No_Existing_Connection connection # 13383=CiscoASA-Connection_Terminated_For_Peer connection # 13384=CiscoASA-No_IPv6_Address_Available system # 13385=CiscoASA-Session_Resumed connection # 13386=CiscoASA-ACL_TCP_Permit connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_cisco_pix.prm # # 8626=CiscoPIX-Blocked_UDP firewall # 8627=CiscoPIX-Blocked_TCP firewall # 8628=CiscoPIX-Blocked_ICMP firewall # 8629=CiscoPIX-Blocked_UDP firewall # 8630=CiscoPIX-Blocked_TCP firewall # 8631=CiscoPIX-Blocked_ICMP firewall # 8632=CiscoPIX-Blocked_Inbound_TCP_Noxlate firewall # 8633=CiscoPIX-Blocked_Inbound_ICMP_Noxlate firewall # 8634=CiscoPIX-Blocked_UDP firewall # 8635=CiscoPIX-Blocked_TCP firewall # 8636=CiscoPIX-Blocked_ICMP firewall # 8637=CiscoPIX-Blocked_ICMP firewall # 8638=CiscoPIX-Blocked_IP_Options firewall # 8639=CiscoPIX-Blocked_TCP firewall # 8640=CiscoPIX-Blocked_UDP firewall # 8641=CiscoPIX-Blocked_UDP firewall # 8642=CiscoPIX-Blocked_TCP firewall # 8643=CiscoPIX-Blocked_TCP firewall # 8644=CiscoPIX-Blocked_Protocol firewall # 8645=CiscoPIX-Allowed_TCP connection # 8646=CiscoPIX-Allowed_UDP connection # 8647=CiscoPIX-User_Log_Out logout # 8648=CiscoPIX-User_Authentication_Failure login-failure # 8649=CiscoPIX-User_Log_In login # 8650=CiscoPIX-User_Privilege_Change system # 8651=CiscoPIX-Admin_Permited login # 8652=CiscoPIX-Admin_Permited_Console login # 8653=CiscoPIX-Admin_Denied login-failure # 8654=CiscoPIX-Admin_Denied_Console login-failure # 8655=CiscoPIX-PPP_User_AAA_Status login # 8656=CiscoPIX-SSH_Disconnect logout # 8657=CiscoPIX-SSH_Bad_Password login-failure # 8658=CiscoPIX-Multiple_Enable_Failures login-failure # 8659=CiscoPIX-User_Authorization_Denied login-failure # 8660=CiscoPIX-User_Authorization_Allowed login # 8661=CiscoPIX-User_Authorization_Allowed login # 8662=CiscoPIX-Too_Many_Users error # 8663=CiscoPIX-Split_DNS system # 8664=CiscoPIX-Split_DNS system # 8665=CiscoPIX-OSPF_IP_Area_Change system # 8666=CiscoPIX-Interface_Zero_Bandwidth error # 8667=CiscoPIX-Auto_Update_Failure error # 8668=CiscoPIX-Command_Failure error # 8669=CiscoPIX-Bad_NTP_Packet access-denied # 8670=CiscoPIX-NTP_Packet_Denied firewall # 8671=CiscoPIX-Duplicate_Router_ID error # 8672=CiscoPIX-Duplicate_Router_ID error # 8673=CiscoPIX-Invalid_OSPF_Packet system # 8674=CiscoPIX-Invalid_OSPF_Packet system # 8675=CiscoPIX-Routing_Limit_Reached error # 8676=CiscoPIX-Manager_Connection login # 8677=CiscoPIX-High_CPU error # 8678=CiscoPIX-Config_Modification system # 8679=CiscoPIX-Potential_DOS_Attack dos # 8680=CiscoPIX-VPN_Rollover intrusion # 8681=CiscoPIX-PPTP_Out_Of_Sequence_Packet error # 8682=CiscoPIX-DNS_Overflow intrusion # 8683=CiscoPIX-DNS_Overflow intrusion # 8684=CiscoPIX-DNS_Overflow intrusion # 8685=CiscoPIX-DNS_Overflow intrusion # 8686=CiscoPIX-DOS_Attack dos # 8687=CiscoPIX-FTP_Port_Rewrite intrusion # 8688=CiscoPIX-FTP_Low_Port intrusion # 8689=CiscoPIX-ARP_Poison error # 8690=CiscoPIX-Spoofed_PPTP_Packet firewall # 8691=CiscoPIX-Spoofed_IPSEC_Packet error # 8692=CiscoPIX-Spoofed_IPSEC_Packet error # 8693=CiscoPIX-Invalid_ICMP_Error_Destination firewall # 8694=CiscoPIX-Invalid_RIP_Header firewall # 8695=CiscoPIX-Invalid_RIP_Header firewall # 8696=CiscoPIX-Potential_Manager_Session_Attack intrusion # 8697=CiscoPIX-Potential_SNMP_Overflow_Attempt intrusion # 8698=CiscoPIX-IP_Frag_Drop_Too_Many_Elements dos # 8699=CiscoPIX-IP_Frag_Drop_Max_Size_Exceeded dos # 8700=CiscoPIX-IP_Frag_Database_Exceeded dos # 8701=CiscoPIX-WebSense_URL_Server_Not_Responding error # 8702=CiscoPIX-Websense_Leaving_Allow_mode error # 8703=CiscoPIX-Built_Outbound_TCP_Connection connection # 8704=CiscoPIX-Built_Outbound_UDP_Connection connection # 8705=CiscoPIX-Deny_IP_Teardrop_Fragment dos # 8706=CiscoPIX-No_Translation_Group_Found firewall # 8707=CiscoPIX-Deny_UDP_Reverse_Path_Check firewall # 8708=CiscoPIX-Built_Inbound_TCP_Connection connection # 8709=CiscoPIX-Accessed_URL web-access # 8601=CiscoPIX-Built-Dynamic_TCP_Translation connection # 8602=CiscoPIX-Teardown_TCP_Connection connection # 8603=CiscoPIX-Teardown_LocalHost connection # 8604=CiscoPIX-Teardown_Dynamic_TCP_Translation connection # 8605=CiscoPIX-Accessed_Denied_URL web-error # 8606=CiscoPIX-Teardown_UDP_Connection connection # 8607=CiscoPIX-Built_inbound_UDP_Connection connection # 8608=CiscoPIX-Built-Dynamic_UDP_Translation connection # 8609=CiscoPIX-Built-Dynamic_ICMP_Translation connection # 8610=CiscoPIX-Blocked_Inbound_UDP_Noxlate connection # 8611=CiscoPIX-Built_Local_Host connection # 8612=CiscoPIX-Dropping_Echo_Request connection # 8613=CiscoPIX-Retrieved_Or_Stored file-access # 8614=CiscoPIX-In_Use_Most_used system # 8615=CiscoPIX-Built_Static_Translation connection # 8616=CiscoPIX-Deny_IP_Spoof firewall # 8617=CiscoPIX-Deny_IP_Generic firewall # 8618=CiscoPIX-Portmap_Creation_Failure_UDP firewall # 8619=CiscoPIX-No_Route error # 8620=CiscoPIX-URL_Server_Not_Responding error # 8621=CiscoPIX-Accessed_URL web-access # 8622=CiscoPIX-Accessed_Denied_URL web-error # # Plugins for file /usr/thunder/daemons/plugins/firewall_cisco_pix_alt.prm # # 8400=CiscoFWSM-Blocked_UDP firewall # 8401=CiscoFWSM-Blocked_TCP firewall # 8402=CiscoFWSM-Blocked_ICMP firewall # 8403=CiscoFWSM-Blocked_UDP firewall # 8404=CiscoFWSM-Blocked_TCP firewall # 8405=CiscoFWSM-Blocked_ICMP firewall # 8406=CiscoFWSM-Blocked_Inbound_TCP_Noxlate firewall # 8407=CiscoFWSM-Blocked_Inbound_ICMP_Noxlate firewall # 8408=CiscoFWSM-Blocked_UDP firewall # 8409=CiscoFWSM-Blocked_TCP firewall # 8410=CiscoFWSM-Blocked_ICMP firewall # 8411=CiscoFWSM-Blocked_ICMP firewall # 8412=CiscoFWSM-Blocked_IP_Options firewall # 8413=CiscoFWSM-Blocked_TCP firewall # 8414=CiscoFWSM-Blocked_UDP firewall # 8415=CiscoFWSM-Blocked_UDP firewall # 8416=CiscoFWSM-Blocked_TCP firewall # 8417=CiscoFWSM-Blocked_TCP firewall # 8418=CiscoFWSM-Blocked_Protocol firewall # 8419=CiscoFWSM-Allowed_TCP connection # 8420=CiscoFWSM-Allowed_UDP connection # 8421=CiscoFWSM-User_Log_Out logout # 8422=CiscoFWSM-User_Authentication_Failure login-failure # 8423=CiscoFWSM-User_Log_In login # 8424=CiscoFWSM-User_Privilege_Change system # 8425=CiscoFWSM-Admin_Permited login # 8426=CiscoFWSM-Admin_Permited_Console login # 8427=CiscoFWSM-Admin_Denied login-failure # 8428=CiscoFWSM-Admin_Denied_Console login-failure # 8429=CiscoFWSM-PPP_User_AAA_Status login # 8430=CiscoFWSM-SSH_Disconnect logout # 8431=CiscoFWSM-SSH_Bad_Password login-failure # 8432=CiscoFWSM-Multiple_Enable_Failures login-failure # 8433=CiscoFWSM-User_Authorization_Denied login-failure # 8434=CiscoFWSM-User_Authorization_Allowed login # 8435=CiscoFWSM-User_Authorization_Authentication_Allowed login # 8436=CiscoFWSM-Too_Many_Users error # 8437=CiscoFWSM-Split_DNS error # 8438=CiscoFWSM-Split_DNS error # 8439=CiscoFWSM-OSPF_IP_Area_Change system # 8440=CiscoFWSM-Interface_Zero_Bandwidth error # 8441=CiscoFWSM-Auto_Update_Failure error # 8442=CiscoFWSM-Command_Failure access-denied # 8443=CiscoFWSM-Bad_NTP_Packet access-denied # 8444=CiscoFWSM-NTP_Packet_Denied firewall # 8445=CiscoFWSM-Duplicate_Router_ID error # 8446=CiscoFWSM-Duplicate_Router_ID error # 8447=CiscoFWSM-Invalid_OSPF_Packet error # 8448=CiscoFWSM-Invalid_OSPF_Packet error # 8449=CiscoFWSM-Routing_Limit_Reached error # 8450=CiscoFWSM-Manager_Connection login # 8451=CiscoFWSM-High_CPU error # 8452=CiscoFWSM-Config_Modification system # 8453=CiscoFWSM-Potential_DOS_Attack dos # 8454=CiscoFWSM-VPN_Rollover intrusion # 8455=CiscoFWSM-PPTP_Out_Of_Sequence_Packet error # 8456=CiscoFWSM-DNS_Overflow intrusion # 8457=CiscoFWSM-DNS_Overflow intrusion # 8458=CiscoFWSM-DNS_Overflow intrusion # 8459=CiscoFWSM-DNS_Overflow intrusion # 8460=CiscoFWSM-DOS_Attack dos # 8461=CiscoFWSM-FTP_Port_Rewrite intrusion # 8462=CiscoFWSM-FTP_Low_Port intrusion # 8463=CiscoFWSM-ARP_Poison intrusion # 8464=CiscoFWSM-Spoofed_PPTP_Packet intrusion # 8465=CiscoFWSM-Spoofed_IPSEC_Packet intrusion # 8466=CiscoFWSM-Spoofed_IPSEC_Packet intrusion # 8467=CiscoFWSM-Invalid_ICMP_Error_Destination firewall # 8468=CiscoFWSM-Invalid_RIP_Header error # 8469=CiscoFWSM-Invalid_RIP_Header error # 8470=CiscoFWSM-Potential_Manager_Session_Attack intrusion # 8471=CiscoFWSM-Potential_SNMP_Overflow_Attempt intrusion # 8472=CiscoFWSM-IP_Frag_Drop_Too_Many_Elements dos # 8473=CiscoFWSM-IP_Frag_Drop_Max_Size_Exceeded dos # 8474=CiscoFWSM-IP_Frag_Database_Exceeded dos # 8475=CiscoFWSM-WebSense_URL_Server_Not_Responding error # 8476=CiscoFWSM-Websense_Leaving_Allow_mode system # 8477=CiscoFWSM-Built_Outbound_TCP_Connection connection # 8478=CiscoFWSM-Built_UDP_Connection connection # 8479=CiscoFWSM-Deny_IP_Teardrop_Fragment dos # 8481=CiscoFWSM-Deny_UDP_Reverse_Path_Check firewall # 8482=CiscoFWSM-Built_Inbound_TCP_Connection connection # 8483=CiscoFWSM-Accessed_URL web-access # 8484=CiscoFWSM-Built-Dynamic_TCP_Translation connection # 8485=CiscoFWSM-Teardown_TCP_Connection connection # 8486=CiscoFWSM-Teardown_LocalHost connection # 8487=CiscoFWSM-Teardown_Dynamic_TCP_Translation connection # 8488=CiscoFWSM-Accessed_Denied_URL web-error # 8489=CiscoFWSM-Teardown_UDP_Connection connection # 8490=CiscoFWSM-Built_inbound_UDP_Connection connection # 8491=CiscoFWSM-Built-Dynamic_UDP_Translation connection # 8492=CiscoFWSM-Built-Dynamic_ICMP_Translation connection # 8493=CiscoFWSM-Blocked_Inbound_UDP_Noxlate firewall # 8494=CiscoFWSM-Built_Local_Host connection # 8495=CiscoFWSM-Dropping_Echo_Request connection # 8496=CiscoFWSM-Retrieved_Or_Stored file-access # 8497=CiscoFWSM-In_Use_Most_Used system # 8498=CiscoFWSM-Built_Static_Translation system # 8499=CiscoFWSM-Deny_IP_Spoof firewall # 8800=CiscoFWSM-Shunned_IP firewall # 8801=CiscoFWSM-Built_ICMP_connection connection # 8802=CiscoFWSM-Teardown_ICMP connection # 8803=CiscoFWSM-Blocked_ICMP firewall # 8804=CiscoFWSM-DHCP_Interface dhcp # 8805=CiscoFWSM-Teardown_Static connection # 8806=CiscoFWSM-Pre-allocate connection # 8807=CiscoFWSM-Built_H245 connection # 8812=CiscoFWSM-Built_outbound_TCP connection # 8813=CiscoFWSM-Teardown_TCP_Connection connection # 8814=CiscoFWSM-Built_UDP connection # 8815=CiscoFWSM-Teardown_UDP_Connection connection # 8817=CiscoFWSM-TCP_Deny_DNS firewall # 8818=CiscoFWSM-Inbound_UDP_Denied firewall # 8819=CiscoFWSM-Permit_Untrusted_Network connection # 8820=CiscoFWSM-ThirdParty_ICMP_Permit connection # 8821=CiscoFWSM-DNS_Deny firewall # 8822=Cisco-IKE_NO_SA firewall # 8823=CiscoFWSM-Teardown_TCP_VPN_To_Outside connection # 8824=CiscoFWSM-Teardown_TCP_Outside_To_Untrusted connection # 8829=CiscoFWSM-Teardown_UDP_VPN_To_Outside connection # 8830=CiscoFWSM-Teardown_UDP_Outside_To_DNS connection # 8831=CiscoFWSM-Teardown_UDP_Untrusted_To_Outside connection # 8832=CiscoFWSM-Teardown_UDP_Outside_To_VPN connection # 8833=CiscoFWSM-Teardown_TCP_VPN_To_DMZ connection # 8834=CiscoFWSM-Teardown_TCP_Outside_To_DMZ connection # 8835=CiscoFWSM-Teardown_TCP_Untrusted_To_VPN connection # 8836=CiscoFWSM-Teardown_TCP_Outside_DNS connection # 8837=CiscoFWSM-Teardown_UDP_VPN_To_DNS connection # 8838=CiscoFWSM-Teardown_UDP_VPN_To_DMZ connection # 8839=CiscoFWSM-Teardown_TCP_Untrusted_To_Outside connection # 8840=CiscoFWSM-Teardown_UDP_Outside_To_Untrusted connection # 8841=CiscoFWSM-No_Route error # 8843=CiscoFWSM-Dropped_UDP_DNS_Request intrusion # 8844=CiscoFWSM-Access_List_Permited_Or_Denied firewall # 8845=CiscoFWSM-Teardown_IP_Protocol connection # 8846=CiscoFWSM-Teardown_TCP_From_VPN_To_3rdpty connection # 8847=CiscoFWSM-Teardown_UDP_From_VPN_To_VPN connection # 8849=CiscoFWSM-Teardown_TCP_Connection connection # 8850=CiscoFWSM-Built_Outbound_TCP_Connection connection # 8851=CiscoFWSM-Teardown_UDP_Connection connection # 8852=CiscoFWSM-Built_IP_Protocol_Connection connection # 8853=CiscoFWSM-Blocked_Protocol firewall # 8854=CiscoFWSM-Built_UDP_Connection connection # 8855=CiscoFWSM-Built_Inbound_TCP_Connection connection # 8856=CiscoFWSM-Teardown_TCP_Connection connection # 8857=CiscoFWSM-Built_Dynamic_IP_Translation connection # 8858=CiscoFWSM-MAC_Address_Moved system # 8859=Cisco-IKMP_MODE_FAILURE error # 8860=CiscoFWSM-Built_Dynamic_ICMP_Translation connection # 8861=CiscoFWSM-No_Translation_Group_Found error # 8862=CiscoFWSM-AAA_User_Accounting_Successful login # 8863=CiscoFWSM-Preallocated_TCP_Backconnection connection # 8864=CiscoFWSM-Preallocated_UDP_Backconnection connection # 8865=CiscoFWSM-Status_Received_Before_Setup connection # 8866=CiscoFWSM-Regular_Translation_Failed_TCP firewall # 8867=CiscoFWSM-Regular_Translation_Failed_ICMP firewall # 8868=CiscoFWSM-Unable_To_Preallocate_Connection firewall # 8870=CiscoFWSM-Blocked_Inbound_Protocol_Noxlate firewall # 8871=CiscoFWSM-SSH_Session_Timed_Out connection # 8872=CiscoFWSM-SSH_Internal_Error error # 8873=Cisco-IKMP_Failed_Check_Or_Malformed firewall # 8874=CiscoFWSM-Invalid_Trasport_Field error # 8875=CiscoFWSM-TCP_Access_Denied_By_ACL firewall # 8876=CiscoFWSM-Built_H245_Connection connection # 8877=CiscoFWSM-Login_Failed login-failure # 8878=CiscoFWSM-Portmap_Failed_Translation_UDP connection # 8879=CiscoFWSM-DNS_Overflow intrusion # 8880=CiscoFWSM-Blocked_TCP_Reverse_Path_Check firewall # 8881=CiscoFWSM-Portmap_Failed_Translation_ICMP error # 8882=CiscoFWSM-Config_Out_Of_Sync error # 8883=CiscoFWSM-Blocked_Land_Attack intrusion # 8884=CiscoFWSM-Portmap_Failed_Translation_TCP error # 8885=CiscoFWSM-SSH_Host_Retrieval_Failed login-failure # 8886=CiscoFWSM-Changed_State system # 8887=CiscoFWSM-Built_Outbound_TCP_Connection connection # 8888=CiscoFWSM-Built_Outbound_UDP_Connection connection # 8889=CiscoFWSM-Built_Inbound_TCP_Connection connection # 8890=CiscoFWSM-Built_inbound_UDP_Connection connection # 8891=CiscoFWSM-Built_outbound_TCP connection # 8892=CiscoFWSM-Inbound_UDP_Denied firewall # 8893=CiscoFWSM-ARP_Poison intrusion # # Plugins for file /usr/thunder/daemons/plugins/firewall_cyberguard.prm # # 8200=CyberGuard-Deny_UDP firewall # 8201=CyberGuard-Deny_UDP firewall # 8202=CyberGuard-Deny_TCP firewall # 8203=CyberGuard-Deny_TCP firewall # 8204=CyberGuard-Permit_UDP connection # 8205=CyberGuard-Permit_UDP connection # 8206=CyberGuard-Permit_TCP connection # 8207=CyberGuard-Permit_TCP connection # 8208=CyberGuard-Permit_UDP connection # 8209=CyberGuard-Permit_TCP connection # 8215=CyberGuard-Drop_UDP firewall # 8216=CyberGuard-Drop_TCP firewall # 8217=CyberGuard-Rejected_TCP firewall # 8218=CyberGuard-Rejected_UDP firewall # 8219=CyberGuard-Passed_TCP connection # 8220=CyberGuard-Passed_UDP connection # 8221=CyberGuard-Passed_ICMP connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_dlink.prm # # 7220=DLink-Updated_DNS system # 7221=DLink-Allowed_Access system # 7222=DLink-Log_Viewed system # 7223=DLink-Dropped_Packet firewall # 7224=DLink-Denied_Incoming_TCP_Connection firewall # 7225=DLink-Denied_Incoming_TCP_Packet firewall # 7226=DLink-Denied_Outgoing_TCP_Packet firewall # 7227=DLink-Wireless_System_Associated system # 7228=DLink-Wireless_System_Secured system # 7229=DLink-Network_Computer_Assigned_IP dhcp # 7230=DLink-Network_Computer_Lost_Lease dhcp # 7231=DLink-Web_Site_Accessed web-access # 7232=DLink-Stored_Configuration system # 7233=DLink-Denied_Incoming_UDP_Packet firewall # 7234=DLink-Denied_Outgoing_TCP_Packet firewall # 7235=DLink-Admin_Login_Failure login-failure # 7236=DLink-Admin_Login login # 7237=DLink-Rejected_Packet firewall # 7238=DLink-Firewall_Rule_Added_Via_UPnP system # 7239=DLink-Firewall_Rule_Deleted_Via_UPnP system # 7240=DLink-Firewall_IP_Protocol_Blocked firewall # 7241=DLink-Firewall_Blocked_Outbound_Ping firewall # 7242=DLink-Firewall_Blocked_Packet firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_f5bigip.prm # # 4141=F5BigIP-Request_Blocked firewall # 4142=F5BigIP-SSL_Accelarator web-access # 4143=F5BigIP-Node_Down system # 4144=F5BigIP-Node_Up system # 4145=F5BigIP-Pool_Member_Up system # 4146=F5BigIP-Pool_Member_Down system # 4147=F5BigIP-SSL_Request connection # 4148=F5BigIP-Clear_Cache_Request system # 4149=F5BigIP-Attempting_Configuration system # 4150=F5BigIP-Authcache_Pam_Error login-failure # 4151=F5BigIP-Radius_Server_Failed_To_Respond error # 4152=F5BigIP-All_Radius_Servers_Failed_To_Respond error # 4153=F5BigIP-Radius_Bad_Shared_Secret error # 4154=F5BigIP-HAL_Stats_Not_Found error # 4155=F5BigIP-User_Audit system # 4156=F5BigIP-No_Members_For_Pool error # # Plugins for file /usr/thunder/daemons/plugins/firewall_fios.prm # # 10650=FIOS_Wireless_Blocked_TCP firewall # 10651=FIOS_Wireless_Blocked_UDP firewall # 10652=FIOS_Wireless_Blocked_ICMP firewall # 10653=FIOS_Wireless_Allowed_TCP connection # 10654=FIOS_Wireless_Allowed_UDP connection # 10655=FIOS_Wireless_Allowed_ICMP connection # 10656=FIOS_Wireless-Login login # 10657=FIOS_Wireless-Configuration_Change system # 10658=FIOS_Wireless_Invalid_UDP_Packet firewall # 10659=FIOS_Wireless_Invalid_TCP_Packet firewall # 10660=FIOS_Wireless_Blocked_Remote_Admin login-failure # 10661=FIOS_Wireless_Allowed_Remote_Admin login # 10662=FIOS_Wireless_Illegal_Packet_Options firewall # 10663=FIOS_Wireless-Configuration_Change system # 10664=FIOS_Wireless_Blocked_IP_Proto firewall # 10665=FIOS_Wireless_NAT_Error error # # Plugins for file /usr/thunder/daemons/plugins/firewall_fortigate.prm # # 10427=Fortigate-Allowed_TCP_Connection connection # 10428=Fortigate-Allowed_UDP_Connection connection # 10429=Fortigate-Allowed_ICMP_Connection firewall # 10430=Fortigate-Blocked_TCP_Connection firewall # 10431=Fortigate-Blocked_UDP_Connection firewall # 10432=Fortigate-Blocked_ICMP_Connection firewall # 10433=Fortigate-VPN_Allowed_Connection connection # 10434=Fortigate-VPN_Deleted_Connection connection # 10435=Fortigate-VPN_Installed_Connection connection # 10436=Fortigate-VPN_Tunnel_Failure error # 10437=Fortigate-VPN_Tunnel_Down connection # 10438=Fortigate-VPN_Tunnel_Up connection # 10439=Fortigate-VPN_Tunnel_Deleted_Isakmp_Phase1_Sa system # 10440=Fortigate-Admin_Logout logout # 10441=Fortigate-Admin_Login login # 10442=Fortigate-Update system # 10443=Fortigate-Blocked_TCP_Connection firewall # 10444=Fortigate-Blocked_UDP_Connection firewall # 10445=Fortigate-Blocked_ICMP_Connection firewall # 10446=Fortigate-Allowed_TCP_Connection connection # 10447=Fortigate-Allowed_UDP_Connection connection # 10448=Fortigate-Tunnel_Up connection # 10449=Fortigate-Successful_VPN_Login login # 10450=Fortigate-Tunnel_Down connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_fortinet.prm # # 8710=Fortinet-Allowed_Connection connection # 8711=Fortinet-Blocked_Connection firewall # 8712=Fortinet-UDP_IDS_Event intrusion # 8713=Fortinet-TCP_IDS_Event intrusion # 8714=Fortinet-Client error # 8715=Fortinet-Firewall_Policy_Added system # 8716=Fortinet-Firewall_Policy_Deleted system # 8717=Fortinet-Firewall_Not_Valid_RSA_Signature error # 8718=Fortinet-Firewall_Restored_Image system # 8719=Fortinet-Firewall_Update_Failed error # 8720=Fortinet-Firewall_Login_Successful login # 8721=Fortinet-Firewall_Login_Failed login-failure # 8722=Fortinet-Firewall_Login_Successful login # 8723=Fortinet-Firewall_Change system # 8724=Fortinet-Firewall_Change system # 8725=Fortinet-Firewall_Admin_Logoff logout # 8726=Fortinet-Firewall_Login_Failed login-failure # 8727=Fortinet-Firewall_Added_Radius_User system # 8728=Fortinet-Firewall_Added_Local_User system # 8729=Fortinet-Firewall_Deleted_Local_User system # 8730=Fortinet-Firewall_Interface_Changed system # 8733=Fortinet-Firewall_Static_Route_Added system # 8734=Fortinet-Firewall_Static_Route_Deleted system # 8735=Fortinet-Firewall_Static_Route_Changed system # 8736=Fortinet-Firewall_Config_Downloaded system # 8737=Fortinet-Firewall_Assignments dhcp # 8738=Fortinet-Firewall_Virus_Infection virus # 8739=Fortinet-Firewall_Virus_Oversized firewall # 8740=Fortinet-Firewall_Virus_Email_Oversized firewall # 8741=Fortinet-Firewall_Virus_Upload firewall # 8742=Fortinet-Firewall_Gateway_Down error # 8743=Fortinet-Firewall_FTP_Authenticated login # 8744=Fortinet-Firewall_Login_Failed login-failure # 8745=Fortinet-IDS_Event intrusion # 8746=Fortinet-DHCP_Discover dhcp # 8747=Fortinet-DHCP_Config_Offer dhcp # 8748=Fortinet-DHCP_Received dhcp # 8749=Fortinet-Virus_FileIgnored_Exceed_Size firewall # 18750=Fortinet-Virus_Blocked virus # 18751=Fortinet-Email_PossibleSpam spam # 18752=Fortinet-Virus_Passthrough virus # 18753=Fortinet-DHCP_Released dhcp # 18754=Fortinet-GUI_Logout logout # 18755=Fortinet-Signature_Updated system # 18756=Fortinet-VPN_Connection_Success connection # 18757=Fortinet-Apache_LongSlash intrusion # 18758=Fortinet-Intrusion_Attemp intrusion # 18759=Fortinet-TCP_Reassembler intrusion # 18760=Fortinet-Allowed_Connection connection # 18761=Fortinet-Blocked_Connection firewall # 18762=Fortinet-UDP_IDS_Event intrusion # 18763=Fortinet-TCP_IDS_Event intrusion # 18764=Fortinet-IDS_Event intrusion # 18765=Fortinet-Apache_LongSlash intrusion # # Plugins for file /usr/thunder/daemons/plugins/firewall_gauntlet.prm # # 9200=Guantlet-Blocked_UDP firewall # 9201=Guantlet-Blocked_TCP firewall # 9202=Guantlet-Blocked_TCP firewall # 9203=Guantlet-Blocked_UDP firewall # 9204=Guantlet-Blocked_ICMP firewall # 9205=Guantlet-Allow_Proxy connection # 9206=Gauntlet-Allow_Destination connection # 9207=Gauntlet-Possible_DNS_Address_Spoof intrusion # # Plugins for file /usr/thunder/daemons/plugins/firewall_ipchains.prm # # # Plugins for file /usr/thunder/daemons/plugins/firewall_ipfilter.prm # # 16=Ipfilter-Blocked_TCP firewall # 17=Ipfilter-Blocked_UDP firewall # 18=Ipfilter-Blocked_IGMP firewall # 19=Ipfilter-Blocked_ICMP firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_iptables.prm # # 9000=IPTables-TCP firewall # 9001=IPTables-UDP firewall # 9002=IPTables-ICMP firewall # 9003=IPTables-Blocked_Connection firewall # 9004=IPTables-Dropped_Outbound_UDP_Connection firewall # 9005=IPTables-Dropped_Inbound_TCP_Connection firewall # 9006=IPTables-Dropped_Inbound_UDP_Connection firewall # 9007=IPTables-Dropped_Outbound_TCP_Connection firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_isa_snare.prm # # 4275=ISA-Denied_Internal_To_Local_Connection_UDP firewall # 4276=ISA-Terminated_External_To_Internal_Connection_TCP firewall # 4277=ISA-External_To_Internal_Connection_TCP connection # 4278=ISA-Local_To_Internal_Connection_TCP connection # 4279=ISA-External_To_Local_Connection_TCP connection # 4280=ISA-Terminated_Local_To_Internal_Connection_TCP firewall # 4281=ISA-Terminated_External_To_Local_Connection_TCP firewall # 4282=ISA-Denied_Internal_To_Local_Connection_IGMP firewall # 4283=ISA-Established_Local_To_Internal_Connection_ICMP connection # 4284=ISA-Denied_External_To_Local_Connection_TCP firewall # 4285=ISA-Denied_Local_To_External_Connection_UDP firewall # 4286=ISA-Established_Local_To_External_Connection_UDP connection # 4287=ISA-Denied_External_To_Local_Connection_ICMP firewall # 4288=ISA-Terminated_Local_To_Internal_Connection_ICMP firewall # 4289=ISA-Terminated_Local_To_Internal_Connection_UDP firewall # 4290=ISA-Denied_Internal_To_Local_Connection_ICMP firewall # 4291=ISA-Intermediate_Connection connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_juno.prm # # 105003=Juniper-Allowed_TCP_Session connection # 105004=Juniper-Allowed_TCP_Session connection # 105005=Juniper-Allowed_TCP_Session connection # 105006=Juniper-Allowed_ICMP_Session connection # 105007=Juniper-Allowed_ICMP_Session connection # 105008=Juniper-Allowed_UDP_Session connection # 105009=Juniper-Allowed_UDP_Session connection # 105010=Juniper-Blocked_TCP_Session firewall # 105011=Juniper-Blocked_ICMP_Session firewall # 105012=Juniper-Blocked_UDP_Session firewall # 105013=Juniper-Blocked_UDP_Session firewall # 105014=Juniper-Fragmented_Traffic firewall # 105015=Juniper-Source_Session_Limit error # 105016=Juniper-Destination_Session_Limit error # 105017=Juniper-Closed_UDP_Session connection # 105018=Juniper-Closed_TCP_Session connection # 105019=Juniper-Keepalive_Out_Of_Sequence error # 105020=Juniper-User_Authenticated login # 105021=Juniper-Login_Event login # 105022=Juniper-Command_Issued process # 105023=Juniper-Closed_ICMP_Session connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_kerio.prm # # 9300=Kerio-Blocked_UDP firewall # 9301=Kerio-Blocked_UDP firewall # 9302=Kerio-Blocked_TCP firewall # 9303=Kerio-Blocked_TCP firewall # 9304=Kerio-Blocked_ICMP firewall # 9305=Kerio-Blocked_ICMP firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_microsoft.prm # # 2960=Microsoft_Dropped_UDP firewall # 2961=Microsoft_Opened_UDP connection # 2962=Microsoft_Close_UDP connection # 2963=Microsoft_Close_TCP connection # 2964=Microsoft_Drop_TCP firewall # 2965=Microsoft_Open_TCP connection # 2966=Microsoft_Drop_ICMP firewall # 2967=Microsoft_Open-Inbound_TCP connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_netgear.prm # # 9400=Netgear-Suspicious_TCP_data intrusion # 9401=Netgear-Suspicious_UDP_data intrusion # 9409=NetGear-Blocked_TCP firewall # 9410=NetGear-Blocked_ICMP firewall # 9411=NetGear-Blocked_UDP firewall # 9412=NetGear-Blocked_UDP firewall # 9413=NetGear-Blocked_TCP firewall # 9414=NetGear-Blocked_ICMP firewall # 9417=NetGear-Blocked_UDP firewall # 9415=NetGear-Forward_TCP connection # 9416=NetGear-Forward_UDP connection # 9418=NetGear-Site_Accessed web-access # 9402=Netgear-Failed_Login login-failure # 9403=Netgear-Admin_Login login # 9404=Netgear-Admin_Logout logout # 9405=Netgear-Admin_Login_Failure login-failure # 9406=Netgear-Admin_Login_Failure login-failure # 9407=Netgear-Admin_Login login # 9408=Netgear-Admin_Log_Out logout # # Plugins for file /usr/thunder/daemons/plugins/firewall_netscreen.prm # # 9500=Netscreen_Blocked_TCP firewall # 9501=Netscreen_Blocked_UDP firewall # 9502=Netscreen_Blocked_ICMP firewall # 9503=Netscreen-Critical_Event error # 9504=Netscreen-Admin_User_Login login # 9505=Netscreen-System_Alert_TCP dos # 9506=Netscreen-System_Alert_UDP dos # 9507=Netscreen_Accept_TCP connection # 9508=Netscreen_Accept_UDP connection # 9509=Netscreen_Accept_ICMP connection # 9510=Netscreen-SNMP_Poll connection # 9511=Netscreen-Rule_Added system # 9512=Netscreen-Rule_Change system # 9513=Netscreen-Blocked_OSPF_Traffic firewall # 9514=Netscreen-IKE_Packet_Received connection # 9515=Netscreen-IKE_Packet_Rejected firewall # 9516=Netscreen-Retransmission_Limit_Reached error # 9517=Netscreen-Agressive_Mode_Negotiations connection # 9518=Netscreen-Initiated_Negotiations connection # 9519=Netscreen-Responded_To_Peer system # 19520=Netscreen-Received_Notification system # 19521=Netscreen-Completed_Negotiations system # 19522=Netscreen-System_Critical_Large_ICMP_Packet intrusion # 19523=Netscreen-Admin_Login login # 19524=Netscreen-Could_Not_Obtain_Time error # 19525=Netscreen-Address_Deleted system # 19526=Netscreen-Syslog_Enabled system # 19527=Netscreen-PKI_CA_Configuration_Saved system # 19528=Netscreen-Enviroment_Varaible_Changed system # 19529=Netscreen-Cannot_Connect_NSM_Server error # 19530=Netscreen-Tunnel_Traffic_UDP connection # 19531=Netscreen-Tunnel_Traffic_ICMP connection # 19532=Netscreen-Tunnel_Traffic_TCP connection # 19533=Netscreen-IKE_Negotiations_Failed error # # Plugins for file /usr/thunder/daemons/plugins/firewall_paloalto.prm # # 2200=Paloalto-Allow_TCP_Start connection # 2201=Paloalto-Allow_TCP_End connection # 2202=Paloalto-Allow_UDP_Start connection # 2203=Paloalto-Allow_UDP_End connection # 2204=Paloalto-Allow_ICMP_Start connection # 2205=Paloalto-Allow_ICMP_End connection # 40000=Paloalto-Deny_TCP firewall # 40001=Paloalto-Deny_UDP firewall # 40002=Paloalto-Deny_ICMP firewall # 2206=Paloalto-Configuration_Edit system # 2207=Paloalto-Configuration_Delete system # 2208=Paloalto-Configuration_Commit system # 2209=Paloalto-System_General_Msg system # 40003=Paloalto-Threat_Spyware intrusion # 40004=Paloalto-Threat_Spyware intrusion # 40005=Paloalto-Threat_Spyware intrusion # 40006=Paloalto-Threat_URL intrusion # 40007=Paloalto-Threat_Vulnerability intrusion # 40008=Paloalto-Threat_Vulnerability intrusion # 40009=Paloalto-Threat_Vulnerability intrusion # 40010=Paloalto-Threat_File intrusion # 40011=Paloalto-Threat_File intrusion # 40012=Paloalto-Threat_File intrusion # 40013=Paloalto-Threat_Catchall intrusion # 40014=Paloalto-Threat_Catchall intrusion # 40015=Paloalto-Threat_Catchall intrusion # 40016=Paloalto-Threat_Virus intrusion # 40017=Paloalto-Threat_Virus intrusion # 40018=Paloalto-Threat_Virus intrusion # # Plugins for file /usr/thunder/daemons/plugins/firewall_pf.prm # # 8900=PF-Blocked_ICMP firewall # 8901=PF-Blocked_TCP firewall # 8902=PF-Blocked_UDP firewall # 8910=PF-Blocked_ICMP firewall # 8911=PF-Blocked_TCP firewall # 8912=PF-Blocked_UDP firewall # 8903=PF-Allowed_ICMP connection # 8904=PF-Allowed_TCP connection # 8905=PF-Allowed_UDP connection # 8906=PF-Allowed_UDP connection # 8907=PF-Allowed_TCP connection # 8908=PF-Allowed_ICMP connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_portsentry.prm # # 9600=Portsentry-Blocked_TCP firewall # 9601=Portsentry-Blocked_UDP firewall # 9602=Portsentry-Blocked_Connection firewall # 9603=Portsentry-Blocked_TCP scanning # 9604=Portsentry-Blocked_Connection firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_securesphere.prm # # 18084=SecureSphere-Parameter_value_Length_Violation firewall # 18085=SecureSphere-Cookie_Tampering firewall # 18086=SecureSphere-Unauthorized_Method_Known_URL firewall # 18087=SecureSphere-Signature_Violation_Blocked firewall # 18088=SecureSphere-Custom_Violation_Blocked firewall # 18089=SecureSphere-Double_URL_Encoding firewall # 18090=SecureSphere-Custom_Violation firewall # 18091=SecureSphere-SQL_Injection_Blocked firewall # 18092=SecureSphere-Stream_Signature_Violation firewall # 18093=SecureSphere-Read_Only_Violation firewall # 18094=SecureSphere-Parameter_Type_Violation firewall # 18095=SecureSphere-Required_Parameter_Not_Found firewall # 18096=SecureSphere-Extremely_Long_Parameter firewall # 18097=SecureSphere-Cookie_Injection firewall # 18098=SecureSphere-Illegal_Parameter_Encoding firewall # 18099=SecureSphere-Null_Character_In_Method firewall # 18100=SecureSphere-Stream_Signature_Violation firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_sidewinder.prm # # 9800=Sidewinder-Blocked_UDP firewall # 9805=Sidewinder-Blocked_TCP firewall # 9806=Sidewinder-Blocked_ICMP firewall # 9802=Sidewinder-IKE_Initiated connection # 9803=Sidewinder-IPSec_Packet_From_Illegal_Host error # 9807=Sidewinder-Blocked_UntrustedSource firewall # 9808=Sidewinder-Blocked_Unsupported_UDP_Service firewall # 9809=Sidewinder-Blocked_Unsupported_TCP_Service firewall # 9810=Sidewinder-Blocked-Virus virus # 9811=Sidewinder_Firewall_Accessed_URL web-access # 9812=Sidewinder_Firewall_Relayed_Email connection # 9813=Sidewinder-Blocked_TCP firewall # 9814=Sidewinder-Blocked_UDP firewall # 9815=Sidewinder-Blocked_ICMP firewall # 9816=Sidewinder-Allowed_UDP connection # 9817=Sidewinder-Blocked_UDP firewall # 9818=Sidewinder-Blocked_TCP firewall # 9819=Sidewinder-Blocked_ICMP firewall # 9820=Sidewinder-Blocked_UntrustedSource firewall # 9821=Sidewinder-Blocked_Unsupported_UDP_Service firewall # 9822=Sidewinder-Blocked_Unsupported_TCP_Service firewall # 9823=Sidewinder-Blocked-Virus virus # 9824=Sidewinder-Blocked_TCP firewall # 9825=Sidewinder-Blocked_UDP firewall # 9826=Sidewinder-Blocked_ICMP firewall # 9827=Sidewinder-Allowed_TCP connection # 9828=Sidewinder-Blocked_TCP firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_sonicwall.prm # # 6100=Sonicwall-Blocked_UDP firewall # 6101=Sonicwall-Blocked_TCP firewall # 6102=Sonicwall-Blocked_ICMP firewall # 6103=Sonicwall-Blocked_ICMP firewall # 6104=Sonicwall-Blocked_UDP firewall # 6105=Sonicwall-Blocked_TCP firewall # 6106=Sonicwall-Blocked_TCP firewall # 6107=Sonicwall-Allowed_UDP connection # 6108=Sonicwall-Allowed_TCP connection # 6109=Sonicwall-Allowed_Connection connection # 6110=Sonicwall-Blocked_Attack intrusion # # Plugins for file /usr/thunder/daemons/plugins/firewall_sonicwall2.prm # # 7485=Sonicwall-Closed_Connection_TCP connection # 7486=Sonicwall-Allowed_Connection_TCP connection # 7487=Sonicwall-Allowed_Connection_UDP connection # 7488=Sonicwall-Closed_Connection_UDP connection # 7489=Sonicwall-Allowed_GET_TCP web-access # 7490=Sonicwall-Blocked_TCP firewall # 7491=Sonicwall-Allowed_DNS_Packet_UDP connection # 7492=Sonicwall-Blocked_TCP_Non_Connection firewall # 7493=Sonicwall-Blocked_UDP_Broadcast_Packets firewall # 7494=Sonicwall-Blocked_Abort_Received firewall # 7495=Sonicwall-Blocked_TCP_Web_Access firewall # 7496=Sonicwall-Interface_Stat_Report system # 7497=Sonicwall-Other_Request connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_stonegate.prm # # 9520=Stonegate-Connection_Discarded_TCP firewall # 9521=Stonegate-New_Connection_Allowed_TCP connection # 9522=Stonegate-Connection_Incomplete_Closed_TCP firewall # 9523=Stonegate-Connection_Discarded_UDP connection # 9524=Stonegate-Connection_Allow_ICMP connection # 9525=Stonegate-New_Connection_UDP connection # 9526=Stonegate-Connection_Closed_ICMP connection # 9527=Stonegate-Connection_Closed_TCP connection # 9528=Stonegate-New_Connection_ICMP connection # 9529=Stonegate-Connection_Closed_UDP connection # 9530=Stonegate-Connection_Discarded_ICMP connection # 9531=Stonegate-Packet_Discarded_ICMP firewall # 9532=Stonegate-Notice_TCP firewall # 9533=Stonegate-Allow_Related_Connection_TCP connection # 9534=Stonegate-Error_Undefined_TCP firewall # 9535=Stonegate-Packet_Discarded_TCP firewall # 9536=Stonegate-Connection_Incomplete_Discarded_TCP firewall # 9537=Stonegate-Connection_Discarded_Refuse_UDP firewall # 9538=Stonegate-Connection_Discarded_IGMP firewall # 9539=Stonegate-Connection_Discarded_Refuse_TCP firewall # 9540=Stonegate-Connection_Incomplete_Discarded_UDP firewall # 9541=Stonegate-Connection_Incomplete_Discarded_ICMP firewall # 9542=Stonegate-Protocol_Data_Modification_Failed_TCP firewall # 9543=Stonegate-Connection_Discarded_Refused_IGMP firewall # 9544=Stonegate-New_Connection_Allowed_IGMP connection # 9545=Stonegate-NAT_Could_Not_Be_Done_Discarded firewall # 9546=Stonegate-High_Load_Level system # 9547=Stonegate-Normal_Load_Level system # 9548=Stonegate-Diagnostic_Invalid_Packet firewall # 9549=Stonegate-Diagnostic_Packet_Discarded firewall # 19550=Stonegate-Diagnostic_Protocol_Agent firewall # 19551=Stonegate-Connection_Discarded_UDP firewall # 19552=Stonegate-IKE_Phase_1_Or_2_Deleted firewall # 19553=Stonegate-VPN_New_Connection_UDP connection # 19554=Stonegate-IKE_Phase_1_Or_2_Initiator_Done firewall # 19555=Stonegate-IKE_Phase_1_Or_2_Responder_Done firewall # 19556=Stonegate-IKE_Rejected_Message error # 19557=Stonegate-Host_Unreachable firewall # 19558=Stonegate-Port_Unreachable firewall # 19559=Stonegate-IKE_No_Proposal_Chosen error # 19560=Stonegate-VPN_New_Connection_TCP connection # 19561=Stonegate-IKE_Starting_Initiator_Negotiation firewall # 19562=Stonegate-IKE_Starting_Responder_Negotiation firewall # 19564=Stonegate-ESP_SA_Lookup_Failure error # # Plugins for file /usr/thunder/daemons/plugins/firewall_sygate.prm # # 8750=Sygate-Blocked_UDP firewall # 8751=Sygate-Blocked_TCP firewall # 8752=Sygate-Blocked_UDP_Broadcast firewall # 8753=Sygate-Blocked_TCP_Broadcast firewall # 8754=Sygate-Blocked_Unknown firewall # 8755=Sygate-Blocked_Unknown firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_symantec.prm # # 9700=SymantecFirewall-Blocked_Proxy firewall # 9701=SymantecFirewall-Blocked_Connection firewall # 9702=SymantecFirewall-Blocked_TCP firewall # 9703=SymantecFirewall-Blocked_TCP firewall # 9704=SymantecFirewall-Blocked_TCP firewall # 9705=SymantecFirewall-Session_Statistics connection # 9706=SymantecFirewall-VPN_Down error # # Plugins for file /usr/thunder/daemons/plugins/firewall_watchguard.prm # # 6200=WatchGuard-Blocked_UDP firewall # 6201=WatchGuard-Blocked_TCP firewall # 6202=WatchGuard-Blocked_IP firewall # 6203=WatchGuard-Blocked_Web_Proxy firewall # 6204=WatchGuard-Blocked_Mail_Proxy firewall # 6205=WatchGuard-Allow_TCP connection # 6206=WatchGuard-Allow_UDP connection # 6207=WatchGuard-High_CPU_Usage error # 6208=WatchGuard-Blocked_Web_Proxy firewall # 6209=WatchGuard-Blocked_UDP firewall # 6210=WatchGuard-Blocked_TCP firewall # 6211=WatchGuard-Allow_TCP connection # 6212=WatchGuard-Allow_UDP connection # 6213=WatchGuard-User_Authenticated login # 6214=WatchGuard-VPN_User_Logged_Out logout # 6215=WatchGuard-Authentication_Failed login-failure # 6216=WatchGuard-Configuration_Change system # 6217=WatchGuard-DHCP_Config_Offer dhcp # # Plugins for file /usr/thunder/daemons/plugins/firewall_webtrends.prm # # 7110=WebTrends-Deny_TCP_Out firewall # 7111=WebTrends-Possible_Portscan scanning # 7112=WebTrends-Malformed_IP_Packet_Dropped firewall # 7113=WebTrends-Possible_SYN_Flood_Attack dos # 7114=WebTrends-Failed_Payload_Verification error # 7115=WebTrends-NetBus_Attack_Dropped intrusion # 7116=WebTrends-SubSeven_Attack_Dropped intrusion # 7117=WebTrends-Connection_Opened connection # 7118=WebTrends-Connection_Closed connection # 7119=WebTrends-IPSec_Packet_Dropped firewall # 7120=WebTrends-UDP_Packet_Dropped firewall # 7121=WebTrends-TCP_Connection_Dropped firewall # 7122=WebTrends-ICMP_Packet_Dropped firewall # 7123=WebTrends_Denied_UDP_Packet_LAN firewall # 7124=WebTrends-Web_Access_Received web-access # 7125=WebTrends-Web_Access_Dropped web-error # 7126=WebTrends-VPN_Starting connection # 7127=WebTrends-VPN_Closing connection # 7128=WebTrends-Firewall_Starting restart # 7129=WebTrends-Firewall_Configuration_Changes firewall # 7130=WebTrends-ICMP_Packet_Allowed firewall # 7131=WebTrends-ICMP_Packet_Allowed_From_LAN firewall # 7132=WebTrends-Management_Request_Allowed firewall # 7133=WebTrends-Found_Rogue_Access_Point firewall # 7134=WebTrends-IKE_Negotiation_Complete firewall # 7135=WebTrends-Initiator_Accepted_IPSec firewall # 7136=WebTrends-Received_IPSec_Delete_Request firewall # 7137=WebTrends-IKE_Initiator_Quick_Mode firewall # 7138=WebTrends-Malformed_IP_Packet_Dropped firewall # 7139=WebTrends-ICMP_Packet_Dropped_From_LAN firewall # 7140=WebTrends-Web_Access_Denied firewall # 7141=WebTrends-WLAN_Null_Probing intrusion # 7142=WebTrends-IKE_Respond_Message firewall # 7143=WebTrends-Post firewall # 7144=WebTrends-Unknown_Protocol_Dropped firewall # 7145=WebTrends-Failed_License_Sync firewall # 7146=WebTrends-Smurf_Amp_Attack_Dropped intrusion # 7147=WebTrends-NAT_Discovery firewall # 7148=WebTrends-IKE_Lifetime_Expired firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_zonealarm.prm # # 6450=ZoneAlarm-Blocked_Outbound firewall # 6451=ZoneAlarm-Blocked_Inbound firewall # # Plugins for file /usr/thunder/daemons/plugins/ftp.prm # # 31=FTP-Login_Failed login-failure # 32=FTP-Connection connection # 33=FTP-Connection connection # 34=FTP-Anonymous_Login login # 35=FTP-Login login # 36=FTP-Login_Refused login-failure # 37=FTP-Login_Refused login-failure # 39=FTP-Login_Failed login-failure # 40=FTP-File_GET file-access # 41=FTP-File_PUT file-access # # Plugins for file /usr/thunder/daemons/plugins/ftp_cerbeusftp.prm # # 45=Cerbeus-FTP_Anonymous_Log_in login # 46=Cerbeus-FTP_Incoming_Connection connection # 47=Cerbeus-FTP_Connection_Accepted connection # 48=Cerbeus-FTP_Logon_Failure login-failure # 49=Cerbeus-FTP_Improper_Format error # # Plugins for file /usr/thunder/daemons/plugins/ftp_filezilla.prm # # 4900=Filezilla-Login_Time_Exceeded login-failure # 4901=Filezilla-Connection connection # 4902=Filezilla-Incorrect_Password login-failure # 4903=Filezilla-Version application # 4904=Filezilla-Login login # 4905=Filezilla-Directory_Listing application # 4906=Filezilla-CWD_Successful application # 4907=Filezilla-User_Has_Retrieved_File file-access # 4908=Filezilla-CWD_Failed access-denied # 4910=Filezilla-File_Upload_Request file-access # # Plugins for file /usr/thunder/daemons/plugins/ftp_iis.prm # # 16000=FTP-Anonymous_Login_Request login # 16001=FTP-User_Login login # 16002=FTP-File_Not_Found access-denied # 16003=FTP-File_Downloaded file-access # 16004=FTP-File_Upload_Denied access-denied # 16005=FTP-File_Uploaded file-access # 16006=FTP-Bad_Password login-failure # 16007=FTP-Connection_Closed application # 16008=FTP-Directory_Removed application # 16009=FTP-Directory_Created application # 16010=FTP-Directory_Creation_Failed access-denied # 16011=FTP-Changed_Directory application # 16012=FTP-Change_Directory_Denied access-denied # 16013=FTP-Valid_User_Name connection # 16014=FTP-File_Deleted file-access # 16015=FTP-File_Renamed file-access # 16016=FTP-Possible_Warez_Activity intrusion # # Plugins for file /usr/thunder/daemons/plugins/ftp_ncftp.prm # # 6500=NcFTPd-Anonymous_Download file-access # 6501=NcFTPd-Anonymous_Upload file-access # 6502=NcFTPd-Anonymous_Directory application # 6503=NcFTPd-Anonymous_Delete file-access # 6504=NcFTPd-Anonymous_Login_Denied login-failure # 6505=NcFTPd-Anonymous_Port_Below_1024 firewall # 6506=NcFTPd-Buffer_Overflow intrusion # # Plugins for file /usr/thunder/daemons/plugins/ftp_proftp.prm # # 6300=ProFTP-Login_Failure login-failure # 6301=ProFTP-Login_Failure login-failure # 6302=ProFTP-Anonymous_Login login # 6304=ProFTP-Sucsessful_Login login # 6305=ProFTP-Connection connection # 6306=ProFTP-Bounce_Attack intrusion # # Plugins for file /usr/thunder/daemons/plugins/ftp_pureftp.prm # # 6325=PureFTP-Connection connection # 6326=PureFTP-Permission_Denied access-denied # 6327=PureFTP-Logout logout # 6328=PureFTP-Auth_Failure login-failure # 6329=PureFTP-Login login # 6330=PureFTP-Warning login-failure # 6331=PureFTP-Auth_Failure login-failure # 6332=PureFTP-User_Unknown login-failure # 6333=PureFTP-Endpoint_Not_Connected error # 6334=PureFTP-Session_Opened_By_Admin application # 6335=PureFTP-Session_Closed_By_Admin application # # Plugins for file /usr/thunder/daemons/plugins/ftp_solaris.prm # # 4500=FTP-Solaris_Imported_File file-access # 4501=FTP-Solaris_Exported_File file-access # 4502=FTP-Solaris_Repeated_Login_Failures login-failure # # Plugins for file /usr/thunder/daemons/plugins/ftp_vsftpd.prm # # 8000=VSFTPD-Authentication_Failure login-failure # 8001=VSFTPD-Authentication_Succeeds login # 8002=VSFTPD-Authentication_Failure login-failure # 8017=VSFTPD-Login_Successful login # 8018=VSFTPD-Welcome_Message application # 8019=VSFTPD-Anonymous_Login login # 8020=VSFTPD-Command_Issued application # 8021=VSFTPD-Issued_Response application # 8022=VSFTPD-Authentication_Failure login-failure # 8023=VSFTPD-Session_Opened connection # 8024=VSFTPD-Session_Closed connection # 8025=VSFTPD-Error_Retrieving_Information error # 8026=VSFTPD-Check_Pass login-failure # 8027=VSFTPD-Authentication_Error login-failure # 8028=VSFTPD-Failed_Login login-failure # 8029=VSFTPD-Client_Connect connection # 8030=VSFTPD-Service_Refused access-denied # 8031=VSFTPD-Client_Login login # 8032=VSFTPD-Failed_Download error # 8033=VSFTPD-Successful_Download file-access # 8034=VSFTPD-Authentication_Error_Admin login-failure # # Plugins for file /usr/thunder/daemons/plugins/ftp_wuftp.prm # # 6400=FTP-Failed_Login login-failure # 6401=FTP-Anonymous_Login login # 6402=FTP-User_Login login # 6403=FTP-Login_Refused login-failure # 6404=FTP-Login_Refused login-failure # 6406=FTP_Refused_Connect firewall # 6407=FTP-Connection connection # 6408=FTP-Connect_Event connection # 6409=FTP-Directory_Create_Attempt access-denied # 6410=FTP-Segmentation_Fault error # 6411=FTP-Lost_Connection connection # 6412=FTP-Failed_To_Overwrite access-denied # 6413=FTP-Failed_To_Delete access-denied # 6414=FTP-User_Timed_Out application # 6415=FTP-Access_Denied login-failure # 6416=FTP-Multiple_Login_Failures login-failure # 6417=FTP-Refused_PORT_Command access-denied # 6418=FTP-Login login # 6419=FTP-Login_Failed login-failure # 6420=FTP-Refused_Site_Help access-denied # 6421=FTP-User_Login login # 6422=FTP-Failed_To_Download access-denied # 6423=FTP-PAM_Authentication_Failure login-failure # 6424=FTP-Change_Directory application # 6425=FTP-Rename_File_Old_Name application # 6426=FTP-Rename_File_New_Name application # 6427=FTP-Retrieve_File file-access # 6428=FTP-Login_User_Name application # 6429=FTP-Login_Password_Sent application # 6430=FTP-File_Upload file-access # 6431=FTP-Passive_Mode_Enabled application # 6432=FTP-File_Transfer_Type application # 6433=FTP-Directory_List application # 6435=FTP-Delete_File file-access # 6436=FTP-Run_SITE_Command application # 6437=FTP-File_Append file-access # 6438=FTP-Obtain_File_Modification_Time application # 6439=FTP-Create_Directory application # 6440=FTP-Remove_Directory application # 6441=FTP-Obtain_File_Size application # # Plugins for file /usr/thunder/daemons/plugins/ftp_xlight.prm # # 3900=FTP-Valid_Directory_Change application # 3902=FTP-Denied_Directory_Change access-denied # 3903=FTP-Login_Request connection # 3904=FTP-Login_Failure login-failure # 3905=FTP-Illegal_Command error # 3906=FTP-File_Download_Request file-access # 3907=FTP-Unknown_File_Request error # 3908=FTP-Unknown_Command error # 3909=FTP-Valid_Login login # 3910=FTP-File_Transfer_Start file-access # 3911=FTP-Directory_Listing_Start application # 3912=FTP-Transfer_Complete file-access # # Plugins for file /usr/thunder/daemons/plugins/hids_cimcor.prm # # # Plugins for file /usr/thunder/daemons/plugins/hids_csa.prm # # # Plugins for file /usr/thunder/daemons/plugins/hids_tripwire.prm # # 71=Tripwire-Connection_Error error # 72=Tripwire-Warning application # 73=Tripwire-Warning_Add_Violation application # 74=Tripwire-Warning_Remove_Violation application # 75=Tripwire-Warning_Change_Violation application # 76=Tripwire-Warning_Change_Violation application # 77=Tripwire-File_Modified application # 78=Tripwire-File_Added application # 79=Tripwire-Database_Updated application # 80=Tripwire-File_Deleted application # 81=Tripwire-Addition_Detected application # 82=Tripwire-Removal_Detected application # 83=Tripwire-Mod_Detected application # 84=Tripwire-Deletion_Detected application # 85=Tripwire-Deletion_Detected application # 86=Tripwire-Creation_Detected application # 87=Tripwire-Modification_Detected application # 88=Tripwire-Set_Security_Detected application # 89=Tripwire-Rename_Detected application # 90=Tripwire-Create_Key_Detected application # 91=Tripwire-Error_Detected error # # Plugins for file /usr/thunder/daemons/plugins/hids_tripwire_server.prm # # # Plugins for file /usr/thunder/daemons/plugins/honeypot_forescout.prm # # 5600=Forescout-Port_Bite honeypot # 5601=Forescout-Port_Mark honeypot # 5602=Forescout-Hostname_Bite honeypot # 5603=Forescout-User_Bite honeypot # 5604=Forescout-User_Mark honeypot # 5605=Forescout-Share_Bite honeypot # 5606=Forescout-Share_Mark honeypot # 5607=Forescout-Scan_Event scanning # 5608=Forescout-Scan_Event scanning # # Plugins for file /usr/thunder/daemons/plugins/honeypot_honeyd.prm # # 6600=Honeyd-ICMP_Echo_Reply honeypot # 6601=Honeyd-TCP_Connection_Request honeypot # 6602=Honeyd-UDP_Connection_To_Closed_Port honeypot # 6603=Honeyd-TCP_Connection_Established honeypot # 6604=Honeyd-UDP_Connection_Established honeypot # 6605=Honeyd-TCP_Connection_Reset honeypot # 6606=Honeyd-TCP_Connection_Killed honeypot # # Plugins for file /usr/thunder/daemons/plugins/honeypot_labrea.prm # # 6700=LaBrea-Tarpitting honeypot # # Plugins for file /usr/thunder/daemons/plugins/honeypot_multipot.prm # # 6720=Multipot-Veritas_Worm honeypot # 6721=Multipot-Veritas_Worm honeypot # 6722=Multipot-Bagle_Worm honeypot # 6723=Multipot-My_Doom_Virus honeypot # 6724=Multipot-Optix_Virus honeypot # 6725=Multipot-Sub_7_Trojan honeypot # 6726=Multipot-Kuang_Trojan honeypot # 6727=Multipot-Lsass honeypot # 6728=Multipot-Bagle_Worm_Timeout honeypot # 6729=Multipot-Shellcode_Folder honeypot # 6731=Multipot-Veritas_Shellcode_Handled honeypot # 6732=Multipot-Bagle_Upload honeypot # 6733=Multipot-VeritasCmd honeypot # 6734=Multipot-VeritasCmd_HandlerError honeypot # 6735=Multipot-VeritasCmd_Failed honeypot # 6736=Multipot-Veritas_Downloaded_File honeypot # 6737=Multipot-Veritas_URL_Failed honeypot # 6738=Multipot-Veritas_Url_ErrMsg honeypot # # Plugins for file /usr/thunder/daemons/plugins/honeypot_nepenthes.prm # # 6613=Nepenthes-Warning_Alert honeypot # 6614=Nepenthes-Critical_Alert honeypot # 6616=Nepenthes-Warning_Alert honeypot # 6619=Nepenthes-TCP_Connection honeypot # 6620=Nepenthes-UDP_Connection honeypot # # Plugins for file /usr/thunder/daemons/plugins/honeypot_symantec_decoy.prm # # # Plugins for file /usr/thunder/daemons/plugins/lce_tasl.prm # # 20000=PVS-New_Host_Portscanning scanning # 20002=New_SSH_User detected-change # 20003=New_MAC detected-change # 20004=Invalid_Account-Logon_Attempt login-failure # 20005=New_User detected-change # 20006=Portscan_Spike scanning # 20007=Application_Change detected-change # 20008=Database_Change detected-change # 20009=User_Change detected-change # 20010=Server_Change detected-change # 20011=Device_Change detected-change # 20012=Network_Change detected-change # 20013=Time_Update detected-change # 20014=LCE-Client_Logout lce # 20015=LCE-Client_Login lce # 20016=LCE-Dead_Client lce # 20017=Suspicious_Proxy network # 20018=Multiple_System_Crashes process # 20019=Password_Guessing intrusion # 20020=Successful_Password_Guess intrusion # 20021=New_Windows_Process detected-change # 20022=Network_Login_Sweep intrusion # 20023=Software_Installed detected-change # 20024=Software_Removed detected-change # 20025=User_Removed detected-change # 20026=LCE-High_Memory_Usage error # 20027=LCE-High_CPU_Usage error # 20028=LCE-High_Disk_Usage error # 20029=LCE-High_Load lce # 20030=New_Command process # 20031=Hourly_Command_Summary process # 20032=Daily_Command_Summary process # 20033=Daily_User_Summary process # 20034=Login_Then_Change detected-change # 20035=Firewall_Change detected-change # 20036=Router_Change detected-change # 20037=Switch_Change detected-change # 20042=PVS-Database_SELECT_Command database # 20043=PVS-Database_CREATE_Command database # 20044=PVS-Database_INSERT_Command database # 20045=PVS-Database_DELETE_Command database # 20046=PVS-Database_UPDATE_Command database # 20047=PVS-Database_DROP_Command database # 20048=PVS-Database_GRANT_Command database # 20049=LCE-Unix_Executable_File_Modified detected-change # 20050=LCE-Unix_Configuration_File_Modified detected-change # 20051=LCE-Unix_Tenable_File_Modified detected-change # 20052=LCE-Unix_Library_File_Modified detected-change # 20053=LCE-Unix_Misc_File_Modified detected-change # 20054=LCE-Windows_Executable_File_Modified detected-change # 20055=LCE-Windows_Executable_Modified detected-change # 20056=LCE-Windows_System_File_Modified detected-change # 20057=LCE-Windows_Configuration_File_Modified detected-change # 20058=LCE-Windows_Misc_File_Modified detected-change # 20059=Suspicious_SQL_Query_Detected intrusion # 20060=Suspicious_SQL-Command_Execution intrusion # 20061=Suspicious_SQL-Benchmark_Delay intrusion # 20062=Suspicious_SQL-Meta_Characters_Seen intrusion # 20063=Suspicious_SQL-CONCAT_Command_Seen intrusion # 20064=Suspicious_SQL-Write_Output_to_File intrusion # 20065=Suspicious_SQL-User_Database_Dump intrusion # 20066=PVS-Database_GRANT_ALL_Privileges database # 20067=PVS-Database_GRANT_INSERT_Privileges database # 20068=PVS-Database_GRANT_SELECT_Privileges database # 20069=PVS-Database_GRANT_DELETE_Privileges database # 20070=PVS-Database_GRANT_DELETE_Privileges database # 20071=PVS-Database_GRANT_CREATE_Privileges database # 20072=PVS-Database_GRANT_CREATE_Privileges database # 20073=PVS-Database_User_Created database # 20074=PVS-Database_User_RENAME database # 20075=PVS-Database_Schema_Changed database # 20076=Unique_Windows_Executable process # 20077=Domain_Summary dns # 20079=Web_Servers_Scanned intrusion # 20080=Web_Server_Scan intrusion # 20081=New_Windows_Process_Seen process # 20082=New_Windows_Parent_Child_Pair process # 20083=Hourly_Crashed_Summary process # 20084=Hourly_Hung_Summary process # 20085=Daily_Crashed_Summary process # 20086=Daily_Hung_Summary process # 20087=Intrusion_Host_Scan intrusion # 20088=Intrusion_Network_Scan intrusion # 20089=Unique_Unix_Executable process # 20090=New_Unix_Parent_Child_Pair process # 20091=User_Added detected-change # 20092=PVS-Storm intrusion # 20093=PVS-Warbot_Trojan_Detected intrusion # 20094=Suspicious_SQL-Injection_Attack_Detected intrusion # 20095=PVS-Malicious_Web_Request threatlist # 20096=LCE-Windows_File_Removed detected-change # 20097=LCE-Windows_File_Readded detected-change # 20098=Potential_Worm_Outbreak intrusion # 20099=Suspicious_SSH_Proxy network # 20100=Suspicious_VNC_Proxy network # 20101=Suspicious_RDP_Proxy network # # Plugins for file /usr/thunder/daemons/plugins/lce_tasl_continuous.prm # # 2050=Long_Term_Statistical_Anomalies continuous # 2051=Long_Term_Network_Scanning continuous # 2052=Long_Term_Intrusion_Activity continuous # 2053=Long_Term_Virus_Or_Malware_Activity continuous # 2054=Long_Term_Web_Error_Activity continuous # 2055=Long_Term_Error_Activity continuous # 2056=Long_Term_HighCPU_Activity continuous # 2057=Long_Term_DNS_Failures continuous # 2058=Long_Term_Social_Network_Activity continuous # 2059=Long_Term_DOS_Activity continuous # 2060=Long_Term_Threatlist_Activity continuous # 2061=Long_Term_Windows_App_Errors continuous # 2062=Long_Term_SSH_Client_Activity continuous # 2063=Long_Term_VNC_Client_Activity continuous # 2064=Long_Term_RDP_Client_Activity continuous # # Plugins for file /usr/thunder/daemons/plugins/lce_tasl_long_tcp.prm # # 2250=TFM-Long_TCP_Session_15_Minutes network # 2251=TFM-Long_TCP_Session_30_Minutes network # 2252=TFM-Long_TCP_Session_45_Minutes network # 2253=TFM-Long_TCP_Session_60_Minutes network # 2254=TFM-Long_TCP_Session_Many_Hours network # 2255=TFM-Long_TCP_Session_1_Day network # 2256=TFM-Long_TCP_Session_Many_Days network # 2257=TFM-TCP_Session_Whole_1-10MB network # 2258=TFM-TCP_Session_Whole_10-100MB network # 2259=TFM-TCP_Session_Whole_100-1024MB network # 2260=TFM-TCP_Session_Whole_ network # # Plugins for file /usr/thunder/daemons/plugins/lce_tasl_nbs.prm # # 2450=Never_Before_Seen-Intrusion_Event nbs # 2451=Never_Before_Seen-Social_Networks nbs # 2452=Never_Before_Seen-DOS_Event nbs # 2453=Never_Before_Seen-DHCP_Event nbs # 2454=Never_Before_Seen-DNS_Event nbs # 2455=Never_Before_Seen-Threatlist nbs # 2456=Never_Before_Seen-Change_Detected_Event nbs # 2457=Never_Before_Seen-Vulnerability_Event nbs # 2458=Never_Before_Seen-Virus_Event nbs # 2459=Never_Before_Seen-Firewall_Event nbs # 2460=Never_Before_Seen_Scanning_Event nbs # 2462=Never_Before_Seen-Restart_Event nbs # 2464=Never_Before_Seen-SPAM_Event nbs # 2465=Never_Before_Seen-Application_Event nbs # 2666=Never_Before_Seen-System_Event nbs # 2067=Never_Before_Seen-Compliance_Event nbs # 2069=Never_Before_Seen-Honeypot_Event nbs # 2070=Never_Before_Seen-Statistical_Event nbs # 2072=Never_Before_Seen-Logout_Event nbs # 2073=Never_Before_Seen-Error_Event nbs # 2074=Never_Before_Seen-Network_Event nbs # 2075=Never_Before_Seen-Login_Event nbs # 2076=Never_Before_Seen-Login-Failure_Event nbs # 2077=Never_Before_Seen-LCE_Event nbs # 2078=Never_Before_Seen-Data_Leak_Event nbs # 2079=Never_Before_Seen-Web_Error nbs # 2080=Never_Before_Seen-Access_Denied nbs # 2081=Never_Before_Seen-StartUp nbs # 2082=Never_Before_Seen-Database_Event nbs # 2083=Never_Before_Seen-Web_Access_Event nbs # 2084=Never_Before_Seen-Access_Denied_Event nbs # 2085=Never_Before_Seen-File_Access nbs # 2086=Never_Before_Seen-USB_Event nbs # 2087=Never_Before_Seen-Process_Event nbs # 2088=Never_Before_Seen-Continuous_Event nbs # 2089=Never_Before_Seen-Login_From_Unknown_IP nbs # # Plugins for file /usr/thunder/daemons/plugins/lce_tasl_threatlist.prm # # 2350=Outbound_FTP_Threatlist_Connection threatlist # 2379=Outbound_SMTP_Threatlist_Connection threatlist # 2380=Outbound_HTTP_Threatlist_Connection threatlist # 2381=Outbound_HTTPS_Threatlist_Connection threatlist # 2382=Outbound_Low_Port_Threatlist_Connection threatlist # 2383=Outbound_High_Port_Threatlist_Connection threatlist # 2384=Outbound_IRC_Threatlist_Connection threatlist # 2385=Inbound_Threatlist_Connection_SSH threatlist # 2386=Inbound_Threatlist_Connection_SMTP threatlist # 2387=Inbound_Threatlist_Connection_HTTP threatlist # 2388=Inbound_Threatlist_Connection_HTTPS threatlist # 2389=Inbound_Threatlist_Connection_Low_Port threatlist # 2390=Inbound_Threatlist_Connection_High_Port threatlist # 2391=Inbound_Threatlist_Connection_IRC threatlist # 2392=Web_Error_From_Threatlist_Address threatlist # 2393=Threatlist_Login threatlist # 2394=Threatlist_Login_Failure threatlist # 2395=FileDownload_From_Threatlist threatlist # 2396=FileDownload_To_Threatlist threatlist # 2397=Inbound_Scanning_From_Threatlist_Address threatlist # 2398=Inbound_SSL_Threatlist_Session threatlist # 2399=Inbound_VNC_Threatlist_Session threatlist # 21000=Inbound_RDP_Threatlist_Session threatlist # 21001=Inbound_SSH_Threatlist_Session threatlist # 21002=Outbound_VNC_Threatlist_Session threatlist # 21003=Outbound_RDP_Threatlist_Session threatlist # 21004=Outbound_SSH_Threatlist_Session threatlist # 21005=Outbound_Non-HTTP_Threatlist_Traffic threatlist # 21006=Inbound_Non-HTTP_Threatlist_Traffic threatlist # 21007=Web_Access_From_Threatlist_Address threatlist # 21008=Web_Access_To_Threatlist_Address threatlist # 21009=Threatlist_Intrusion threatlist # 21010=Outbound_Suspicious_Threatlist_Proxy threatlist # 21011=Inbound_Suspicious_Threatlist_Proxy threatlist # 200013=Outbound_Data_Leak_Threatlist threatlist # 200014=Inbound_Data_Leak_Threatlist threatlist # # Plugins for file /usr/thunder/daemons/plugins/likewise_security.prm # # 10310=LSASSD-Failed_Re-sync error # 10311=LSASSD-LDAP_Server_Down error # 10312=LSASSD-Retrying_LDAP_Search error # 10313=LSASSD-Clearing_Connection_List system # 10314=LSASSD-LDAP_Api_Bind_Failed error # 10315=LSASSD-GSS_Failure error # 10316=LSASSD-Authentication_Failed login-failure # 10317=LSASSD-Authentication_Failed_Admin login-failure # 10318=LSASSD-Preauthentication_Failed error # 10319=LSASSD-Input_Output_Error error # # Plugins for file /usr/thunder/daemons/plugins/mail_dovecot.prm # # 3450=Dovecot-IMAP-User_Login login # 3451=Dovecot-POP-User_Login login # # Plugins for file /usr/thunder/daemons/plugins/mail_exchange.prm # # 8084=MSExchange-Sync_Folder_Items application # 8085=MSExchange-Get_Item application # 8086=MSExchange-Create_Item application # 8087=MSExchange-Get_Events application # 8088=MSExchange-Get_User_Settings_Response application # 8089=MSExchange-Subscription_Not_Found error # 8090=MSExchange-Find_Folder application # 8091=MSExchange-Subscribe application # 8092=MSExchange-Syncing_Ipad application # 8093=MSExchange-Syncing_Folder application # 8095=MSExchange-Get_Folder application # 8096=MSExchange-Syncng_DroidRazr application # 8097=MSExchange-Update_Item application # 8098=MSExchange-Copy_Item application # 8099=MSExchange-Delete_Item application # 8100=MSExchange-Update_Folder application # 8101=MSExchange-Convert_Id application # 8102=MSExchange-Get_Mail_Tips application # 8103=MSExchange-Get_Service_Configuration application # 8104=MSExchange-Get_User_Availability application # 8105=MSExchange-Syncing_Misc application # # Plugins for file /usr/thunder/daemons/plugins/mail_exim.prm # # 7900=Exim-Bad_Recipient_Address error # 7901=Exim-Bad_Sender_Address access-denied # 7902=Exim-Possible_Open_Relay spam # 7903=Exim-Relay_Not_Permitted access-denied # 7904=Exim-Sender_Blacklisted spam # 7906=Exim-Potentially_Executable_Attachment virus # 7905=Exim-Failed_Authentication login-failure # 7907=Exim-Empty_SMTP_Message error # 7908=Exim-SMTP_Message connection # 7909=Exim-Too_Many_Connections access-denied # # Plugins for file /usr/thunder/daemons/plugins/mail_imaps.prm # # 5450=IMAP-User_Login login # 5451=IMAP-User_Opened_Folder application # 5452=IMAP-User_Has_Deleted_Mail application # 5453=IMAP-User_Login login # 5454=IMAP-User_Login_Failed login-failure # 5455=IMAP-User_Login_Failed login-failure # # Plugins for file /usr/thunder/daemons/plugins/mail_postfix.prm # # 9900=Postfix-SMTP_Connection connection # 9901=Postfix-SMTP_Disconnection connection # 9903=Postfix-User_Authentication_Failure login-failure # 9904=Postfix-Illegal_Address_Syntax error # 9905=Postfix-Illegal_Relay_Attempt access-denied # 9906=Postfix-Spam_Mail_Rejected spam # 9902=Postfix-Email_Rejected access-denied # 9908=Postfix-Unknown_Recipient error # 9907=Postfix-SPF_Mail_Rejected spam # 9910=Postfix-Client_Blacklisted spam # 9911=Postfix-Client_DNS_Unresolvable error # 9912=Postfix-SMTP_Discard_Bounce_Suppressed error # 9913=Postfix-SMTP_TLS_Connection_From_Unknown_DNS connection # 9914=Postfix-SMTP_TLS_Established_From_Unknown_DNS connection # 9915=Postfix-SMTP_Hostname_Verification_Failed error # 9916=Postfix-Cleanup_Message application # 9917=Postfix-Removed_Message application # 9918=Postfix-Message_In_Active_Queue application # 9919=Postfix-SMTP_Message_Relayed application # 9920=Postfix-Delivered_Via_Spamcyr_Service application # 9921=Postfix-Verification_Failed error # 9922=Postfix-Bounced_Email error # 9923=Postfix-TLS_Connection connection # 9924=Postfix-SASL_Login_Failure login-failure # 9925=Postfix-SMTP_Spam_Message_Dropped spam # 9926=Postfix-SMTP_Message_Sent application # 9927=Postfix-SMTP_Message_Sent application # 9928=Postfix-SASL_Login login # # Plugins for file /usr/thunder/daemons/plugins/mail_qpopper.prm # # 3800=QPopper-Connection connection # 3801=QPopper-Admin_Login_Failure login-failure # 3802=QPopper-Login_Failure login-failure # 3803=QPopper-Login login # # Plugins for file /usr/thunder/daemons/plugins/mail_sendmail.prm # # 6000=Sendmail-Message_Accepted application # 6001=Sendmail-Relay_Accepted application # 6004=Sendmail-Mail_To_Unknown_User error # 6007=Sendmail-Mail_To_Unknown_User error # 6016=Sendmail-Possible_Spam_Attempt spam # 6002=Sendmail-Probe_550_Access_Denied login-failure # 6003=Sendmail-Possible_Attack intrusion # 6005=Sendmail-Invalid_Sender error # 6006=Sendmail-Possible_Attack intrusion # 6008=Sendmail-MIME_Overflow_Attack intrusion # 6009=Sendmail-Mail_To_Program_Attack intrusion # 6010=Sendmail-SMTP_Settings_Probe application # 6011=Sendmail-Expand_User_Attempt application # 6012=Sendmail-Expand_User_Attack intrusion # 6013=Sendmail-Verify_User_Attempt application # 6015=Sendmail-QF_File_Attack intrusion # 6017=Sendmail-QF_File_Attack intrusion # 6020=Sendmail-Long_DNS_Name intrusion # 6021=Sendmail-Newline_In_String intrusion # 6022=Sendmail-Blacklist_Relay spam # 6023=Sendmail-Milter_Reject_Spam spam # 6024=Sendmail-Mail_Relayed_Successful application # 6025=Sendmail-Unresolved_Domain error # 6026=Sendmail-Bad_Connection_Termination connection # 6027=Sendmail-SYSERR_Read_Timeout error # 6028=Sendmail-Spam_Email spam # 6029=Sendmail-Relay_Attempt_Without_Auth access-denied # 6030=Sendmail-Spam_Email spam # 6031=Sendmail-Low_Drive_Space error # 6032=Sendmail-Get_Host_Failed error # 6033=Sendmail-Forwarding_Error error # 6034=Sendmail-Host_Name_Unknown error # 6035=Sendmail-Using_Short_Name application # 6036=Sendmail-Starting restart # 6037=Sendmail-Possibly_Forged spam # # Plugins for file /usr/thunder/daemons/plugins/mail_snare.prm # # 4538=Exchange-Email_Connection_Hello application # 4539=Exchange-Email_Received application # 4541=Exchange-Email_Conenction_Receipt application # 4543=Exchange-RCPT_Outbound_Connection_Command application # 4544=Exchange-DATA_Outbound_Connection_Command application # 4545=Exchange-Outbound_Connection_Response application # 4546=Exchange-QUIT_Outbound_Connection_Command application # 4547=Exchange-EHLO_Outbound_Connection_Command application # 4548=Exchange-MAIL_Outbound_Connection_Command application # 4549=Exchange-RSET_Outbound_Connection_Command application # 4550=Exchange-HELO_Alert application # 4551=Exchange-X-Exps application # 4552=Exchange-X-Link2state application # 4553=Exchange-Email_Delivered application # 4554=Exchange-User_Does_Not_Exist error # 4555=Exchange-User_Does_Not_Have_SID error # 4556=Exchange-Unauthorized_Source_Address access-denied # 4557=Exchange-POP3_User_Download_Error error # 4558=Exchange-POP3_Connection connection # 4559=Exchange-POP3_Disconnect connection # 4560=Exchange-POP3_Unsecure_Connection_Rejected access-denied # # Plugins for file /usr/thunder/daemons/plugins/mail_wuimap.prm # # 1700=IMAP-User_Overflow intrusion # 1701=IMAP-TCP_Wrappers_Blocked login-failure # 1702=IMAP-Login_Failed login-failure # 1703=IMAP-Login_Failed login-failure # 1704=IMAP-Banner_Grab scanning # 1705=IMAP-Long_Client_Name intrusion # 1706=IMAP-Long_Line intrusion # 1707=IMAP-Crash process # 1708=IMAP-Login login # 1709=IMAP-Logout logout # # Plugins for file /usr/thunder/daemons/plugins/malware_fireeye.prm # # 5658=FireEye-Binary_Analysis_Alert virus # 5659=FireEye-Domain_Match_Alert virus # 5660=FireEye-Infection_Match_Alert virus # 5661=FireEye-Malware_Callback_Alert virus # 5662=FireEye-Web_Infection_Alert virus # # Plugins for file /usr/thunder/daemons/plugins/misc_airmagnet.prm # # 2150=AirMagnet-High_Noise_Channel error # 2151=AirMagnet-RF_Jamming_Attack dos # 2152=AirMagnet-Overloaded_APs intrusion # 2153=AirMagnet-DOS_Flood dos # 2154=AirMagnet-AdHoc_Mode_Detected system # 2155=AirMagnet-Bandwidth_Exceeded error # 2156=AirMagnet-Open_WLAN vulnerability # # Plugins for file /usr/thunder/daemons/plugins/misc_arpwatch.prm # # 3350=ArpWatch-New_Activity detected-change # 3351=ArpWatch-New_Station detected-change # 3352=ArpWatch-Flip_Flop detected-change # 3353=ArpWatch-Changed_Ethernet_Address detected-change # 3354=ArpWatch-Reused_Old_Ethernet_Address application # 3355=ArpWatch-Ethernet_Mismatch error # 3356=ArpWatch-Bogon network # 3357=ArpWatch-Ethernet_Broadcast network # # Plugins for file /usr/thunder/daemons/plugins/nac_cisco.prm # # 4600=Cisco-NAC_Admin_Logout logout # 4603=Cisco-NAC_Admin_Login login # 4604=Cisco-NAC_Device_Added_To_List system # 4605=Cisco-NAC_Device_Removed_From_Mac_List system # 4606=Cisco-NAC_Device_Added_To_Mac_List system # 4607=Cisco-NAC_Antivirus_Updated system # 4609=Cisco-NAC_Admin_Auto_Logout logout # 4610=Cisco-NAC_Admin_Forced_Logout access-denied # 4611=Cisco-NAC_Out_Of_Band_User_Login login # 4612=Cisco-NAC_Failed_Login login-failure # 4613=Cisco-NAC_Logout_Sucessful logout # 4614=Cisco-NAC_Login_Temporary login # 4615=Cisco-NAC_Forced_Logout access-denied # 4616=Cisco-NAC_User_Session_Timeout logout # 4617=Cisco-NAC_Invalid_Login login-failure # 4618=Cisco-NAC_SW_Mgt_Failed_Login login-failure # 4619=Cisco-NAC_SW_Mgt_Multiple_MAC_Addresses system # 4620=Cisco-NAC_SW_Mgt_Trap_Not_In_Database error # 4621=Cisco-NAC_SW_Mgt_Kicked_User access-denied # 4622=Cisco-NAC_CleanAccess_Rules_Update_Failed error # # Plugins for file /usr/thunder/daemons/plugins/nbad_arbor.prm # # 200=Arbor-TCP_Protocol_Anomaly intrusion # 201=Arbor-UDP_Protocol_Anomaly intrusion # 202=Arbor-Protocol_Anomaly intrusion # 203=Arbor-Router_Anomaly intrusion # 204=Arbor-Flow_Anomaly intrusion # # Plugins for file /usr/thunder/daemons/plugins/nbad_stealthwatch.prm # # 6815=StealthWatch-Spam spam # 6816=StealthWatch-Out_Of_Profile intrusion # 6817=StealthWatch-High_Concern_Index intrusion # 6818=StealthWatch-Suspect_UDP_Activity intrusion # 6819=StealthWatch-New_Flows detected-change # 6820=StealthWatch-High_File_Sharing_Index intrusion # 6821=StealthWatch-Mail_Rejects_Index spam # 6822=StealthWatch-Suspect_Long_Flow intrusion # 6823=StealthWatch-NAT_IP error # 6824=StealthWatch-High_Total_Traffic intrusion # 6825=StealthWatch-High_Target_Index intrusion # 6826=StealthWatch-SYNs_Received dos # 6828=StealthWatch-High_Volume_Email spam # 6829=StealthWatch-Port_Flood dos # 6831=StealthWatch-Multiple_Operating_Systems vulnerability # 6832=StealthWatch-Unknown_Operating_System vulnerability # 6833=StealthWatch-System_High_Traffic_In intrusion # 6834=StealthWatch-Misc intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_bro.prm # # 5300=Bro-IDS_Event intrusion # 5301=Bro-FTP_Event intrusion # 5302=Bro-SMTP_Event intrusion # 5303=Bro-RPC_Event intrusion # 5304=Bro-SSH_Event intrusion # 5305=Bro-HTTP_Event intrusion # 5306=Bro-Sensitive_Connection intrusion # 5307=Bro-HTTP_Event intrusion # 5308=Bro-WeirdActivity intrusion # 5309=Bro-PortScan scanning # # Plugins for file /usr/thunder/daemons/plugins/nids_cisco.prm # # 2700=Cisco-IDS_Event intrusion # 2701=Cisco-IDS_Event intrusion # 2702=Cisco-IDS_Event intrusion # 2703=Cisco-IDS_Buffer_Overflow intrusion # 2704=Cisco-IDS_Command_Execution intrusion # 2705=Cisco-IDS_Directory_Traversal intrusion # 2706=Cisco-IDS_Network_Sweep scanning # 2707=Cisco-IDS_Virus virus # 2708=Cisco-IDS_Worm virus # 2709=Cisco-IDS_Event intrusion # 2710=Cisco-IDS_Buffer_Overflow intrusion # 2711=Cisco-IDS_Command_Execution intrusion # 2712=Cisco-IDS_Directory_Traversal intrusion # 2713=Cisco-IDS_Port_Sweep scanning # 2714=Cisco-IDS_HTTP intrusion # 2715=Cisco-IDS_Event intrusion # 2716=Cisco-IDS_Buffer_Overflow intrusion # 2717=Cisco-IDS_Command_Execution intrusion # 2718=Cisco-IDS_Directory_Traversal intrusion # 2719=Cisco-IDS_Network_Sweep scanning # 2720=Cisco-IDS_Authorization_Failure login-failure # 2721=Cisco-IDS_ARP_Attack intrusion # 2722=Cisco-IDS_Known_String intrusion # 2723=Cisco-IDS_Backdoor intrusion # 2724=Cisco-IDS_Policy_Violation intrusion # 2725=Cisco-IDS_Peer_To_Peer intrusion # 2726=Cisco-IDS_Spyware_Activity intrusion # 2727=Cisco-IDS_External_Scan scanning # 2728=Cisco-IDS_Custom intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_cisco_ips.prm # # 17504=CiscoIPS-Severity1_Event error # 17505=CiscoIPS-Severity2_Event error # 17506=CiscoIPS-Severity3_Event error # 17507=CiscoIPS-Severity4_Event error # 17508=CiscoIPS-Severity5_Event error # 17509=CiscoIPS-Severity6_Event error # 17510=CiscoIPS-Severity7_Event error # 17511=CiscoIPS-Severity8_Event error # 17512=CiscoIPS-Severity9_Event error # 17513=CiscoIPS-Severity10_Range_Event error # 17514=CiscoIPS-Severity20_Range_Event error # 17515=CiscoIPS-Severity30_Range_Event error # 17516=CiscoIPS-Severity40_Range_Event error # 17517=CiscoIPS-Severity50_Range_Event error # 17518=CiscoIPS-Severity60_Range_Event error # 17519=CiscoIPS-Severity70_Range_Event error # 17520=CiscoIPS-Severity80_Range_Event error # 17521=CiscoIPS-Severity90_Range_Event error # 17522=CiscoIPS-Severity100_Event error # 17523=CiscoIPS-Signature_File_Protocol_Error error # 17524=CiscoIPS-Signature_File_Update_Failed error # # Plugins for file /usr/thunder/daemons/plugins/nids_dragon.prm # # 5000=Dragon-IDS_Event intrusion # 5001=Dragon-FTP_Event intrusion # 5002=Dragon-DNS_Event intrusion # 5003=Dragon-SSH_Event intrusion # 5004=Dragon-WEB_Event intrusion # 5005=Dragon-ICMP_Event intrusion # 5006=Dragon-Compromise_Event intrusion # 5007=Dragon-RPC_Event intrusion # 5008=Dragon-Buffer_Overflow_Event intrusion # 5009=Dragon-Port_Scan scanning # 5010=Dragon-Port_Sweep scanning # 5011=Dragon-Telnet_Event intrusion # 5012=Dragon-Potential_Shell_Bound intrusion # 5013=Dragon-IRC_Join connection # 5014=Dragon-IRC_Bot_Download intrusion # 5015=Dragon-IRC_Bot_Login intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_fortigate_ips.prm # # 10715=Fortigate-IPS_PHP_Attack intrusion # 10716=Fortigate-IPS_Web_Attack intrusion # 10717=Fortigate-IPS_XSS_Attack_Attempt intrusion # 10718=Fortigate-IPS_Injection_Attack intrusion # 10719=Fortigate-IPS_Overflow_Attack intrusion # 10720=Fortigate-IPS_Command_Execution_Attempt intrusion # 10721=Fortigate-IPS_Botnet_Alert intrusion # 10730=Fortigate-IPS_Generic_Event intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_fourscout_counteract.prm # # 18000=ForeScout-CounterAct_Compliant application # 18001=ForeScout-CounterAct_Non_Compliant application # 18002=ForeScout-CounterAct_Vulnerablilities vulnerability # 18003=ForeScout-CounterAct_Scan_Event_Short application # 18004=ForeScout-CounterAct_Scan_Event_Long application # # Plugins for file /usr/thunder/daemons/plugins/nids_intruguard.prm # # 7607=Intruguard-TCP_Invalid_Flag intrusion # 7608=Intruguard-TCP_Foreign_Packet intrusion # 7609=Intruguard-Blocked_Source firewall # 7610=Intruguard-Most_Active_Source dos # 7611=Intruguard-Most_Active_SYN_Source dos # 7612=Intruguard-Most_Active_Destination dos # 7613=Intruguard-L4_Anomalies intrusion # 7614=Intruguard-Blocked_ICMP firewall # 7615=Intruguard-TCP_SM_State_Transition_Anomaly intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_intrushield.prm # # 5200=IntruShield-Protocol_Violation intrusion # 5201=IntruShield-Protocol_Violation intrusion # 5202=IntruShield-Protocol_Violation intrusion # 5203=IntruShield-Probe scanning # 5204=IntruShield-Probe scanning # 5205=IntruShield-Probe scanning # 5206=IntruShield-DOS dos # 5207=IntruShield-DOS dos # 5208=IntruShield-DOS dos # 5209=IntruShield-DDOS_Agent intrusion # 5210=IntruShield-DDOS_Agent intrusion # 5211=IntruShield-DDOS_Agent intrusion # 5212=IntruShield-Backdoor intrusion # 5213=IntruShield-Backdoor intrusion # 5214=IntruShield-Backdoor intrusion # 5215=IntruShield-Worm virus # 5216=IntruShield-Worm virus # 5217=IntruShield-Worm virus # 5218=IntruShield-Virus virus # 5219=IntruShield-Virus virus # 5220=IntruShield-Virus virus # 5221=IntruShield-Read_Exposure intrusion # 5222=IntruShield-Read_Exposure intrusion # 5223=IntruShield-DOS dos # 5224=IntruShield-Write_Exposure intrusion # 5225=IntruShield-Write_Exposure intrusion # 5227=IntruShield-Buffer_Overflow intrusion # 5228=IntruShield-Buffer_Overflow intrusion # 5230=IntruShield-Shellcode_Execution intrusion # 5231=IntruShield-Shellcode_Execution intrusion # 5233=IntruShield-Remote_Access intrusion # 5234=IntruShield-Remote_Access intrusion # 5235=IntruShield-Remote_Access intrusion # 5236=IntruShield-Privileged_Access intrusion # 5237=IntruShield-Privileged_Access intrusion # 5239=IntruShield-Evasion_Attempt intrusion # 5240=IntruShield-Evasion_Attempt intrusion # 5241=IntruShield-Evasion_Attempt intrusion # 5242=IntruShield-Command_Execution intrusion # 5243=IntruShield-Command_Execution intrusion # 5244=IntruShield-Command_Execution intrusion # 5245=IntruShield-Code_Execution intrusion # 5246=IntruShield-Code_Execution intrusion # 5248=IntruShield-Host_Sweep scanning # 5249=IntruShield-Host_Sweep scanning # 5251=IntruShield-Port_Scan scanning # 5252=IntruShield-Port_Scan scanning # 5254=IntruShield-Brute_Force login-failure # 5255=IntruShield-Brute_Force login-failure # 5256=IntruShield-Brute_Force login-failure # 5257=IntruShield-Fingerprinting scanning # 5258=IntruShield-Fingerprinting scanning # 5260=IntruShield-Service_Sweep scanning # 5261=IntruShield-Service_Sweep scanning # 5262=IntruShield-Audit connection # 5263=IntruShield-Audit connection # 5264=IntruShield-Restricted_Access intrusion # 5265=IntruShield-Restricted_Access intrusion # 5266=IntruShield-Restricted_Access intrusion # 5267=IntruShield-Unauthorized_IP intrusion # 5270=IntruShield-Sensitive_Content data-leak # 5271=IntruShield-Sensitive_Content data-leak # 5273=IntruShield-Covert_Channel intrusion # 5274=IntruShield-Covert_Channel intrusion # 5275=IntruShield-Covert_Channel intrusion # 5276=IntruShield-Command_Shell intrusion # 5277=IntruShield-Command_Shell intrusion # 5279=IntruShield-Statistical_Deviation intrusion # 5280=IntruShield-Statistical_Deviation intrusion # 5281=IntruShield-Statistical_Deviation intrusion # 5282=IntruShield-Over_Threshold intrusion # 5283=IntruShield-Over_Threshold intrusion # 5284=IntruShield-Over_Threshold intrusion # 5286=IntruShield-Audit connection # 5288=Intrushield-Backdoor intrusion # 5289=Intrushield-Buffer_Overflow intrusion # 5290=Intrushield-Buffer_Overflow intrusion # 5291=Intrushield-Buffer_Overflow intrusion # 5292=Intrushield-Directory_Traversal_Attempt intrusion # 5293=Intrushield-Remote_Code_Execution intrusion # 5294=Intrushield-Code_Red intrusion # 5295=Intrushield-IIS_Index_Server_Overflow intrusion # 5296=Intrushield-IIS_Index_Server_idq_read_file intrusion # 5297=Intrushield-Mambo_Site_Server_PHPSESSID_Exploit intrusion # 5298=Intrushield-Microsoft_ASN_Memory_Corruption intrusion # 5299=Intrushield-Phf_Execute_Arbitary_Commands intrusion # 5311=Intrushield-Trillian_Overflow intrusion # 5312=Intrushield-Botnet_IRC_Scan_Activity intrusion # 5313=IntruShield-Port_Scan_Botnet_Worm_Activity intrusion # 5314=IntruShield-Privileged_Access intrusion # 5315=IntruShield-DDoS_Activity dos # 5316=Intrushield-DNS_Overflow intrusion # 5317=Intrushield-Directory_Traversal_Attempt intrusion # 5318=Intrushield-NMAP_Probe scanning # 5320=Intrushield-Password_Brute_Force login-failure # 5321=Intrushield-Scanning scanning # 5323=Intrushield-SMTP_Relay_Attempt spam # 5325=Intrushield-TCP_Ack_Scan scanning # 5326=Intrushield-Invalid_Telnet_Flow intrusion # 5327=Intrushield-Password_Brute_Force login-failure # 5328=Intrushield-Password_Guessing login-failure # 5329=Intrushield-Password_Brute_Force login-failure # 5330=Intrushield-WinNT_DOS dos # 5331=Intrushield-Virus_Attachment virus # 5332=Intrushield-Fingerprinting scanning # 5333=IntruShield-Port_Scan scanning # 5334=IntruShield-Port_Scan scanning # 5335=Intrushield-Botnet_IRC_Scan_Activity scanning # 5336=IntruShield-Port_Scan_Botnet_Worm_Activity scanning # 5337=IntruShield-mIRC_Overflow intrusion # 5338=Intrushield-Unwanted_Software vulnerability # 5339=IntruShield-Illegal_FIN intrusion # 5340=IntruShield-IRC_Activity network # 5341=IntruShield-Restricted_Application vulnerability # 5344=IntruShield-Code_Execution intrusion # 5346=IntruShield-Buffer_Overflow intrusion # 5347=IntruShield-Read_Exposure intrusion # 5348=IntruShield-Audit connection # 5349=IntruShield-Arbitrary_Cmd_Execution intrusion # 5350=IntruShield-Write_Exposure intrusion # 5351=Intrushield-Backdoor intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_iss.prm # # 2600=ISS-IDS_Event intrusion # 2601=ISS-Buffer_Overflow intrusion # 2602=ISS-Backdoor_Request intrusion # 2603=ISS-Backdoor_Response intrusion # 2604=ISS-Rootkit intrusion # 2605=ISS-Worm_Activity virus # 2606=ISS-Web_Probe intrusion # 2607=ISS-FTP_Probe intrusion # 2608=ISS-SMTP_Probe intrusion # 2609=ISS-Denial_Of_Service dos # 2610=ISS-Network_Probe scanning # 2611=ISS-Buffer_Overflow intrusion # 2612=ISS-Windows_Shell intrusion # 2613=ISS-Network_Sweep scanning # 2614=ISS-Network_Scan scanning # # Plugins for file /usr/thunder/daemons/plugins/nids_juniper_srx.prm # # 2750=NetscreenIDP-Trojan_Activity virus # 2751=NetscreenIDP-DNS_Abuse intrusion # 2752=NetscreenIDP-SNMP_Abuse intrusion # 2753=NetscreenIDP-HTTP_Abuse intrusion # 2754=NetscreenIDP-IP_Protocol_Abuse intrusion # 2755=NetscreenIDP-ICMP_Protocol_Abuse intrusion # 2756=NetscreenIDP-Port_Scanning scanning # 2757=NetscreenIDP-NETBIOS_Probing intrusion # 2758=NetscreenIDP-SMB_Probing intrusion # 2759=NetscreenIDP-Printer_Attacks intrusion # 2760=NetscreenIDP-P2P_Activity intrusion # 2761=NetscreenIDP-TCP_Activity intrusion # 2762=NetscreenIDP-SMTP_Activity intrusion # 2763=NetscreenIDP-SNMPTrap_Activity intrusion # 2764=NetscreenIDP-Spyware_Activity virus # 2765=NetscreenIDP-MS_RPC_Activity intrusion # 2766=NetscreenIDP-P2P_Activity intrusion # 2767=NetscreenIDP-RTSP_Activity intrusion # 2768=NetscreenIDP-SSH_Activity intrusion # 2769=NetscreenIDP-SSL_Activity intrusion # 2770=NetscreenIDP-Suspicious_Application intrusion # 2771=NetscreenIDP-LDAP_Activity intrusion # 2772=NetscreenIDP-DHCP_Activity intrusion # 2773=NetscreenIDP-NTP_Activity intrusion # 2774=NetscreenIDP-DOS_Activity dos # 2775=NetscreenIDP-FTP_Activity intrusion # 2776=NetscreenIDP-Worm_Activity virus # 2777=NetscreenIDP-Database_Activity intrusion # 2778=NetscreenIDP-POP_Activity intrusion # 2779=NetscreenIDP-IMAP_Activity intrusion # 2780=NetscreenIDP-DDOS_Activity dos # 2781=NetscreenIDP-NFS_Activity intrusion # 2782=NetscreenIDP-Off-Port_Activity intrusion # 2783=NetscreenIDP-SCADA_Activity intrusion # 2784=NetscreenIDP-TELNET_Activity intrusion # 2785=NetscreenIDP-TFTP_Activity intrusion # 2786=NetscreenIDP-VNC_Activity intrusion # 2787=NetscreenIDP-Virus_Activity virus # 2788=NetscreenIDP-VOIP_Activity intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_netscreen_idp.prm # # 6850=NetScreenIDP-Attack_Critical_TCP intrusion # 6851=NetScreenIDP-Attack_Critical_UDP intrusion # 6852=NetScreenIDP-Attack_Critical_ICMP intrusion # 6853=NetScreenIDP-Attack_High_TCP intrusion # 6854=NetScreenIDP-Attack_High_UDP intrusion # 6855=NetScreenIDP-Attack_High_ICMP intrusion # 6856=NetScreenIDP-Attack_Medium_TCP intrusion # 6857=NetScreenIDP-Attack_Medium_UDP intrusion # 6858=NetScreenIDP-Attack_Medium_ICMP intrusion # 6859=NetScreenIDP-Attack_Low_TCP intrusion # 6860=NetScreenIDP-Attack_Low_UDP intrusion # 6861=NetScreenIDP-Attack_Low_ICMP intrusion # 6862=NetScreenIDP-Attack_Info_TCP intrusion # 6863=NetScreenIDP-Attack_Info_UDP intrusion # 6864=NetScreenIDP-Attack-Info_ICMP intrusion # 6865=NetScreenIDP-Bad_Traffic_Critical intrusion # 6866=NetScreenIDP-Bad_Traffic_High intrusion # 6867=NetScreenIDP-Bad_Traffic_Medium intrusion # 6868=NetScreenIDP-Bad_Traffic_Low intrusion # 6869=NetScreenIDP-Bad_Traffic_Info intrusion # 6870=NetScreenIDP-Backdoor_ICMP intrusion # 6871=NetScreenIDP-Backdoor_UDP intrusion # 6872=NetScreenIDP-Backdoor_TCP intrusion # 6873=NetScreenIDP-Port_Scan_TCP scanning # 6874=NetScreenIDP-Port_Scan_UDP scanning # # Plugins for file /usr/thunder/daemons/plugins/nids_netscreen_idp4.prm # # 5900=NetscreenIDP-Trojan_Activity intrusion # 5901=NetscreenIDP-DNS_Abuse intrusion # 5902=NetscreenIDP-SNMP_Abuse intrusion # 5903=NetscreenIDP-HTTP_Abuse intrusion # 5904=NetscreenIDP-IP_Protocol_Abuse intrusion # 5905=NetscreenIDP-ICMP_Protocol_Abuse intrusion # 5906=NetscreenIDP-Port_Scanning scanning # 5907=NetscreenIDP-NETBIOS_Probing scanning # 5908=NetscreenIDP-SMB_Probing scanning # 5909=NetscreenIDP-Printer_Attacks intrusion # 5910=NetscreenIDP-P2P_Activity intrusion # 5911=NetscreenIDP-TCP_Activity intrusion # 5912=NetscreenIDP-SMTP_Activity intrusion # 5914=NetscreenIDP-SNMPTrap_Activity intrusion # 5915=NetscreenIDP-Spyware_Activity virus # 5916=NetscreenIDP-MS_RPC_Activity intrusion # 5917=NetscreenIDP-P2P_Activity intrusion # 5918=NetscreenIDP-RTSP_Activity intrusion # 5919=NetscreenIDP-SSH_Activity intrusion # 5920=NetscreenIDP-SSL_Activity intrusion # 5921=NetscreenIDP-Suspicious_Application intrusion # 5922=NetscreenIDP-LDAP_Activity intrusion # 5923=NetscreenIDP-DHCP_Activity intrusion # 5924=NetscreenIDP-NTP_Activity intrusion # 5926=NetscreenIDP-DOS_Activity dos # 5927=NetscreenIDP-FTP_Activity intrusion # 5928=NetscreenIDP-Worm_Activity virus # 5929=NetscreenIDP-Database_Activity intrusion # 5930=NetscreenIDP-POP_Activity intrusion # 5931=NetscreenIDP-IMAP_Activity intrusion # 5932=NetscreenIDP-DDOS_Activity dos # # Plugins for file /usr/thunder/daemons/plugins/nids_netscreen_idp_2.prm # # 13200=NetscreenIDP_Dropped_UDP_Traffic firewall # 13201=NetscreenIDP_Accepted_Traffic_dmz_UDP network # 13202=NetscreenIDP_Dropped_TCP_Traffic firewall # 13203=NetscreenIDP_Accepted_TCP_Traffic network # 13204=NetscreenIDP_Accepted_ICMP_Traffic network # 13205=NetscreenIDP_Dropped_ICMP_Traffic firewall # 13206=NetscreenIDP_Accepted_DNS intrusion # 13207=NetscreenIDP_Accepted_SNMP intrusion # 13208=NetscreenIDP_Accepted_HTTP intrusion # 13209=NetscreenIDP_Accepted_IP intrusion # 13210=NetscreenIDP_Accepted_ICMP intrusion # 13211=NetscreenIDP_Accepted_SCAN scanning # 13212=NetscreenIDP_Accepted_NETBIOS_TCP intrusion # 13213=NetscreenIDP_Accepted_SMB intrusion # 13214=NetscreenIDP_Accepted_LPR intrusion # 13215=NetscreenIDP_Accepted_CHAT intrusion # 13216=NetscreenIDP_Accepted_TCP intrusion # 13217=NetscreenIDP_Accepted_SMTP intrusion # 13218=NetscreenIDP_Accepted_NETBIOS_UDP intrusion # 13219=NetscreenIDP_Accepted_SNMPTRAP intrusion # 13220=NetscreenIDP_Accepted_SPYWARE virus # 13221=NetscreenIDP_Accepted_MS-RCP intrusion # 13222=NetscreenIDP_Accepted_P2P intrusion # 13223=NetscreenIDP_Accepted_DNS intrusion # 13224=NetscreenIDP_Accepted_RTSP intrusion # 13225=NetscreenIDP_Accepted_SSH intrusion # 13226=NetscreenIDP_Accepted_SSL network # 13227=NetscreenIDP_Accepted_APP intrusion # 13228=NetscreenIDP_Accepted_LDAP intrusion # 13229=NetscreenIDP_Accepted_DHCP intrusion # 13230=NetscreenIDP_Accepted_NTP intrusion # 13231=NetscreenIDP_DOS dos # 13232=NetscreenIDP_Accepted_Trojan virus # # Plugins for file /usr/thunder/daemons/plugins/nids_nevo.prm # # # Plugins for file /usr/thunder/daemons/plugins/nids_psad.prm # # 454=PSAD-Scan_Detected scanning # 455=PSAD-Scan_Detected scanning # 456=PSAD-Scan_Detected scanning # 457=PSAD-Block_Added firewall # 458=PSAD-Block_Removed firewall # 460=PSAD-Scan_Detected scanning # 461=PSAD-Scan_Detected scanning # 462=PSAD-Scan_Detected scanning # # Plugins for file /usr/thunder/daemons/plugins/nids_snort.prm # # 5100=Snort-UDP_Portsweep scanning # 5101=Snort-TCP_Portsweep scanning # 5102=Snort-TCP_Portscan scanning # 5103=Snort-UDP_Portscan scanning # 5104=Snort-Distributed_Portscan scanning # 5105=Snort-ICMP_Sweep scanning # 5106=Snort-Decoy_Portscan scanning # 5107=Snort-Portscan scanning # 5108=Snort-Portscan scanning # 5109=Snort-HTTP_Inspect intrusion # 5110=Snort-Access_To_A_Potentially_Vulnerable_Web_Application intrusion # 5111=Snort-Access_To_A_Potentially_Vulnerable_Web_Application intrusion # 5112=Snort-A_Client_Was_Using_An_Unusual_Port intrusion # 5113=Snort-A_Client_Was_Using_An-Unusual_Port intrusion # 5114=Snort-An_Attempted_Login_Using_A_Suspicious_Username_Was_Detected login-failure # 5115=Snort-An_Attempted_Login_Using_A_Suspicious_Username_Was_Detected login-failure # 5116=Snort-A_Network_Trojan_Was_Detected virus # 5117=Snort-A_Network_Trojan_Was_Detected virus # 5118=Snort-A_Suspicious_Filename_Was_Detected intrusion # 5119=Snort-A_Suspicious_Filename_Was_Detected intrusion # 5120=Snort-A_Suspicious_String_Was_Detected intrusion # 5121=Snort-A_Suspicious_String_Was_Detected intrusion # 5122=Snort-A_System_Call_Was_Detected intrusion # 5123=Snort-A_System_Call_Was_Detected intrusion # 5124=Snort-A_TCP_Connection_Was_Detected network # 5125=Snort-A_TCP_Connection_Was_Detected network # 5126=Snort-Attempted_Administrator_Privilege_Gain intrusion # 5127=Snort-Attempted_Denial_Of_Servica dos # 5128=Snort-Attempted_Information_Leak intrusion # 5129=Snort-Attempted_User_Privilege_Gain intrusion # 5130=Snort-Attempt_To_Login_By_A_Default_Username_And_Password login-failure # 5131=Snort-Attempt_To_Login_By_A_Default_Username_And_Password login-failure # 5132=Snort-Decode_Of_An_RPC_Query intrusion # 5133=Snort-Denial_Of_Service dos # 5134=Snort-Detection_Of_A_Denial_Of_Service_Attack dos # 5135=Snort-Detection_Of_A_Network_Scan scanning # 5136=Snort-Detection_Of_A_NonStandard_Protocol_Or_Event intrusion # 5137=Snort-Detection_Of_A_NonStandard_Protocol_Or_Event intrusion # 5138=Snort-Executable_Code_Was_Detected intrusion # 5139=Snort-Executable_Code_Was_Detected intrusion # 5140=Snort-Generic_ICMP_Event network # 5141=Snort-Generic_Protocol_Command_Decode intrusion # 5142=Snort-Inappropriate_Content_Was_Detected compliance # 5143=Snort-Information_Leak intrusion # 5144=Snort-Large_Scale_Information_Leak intrusion # 5145=Snort-Misc_Activity intrusion # 5146=Snort-Misc_Attack intrusion # 5147=Snort-Not_Suspicious_Traffic intrusion # 5148=Snort-Potential_Corporate_Privacy_Violation network # 5149=Snort-Potentially_Bad_Traffic intrusion # 5150=Snort-Adult_Content_Detection compliance # 5151=Snort-Successful_Administrator_Privilege_Gain intrusion # 5152=Snort-Successful_User_Privilege_Gain intrusion # 5153=Snort-Unknown_Traffic intrusion # 5154=Snort-Unsuccessful_User_Privilege_Gain intrusion # 5155=Snort-Web_Application_Attack intrusion # 5156=Snort-FTP_Attack intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_snort_emergingthreats.prm # # # Plugins for file /usr/thunder/daemons/plugins/nids_sourcefire.prm # # # Plugins for file /usr/thunder/daemons/plugins/nids_sourcefire_RNA.prm # # 10150=RNA-UDP_Service_Confidence_Update vulnerability # 10151=RNA-TCP_Service_Confidence_Update vulnerability # 10152=RNA-New_TCP_Service detected-change # 10153=RNA-UDP_Service_Information detected-change # 10154=RNA-New_UDP_Service detected-change # 10155=RNA-New_Host detected-change # 10156=RNA-New_Transport_Protocol detected-change # 10157=RNA-TCP_Port_Closed detected-change # 10158=RNA-OS_Information vulnerability # 10159=RNA-Hops_Change detected-change # 10160=RNA-New_Network_Protocol detected-change # 10161=RNA-OS_Confidence_Update vulnerability # 10162=RNA-TCP_Service_Info vulnerability # 10163=RNA-UDP_Port_Timeout detected-change # 10164=RNA-New_Client_Application detected-change # 10165=RNA-Client_Application_Update detected-change # 10166=RNA-VLAN_Tag_Information_Update detected-change # 10167=RNA-NETBIOS_Name_Change detected-change # 10168=RNA-Host_Timeout detected-change # 10169=RNA-New_OS detected-change # 10170=RNA-Cleint_Application_Timeout detected-change # 10171=RNA-TCP_Port_Timeout detected-change # 10172=RNA-Identity_Timeout detected-change # # Plugins for file /usr/thunder/daemons/plugins/nids_sourcefire_SFIMS.prm # # # Plugins for file /usr/thunder/daemons/plugins/nids_stealthwatch.prm # # # Plugins for file /usr/thunder/daemons/plugins/nids_tipping_point.prm # # 5750=TippingPoint-Alert_TCP_Low intrusion # 5751=TippingPoint-Alert_UDP_Low intrusion # 5752=TippingPoint-Alert_ICMP_Low intrusion # 5753=TippingPoint-Alert_Minor intrusion # 5754=TippingPoint-Alert_TCP_Minor intrusion # 5755=TippingPoint-Alert_UDP_Minor intrusion # 5756=TippingPoint-Alert_ICMP_Minor intrusion # 5757=TippingPoint-Alert_Major intrusion # 5758=TippingPoint-Alert_TCP_Major intrusion # 5759=TippingPoint-Alert_UDP_Major intrusion # 5760=TippingPoint-Alert_ICMP_Major intrusion # 5762=TippingPoint-Alert_TCP_Critical intrusion # 5763=TippingPoint-Alert_UDP_Critical intrusion # 5764=TippingPoint-Alert_ICMP_Critical intrusion # 5765=TippingPoint-Alert_Critical intrusion # 5766=TippingPoint-Block_TCP_Low firewall # 5767=TippingPoint-Block_UDP_Low firewall # 5768=TippingPoint-Block_ICMP_Low firewall # 5769=TippingPoint-Block_Minor firewall # 5770=TippingPoint-Block_TCP_Minor firewall # 5771=TippingPoint-Block_UDP_Minor firewall # 5772=TippingPoint-Block_ICMP_Minor firewall # 5773=TippingPoint-Block_Major firewall # 5774=TippingPoint-Block_TCP_Major firewall # 5775=TippingPoint-Block_UDP_Major firewall # 5776=TippingPoint-Block_ICMP_Major firewall # 5778=TippingPoint-Block_TCP_Critical firewall # 5779=TippingPoint-Block_UDP_Critical firewall # 5780=TippingPoint-Block_ICMP_Critical firewall # 5781=TippingPoint-Block_Critical firewall # 5782=TippingPoint-Misuse_TCP_Low intrusion # 5783=TippingPoint-Misuse_UDP_Low intrusion # 5784=TippingPoint-Misuse_ICMP_Low intrusion # 5785=TippingPoint-Misuse_Minor intrusion # 5786=TippingPoint-Misuse_TCP_Minor intrusion # 5787=TippingPoint-Misuse_UDP_Minor intrusion # 5788=TippingPoint-Misuse_ICMP_Minor intrusion # 5789=TippingPoint-Misuse_Major intrusion # 5790=TippingPoint-Misuse_TCP_Major intrusion # 5791=TippingPoint-Misuse_UDP_Major intrusion # 5792=TippingPoint-Misuse_ICMP_Major intrusion # 5794=TippingPoint-Misuse_TCP_Critical intrusion # 5795=TippingPoint-Misuse_UDP_Critical intrusion # 5796=TippingPoint-Misuse_ICMP_Critical intrusion # 5797=TippingPoint-Misuse_Critical intrusion # 5800=TippingPoint-Critical_ICMP intrusion # 5801=TippingPoint-Critical_UDP intrusion # 5802=TippingPoint-Critical_TCP intrusion # 5803=TippingPoint-Critical intrusion # 5804=TippingPoint-Major_ICMP intrusion # 5805=TippingPoint-Major_UDP intrusion # 5806=TippingPoint-Major_TCP intrusion # 5807=TippingPoint-Major intrusion # 5808=TippingPoint-Minor_ICMP intrusion # 5809=TippingPoint-Minor_UDP intrusion # 5810=TippingPoint-Minor_TCP intrusion # 5811=TippingPoint-Minor intrusion # 5812=TippingPoint-Low intrusion # 5813=TippingPoint-Info intrusion # 5814=TippingPoint-Block_Critical intrusion # 5815=TippingPoint-Block_Major intrusion # 5816=TippingPoint-Block_Minor intrusion # 5817=TippingPoint-Block_Low intrusion # 5818=TippingPoint-Block_Info intrusion # 5819=TippingPoint-P2P_Critical intrusion # 5820=TippingPoint-P2P_Major intrusion # 5821=TippingPoint-P2P_Minor intrusion # 5822=TippingPoint-P2P_Low intrusion # 5823=TippingPoint-P2P_Info intrusion # 5824=TippingPoint-Critical_HTTP intrusion # 5825=TippingPoint-Minor_SNMP intrusion # 5826=TippingPoint-Low intrusion # 5827=TippingPoint-Low intrusion # 5828=TippingPoint-Low intrusion # 5829=TippingPoint-Recon_Scan scanning # 5830=TippingPoint-Probe scanning # 5831=TippingPoint-Probe scanning # 5832=TippingPoint-Invalid_Session login-failure # 5833=TippingPoint-Invalid_Session login-failure # 5834=TippingPoint-Logout logout # 5835=TippingPoint-Login login # 5836=TippingPoint-Idle_Timeout connection # 5837=TippingPoint-Alert_HTTP_Low intrusion # 5838=TippingPoint-Alert_HTTP_Minor intrusion # 5839=TippingPoint-Alert_HTTP_Major intrusion # 5840=TippingPoint-Alert_HTTP_Critical intrusion # 5841=TippingPoint-Block_HTTP_Low firewall # 5842=TippingPoint-Block_HTTP_Minor firewall # 5843=TippingPoint-Block_HTTP_Major firewall # 5844=TippingPoint-Block_HTTP_Critcial firewall # 5845=TippingPoint-Alert_IP_Low intrusion # 5846=TippingPoint-Alert_IP_Minor intrusion # 5847=TippingPoint-Alert_IP_Major intrusion # 5848=TippingPoint-Alert_IP_Critical intrusion # 5849=TippingPoint-Block_IP_Low firewall # 5850=TippingPoint-Block_IP_Minor firewall # 5851=TippingPoint-Block_IP_Major firewall # 5852=TippingPoint-Block_IP_Critcial firewall # 5853=TippingPoint-Alert_SNMP_Low intrusion # 5854=TippingPoint-Alert_SNMP_Minor intrusion # 5855=TippingPoint-Alert_SNMP_Major intrusion # 5856=TippingPoint-Alert_SNMP_Critical intrusion # 5857=TippingPoint-Block_SNMP_Low firewall # 5858=TippingPoint-Block_SNMP_Minor firewall # 5859=TippingPoint-Block_SNMP_Major firewall # 5860=TippingPoint-Block_SNMP_Critcial firewall # # Plugins for file /usr/thunder/daemons/plugins/nids_toplayer.prm # # 12100=TopLayer-System_Events system # 12101=TopLayer-Flow_Events system # 12102=TopLayer-Flow_TCP_Network_Session_Events connection # 12103=TopLayer-Flow_UDP_Network_Session_Events connection # 12104=TopLayer-Flow_ICMP_Network_Session_Events connection # 12105=TopLayer-Flow_IP_Network_Session_Events connection # 12106=TopLayer-Flow_Non_IP_Network_Session_Events connection # 12107=TopLayer-Flow_Lost_Detail_Events system # 12108=TopLayer-Flow_MIB_Threshold_Events system # 12109=TopLayer-IP_Forwarding_Events system # 12110=TopLayer-Bridge_Forwarding_Events system # 12111=TopLayer-Interface_Events system # 12112=TopLayer-Attack_Mitigator_Events intrusion # 12113=TopLayer-Attack_Mitigator_TCP_Session_Events intrusion # 12114=TopLayer-Attack_Mitigator_UDP_Session_Events intrusion # 12115=TopLayer-Attack_Mitigator_ICMP_Session_Events intrusion # 12116=TopLayer-Attack_Mitigator_IP_Session_Events intrusion # 12117=TopLayer-Attack_Mitigator_State_Of_Client_Events intrusion # 12118=TopLayer-Attack_Mitigator_State_Of_Server_Events intrusion # 12119=TopLayer-Attack_Mitigator_Transition_Record_To_Second_Level firewall # 12120=TopLayer-Attack_Mitigator_Transition_Record_To_First_Level firewall # 12121=TopLayer-Attack_Mitigator_IP_Fragment dos # 12122=TopLayer-Attack_Mitigator_Detected_Address_Spoof intrusion # 12123=TopLayer-Attack_Mitigator_Event_Recurring_Spoof intrusion # 12124=TopLayer-Attack_Mitigator_Event_Ending_Spoof intrusion # 12125=TopLayer-Attack_Mitigator_MIB_Threshold system # 12126=TopLayer-Classification_Events system # 12127=TopLayer-Remote_Access_Events login # 12128=TopLayer-Remote_Access_Session_Events login # 12129=TopLayer-Remote_Access_MIB_Threshold_Events system # 12130=TopLayer-Policy_Events system # 12131=TopLayer-Configuration_Events system # 12132=TopLayer-Statistic_Events intrusion # 12133=TopLayer-ROE_Events error # 12134=TopLayer-ROE_Events_IP_Fragement_Errors error # 12135=TopLayer-ROE_Events_MIB_Thresholds error # # Plugins for file /usr/thunder/daemons/plugins/nips_vsecure_netprotect.prm # # # Plugins for file /usr/thunder/daemons/plugins/os_freebsd.prm # # 1200=Promiscuous_Mode_Enabled system # 1201=Promiscuous_Mode_Disabled system # 1202=FreeBSD-IP_Address_In_Use error # 1203=FreeBSD-ICMP_Bandwidth_Limit system # 1204=FreeBSD-ICMP_Limiting_Ping_Response scanning # 1205=FreeBSD-Limiting_RST_Response scanning # 1206=FreeBSD-Refused_ROOT_Login login-failure # 1207=FreeBSD-Mulitple_Login_Failures login-failure # 1208=FreeBSD-TCP_Connection_Attempt connection # 1209=FreeBSD-syslogd_Discarded_Packets system # 1211=FreeBSD-rpc intrusion # 1212=RPC-STATD_Exploit_Attempt intrusion # 1213=FreeBSD-Root_Process_Exited process # 1214=FreeBSD-Failed_calife_Usage system # 1215=FreeBSD-Begin_calife_Usage system # 1216=FreeBSD-End_calife_Usage system # 1217=FreeBSD-syslogd_Crash error # 1218=FreeBSD-File_System_Full error # 1219=FreeBSD-NonRoot_Process_Exited process # 1220=FreeBSD-Out_of_memory error # 1221=FreeBSD-Out_of_swap_space error # 1223=FreeBSD-Disk_Error error # 1224=FreeBSD-Disk_Error error # 1225=FreeBSD-Time_Adjusted system # 1226=FreeBSD-Login_Error login-failure # 1227=BSD-Disk_Full error # 1228=BSD-File_System_Full error # 1229=BSD-User_Added system # 1230=FreeBSD-Root_Command_Issued process # 1231=FreeBSD-User_Issued_Command process # # Plugins for file /usr/thunder/daemons/plugins/os_linux.prm # # 1300=Linux-User_Added system # 1301=Linux-Group_Added system # 1306=Linux-Root_Login login # 1307=Linux-Password_Change system # 1308=Linux-Failed_Login login-failure # 1309=Linux-Failed_Login login-failure # 1310=Linux-DPKG_Software_Installed system # 1311=Linux-DPKG_Software_Removed system # 1312=Linux-rpc intrusion # 1313=Linux-rpc connection # 1314=Linux-Failed_SU_Login login-failure # 1315=Linux-Failed_NFS_Mount access-denied # 1316=Linux-Promiscuous_Mode_Enabled system # 1317=Linux-Promiscuous_Mode_Enabled system # 1318=Linux-Group_Added system # 1319=Linux-User_Exists error # 1320=Linux-User_Added system # 1321=Linux-User_Removed_From_Group system # 1322=Linux-User_Deleted system # 1323=Linux-User_PW_Changed system # 1324=Linux-User_PW_Changed system # 1325=Linux-User_Deleted system # 1326=Linux-User_Added system # 1327=Linux-Group_Added system # 1328=SELinux-AVC_granted system # 1329=SELinux-AVC_denied access-denied # 1332=Named-Cache_Denied access-denied # 1333=Named-Configuration_Failure error # 1334=SELinux-Action_Prevention access-denied # 1335=Linux-Out_Of_Memory error # 1336=Linux-CDROM_Error error # 1337=Linux-Xinetd_Connection connection # 1338=Linux-Yum_Installation system # 1339=Linux-System_Start restart # 1340=Linux-Yum_Updated system # 1341=Linux-Yum_Erased system # 1342=Linux-Up2date_Authenticated system # 1343=Linux-Up2date_Connection_Failure error # 1344=Linux-Up2date_Registered_System system # 1345=Linux-Up2date_Package_Additions system # 1346=Linux-Up2date_Package_Deletions system # 1347=Linux-Up2date_Activation_Failure error # 1348=Linux-Up2date_Invalid_Credentials error # 1349=Linux-Network_Time_Update system # 1350=Linux-Promiscuous_Mode_Disabled system # 1351=Linux-User_Removed_From_Group system # 1352=Linux-Group_Removed system # 1353=Linux-Group_Passwd_Change system # 1354=Linux-Network_Time_Daemon_Shutdown process # 1355=Linux-Network_Time_Daemon_Version system # 1356=Linux-Segfault_Detected process # 1357=Linux-Network_Time_Permission_Denied error # 1358=Linux-Promiscuous_Mode_Enabled system # 1359=Linux-Promiscuous_Mode_Disabled system # 1360=Linux-Mulitple_SUDO_Failures login-failure # 1361=Linux-Network_Time_Local_Update system # 1362=Linux-User_Account_Removed system # 1363=SELinux-Disabled system # 1364=SELinux-Enabled system # 1365=Linux-Xinetd restart # 1366=Linux-Xinetd_Connection_Finished connection # 1367=Linux-Command_Issued_By_Root process # 1368=Linux-Command_Issued_By_SuperUser process # 1369=Linux-User_Issued_Command process # 1370=Linux-DPKG_Software_Configured system # 1371=Linux-Network_Time_Reset system # 1372=Linux-SFCB_SSL_Connection_Error error # 1373=Linux-Command_Issued_By_SuperUser_With_ParentID process # 1374=Linux-User_Issued_Command_With_ParentID process # 1375=Linux-Command_Issued_By_Root_With_ParentID process # 1376=Linux-Command_Exited_Abnormally process # 1377=Linux-SSH_Unknown_User login-failure # 1378=Linux-SU_Session_Opened login # 1379=Linux-SU_Session_Closed logout # 1380=Linux-SU_Authentication_Failure login-failure # # Plugins for file /usr/thunder/daemons/plugins/os_linux_audit.prm # # 7005=Linux-Audit_Credential_Refresh process # 7006=Linux-Audit_Credential_Reset process # 7007=Linux-Audit_User_Session_End logout # 7008=Linux-Audit_User_Authorized login # 7009=Linux-Audit_Credential_Set process # 7010=Linux-Audit_User_Login login # 7011=Linux-Audit_User_Session_Started login # 7012=Linux-Audit_User_Execute system # 7013=Linux-Audit_User_Authenticated login # 7014=Linux-Auditservice_Started system # 7015=Linux-Audit_Configuration_Changed system # 7016=Linux-Audit_User_Authenticate_Failed login-failure # 7017=Linux-Audit_User_Login_Failed login-failure # 7018=Linux-Audit_Credential_Refresh process # 7019=Linux-Audit_Credential_Reset process # 7020=Linux-Audit_User_Session_End logout # 7021=Linux-Audit_User_Authorized login # 7022=Linux-Audit_Credential_Set process # 7023=Linux-Audit_User_Session_Started login # 7024=Linux-Audit_User_Authenticated login # 7025=Linux-Audit_User_Authenticate_Failed login-failure # 7026=Linux-Audit_User_Login_Failed login-failure # 7027=Linux-Audit_Syscall system # 7028=Linux-Audit_Privilege_Inspect system # 7029=Linux-Audit_User_Error login-failure # 7030=Linux-Audit_User_Error login-failure # 7031=Linux-Audit_User_Login login # 7032=Linux-Audit_System_Shutdown restart # 7033=Linux-Audit_Add_User error # 7034=Linux-Audit_Daemon_Modified system # 7035=Linux-Audit_User_Role_Change system # 7036=Linux-Audit_Time_Change system # 7037=Linux-Audit_Runlevel_Changed system # 7038=Linux-Audit_Mac system # 7039=Linux-Audit_Chauthtok system # 7040=Linux-Audit_Login_Violation login-failure # 7041=Linux-Audit_Lock_Unlock_User system # 7042=Linux-Audit_Promiscuous_Device system # 7043=Linux-Audit_User_Role_Change_Failed system # 7044=Linux-Audit_User_Cmd_Issued system # 7045=Linux-Audit_User_Login login # 7046=Linux-Audit_User_Login_Failed login-failure # 7047=Linux-Audit_User_Authenticate_Failed login-failure # 7048=Linux-Audit_User_Login_Failed login-failure # 7049=Linux-Audit_Crypto_Session connection # # Plugins for file /usr/thunder/daemons/plugins/os_mvs_mainframe.prm # # 10500=Mainframe-Logon login # 10501=Mainframe-Logoff logout # 10502=Mainframe-Invalid_Password login-failure # 10503=Mainframe-Undefined_User login-failure # 10504=Mainframe-Insufficient_Authority access-denied # 10505=Mainframe-Insufficient_Authority access-denied # 10506=Mainframe-SQL_Grant_Access system # 10507=Mainframe-SQL-Alter_Table system # 10508=Mainframe-913_Abend system # # Plugins for file /usr/thunder/daemons/plugins/os_osx.prm # # 2400=OSX-Network_Transition system # 2401=OSX-Failed_SU_Login login-failure # 2404=OSX-Software_Update system # 2405=OSX-Su_Failure login-failure # 2406=OSX-Brute_Force_Root login-failure # 2407=OSX-Brute_Force login-failure # 2408=OSX-Process_Crash process # 2409=OSX-Limiting_RST_Response scanning # 2410=OSX-Admin_Installing_Software system # 2411=OSX-Failed_Login login-failure # 2412=OSX-Failed_Authorization login-failure # 2413=OSX-User_Authenticated login # 2414=OSX-Failed_Name_Resolution error # 2415=OSX-Failed_Authentication login-failure # 2416=OSX-Admin_Action_Authenticated login # 2417=OSX-Valid_Authentication login # 2418=OSX-Process_Crash_Report process # 2419=OSX-AFP_Mount system # 2420=OSX-AFP_Unmount system # 2421=OSX-TimeMachine_MountAttempt system # 2422=OSX-TimeMachine_Mount system # 2423=OSX-TimeMachine_Backup system # 2424=OSX-TimeMachine_Backup_Copied_Files system # 2425=OSX-TimeMachine_Backup_Thinning system # 2426=OSX-TimeMachine_Backup_Succeeded system # 2427=OSX-TimeMachine_Backup_Canceled system # 2428=OSX-SecurityAgent_AdminPrivRequest system # 2429=OSX-SecurityAgent_PrivRequest system # 2430=OSX-SecurityServer-Success login # 2431=OSX-Root_Command_Issued process # 2432=OSX-Application_Installed_From_Remote_Share system # 2433=OSX-Application_Installed_From_Remote_Share system # 2434=OSX-Application_Installed_From_Remote_Share system # 2435=OSX-Application_Installed_From_Remote_Share system # 2436=OSX-Application_Installed_From_Remote_Share system # 2437=OSX-Application_Installed system # 2438=OSX-AdobeFlash_Installed system # 2439=OSX-Root_Process_Crash process # 2440=OSX-User_Process_Crash process # 2441=OSX-Application_Installed system # # Plugins for file /usr/thunder/daemons/plugins/os_racf_mainframe.prm # # 10530=Mainframe-RACF_Invalid_Password_At_Terminal login-failure # 10531=Mainframe-RACF_User_Not_Defined login-failure # 10532=Mainframe-RACF_User_Profile_Not_Found login-failure # 10533=Mainframe-RACF_Insufficeint_Read_Authority access-denied # 10534=Mainframe-RACF_Violation_Of_Command access-denied # # Plugins for file /usr/thunder/daemons/plugins/os_smf_mainframe.prm # # 10550=Mainframe-Data_Open_For_Update system # 10551=Mainframe-Data_Deleted system # 10552=Mainframe-Data_Opened_For_Input system # 10553=Mainframe-Step_Termination system # 10554=Mainframe-Task_Termination system # 10555=Mainframe-Job_Started system # 10556=Mainframe-Termination_TSO system # # Plugins for file /usr/thunder/daemons/plugins/os_solaris.prm # # 2500=Solaris-cachefsd_Segmentation_Fault process # 2503=Solaris-SNMP_Protos_Attack intrusion # 2505=Solaris-SU_Root_Failure login-failure # 2506=Solaris-SU_Root_Succeeded login # 2507=Solaris-Muliple_Login_Failures login-failure # 2508=Solaris-ypbind_Connection_Refused access-denied # 2509=Solaris-statd_Exploit intrusion # 2510=Solaris-SU_root_Succeeded login # 2511=Solaris-SU_root_Failed login-failure # 2512=Solaris-Overflow_Attempt intrusion # # Plugins for file /usr/thunder/daemons/plugins/os_suse.prm # # # Plugins for file /usr/thunder/daemons/plugins/os_unix.prm # # 1400=Unix-Sudo_Finished logout # 1401=Unix-Sudo_Success login # 1402=Unix-Failed_SU_Attempt login-failure # 1403=Unix-Sudo_Failure login-failure # 1404=Unix-Successful_Sudo login # 1405=Unix-NFS_Mount_Failure error # 1406=Unix-Excessive_xinetd_Connections scanning # 1407=Unix-Sudo_Attempt login-failure # 1408=Unix-Sudo_Success login # 1409=Unix-Sudo_Failure login-failure # 1410=Unix-Logon login # 1411=Unix-Logon_Failure login-failure # 1412=Unix-Su_To_Root_Successful login # 1413=Unix-Su_To_Root_Failed login-failure # 1414=Unix-Syslog_Restarted restart # 1415=Unix-Telnet_Session_Died scanning # 1416=Unix-Rshd_From_Address_Not_Valid scanning # 1417=Unix-Rlogin_Illegal_Port_Connection scanning # 1418=Unix-Password_Read_Failed error # 1419=Unix-Failed_Login login-failure # 1420=Unix-Failed_RSH_Login login-failure # 1421=Unix-Failed_Unknown_User_Login login-failure # 1422=UNIX-Login_Failures login-failure # 1423=UNIX-Portmapper_Connection intrusion # 1424=Unix-Failed_SU_Attempt login-failure # 1425=Unix-SU_Event login # 1426=Unix-Unable_To_Get_Filestats error # 1427=Unix-Unable_To_Update_Domain_Stats error # 1428=Unix-Error_Threshold_Exceeded error # 1430=Unix-Pdntfs_Exit_Status process # 1431=Unix-Unable_To_RPC_Register error # 1432=Unix-Rshd_Connection_On_Illegal_Port scanning # 1433=Unix-Rlogind_Connection_On_Illegal_Port scanning # 1436=Unix-Sshd_Illegal_Protocol_Version error # 1437=Unix-Sshd_Wrong_Root_Password login-failure # 1438=Unix-Vmunix_Domain_Panic error # 1439=Unix-Syslog_Restarted restart # 1440=Unix-LPD_Restarted restart # 1441=Unix-System_Reboot restart # 1442=Unix-System_Reboot restart # 1443=Unix-CRONTAB_Edit detected-change # 1444=Unix-Root_Issued_Command process # 1445=Unix-User_Issued_Command process # 1446=Unix-User_Issued_SU_Command login # 1447=Unix-System_Rebooted restart # # Plugins for file /usr/thunder/daemons/plugins/os_unix_audit.prm # # 10000=Unix-Audit_Boot restart # 10001=Unix-Audit_Enter_Promiscous_Mode process # 10002=Unix-Audit_Exited_Promiscous_Mode process # 10003=Unix-Audit_Mount_Unmount_File_System process # 10004=Unix-Audit_Connection_Inetd process # 10005=Unix-Audit_Login login # 10006=Unix-Audit_Logout logout # 10007=Unix-Audit_Telnet process # 10008=Unix-Audit_Rlogin process # 10009=Unix-Audit_Rshd process # 10010=Unix-Audit_Su process # 10011=Unix-Audit_Authentication_Failed login-failure # 10012=Unix-Audit_Ftp_Bad_Password login-failure # 10013=Unix-Audit_Ftp_No_Account login-failure # 10014=Unix-Audit_Ftp_Misc login-failure # 10015=Unix-Audit_Ftp_Anonymous login-failure # 10016=Unix-Audit_Ssh_Permission_Denied login-failure # 10017=Unix-Audit_Ftp_User_Excluded login-failure # 10018=Unix-Audit_Ssh_Login login # 10019=Unix-Audit_Rexecd process # 10020=Unix-Audit_Passwd detected-change # 10021=Unix-Audit_Rexd process # 10022=Unix-Audit_Admin_Authenticte process # 10023=Unix-Audit_Enable_User detected-change # 10024=Unix-Audit_Disable_User detected-change # 10025=Unix-Audit_Delete_User detected-change # 10026=Unix-Audit_Modify_User detected-change # 10027=Unix-Audit_Create_User detected-change # 10028=Unix-Audit_Listdevice_Failure error # 10029=Unix-Audit_Listdevice process # 10030=Unix-Audit_Deallocate_fail error # 10031=Unix-Audit_Deallocate process # 10032=Unix-Audit_Crontab_modified detected-change # 10033=Unix-Audit_Solaris_Poweroff restart # 10034=Unix-Audit_Solaris_Shutdown restart # 10035=Unix-Audit_Solaris_Uadmin process # 10036=Unix-Audit_Solaris_Init process # 10037=Unix-Audit_Solaris_Reboot restart # 10038=Unix-Audit_Solaris_Halt process # 10039=Unix-Audit_Crontab_Permissions detected-change # 10040=Unix-Audit_Crontab_Delete detected-change # 10041=Unix-Audit_Crontab_Create detected-change # 10042=Unix-Audit_Cron_Invoke process # 10043=Unix-Audit_At_Permissions detected-change # 10044=Unix-Audit_At_Delete detected-change # 10045=Unix-Audit_At_Create detected-change # 10046=Unix-Audit_Umount process # 10047=Unix-Audit_Setaudit process # 10048=Unix-Audit_Processor_Bind process # 10049=Unix-Audit_P_Online process # 10050=Unix-Audit_Module process # 10051=Unix-Audit_UTSSYS process # 10052=Unix-Audit_AUDITON process # 10053=Unix-Audit_STIME process # 10054=Unix-Audit_AUDITSTAT process # 10055=Unix-Audit_SETKERNSTATE process # 10056=Unix-Audit_AUDITSVC process # 10057=Unix-Audit_SETUSERAUDIT process # 10058=Unix-Audit_SETAUID process # 10059=Unix-Audit_NFS_SVC process # 10060=Unix-Audit_ASYSNC_DAEMON process # 10061=Unix-Audit_Mount process # 10062=Unix-Audit_EXPORTFS process # 10063=Unix-Audit_QUOTACTL process # 10064=Unix-Audit_Set_Domain_Name process # 10065=Unix-Audit_Ajust_Time process # 10066=Unix-Audit_Set_Time process # 10067=Unix-Audit_Set_Host_Name process # 10068=Unix-Audit_Swap_On process # 10069=Unix-Audit_Reboot process # 10070=Unix-Audit_ACCT process # 10071=Unix-Audit_MKNOD process # 10072=Unix-Audit_Login_Failure login-failure # 10073=Unix-Audit_Started process # 10074=Unix-Audit_Login login # 10075=Unix-Audit_User_Authentication login # 10076=Unix-Audit_Login_Failure login-failure # 10077=Unix-Audit_User_Authentication_Failed login-failure # 10078=Unix-Audit_Ssauthorize login # 10079=Unix-Audit_Console_Login login # 10080=Unix-Audit_Lw_Login login # 10081=Unix-Audit_Add_User_To_Group detected-change # 10082=Unix-Audit_Ssauthint login # 10084=Unix-Audit_Password_Modified detected-change # 10085=Unix-Audit_Group_Added detected-change # 10086=Unix-Audit_Operation_Not_Permitted error # 10087=Unix-Audit_Builtin_Authenticate login # 10088=Unix-Audit_Modify_Group detected-change # # Plugins for file /usr/thunder/daemons/plugins/os_win2008_sec.prm # # 7287=Windows-Shadow_Copy_Created system # 7288=Windows-Handle_Requested system # 7289=Windows-Process_Exited process # 7290=Windows-Connection_Allowed connection # 7291=Windows-New_Process_Created process # 7292=Windows-Blocked_A_Bind access-denied # 7293=Windows-Successful_Login login # 7294=Windows-Privileges_Assigned login # 7295=Windows-Primary_Token_Assigned system # 7296=Windows-Privileged_Service_Called system # 7297=Windows-Attempted_Hard_Link_Creation system # 7298=Windows-Attempted_Handle_Duplication system # 7299=Windows-Handle_Closed system # 7300=Windows-Transaction_Changed system # 7301=Windows-Attempted_Access_Object system # 7302=Windows-Privileged_Service_Called access-denied # 7303=Windows-Handle_Requested access-denied # 7304=Windows-Login login # 7305=Windows-Time_Changed system # 7306=Windows-Credential_Validation login # 7307=Windows-Firewall_Started system # 7308=Windows-Account_Logged_Off logout # 7309=Windows-Network_Share_Accessed system # 7310=Windows-Domain_Controller_Computer_Validation login-failure # 7311=Windows-Failed_Login login-failure # 7312=Windows-Filtering_Changed system # 7313=Windows-Hash_Not_Valid error # 7314=Windows-Scheduled_Task_Created system # 7315=Windows-Scheduled_Task_Deleted system # 7316=Windows-Process_Registered login # 7317=Windows-Provider_Context_Changed system # 7318=Windows-Callout_Changed system # 7319=Windows-Object_Deleted system # 7320=Windows-Kerberos_Loaded system # 7321=Windows-Audit_Policy_Created system # 7322=Windows-RPC_Detected_Integrity_Violation error # 7323=Windows-Registered_Security_Event system # 7324=Windows-Unregistered_Security_Event system # 7325=Windows-Firewall_Rule_Ignored error # 7326=Windows-Screen_Saver_Invoked system # 7327=Windows-Screen_Saver_Dismissed system # 7328=Windows-Audit_Settings_Changed system # 7329=Windows-User_Logoff logout # 7330=Windows-Incorrect_Parameter error # 7332=Windows-Firewall_Change system # 7333=Windows-Reconnected_Session connection # 7334=Windows-Disconnected_Session connection # 7336=Windows-Workstation_Unlocked system # 7337=Windows-User_Added_Global_Group system # 7338=Windows-User_Created system # 7339=Windows-User_Enabled system # 7340=Windows-User_Changed system # 7341=Windows-User_Added_Local_Group system # 7342=Windows-User_Removed_Local_Group system # 7343=Windows-User_Removed_Global_Group system # 7344=Windows-User_Deleted system # 7345=Windows-Domain_Policy_Changed system # 7346=Windows-Password_Changed system # 7347=Windows-Key_File_Operation system # 7348=Windows-Cryptographic-Operation system # 7349=Windows-Firewall_Rule_Added system # 7350=Windows-Service_Installed system # 7351=Windows-Local_Group_Created system # 7352=Windows-System_Security_Granted_Account system # 7353=Windows-User_Right_Assigned system # 7354=Windows-Local_Group_Changed system # 7355=Windows-Cryptographic-Test system # 7356=Windows-User_Locked_Out access-denied # 7357=Windows-Connection_Blocked firewall # 7358=Windows-Packet_Blocked firewall # 7359=Windows-Bind_Allowed connection # 7360=Windows-Global_Group_Deleted system # 7361=Windows-Global_Group_Created system # 7362=Windows-User_Disabled system # 7363=Windows-Password_Change_Attempt system # 7364=Windows-Replay_Attack_Detected intrusion # 7365=Windows-Domain_Controller_Failed_Validation login-failure # 7366=Windows-Kerberos_Auth_Ticket_Request login # 7367=Windows-Kerberos_Service_Ticket_Request system # 7368=Windows-Kerberos_Service_Ticket_Renewed system # 7369=Windows-Computer_Account_Created system # 7370=Windows-Computer_Account_Created system # 7371=Windows-Computer_Account_Deleted system # 7372=Windows-Account_Accessed system # 7374=Windows-Audit_Policy_Changed system # 7376=Windows-Filter_Present system # 7377=Windows-Firewall_Rule_Not_Applied error # 7378=Windows-Local_Group_Deleted system # 7379=Windows-Global_Group_Changed system # 7380=Windows-Universal_Group_Created system # 7381=Windows-Universal_Group_Changed system # 7382=Windows-Universal_Group_Member_Added system # 7383=Windows-Universal_Group_Member_Removed system # 7384=Windows-Universal_Group_Deleted system # 7385=Windows-SID_History_Added system # 7386=Windows-SID_History_Add_Failed error # 7387=Windows-User_Account_Unlocked system # 7388=Windows-ACL_Set_On_Admin_Groups system # 7389=Windows-Account_Name_Changed system # 7390=Windows-Active_Directory_Attributes_Replicated system # 7392=Windows-Replication_Failure_Begins system # 7393=Windows-Replication_Failure_Ends system # 7394=Windows-Directory_Service_Modified system # 7395=Windows-Directory_Service_Created system # 7396=Windows-Directory_Service_Undeleted system # 7397=Windows-Directory_Service_Moved system # 7398=Windows-Directory_Service_Deleted system # 7399=Windows-Directory_Sync_Begun system # 7400=Windows-Directory_Sync_Ended system # 7401=Windows-SIDS_Filtered system # 7402=Windows-Credentials_Disallowed access-denied # 7403=Windows-Wireless_Request connection # 7404=Windows-Wired_Request connection # 7405=Windows-File_Virtualized system # 7406=Windows-Blocked_Incoming_Connection firewall # 7407=Windows-Scheduled_Task_Enabled system # 7408=Windows-Scheduled_Task_Disabled system # 17409=Windows-Scheduled_Task_Updated system # 17410=Windows-Registry_Changed system # 17411=Windows-Registry_Key_Virtualized system # 17412=Windows-SACL_Policy_Changed system # 17413=Windows-CrashOnAuditFail_Changed system # 17414=Windows-Domain_New_Trust_Created system # 17415=Windows-Domain_Trust_Removed system # 17416=Windows-Kerberos_Policy_Changed system # 17417=Windows-Domain_Info_Modified system # 17418=Windows-Security_Granted_Account system # 17419=Windows-Namespace_Collision error # 17420=Windows-Trusted_Forest_Added system # 17421=Windows-Trusted_Forest_Removed system # 17422=Windows-Trusted_Forest_Modified system # 17423=Windows-User_Right_Removed system # 17424=Windows-Encryption_Policy_Changed system # 17425=Windows-Firewall_Policy_Active system # 17426=Windows-Firewall_Rule_Listed system # 17427=Windows-Firewall_Rule_Deleted system # 17428=Windows-Firewall_Default_Settings_Restored system # 17429=Windows-Firewall_Setting_Changed system # 17430=Windows-Firewall_Rule_Ignored error # 17431=Windows-Firewall_Rule_Parts_Ignored error # 17432=Windows-Firewall_Policy_Applied system # 17433=Windows-Firewall_Profile_Changed system # 17434=Windows-Firewall_Rule_Discarded system # 17435=Windows-Group_Policy_Applied system # 17436=Windows-Security_Policy_Errors error # 17437=Windows-Firewall_Stopped error # 17438=Windows-Firewall_Policy_Storage_Error error # 17439=Windows-Firewall_Policy_Parsing_Error error # 17440=Windows-Firewall_Service_Failed error # 17441=Windows-Firewall_Service_Failed_Start error # 17442=Windows-Firewall_Failed_Notification error # 17443=Windows-Firewall_Driver_Started system # 17444=Windows-Firewall_Stopped restart # 17445=Windows-Firewall_Driver_Failure error # 17446=Windows-Firewall_Runtime_Failure error # 17447=Windows-Starting restart # 17448=Windows-Shutting_Down restart # 17449=Windows-Recovered restart # 17450=Windows-Network_Policy_Granted_Access login # 17451=Windows-Network_Policy_Denied_Access access-denied # 17452=Windows-Network_Policy_Discarded_Request access-denied # 17453=Windows-Network_Policy_Discarded_Acct_Request access-denied # 17454=Windows-Network_Policy_Quarantined_User access-denied # 17455=Windows-Network_Policy_Probation_User login # 17456=Windows-Network_Policy_Access_Granted login # 17457=Windows-Network_Policy_Account_Locked access-denied # 17458=Windows-Network_Policy_Account_Unlocked login # 17459=Windows-IPsec_Settings_Changed system # 17460=Windows-IPsec_Dropped_Inbound_Packet firewall # 17461=Windows-Permitted_Listening_Inbound_Connection connection # 17462=Windows-Permitted_Outbound_Connection connection # 17463=Windows-Indirect_Access_Requested system # 17464=Windows-Network_Share_Object_Checked system # 17465=Windows-Network_Share_Object_Added system # 17466=Windows-Credential_Validation system # 17467=Windows-Successful_Login login # 17468=Windows-Failed_Login login-failure # 17469=Windows-Login login # 17470=Windows-Network_Share_Accessed system # 17471=Windows-Successful_Login login # 17472=Windows-Failed_Login login-failure # 17473=Windows-Kerberos_PreAuthentication_Failure login-failure # 17474=Windows-Operation_Performed_On_Object system # 17475=Windows-Operation_Performed_On_Object_Failed access-denied # 17476=Windows-Kerberos_Auth_Ticket_Request_Failed login-failure # 17477=Windows-Kerberos_Service_Ticket_Request_Failed system # 17478=Windows-Directory_Sync_Ended_Failed system # 17479=Windows-Active_Directory_Modified system # # Plugins for file /usr/thunder/daemons/plugins/os_win2008_syslog_sec.prm # # 33000=Windows-Shadow_Copy_Created system # 33001=Windows-Handle_Requested system # 33002=Windows-Process_Exited system # 33003=Windows-Connection_Allowed system # 33004=Windows-New_Process_Created system # 33005=Windows-Blocked_A_Bind system # 33006=Windows-Successful_Login system # 33007=Windows-Privileges_Assigned system # 33008=Windows-Primary_Token_Assigned system # 33009=Windows-Privileged_Service_Called system # 33010=Windows-Attempted_Hard_Link_Creation system # 33011=Windows-Attempted_Handle_Duplication system # 33012=Windows-Handle_Closed system # 33013=Windows-Transaction_Changed system # 33014=Windows-Attempted_Access_Object system # 33015=Windows-Privileged_Service_Called system # 33016=Windows-Handle_Requested system # 33017=Windows-Login system # 33018=Windows-Time_Changed system # 33019=Windows-Credential_Validation system # 33020=Windows-Firewall_Started system # 33021=Windows-Account_Logged_Off system # 33022=Windows-Network_Share_Accessed system # 33023=Windows-Domain_Controller_Validation system # 33024=Windows-Failed_Login system # 33025=Windows-Filtering_Changed system # 33026=Windows-Hash_Not_Valid system # 33027=Windows-Scheduled_Task_Created system # 33028=Windows-Scheduled_Task_Deleted system # 33029=Windows-Process_Registered system # 33030=Windows-Provider_Context_Changed system # 33031=Windows-Callout_Changed system # 33032=Windows-Object_Deleted system # 33033=Windows-Kerberos_Loaded system # 33034=Windows-Audit_Policy_Created system # 33035=Windows-RPC_Detected_Integrity_Violation system # 33036=Windows-Registered_Security_Event system # 33037=Windows-Unregistered_Security_Event system # 33038=Windows-Firewall_Rule_Ignored system # 33039=Windows-Screen_Saver_Invoked system # 33040=Windows-Screen_Saver_Dismissed system # 33041=Windows-Audit_Settings_Changed system # 33042=Windows-User_Logoff system # 33043=Windows-Incorrect_Parameter system # 33045=Windows-Firewall_Change system # 33046=Windows-Reconnected_Session system # 33047=Windows-Disconnected_Session system # 33049=Windows-Workstation_Unlocked system # 33050=Windows-User_Added_Global_Group system # 33051=Windows-User_Created system # 33052=Windows-User_Enabled system # 33053=Windows-User_Changed system # 33054=Windows-User_Added_Local_Group system # 33055=Windows-User_Removed_Local_Group system # 33056=Windows-User_Removed_Global_Group system # 33057=Windows-User_Deleted system # 33058=Windows-Domain_Policy_Changed system # 33059=Windows-Password_Changed system # 33060=Windows-Key_File_Operation system # 33061=Windows-Cryptographic-Operation system # 33062=Windows-Firewall_Rule_Added system # 33063=Windows-Service_Installed system # 33064=Windows-Local_Group_Created system # 33065=Windows-System_Security_Granted_Account system # 33066=Windows-User_Right_Assigned system # 33067=Windows-Local_Group_Changed system # 33068=Windows-Cryptographic-Test system # 33069=Windows-User_Locked_Out system # 33070=Windows-Connection_Blocked system # 33071=Windows-Packet_Blocked system # 33072=Windows-Bind_Allowed system # 33073=Windows-Global_Group_Deleted system # 33074=Windows-Global_Group_Created system # 33075=Windows-User_Disabled system # 33076=Windows-Password_Change_Attempt system # 33077=Windows-Replay_Attack_Detected system # 33078=Windows-Domain_Controller_Failed_Validation system # 33079=Windows-Kerberos_Auth_Ticket_Request system # 33080=Windows-Kerberos_Service_Ticket_Request system # 33081=Windows-Kerberos_Service_Ticket_Renewed system # 33082=Windows-Computer_Account_Created system # 33083=Windows-Computer_Account_Created system # 33084=Windows-Computer_Account_Deleted system # 33085=Windows-Account_Accessed system # 33087=Windows-Audit_Policy_Changed system # 33089=Windows-Filter_Present system # 33090=Windows-Firewall_Rule_Not_Applied system # 33091=Windows-Local_Group_Deleted system # 33092=Windows-Global_Group_Changed system # 33093=Windows-Universal_Group_Created system # 33094=Windows-Universal_Group_Changed system # 33095=Windows-Universal_Group_Member_Added system # 33096=Windows-Universal_Group_Member_Removed system # 33097=Windows-Universal_Group_Deleted system # 33098=Windows-SID_History_Added system # 33099=Windows-SID_History_Add_Failed system # 33100=Windows-User_Account_Unlocked system # 33101=Windows-ACL_Set_On_Admin_Groups system # 33102=Windows-Account_Name_Changed system # 33103=Windows-Active_Directory_Attributes_Replicated system # 33105=Windows-Replication_Failure_Begins system # 33106=Windows-Replication_Failure_Ends system # 33107=Windows-Directory_Service_Modified system # 33108=Windows-Directory_Service_Created system # 33109=Windows-Directory_Service_Undeleted system # 33110=Windows-Directory_Service_Moved system # 33111=Windows-Directory_Service_Deleted system # 33112=Windows-Directory_Sync_Begun system # 33113=Windows-Directory_Sync_Ended system # 33114=Windows-SIDS_Filtered system # 33115=Windows-Credentials_Disallowed system # 33116=Windows-Wireless_Request system # 33117=Windows-Wired_Request system # 33118=Windows-File_Virtualized system # 33119=Windows-Blocked_Incoming_Connection system # 33120=Windows-Scheduled_Task_Enabled system # 33121=Windows-Scheduled_Task_Disabled system # 43122=Windows-Scheduled_Task_Updated system # 43123=Windows-Registry_Changed system # 43124=Windows-Registry_Key_Virtualized system # 43125=Windows-SACL_Policy_Changed system # 43126=Windows-CrashOnAuditFail_Changed system # 43127=Windows-Domain_New_Trust_Created system # 43128=Windows-Domain_Trust_Removed system # 43129=Windows-Kerberos_Policy_Changed system # 43130=Windows-Domain_Info_Modified system # 43131=Windows-Security_Granted_Account system # 43132=Windows-Namespace_Collision system # 43133=Windows-Trusted_Forest_Added system # 43134=Windows-Trusted_Forest_Removed system # 43135=Windows-Trusted_Forest_Modified system # 43136=Windows-User_Right_Removed system # 43137=Windows-Encryption_Policy_Changed system # 43138=Windows-Firewall_Policy_Active system # 43139=Windows-Firewall_Rule_Listed system # 43140=Windows-Firewall_Rule_Deleted system # 43141=Windows-Firewall_Default_Settings_Restored system # 43142=Windows-Firewall_Setting_Changed system # 43143=Windows-Firewall_Rule_Ignored system # 43144=Windows-Firewall_Rule_Parts_Ignored system # 43145=Windows-Firewall_Policy_Applied system # 43146=Windows-Firewall_Profile_Changed system # 43147=Windows-Firewall_Rule_Discarded system # 43148=Windows-Group_Policy_Applied system # 43149=Windows-Security_Policy_Errors system # 43150=Windows-Firewall_Stopped system # 43151=Windows-Firewall_Policy_Storage_Error system # 43152=Windows-Firewall_Policy_Parsing_Error system # 43153=Windows-Firewall_Service_Failed system # 43154=Windows-Firewall_Service_Failed_Start system # 43155=Windows-Firewall_Failed_Notification system # 43156=Windows-Firewall_Driver_Started system # 43157=Windows-Firewall_Stopped system # 43158=Windows-Firewall_Driver_Failure system # 43159=Windows-Firewall_Runtime_Failure system # 43160=Windows-Starting system # 43161=Windows-Shutting_Down system # 43162=Windows-Recovered system # 43163=Windows-Network_Policy_Granted_Access system # 43164=Windows-Network_Policy_Denied_Access system # 43165=Windows-Network_Policy_Discarded_Request system # 43166=Windows-Network_Policy_Discarded_Acct_Request system # 43167=Windows-Network_Policy_Quarantined_User system # 43168=Windows-Network_Policy_Probation_User system # 43169=Windows-Network_Policy_Access_Granted system # 43170=Windows-Network_Policy_Account_Locked system # 43171=Windows-Network_Policy_Account_Unlocked system # 43172=Windows-IPsec_Settings_Changed system # 43173=Windows-IPsec_Dropped_Inbound_Packet system # 43174=Windows-Permitted_Listening_Inbound_Connection system # 43175=Windows-Permitted_Outbound_Connection system # 43176=Windows-Indirect_Access_Requested system # 43177=Windows-Network_Share_Object_Checked system # 43178=Windows-Network_Share_Object_Added system # 43179=Windows-Credential_Validation system # 43180=Windows-Successful_Login system # 43181=Windows-Failed_Login system # 43182=Windows-Login system # 43183=Windows-Network_Share_Accessed system # 43184=Windows-Successful_Login system # 43185=Windows-Failed_Login system # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_app.prm # # 3000=Windows-Application_Hung process # 3001=Windows-Application_Hung process # 3002=Windows-Application_Fault process # 3003=Windows-Application_Removed system # 3004=Windows-Application_Failed_Install error # 3005=Windows-Application_Installed system # 3007=VNC-Logon_Failure login-failure # 3008=Windows-System_Security_Policy_Applied system # 3019=VNC-Logon login # 3020=VNC-Logoff logout # 3021=Windows-Application_Installed system # 3022=VNC-Blacklisted login-failure # 3023=Windows-LSASS_Process_Failure_With_System_Restart error # 3024=Windows-Process_Failure_With_System_Restart error # 3034=Windows-Domain_Does_Not_Exist error # 3035=Windows-Cannot_Bind_To_Domain error # 3036=Windows-Terminated_Thread process # 3037=Windows-SharePoint_Login_Failed login-failure # 3038=Windows-SharePoint_Server_Not_Responding error # 3039=Windows-Security_Policy_Not_Propagated error # 3040=Windows-Security_Policy_Propagated_Warning system # 3041=Windows-Security_Successful_Certificate_Enrollment system # 3042=Windows-Security_Failed_Certificate_Enrollment error # 3043=Windows-License_Validated system # 3044=Windows-Created_Restore_Point system # 3045=Windows-Catalog_Checkpoint system # 3046=Windows-Policy_Updated system # 3047=Windows-Not_Compatible error # 3048=Windows-UltraVnc_Invalid_Attempt login-failure # 3049=Windows-Device_Not_Functioning error # 3050=Windows-LCE_Client_Installation_Failed error # 30500=Windows-Unhandled_Exception error # 30501=Windows-Application_Failure_Event process # 30502=Windows-WinMail_Event system # 30503=Windows-Application_Activation_Error error # 30504=Windows-Application_Error_Expanding_File error # 30505=Windows-Fault_Bucket error # 30506=Windows-MSExchange_Non_Delivery error # 30507=Windows-Msexchange_Delivery_Attempt application # 30508=Windows-Msexchange_Message_Delivered application # 30509=Windows-Msexchange_Message_Sent application # 30510=Windows-Msexchange_Duplicate_Message application # 30511=Windows-Xslogging_System_IO_IOException application # 30512=Windows-Xslogging_System_Event application # 30513=Windows-Pcanywhere_Remote_Logoff logout # 30514=Windows-Pcanywhere_Host_Started application # 30515=Windows-IRIS_Authentication_Successful login # 30516=Windows-IRIS_Signon_Successful login # 30517=Windows-IRIS_Signon_Failed login-failure # 30518=Windows-IRIS_Signoff_Completed logout # 30519=Windows-IRIS_Misc_Messages process # 30520=Windows-Remote_User_Login_Record login # 30521=Windows-Software_Installed system # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_sec.prm # # 3200=Windows-Logon_Attempt system # 3201=Windows-Logon_Failure login-failure # 3202=Windows-Administrator_Logon_Failure login-failure # 3203=Windows-Successful_Logon login # 3204=Windows-Successful_Administrator_Logon login # 3205=Windows-Successful_Logoff logout # 3206=Windows-Pre-authentication_Failed login-failure # 3207=Windows-Special_Privileges_Assigned system # 3208=Windows-Service_Ticket_Granted system # 3209=Windows-Account_Used_For_Login login # 3210=Windows-Authentication_Ticket_Granted system # 3211=Windows-Handle_Closed system # 3212=Windows-Trusted_Logon_Process login # 3214=Windows-Privileged_Service_Called system # 3216=Windows-Kerberos_Policy_Changed system # 3217=Windows-Security_Enabled_Global_Group_Member system # 3218=Windows-Ticket_Granted_Renewed system # 3219=Windows-Authentication_Ticket_Request_Failed login-failure # 3220=Windows-Service_Ticket_Request_Failed login-failure # 3222=Windows-Account_Logon_Failed login-failure # 3223=Windows-Successful_Network_Login login # 3224=Windows-User_Password_Set_Failed system # 3225=Windows-Successful_Network_Login login # 3226=Windows-IP_Conflict error # 3227=Windows-Time_Change system # 3228=Windows-User_Account_Deleted system # 3229=Windows-User_Account_Changed system # 3230=Windows-User_Account_Created system # 3231=Windows-User_Password_Set system # 3232=Windows-Audit_Policy_Changed system # 3233=Windows-Audit_Log_Cleared system # 3234=Windows-Account_Enabled system # 3236=Windows-Account_Currently_Disabled login-failure # 3238=Windows-User_Account_Disabled login-failure # 3239=Windows-User_Passwd_Expired login-failure # 3240=Windows-Account_Passwd_Expired login-failure # 3241=Windows-Account_Passwd_Expired login-failure # 3242=Windows-Successfull_Access_Grant system # 3243=Windows-Directoryservice_Restore_Mode_Password_Changed system # 3244=Windows-Account_Name_Changed system # 3245=Windows-Security_Enabled_Global_Group_Changes system # 3246=Windows-Security_Enabled_Local_Group_Changes system # 3247=Windows-Security_Enabled_Universal_Group_Changes system # 3248=Windows-Account_Expired login-failure # 3249=Windows-Special_Privilege_New_Logon login # 3250=Windows-Logon_Failure_Invalid_Logon_Type login-failure # 3251=Windows-Service_Installation_Attempt error # 3252=Windows-Logon_Failure_Incorrect_Logon_Time login-failure # 3253=Windows-System_Access_Grant system # 3254=Windows-Domain_Security_Policy_Change system # 3255=Windows-Account_Priviledge_Change system # 3256=Windows-New_Process_Created process # 3257=Windows-Process_Exited process # 3258=Windows-Host_Shutdown restart # 3260=Windows-Successful_Network_Login login # 3261=Windows-Account_Locked login-failure # 3262=Windows-Logon_With_Credentials login # 3263=Windows-Session_Reconnected system # 3264=Windows-Process_Assigned_Primary_Token system # 3265=Windows-Privilege_Change system # 3266=Windows-Directory_Replication_Operation system # 3267=Windows-Directory_Replication_Operation system # 3268=Windows-Directory_Replication_Operation system # 3269=Windows-Logon-Error login-failure # 3271=Windows-Password_Checking system # 3272=Windows-New_Process_Accepting_Traffic system # 3274=Windows-Login_Failure_Bad_Password login-failure # 3275=Windows-Login_Failure_Bad_Account login-failure # 3276=Windows-Login_Failure_Account_Locked login-failure # 3277=Windows-Login_Failure_Illegal_Host login-failure # 3278=Windows-Login_Failure_Expired_Password login-failure # 3279=Windows-Login_Failure_Account_Locked login-failure # 3280=Windows-Login_Failure_Account_Expired login-failure # 3281=Windows-Login_Failure_Account_Locked login-failure # 3282=Windows-Login_Failure login-failure # 3283=Windows-Logout logout # 3285=Windows-Computer_Account_Changed system # 3286=Windows-Firewall_Application_Changed system # 3287=Windows-Firewall_Application_Could_Not_Be_Started error # 3288=Windows-Application_Listening_For_Traffic system # 3289=Windows-Login_Failed_Account_Disabled login-failure # 3290=Windows-Successful_Network_Login login # 3291=Windows-Privileged_Service_Failed error # 3292=Windows-IPsec_Failed error # 3293=Windows-Session_Disconnect system # 3294=Windows-Successful_Network_Login login # 3295=Windows-Successful_Batch_Logon login # 3296=Windows-Successful_Service_Logon login # 3297=Windows-Successful_Unlock login # 3298=Windows-Successful_Remote_Session_Login login # 3299=Windows-Successful_Cached_Login login # 3320=Windows-Authentication_Package_Loaded system # 3321=Windows-User_Audit_Policy_Refreshed system # 3322=Windows-Failed_Audit_Of_Master_Key system # 3324=Windows-Logon_With_Credentials login # 3326=Windows-Authentication_Ticket_Not_Granted system # 3327=Windows-Successful_RunAs_Command login # 3328=Windows-Account_Locked system # 3329=Windows-Port_Exception system # 3330=Windows-Task_Created_Or_Modified system # 3331=Windows-User_Not_Allowed_Login login-failure # 3332=Windows-Netlogon_Not_Active login-failure # 3333=Windows-Audit_Failure error # 3334=Windows-Unable_To_Log_Events error # 3335=Windows-User_Account_Privilege_Removed system # 3336=Windows-System_Security_Access_Removed system # 3337=Windows-Service_Ticket_Request_Fail access-denied # 3338=Windows-Pre-authentication_Failed login-failure # 3339=Windows-Admin_ACLs_Set system # 3340=Windows-Successful_Network_Login login # 3341=Windows-User_Password_Set_Failed_Audit system # 3342=Windows-User_Account_Unlocked system # 3343=Windows-Logon-Error login-failure # 3344=Windows-Logon-Error login-failure # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_sys.prm # # 3103=Windows-Live_Updates_Ready system # 3104=Windows-Hotfix_Installed system # 3105=Windows-Browser_Failed_To_Retrieve error # 3106=Windows-Browser_Unable_To_Retrieve error # 3107=Windows-Print_Information system # 3108=Windows-Print_Warning error # 3109=Windows-Time_Sync system # 3110=Windows-Drive_Removed system # 3111=Windows-Timesync_Error error # 3112=Windows-Update_Successful system # 3113=Windows-Bad_Logon login-failure # 3114=Windows-Protocol_Error error # 3115=Windows-Authentication_Request_Not_Decoded system # 3116=Windows-System_Restart restart # 3117=Windows-Unexpected_Service_Termination process # 3119=Windows-Max_Concurrent_TCP_Sessions error # 3120=Windows-Print_Failure error # 3121=Windows-Illegal_Radius_Client access-denied # 3122=Windows-Print_Drivers_Added system # 3123=Windows-Printer_Removed system # 3124=Windows-Printer_Removed system # 3125=Windows-Unplanned_Shutdown restart # 3126=Windows-WINS_Corruption system # 3127=Windows-Updates_Ready system # 3128=Windows-Restart_Required restart # 3129=Windows-Disk_Full error # 3130=Windows-Access_Request_Discarded system # 3131=Windows-Domain_Controller_Not_Available error # 3132=Windows-DCOM_Unable_To_Logon error # 3133=Windows-Server_Failed_To_Load_Application error # 3134=Windows-Authentication_Protocol_Unavailable error # 3135=Windows-Attempted_Downgrade_Attack intrusion # 3136=Windows-Domain_Controller_Not_Available error # 3137=Windows-PAC_Verification_Error error # 3138=Windows-Failed_To_Register_Host error # 3139=Windows-Failed_To_Accquire_Time error # 3140=Windows-Detected_Controller_Error error # 3141=Windows-Master_Browser_Election system # 3142=Windows-Generic_System_Error error # 3143=Windows-ServicePack_Log_Event system # 3144=Windows-LSA_Access_Attempt access-denied # 3145=Windows-Kerberos_Encrypt_Key_Different error # 3146=Windows-Kerberos_Failed_To_Decrypt error # 3147=Windows-Network_Adapter_Disconnected system # 3148=Windows-Time_Synchronizing system # 3149=Windows-Hardware_Failure error # 31510=Windows-Out-Of-Date_Firmware error # 31511=Windows-Request_Not_Decoded access-denied # 31512=Windows-Smart_Card_Reader_Removed error # 31513=Windows-Failed_To_Flush_Data error # 31514=Windows-Failed_To_Register_Pointer error # 31515=Windows-Could_Not_Authenticate_Target_Name error # 31516=Windows-Unexpected_Shutdown restart # 31517=Windows-File_System_Corrupt error # 31518=Windows-Resumed_From_Sleep_Mode restart # 31519=Windows-Entering_Sleep_Mode restart # 31520=Windows-Printed_Document system # 31521=Windows-Private_Key_Error error # 31522=Windows-Logon_Notification_Improvement_Program system # 31523=Windows-Group_Policy_Settings_Processed system # 31524=Windows-Printer_Driver_Error error # 31525=Windows-DNS_Servers_Timeout error # 31526=Windows-Bad_Block_Detected error # 31527=Windows-IAS_User_Granted_Access login # 31528=Windows-DCOM_CLSID_Unable_To_Launch access-denied # 31529=Windows-UpdateClient_Installation_Failure error # 31530=Windows-UpdateClient_Installation_Ready system # 31531=Windows-Forefront_Assessment_Applied system # 31532=Windows-Forefront_Signatures_Updated system # 31533=Windows-Forefront_Detected_Changes system # 31534=Windows-Restart_Shutdown restart # 31535=Windows-No_Credential system # 31536=Windows-User_Does_Not_Have_Remote_Access login-failure # 31537=Windows-User_Does_Not_Have_Permission_For_Dial_In login-failure # 31538=Windows-Update_Successful system # 31539=Windows-Group_Policy_Settings_Processed system # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_syslog_app.prm # # 600=Windows-Application_Hung process # 601=Windows-Application_Hung process # 602=Windows-Application_Fault process # 603=Windows-Application_Removed system # 604=Windows-Application_Failed_Install error # 605=Windows-Application_Installed system # 607=VNC-Logon_Failure login-failure # 608=Windows-System_Security_Policy_Applied system # 619=VNC-Logon login # 620=VNC-Logoff logout # 621=Windows-Application_Installed system # 622=VNC-Blacklisted login-failure # 623=Windows-LSASS_Process_Failure_With_System_Restart error # 624=Windows-Process_Failure_With_System_Restart error # 634=Windows-Domain_Does_Not_Exist error # 635=Windows-Cannot_Bind_To_Domain error # 636=Windows-Terminated_Thread process # 637=Windows-SharePoint_Login_Failed login-failure # 638=Windows-SharePoint_Server_Not_Responding error # 639=Windows-Security_Policy_Not_Propagated system # 640=Windows-Security_Policy_Propagated_Warning system # 641=Windows-Security_Successful_Certificate_Enrollment system # 642=Windows-Security_Failed_Certificate_Enrollment system # 643=Windows-License_Validated system # 644=Windows-Created_Restore_Point system # 645=Windows-Catalog_Checkpoint system # 646=Windows-Policy_Updated system # 647=Windows-Not_Compatible error # 648=Windows-UltraVnc_Invalid_Attempt login-failure # 649=Windows-Device_Not_Functioning error # 650=Windows-LCE_Client_Installation_Failed error # 28100=Windows-Unhandled_Exception error # 28101=Windows-Application_Failure_Event process # 28102=Windows-WinMail_Event system # 28103=Windows-Application_Activation_Error error # 28104=Windows-Application_Error_Expanding_File error # 28105=Windows-Fault_Bucket error # 28106=Windows-MSExchange_Non_Delivery error # 28107=Windows-Msexchange_Delivery_Attempt application # 28108=Windows-Msexchange_Message_Delivered application # 28109=Windows-Msexchange_Message_Sent application # 28110=Windows-Msexchange_Duplicate_Message application # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_syslog_sec.prm # # 800=Windows-Logon_Attempt system # 801=Windows-Logon_Failure login-failure # 802=Windows-Administrator_Logon_Failure login-failure # 803=Windows-Successful_Logon login # 804=Windows-Successful_Administrator_Logon login # 805=Windows-Successful_Logoff logout # 806=Windows-Pre-authentication_Failed login-failure # 807=Windows-Special_Privileges_Assigned system # 808=Windows-Service_Ticket_Granted system # 809=Windows-Account_Used_For_Login login # 810=Windows-Authentication_Ticket_Granted system # 811=Windows-Handle_Closed system # 812=Windows-Trusted_Logon_Process login # 814=Windows-Privileged_Service_Called system # 816=Windows-Kerberos_Policy_Changed system # 817=Windows-Security_Enabled_Global_Group_Member system # 818=Windows-Ticket_Granted_Renewed system # 819=Windows-Authentication_Ticket_Request_Failed login-failure # 820=Windows-Service_Ticket_Request_Failed login-failure # 822=Windows-Account_Logon_Failed login-failure # 823=Windows-Successful_Network_Login login # 824=Windows-User_Password_Set_Failed system # 825=Windows-Successful_Network_Login login # 826=Windows-IP_Conflict system # 827=Windows-Time_Change system # 828=Windows-User_Account_Deleted system # 829=Windows-User_Account_Changed system # 830=Windows-User_Account_Created system # 831=Windows-User_Password_Set system # 832=Windows-Audit_Policy_Changed system # 833=Windows-Audit_Log_Cleared system # 834=Windows-Account_Enabled system # 836=Windows-Account_Currently_Disabled system # 838=Windows-User_Account_Disabled system # 839=Windows-User_Passwd_Expired system # 840=Windows-Account_Passwd_Expired system # 841=Windows-Account_Passwd_Expired system # 842=Windows-Successfull_Access_Grant system # 843=Windows-Directoryservice_Restore_Mode_Password_Changed system # 844=Windows-Account_Name_Changed system # 845=Windows-Security_Enabled_Global_Group_Changes system # 846=Windows-Security_Enabled_Local_Group_Changes system # 847=Windows-Security_Enabled_Universal_Group_Changes system # 848=Windows-Account_Expired system # 849=Windows-Special_Privilege_New_Logon login # 850=Windows-Logon_Failure_Invalid_Logon_Type login-failure # 851=Windows-Service_Installation_Attempt system # 852=Windows-Logon_Failure_Incorrect_Logon_Time system # 853=Windows-System_Access_Grant system # 854=Windows-Domain_Security_Policy_Change system # 855=Windows-Account_Priviledge_Change system # 856=Windows-New_Process_Created system # 857=Windows-Process_Exited system # 858=Windows-Host_Shutdown system # 860=Windows-Successful_Network_Login login # 861=Windows-Account_Locked login-failure # 862=Windows-Logon_With_Credentials login # 863=Windows-Session_Reconnected system # 864=Windows-Process_Assigned_Primary_Token system # 865=Windows-Privilege_Change system # 866=Windows-Directory_Replication_Operation system # 867=Windows-Directory_Replication_Operation system # 868=Windows-Directory_Replication_Operation system # 869=Windows-Logon-Error login-failure # 871=Windows-Password_Checking system # 872=Windows-New_Process_Accepting_Traffic system # 874=Windows-Login_Failure_Bad_Password login-failure # 875=Windows-Login_Failure_Bad_Account login-failure # 876=Windows-Login_Failure_Account_Locked login-failure # 877=Windows-Login_Failure_Illegal_Host login-failure # 878=Windows-Login_Failure_Expired_Password login-failure # 879=Windows-Login_Failure_Account_Locked login-failure # 880=Windows-Login_Failure_Account_Expired login-failure # 881=Windows-Login_Failure_Account_Locked login-failure # 882=Windows-Login_Failure login-failure # 883=Windows-Logout logout # 885=Windows-Computer_Account_Changed system # 886=Windows-Firewall_Application_Changed system # 887=Windows-Firewall_Application_Could_Not_Be_Started error # 888=Windows-Application_Listening_For_Traffic system # 889=Windows-Login_Failed_Account_Disabled login-failure # 890=Windows-Successful_Network_Login login # 891=Windows-Privileged_Service_Failed error # 892=Windows-IPsec_Failed error # 893=Windows-Session_Disconnect system # 894=Windows-Successful_Network_Login login # 895=Windows-Successful_Batch_Logon login # 896=Windows-Successful_Service_Logon login # 897=Windows-Successful_Unlock login # 898=Windows-Successful_Remote_Session_Login login # 899=Windows-Successful_Cached_Login login # 920=Windows-Authentication_Package_Loaded system # 921=Windows-User_Audit_Policy_Refreshed system # 922=Windows-Failed_Audit_Of_Master_Key system # 924=Windows-Logon_With_Credentials login # 926=Windows-Authentication_Ticket_Not_Granted system # 927=Windows-Successful_RunAs_Command login # 928=Windows-Account_Locked system # 929=Windows-Port_Exception system # 930=Windows-Task_Created_Or_Modified system # 931=Windows-User_Not_Allowed_Login system # 932=Windows-Netlogon_Not_Active system # 933=Windows-Audit_Failure system # 934=Windows-Unable_To_Log_Events system # 935=Windows-User_Account_Privilege_Removed system # 936=Windows-System_Security_Access_Removed system # 937=Windows-Service_Ticket_Request_Fail access-denied # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_syslog_sys.prm # # 703=Windows-Live_Updates_Ready system # 704=Windows-Hotfix_Installed system # 705=Windows-Browser_Failed_To_Retrieve error # 706=Windows-Browser_Unable_To_Retrieve error # 707=Windows-Print_Information system # 708=Windows-Print_Warning error # 709=Windows-Time_Sync system # 710=Windows-Drive_Removed system # 711=Windows-Timesync_Error system # 712=Windows-Update_Successful system # 713=Windows-Bad_Logon system # 714=Windows-Protocol_Error system # 715=Windows-Authentication_Request_Not_Decoded system # 716=Windows-System_Restart restart # 717=Windows-Unexpected_Service_Termination process # 719=Windows-Max_Concurrent_TCP_Sessions error # 720=Windows-Print_Failure error # 721=Windows-Illegal_Radius_Client access-denied # 722=Windows-Print_Drivers_Added system # 723=Windows-Printer_Removed system # 724=Windows-Printer_Removed system # 725=Windows-Unplanned_Shutdown system # 726=Windows-WINS_Corruption system # 727=Windows-Updates_Ready system # 728=Windows-Restart_Required system # 729=Windows-Disk_Full system # 730=Windows-Access_Request_Discarded system # 731=Windows-Domain_Controller_Not_Available system # 732=Windows-DCOM_Unable_To_Logon system # 733=Windows-Server_Failed_To_Load_Application system # 734=Windows-Authentication_Protocol_Unavailable system # 735=Windows-Attempted_Downgrade_Attack system # 736=Windows-Domain_Controller_Not_Available system # 737=Windows-PAC_Verification_Error system # 738=Windows-Failed_To_Register_Host system # 739=Windows-Failed_To_Accquire_Time system # 740=Windows-Detected_Controller_Error system # 741=Windows-Master_Browser_Election system # 742=Windows-Generic_System_Error system # 743=Windows-ServicePack_Log_Event system # 744=Windows-LSA_Access_Attempt system # 745=Windows-Kerberos_Encrypt_Key_Different system # 746=Windows-Kerberos_Failed_To_Decrypt system # 747=Windows-Network_Adapter_Disconnected system # 748=Windows-Time_Synchronizing system # 749=Windows-Hardware_Failure system # 29110=Windows-Out-Of-Date_Firmware system # 29111=Windows-Request_Not_Decoded system # 29112=Windows-Smart_Card_Reader_Removed system # 29113=Windows-Failed_To_Flush_Data system # 29114=Windows-Failed_To_Register_Pointer system # 29115=Windows-Could_Not_Authenticate_Target_Name system # 29116=Windows-Unexpected_Shutdown system # 29117=Windows-File_System_Corrupt system # 29118=Windows-Resumed_From_Sleep_Mode system # 29119=Windows-Entering_Sleep_Mode system # 29120=Windows-Printed_Document system # 29121=Windows-Private_Key_Error system # 29122=Windows-Logon_Notification_Improvement_Program system # 29123=Windows-Group_Policy_Settings_Processed system # 29124=Windows-Printer_Driver_Error system # 29125=Windows-DNS_Servers_Timeout system # 29126=Windows-Bad_Block_Detected system # 29127=Windows-IAS_User_Granted_Access system # 29128=Windows-DCOM_CLSID_Unable_To_Launch system # 29129=Windows-UpdateClient_Installation_Failure system # 29130=Windows-UpdateClient_Installation_Ready system # # Plugins for file /usr/thunder/daemons/plugins/os_win_audit.prm # # 3150=Windows-Indirect_Access_On_Object_Obtained system # 3151=Windows-Indirect_Access_On_Object_Duplicated system # 7331=Windows-Operation_On_Privileged_Object access-denied # 7335=Windows-Operation_On_Priveileged_Object system # 7375=Windows-Object_Permissions_Changed system # 3213=Windows-Object_Open system # 3215=Windows-Privileged_Object_Operation system # 3259=Windows-Object_Access_Attempt system # 3270=Windows-Object_Operation system # 3273=Windows-Privileged_Object_Operation_Failure access-denied # 3284=Windows-Object_Open_Failure access-denied # 3325=Windows-Object_Deleted system # 3100=Windows-Object_Operation_Failed access-denied # # Plugins for file /usr/thunder/daemons/plugins/prm_map.prm # # # Plugins for file /usr/thunder/daemons/plugins/PRM_Mappings.prm # # # Plugins for file /usr/thunder/daemons/plugins/radius_EIG.prm # # 1600=EntrustIG-Failed_Login login-failure # 1601=EntrustIG-Valid_Login login # # Plugins for file /usr/thunder/daemons/plugins/radius_IAS_server.prm # # 2860=Radius-Access_Granted login # # Plugins for file /usr/thunder/daemons/plugins/radius_SBR_server.prm # # 2865=Steel-Belted-Radius_Operational restart # 2866=Steel-Belted-Radius_SecurID_Disabled error # 2867=Steel-Belted-Radius_Logon_Failed login-failure # 2868=Steel-Belted-Radius_Conficting_Methods error # 2869=Steel-Belted-Radius_Invalid_Password login-failure # 2870=Steel-Belted-Radius_Password_Accepted login # 2871=Steel-Belted-Radius_Invalid_Credentials login-failure # 2872=Steel-Belted-Radius_Unknown_User login-failure # 2873=Steel-Belted-Radius_SecurID_Disabled error # 2874=Steel-Belted-Radius_Started restart # 2875=Steel-Belted-Radius_Stopped restart # 2876=Steel-Belted-Radius_Login login # # Plugins for file /usr/thunder/daemons/plugins/router_cisco.prm # # 1100=Cisco-Blocked_TCP firewall # 1101=Cisco-Blocked_UDP firewall # 1102=Cisco-Blocked_ICMP firewall # 1103=Cisco-Blocked_IP firewall # 1150=Cisco-Allowed_TCP connection # 1151=Cisco-Allowed_UDP connection # 1152=Cisco-Allowed_ICMP connection # 1153=Cisco-Allowed_GRE connection # 1154=Cisco-Limited_Or_Missed_Packets error # 1160=Cisco-Successful_Login login # 1161=Cisco-Failed_Login login-failure # 1162=Cisco-RSHELL_Connect_Attempt login-failure # 1163=Cisco-Line_Down system # 1164=Cisco-Line_Up system # 1165=Cisco-Configured_From_Console system # 1166=Cisco-SNMP_Authentication_Failure access-denied # 1167=Cisco-Statechange_From_Standby_To_Active system # 1168=Cisco-List_Permitted connection # 1169=Cisco-Unexpected_Outbound_IPSEC error # 1170=Cisco-Configured_By_SNMP system # 1171=Cisco-Config_Obtained_By_SNMP system # 1172=Cisco-Stop_TCP_Session connection # 1173=Cisco-Stop_UDP_Session connection # 1174=Cisco-Start_TCP_Session connection # 1175=Cisco-Start_UDP_Session connection # 1176=Cisco-Log_Summary system # 1177=Cisco-Passing_Packet connection # 1178=Cisco-Dropped_Session firewall # # Plugins for file /usr/thunder/daemons/plugins/router_enterasys.prm # # 6900=Enterasys-Login login # 6901=Enterasys-Logout logout # 6902=Enterasys-User_Action system # 6903=Enterasys-User_Failed_Login login-failure # 6904=Enterasys-User_Initiated_Reset restart # # Plugins for file /usr/thunder/daemons/plugins/router_foundry.prm # # 9103=Foundry-Blocked_Connection firewall # 9100=Foundry-Power_Outage error # 9101=Foundry-Fan_Failure error # 9102=Foundry-Duplicate_IP error # 9104=Foundry-RIP_Denied firewall # 9105=Foundry-8021X_Security_Violation access-denied # 9106=Foundry-Fragmentation_DOS dos # 9107=Foundry-OSPF_Authentication_Failure access-denied # 9108=Foundry-OSPF_Bad_Packet system # 9109=Foundry-Bandwidth_DOS dos # 9115=Foundry-SNMP_Bad_Community_String intrusion # 9111=Foundry-User_Login_USER_EXEC_Mode login # 9112=Foundry-User_Login_PRIVILEGED_Mode login # 9113=Foundry-User_Log_Out_USER_EXEC_Mode logout # 9114=Foundry-User_Log_Out_PRIVILEGED_Mode logout # # Plugins for file /usr/thunder/daemons/plugins/router_juno.prm # # 8570=Juniper-Blocked_TCP firewall # 8571=Juniper-Blocked_UDP firewall # 8572=Juniper-Blocked_ICMP firewall # 8573=Juniper-Allowed_TCP connection # 8574=Juniper-Allowed_UDP connection # 8575=Juniper-Allowed_ICMP connection # 8576=Juniper-Allowed_TCP_NAT connection # 8577=Juniper-Allowed_UDP_NAT connection # 8500=Juniper-Root_Access_Required access-denied # 8501=Juniper-Bad_Password login-failure # 8502=Juniper-Bad_Credentials login-failure # 8503=Juniper-Login_Failure login-failure # 8504=Juniper-Incorrect_Password login-failure # 8505=Juniper-Invalid_User login-failure # 8506=Juniper-Authentication_Failure login-failure # 8507=Juniper-Invalid_User login-failure # 8508=Juniper-Authentication_Failure login-failure # 8509=Juniper-Multiple_Login_Failures login-failure # 8510=Juniper-Forced_Password_Change login-failure # 8511=Juniper-Root_Login login # 8512=Juniper-Root_Acecss_Required access-denied # 8550=Juniper-Command_Execution_Error error # 8551=Juniper-Replay_Attack_Detected intrusion # 8552=Juniper-Command_Execution_Error access-denied # 8553=Juniper-System_Halt restart # # Plugins for file /usr/thunder/daemons/plugins/samba.prm # # 500=Samba-Bad_User_Account login-failure # 501=Samba-Authentication_Failure login-failure # 502=Samba-Winbind_Authentication_Failed login-failure # 503=Samba-Authentication_Failure login-failure # 504=Samba-Bad_Service_Name error # 505=Samba-Error_NT_Status_Access_Denied access-denied # 506=Samba-Name_Daemon_Shutdown restart # 507=Samba-Master_Browser application # 508=Samba-User_Login login # # Plugins for file /usr/thunder/daemons/plugins/scada_portaledge.prm # # 2950=Portaledge-Availability_Event intrusion # 2951=Portaledge-Enumeration_Event intrusion # 2952=Portaledge-Availability_Class_Event intrusion # 2953=Portaledge-Enumeration_Class_Event intrusion # 2954=Portaledge-Meta_Event intrusion # # Plugins for file /usr/thunder/daemons/plugins/services_unix.prm # # # Plugins for file /usr/thunder/daemons/plugins/snare_sec_os_win2k.prm # # # Plugins for file /usr/thunder/daemons/plugins/sniffer_reconnex.prm # # 6050=iGuard-ACT-DBF_Leaving_Network data-leak # 6051=iGuard-Audit_Examination_Reports data-leak # 6052=iGuard-Bank_Account_Info data-leak # 3053=iGuard-Board_Meeting_Minutes data-leak # 6054=iGuard-Company_Confidential_Info data-leak # 6055=iGuard-Compensation_Benefits data-leak # 6056=iGuard-Compliance_Reports data-leak # 6057=iGuard-Compress_Attachments data-leak # 6058=iGuard-Credit_Card_Number data-leak # 6059=iGuard-Credit_Report data-leak # 6060=iGuard-Drivers_License data-leak # 6061=iGuard-Email_testing data-leak # 6062=iGuard-Emplyer_ID_Number data-leak # 6063=iGuard-Financial_Reports data-leak # 6064=iGuard-Identify_Webmail_Owner data-leak # 6065=iGuard-Insider_Information_Watermark data-leak # 6066=iGuard-Internal_Memos data-leak # 6067=iGuard-Lawsuit_Legal_Matters data-leak # 6068=iGuard-Mergers_Acquisitions data-leak # 6069=iGuard-Peer_To_Peer_Monitor data-leak # 6070=iGuard-Personal_Info data-leak # 6071=iGuard-Profit_And_Loss_Statement data-leak # 6072=iGuard-Projected_Earnings data-leak # 6073=iGuard-Skintone_Image data-leak # 6074=iGuard-Social_Security_Number data-leak # 6075=iGuard-Suspicious_Activity data-leak # 6076=iGuard-Unauthorized_Desktop_Sharing data-leak # 6077=iGuard-Unencryped_Personal_Data data-leak # 6078=iGuard-UserID_And_Password data-leak # 6079=iGuard-Wire_Transfer data-leak # 6080=iGuard-Wireless_Activity data-leak # 6081=iGuard-Misc_Activity data-leak # # Plugins for file /usr/thunder/daemons/plugins/spam_amavis.prm # # 1050=Amavis-Spam_Blocked spam # 1051=Amavis-Passed_Clean application # 1052=Amavis-Blocked_Spam spam # 1053=Amavis-Passed_Bad_Header_Quarantined spam # # Plugins for file /usr/thunder/daemons/plugins/spam_barracuda.prm # # 3091=Barracuda-Spam_Blocked spam # 3092=Barracuda-Message_Rejected spam # 3093=Barracuda-Host_Rejected spam # 3094=Barracuda-Virus_Blocked virus # 3095=Barracuda-Sender_Rejected spam # 3096=Barracuda-Sender_Rejected spam # 3097=Barracuda-Recipient_Rejected spam # 4251=Barracuda-Blocked_Warning firewall # 4252=Barracuda-Logged_Notify_Error firewall # 4253=Barracuda-Deny_Alert firewall # 4254=Barracuda-Blocked_Notification firewall # 4255=Barracuda-Logged_Warning firewall # 4256=Barracuda-Logged_Alert firewall # 4257=Barracuda-Server_Default_Protected_Valid connection # 4258=Barracuda-Internal_Default_Unprotected_Valid connection # 4259=Barracuda-Server_Default_Unprotected_Valid connection # 4260=Barracuda-Internal_Default_Protected_Valid connection # 4261=Barracuda-Internal_Default_Protected_Invalid firewall # 4262=Barracuda-Internal_Default_Passive_Valid connection # 4263=Barracuda-Server_Default_Passive_Valid connection # 4264=Barracuda-Internal_Default_Passive_Invalid firewall # 4265=Barracuda-SSL_Session_Timeout system # 4266=Barracuda-Server_Disabled system # 4267=Barracuda-Session_Timeout system # 4268=Barracuda-HTTP_Method_Not_Allowed firewall # 4269=Barracuda-Blocked_Warning firewall # 4270=Barracuda-Allowed_Message connection # 4271=Barracuda-Aborted_Message spam # 4272=Barracuda-Blocked_Message spam # 4273=Barracuda-Quarantined_Message spam # 4274=Barracuda-Tagged_Message spam # 42750=Barracuda-Deferred_Message spam # 42751=Barracuda-Per_User_Quarantined_Message spam # 42752=Barracuda-Whitelisted_Message system # 42753=Barracuda-Delivered_Message system # 42754=Barracuda-Rejected_Message spam # 42755=Barracuda-Deffered_Message spam # 42756=Barracuda-Expired_Message spam # 42757=Barracuda-Blocked_Message spam # 42758=Barracuda-Scanned_Blocked_Message system # # Plugins for file /usr/thunder/daemons/plugins/spam_mailscanner.prm # # 250=MailScanner-Spam_Blocked spam # 251=MailScanner-Virus_Found virus # 252=MailScanner-Virus_Found virus # 253=MailScanner-Virus_Found_and_Marked virus # 254=MailScanner-Phishing_Email spam # 255=MailScanner-Phishing_Email_Disarmed spam # 256=MailScanner-Trojan_Found virus # 257=MailScanner-Trojan_Or_Variant_Found virus # 258=MailScanner-IP_Based_Phishing spam # 259=MailScanner-Virus_Found virus # 260=MailScanner-Virus_Found_In_File virus # 261=MailScanner-Spam_Detection spam # 262=MailScanner-Version restart # 263=MailScanner-Malicious_Filename virus # 264=MailScanner-Malicious_Mail_Content spam # # Plugins for file /usr/thunder/daemons/plugins/sql_mssql.prm # # 3009=MSSQLSVR-Pause_Request restart # 3010=MSSQLSVR-Login_Succeeded login # 3011=MSSQLSVR-Login_Failed login-failure # 3013=MSSQLSVR-Stop_Request restart # 3015=MSSQLSVR-Login_Access_revoked login-failure # 3016=MSSQLSVR-Could_Not_Revoke_Login_Access error # 3017=MSSQLSVR-Login_Denied login-failure # 3018=MSSQLSVR-Shutdown restart # 28425=MSSQLSVR-Successful_Login login # 28426=MSSQLSVR-Trace_Toggled application # 28427=MSSQLSVR-Log_Backed_Up application # 28428=MSSQLSVR-CHECKDB application # 28429=MSSQLSVR-CHECKCATALOG application # 28430=MSSQLSVR-Database_Restored application # 28431=MSSQLSVR-Error error # 28432=MSSQLSVR-Database_Analysis_Completed application # 28433=MSSQLSVR-Login_Failed login-failure # 28434=MSSQLSVR-Login_Succeeded_For_Local_Machine login # 28435=MSSQLSVR-Database_Frozen error # 28436=MSSQLSVR-Database_Unfrozen application # 28437=MSSQLSVR-Database_Backedup application # # Plugins for file /usr/thunder/daemons/plugins/sql_mysql.prm # # 28450=MYSQL-Started restart # 28451=MYSQL-Ended restart # 28452=MYSQL-Shutdown_Complete restart # 28453=MYSQL-Fatal_Error_Cannot_Open_Privilege_Tables error # 28454=MYSQL-Ready_For_Connections restart # 28455=MYSQL-Error_Cannot_Drop_User error # 28456=MYSQL-Process_Already_Exists error # 28457=MYSQL-Total_Allocated_Space application # 28458=MYSQL-Total_Free_Space application # 28459=MYSQL-Aborted_Connection connection # 28460=MYSQL-Shutdown_Complete restart # 28461=MYSQL-Normal_Shutdown restart # 28462=MYSQL-Server_Started restart # 28463=MYSQL-Version application # 28464=MYSQL-Error_Sort_Aborted error # 28465=MYSQL-Error error # 28466=MYSQL-Error_Table_Marked_As_Crashed error # 28467=MYSQL-Error_Disk_Full error # 28468=MYSQL-Error_Reading_Table error # # Plugins for file /usr/thunder/daemons/plugins/sql_oracle.prm # # 2850=Oracle-Handshake_Error error # 2851=Oracle-Handshake_Unknown_Error error # 2852=Oracle-Handshake_SSL_Fatal_Alert error # 2853=Oracle-Error_Client error # 2854=Oracle-Invalid_System_Call error # 2855=Oracle-SSL_Handshake_Timed_Out error # 2856=Oracle-Failed_To_Call_Network_Routine error # 2857=Oracle-Failed_To_Receive_Message error # 2858=Oracle-Failed_To_Call_Destination error # 2859=Oracle-Connection_To_Child connection # 22860=Oracle-Audit_Action_Connection connection # 22861=Oracle-Audit_Action_Shutdown application # 22862=Oracle-Audit_Action_Startup application # 22863=Oracle-Audit_Action_Logoff logout # 22864=Oracle-Audit_Action_Logon login # 22865=Oracle-Audit_Sessionid application # 22866=Oracle-Audit_Entryid application # 22867=Oracle-Audit_Statement application # 22868=Oracle-Audit_Userid application # 22869=Oracle-Audit_Username application # 22870=Oracle-Audit_Userhost application # 22871=Oracle-Audit_Returncode application # 22872=Oracle-Audit_Objcreator application # 22873=Oracle-Audit_Owner application # 22874=Oracle-Audit_Objname application # 22875=Oracle-Audit_Objname application # 22876=Oracle-Audit_Obj_Privileges application # 22877=Oracle-Audit_Obj_Privilege application # 22878=Oracle-Audit_Authgrantee application # 22879=Oracle-Audit_Grantee application # 22880=Oracle-Audit_Grantee application # 22881=Oracle-Audit_Newowner application # 22882=Oracle-Audit_Newowner application # 22883=Oracle-Audit_Newname application # 22884=Oracle-Audit_Newname application # 22885=Oracle-Audit_Sesactions application # 22886=Oracle-Audit_Sesactions application # 22887=Oracle-Audit_Logoffpread application # 22888=Oracle-Audit_Logoffpread application # 22889=Oracle-Audit_Logofflwrite application # 22890=Oracle-Audit_Logofflwrite application # 22891=Oracle-Audit_Commenttext application # 22892=Oracle-Audit_Commenttext application # 22893=Oracle-Audit_Osuserid application # 22894=Oracle-Audit_Osusername application # 22895=Oracle-Audit_Privused application # 22896=Oracle-Audit_Privused application # 22897=Oracle-Audit_Seslabel application # 22898=Oracle-Audit_Cleintid application # 22899=Oracle-Audit_Sestid application # 22900=Oracle-Audit_Spare2 application # 22901=Oracle-Audit_Terminal application # 22902=Oracle-Audit_Sysoptions application # # Plugins for file /usr/thunder/daemons/plugins/sql_postgres.prm # # 2820=Postgres-Connection_Received connection # 2821=Postgres-Connection_Rejected firewall # 2822=Postgres-Database_Start restart # 2823=Postgres-Connection_Authorized login # 2824=Postgres-Connection_Terminated error # 13825=Postgres-Authentication_Failure login-failure # 13826=Postgres-Relation_Does_Not_Exist error # 13827=Postgres-Syntax_Error error # # Plugins for file /usr/thunder/daemons/plugins/ssh_dropbear.prm # # 3850=Dropbear-Exited_Normally logout # 3851=Dropbear-Child_Connection connection # 3852=Dropbear-Bad_Password login-failure # 3853=Dropbear-Password_Succeeded login # 3854=Dropbear-Error_Setting_Terminal_Attributes error # # Plugins for file /usr/thunder/daemons/plugins/ssh_freessh.prm # # 18011=FreeSSH-Server_Stopped restart # 18012=FreeSSH-Server_Started restart # 18013=FreeSSH-Server_Address_Already_In_Use error # 18014=FreeSSH-Server_Connection_Attempt connection # 18015=FreeSSH_Login login # 18016=FreeSSH-Server_Disconnected_User system # 18017=FreeSSH-Server_Failed_Login login-failure # 18018=FreeSSH-Server_User_Unknown login-failure # 18019=FreeSSH-Server_Disconnected_IP system # # Plugins for file /usr/thunder/daemons/plugins/ssh_openssh.prm # # 1800=SSH-Accepted_Public_Key login # 1801=SSH-Potential_Overflow_Attack intrusion # 1802=SSH-Potential_Overflow_Attack intrusion # 1806=SSH-Failed_Password login-failure # 1808=SSH_Login login # 1809=SSH-Missing_Ident_String error # 1810=SSH-Bad_Protocol_ID intrusion # 1811=SSH_Fatal_Error error # 1812=SSH-Accepted_Public_Key login # 1813=SSH-Connection connection # 1815=SSH-Multiple_Authentication_Failures login-failure # 1816=SSH-PAM_Session_Opened login # 1817=SSH-Authentication-Failure login-failure # 1818=SSH-Accepted_Password login # 1819=SSH-Accepted_Password login # 1821=SSH-Failed_Password login-failure # 1820=SSH-Invalid_User login-failure # 1822=SSH-Illegal_User login-failure # 1823=SSH-Wrong_Version intrusion # 1824=SSH-Possible_Breakin_Attempt intrusion # 1825=SSH-User_Shell_Not_Valid login-failure # 1826=SSH-Login_Failure login-failure # 1827=SSH-Authentication-Failure login-failure # 1828=SSH-Login_Failure_Invalid_User login-failure # 1829=SSH-Login_Failure_Not_In_AllowUsers login-failure # 1830=SSH-Login_Failure login-failure # 1832=SSH-Failed_Login_For_Restricted_User login-failure # 1833=SSH-SFTP_Subsystem_Request connection # 1834=SSH-Account_Has_Expired login-failure # 1835=SSH-Authentication_Failure login-failure # 1836=SSH-Connection_Closed connection # 1837=SSH-User_Not_Allowed login-failure # 1838=SSH-Login_Keyboard_Interactive login # 1839=SSH-Invalid_Empty_UserName login-failure # 1840=SSH-Disconnection logout # 1841=SSH-Daemon_Terminating restart # 1842=SSH-Received_Blacklisted_Public_Key intrusion # 1843=SSH-Wrong_Version intrusion # 1844=SSH-Connection_Closed connection # 1845=SSH-Bad_Username login-failure # 1846=SSH-Invalid_User login-failure # 1847=SSH-Session_Closed logout # 1848=SSH-Check_Pass_Unknown_User login-failure # 1849=SSH-No_Identification_String error # 1850=SSH-Public_Key_Exchange_Postponed system # 1851=SSH-Bad_Address_Possible_Breakin_Attempt intrusion # 1852=SSH-Refused_Connection_From intrusion # 1853=SSH-Check_Unknown_User login-failure # 1854=SSH-Accepted_Password login # 1855=SSH-Fatal_Timeout error # 1856=SSH-Failed_Kerberos error # 1857=SSH-Authentication_Failure login-failure # 1858=SSH-Cannot_Bind_Address error # 1859=SSH-Address_In_Use error # 1860=SSH-Illegal_User login-failure # 1861=SSH-Invalid_Argument error # 1862=SSH-Fatal_Session_Request error # 1863=SSH-Connection_Aborted error # 1864=SSH-Restarting restart # 1865=SSH-Invalid_User login-failure # 1866=SSH-Failed_Publickey login-failure # 1867=SSH-Illegal_User login-failure # 1868=SSH-Account_Not_Present login-failure # 1869=SSH-Authentication_Failed login-failure # 1870=SSH-Authentication_Failure_Limit login-failure # 1871=SSH-Too_Few_Replies login-failure # 1872=SSH-New_Type_Of_Error error # 1873=SSH-Failed_Password_Illegal_User login-failure # 1874=SSH-Illegal_Blank_User login-failure # # Plugins for file /usr/thunder/daemons/plugins/switch_cisco.prm # # 7441=Cisco-Duplicate_Address error # 7442=Cisco-Fan_Ok system # 7443=Cisco-Fan_Failed error # 7444=Cisco-Security_Violation access-denied # 7445=Cisco-Storm_Control_Packets_Drop system # 7446=Cisco-Native_Vlan_Mismatch error # 7447=Cisco-Duplex_Mismatch error # 7448=Cisco-Changed_State system # 7449=Cisco-Link_Flapping error # 7450=Cisco-MAC_Flapping error # 7451=Cisco-Controller_Firmware_Not_Running error # 7452=Cisco-Mac_Verify_Failed error # 7454=Cisco-Link_Errors error # 7455=Cisco-Psecure_Violation error # 7457=Cisco-Vlan_Mismatch error # 7459=Cisco-Faulty_Power_Supply error # 7460=Cisco-VTP_Code_Unusual_Diagnostic error # 7461=Cisco-Blocked_Transmit_Queue system # 7462=Cisco-No_SNMPTrap_IP error # 7463=Cisco-Relearning_Addresses system # 7464=Cisco-Attempt_Recover_Psecure_Violation system # 7465=Cisco-Address_Flapping error # 7466=Cisco-BPDU_Disabling_Port error # 7467=Cisco-Bpduguard_Error error # 7468=Cisco-Bpduguard_Recover system # 7469=Cisco-Host_Flapping_Between_Ports error # 7470=Cisco-Neighbor_Is_Down error # 7471=Cisco-Duplex_Mismatch error # 7472=Cisco-Config_Resolve_Failure error # 7473=Cisco-Unauthorized_SNMP_Access access-denied # 7474=Cisco-Neighbor_Up_Down system # 7475=Cisco-Tunnel_Up_Down system # 7476=Cisco-Excessive_Errors_Interface error # 7477=Cisco-Invalid_Security_Parameter error # 7478=Cisco-Designated_Router_Change error # 7479=Cisco-Neighbor_Up_Down system # 7480=Cisco-Bad_Authentication access-denied # 7481=Cisco-Native_Vlan_Mismatch error # 7482=Cisco-MAC_Flapping error # 17485=Cisco-Crypto_Replay_Failed error # 17487=Cisco-Config_From_Console system # 17488=Cisco-Security_Violation access-denied # # Plugins for file /usr/thunder/daemons/plugins/switch_cisco4400.prm # # 4850=Cisco-Switch_In_Init_State system # 4851=Cisco-Switch_Retries_Exceeded error # 4852=Cisco-Switch_Disconnecting_Mobile system # 4853=Cisco-Switch_Max_Retransmission_Exceeded error # 4854=Cisco-Switch_Authentication_Aborted error # 4855=Cisco-Switch_Unable_To_Send_Message error # 4856=Cisco-Switch_Poisoned_ARP_Detected intrusion # 4857=Cisco-Switch_Orphan_Packet_IP_Changed system # 4859=Cisco-Switch_Unable_To_Send_AAA_Message error # 4860=Cisco-Switch_Invalid_Replay_Counter error # 4861=Cisco-Switch_Entry_Not_In_Database error # 4862=Cisco-Switch_Not_Advertising_Per_Policy system # 4863=Cisco-Switch_RSN_WARP_IE_Failed error # 4864=Cisco-Switch_Client_Not_Found error # 4865=Cisco-Switch_Replay_Error error # 4866=Cisco-Switch_Delete_User_Failed error # 4867=Cisco-Switch_Invalid_ARP_Timeout_Address error # 4868=Cisco-Switch_Delete_ARP_Entry_Failed error # 4869=Cisco-Switch_Invalid_WPA_Key_State system # 4870=Cisco-Switch_Received_Mobility_Response system # 4871=Cisco-Switch_Parse_Error_Packet_Dropped error # 4872=Cisco-Switch_Not_UDP_Dropping_Packet error # 4873=Cisco-Switch_Rejecting_Association_Attempt error # 4874=Cisco-Switch_Dropping_Primary_Discovery system # # Plugins for file /usr/thunder/daemons/plugins/switch_cisco_ace.prm # # 7409=CiscoACE-Health_Probe_Failed error # 7410=CiscoACE-Health_Probe_Failed error # 7411=CiscoACE-Arp_Collision system # 7412=CiscoACE-Blocked_Reverse_Path_Check intrusion # 7413=CiscoACE-Built_TCP_Connection connection # 7414=CiscoACE-Teardown_TCP_Connection connection # 7415=CiscoACE-Blocked_ICMP firewall # 7416=CiscoACE-Built_TCP_Connection connection # 7417=CiscoACE-Teardown_TCP_Connection connection # 7418=CiscoACE-Changed_State system # 7419=CiscoACE-Server_Back_In_Service system # 7420=CiscoACE-Built_ICMP_Connection connection # 7421=CiscoACE-Built_ICMP_Connection connection # 7422=CiscoACE-Health_Probe_Failed error # 7423=CiscoACE-Server_Failed_Over_Backup system # 7424=CiscoACE-Changed_State system # 7425=CiscoACE-Built_UDP_Connection connection # 7426=CiscoACE-Built_UDP_Connection connection # 7427=CiscoACE-Command_Executed system # 7428=CiscoACE-Health_Probe_Failed error # 7429=CiscoACE-Teardown_ICMP connection # 7430=CiscoACE-Teardown_ICMP connection # # Plugins for file /usr/thunder/daemons/plugins/switch_dell.prm # # 2000=DellSwitch-Rejected_Telnet_Attempt access-denied # 2001=DellSwitch-Admin_Logout logout # 2002=DellSwitch-Admin_Login login # 2003=DellSwitch-SNMP_Probe access-denied # 2004=DellSwitch-Admin_Login login # 2005=DellSwitch-System_Config_Copied system # # Plugins for file /usr/thunder/daemons/plugins/switch_extreme.prm # # 1000=Switch-Extreme_Admin_login login # 1001=Switch-Extreme_Admin_logout logout # 1002=Switch-Extreme_Link_Down error # # Plugins for file /usr/thunder/daemons/plugins/switch_fastiron.prm # # 4632=FastIron-Switch_Interface_Down error # 4633=FastIron-Switch_PortDown error # 4634=FastIron-Switch_Interface_Up system # 4635=FastIron-Switch_Listening system # 4636=FastIron-Switch_Learning system # 4637=FastIron-Switch_Forwarding system # 4638=FastIron-Switch_SNMP_Access_Rejected access-denied # # Plugins for file /usr/thunder/daemons/plugins/switch_generic.prm # # 3700=Switch-Link_Down error # 3701=Switch-Link_Up system # 3702=Catalyst-Line_Down error # 3703=Catalyst-Line_Up system # 3704=Catalyst-Fan_Error error # 3705=Catalyst-Faulty_Fan error # 3706=Catalyst-High_Temperature error # # Plugins for file /usr/thunder/daemons/plugins/tenable_lce.prm # # 4200=LCE-Agent_Heartbeat lce # 4201=LCE-Agent_Statistics lce # 4202=LCE-Daemon_Started restart # 4203=LCE-Silo_Rolling application # 4204=LCE-Silo_Roll_Finished application # 4205=LCE-Update_Of_PRM_and_TASL application # 4206=LCE-Plugins_Are_Up_To_Date application # 4207=LCE-Client_Login_Failure access-denied # 4208=LCE-Serious_Error_Recovery lce # # Plugins for file /usr/thunder/daemons/plugins/tenable_lce_client.prm # # 210=Windows-LCE_Client_Started restart # 211=Windows-LCE_Client_Configuration_Error error # 212=Windows-LCE_Client_Stopped restart # 213=Windows-LCE_Client_Service_Started restart # 214=Windows-LCE_Client_Failed_State_Change error # 215=Windows-LCE_Client_Failed_To_Open_File error # 216=Windows-LCE_Client_Detected_Attached_Drive usb # 217=Windows-LCE_Client_Detected_Removed_Drive usb # 218=Windows-LCE_Client_Disk_Space lce # 219=Windows-LCE_Client_Physical_Memory lce # 220=Windows-LCE_Client_CPU_Usage lce # 221=LCE-Monitored_File_Modified detected-change # 222=LCE-Monitored_File_Removed detected-change # 223=LCE-Monitored_File_Re-added detected-change # 224=LCE-Monitored_File_Re-added_Changed detected-change # 225=LCE-Monitored_Config_File_Modified detected-change # 226=LCE-WMI-Monitor_Error error # 227=LCE-WMI-Monitor_Error error # 228=LCE-New_File_Added_To_Directory detected-change # # Plugins for file /usr/thunder/daemons/plugins/tenable_lightning_console.prm # # # Plugins for file /usr/thunder/daemons/plugins/tenable_lightning_logs.prm # # # Plugins for file /usr/thunder/daemons/plugins/tenable_nessus.prm # # 2900=Nessus-Connection connection # 2901=Nessus-Bad_Login_Attempt login-failure # 2902=Nessus-Successful_Login login # 2903=Nessus-Scan_Started application # 2904=Nessus-Scan_Finished application # 2905=Nessus-Version application # 2906=Nessus-Web_Server_Running restart # 2907=Nessus-Scan_Starting application # 2908=Nessus-Host_Scan_Start application # 2909=Nessus-Scan_Finished application # 2910=Nessus-Successful_Web_Login login # 2911=Nessus-Restarting restart # 2912=Nessus-Scanner_Not_Registered error # 2913=Nessus-Update_Plugins_Started application # 2914=Nessus-Reloader_Started application # 2915=Nessus-Stopping_Scan application # 2916=Nessus-Pausing_Scan application # 2917=Nessus-Resuming_Scan application # 2918=Nessus-NTP_Support_Disabled application # 2919=Nessus-Too_Many_Users error # 12920=Nessus-Scan_Delayed application # 12921=Nessus-Failed_Web_Login login-failure # 12922=Nessus-Plugins_Reloaded application # 12923=Nessus-Partial_Audit_Trail_Enabled application # 12924=Nessus-Update_Plugins_Finished application # 12925=Nessus-Full_Audit_Trail_Enabled application # 12926=Nessus-Time_Spent_Forwarding_Data application # 12927=Nessus-Admin_Privileges_Revoked application # 12928=Nessus-User_Password_Changed application # # Plugins for file /usr/thunder/daemons/plugins/tenable_nessus_windows.prm # # 2920=Nessus-Scan_Started application # 2921=Nessus-Scan_Finished application # 2922=Nessus-Successful_Login login # # Plugins for file /usr/thunder/daemons/plugins/tenable_netflow_monitor.prm # # 1551=TFM-TCP_Session_Whole network # 1552=TFM-TCP_Session_Partial network # 1553=TFM-UDP_Activity network # 1554=TFM-ICMP_Activity network # 1555=TFM-IGMP_Activity network # 1556=TFM-TCP_Session_Whole_1-10MB network # 1557=TFM-TCP_Session_Whole_10-100MB network # 1558=TFM-TCP_Session_Whole_100-1000MB network # 1559=TFM-TCP_Session_Whole_1GB network # 1560=TFM-TCP_Session_Whole_Long network # 1561=TFM-TCP_Session_Partial_Long network # # Plugins for file /usr/thunder/daemons/plugins/tenable_network_monitor.prm # # 1450=TNM-TCP_Session_Started network # 1451=TNM-TCP_Session_Completed network # 1452=TNM-TCP_Session_Timedout network # 1453=TNM-UDP_Activity network # 1454=TNM-ICMP_Activity network # 1455=TNM-IGMP_Activity network # 1456=TNM-TCP_Session_Whole_1-10MB network # 1457=TNM-TCP_Session_Whole_10-100MB network # 1458=TNM-TCP_Session_Whole_100-1024MB network # 1459=TNM-TCP_Session_Whole_1GB network # 1462=TNM-Long_TCP_Session_5_Minutes network # 1463=TNM-Long_TCP_Session_15_Minutes network # 1464=TNM-Long_TCP_Session_30_Minutes network # 1465=TNM-Long_TCP_Session_45_Minutes network # 1466=TNM-Long_TCP_Session_60_Minutes network # 1467=TNM-Long_TCP_Session_Many_Hours network # 1468=TNM-Long_TCP_Session_1_Day network # 1469=TNM-Long_TCP_Session_Many_Days network # 1470=TNM-TCP_Session_Short network # 1471=TNM-TCP_Session_NoData network # # Plugins for file /usr/thunder/daemons/plugins/tenable_newt.prm # # # Plugins for file /usr/thunder/daemons/plugins/tenable_pvs.prm # # 4709=PVS-UNIX_Shell_Compromise intrusion # 4710=PVS-Windows_Shell_Compromise intrusion # 4711=PVS-Cisco_Shell_Compromise intrusion # 4712=PVS-Tracked_Session intrusion # 4713=PVS-YouTube_Usage_Detection social-networks # 4714=PVS-Twitter_Usage_Detection social-networks # 4715=PVS-Backdoor_Activity intrusion # 4716=PVS-Botnet_Detection intrusion # 4717=PVS-SMB_Client_ISO_File_Download file-access # 4718=PVS-Successful_Attack intrusion # 4719=PVS-Suspicious_File_Transfer intrusion # 4720=PVS-SMTP_Proxy network # 4721=PVS-SPAM_Mass_Mailing spam # 4722=PVS-Windows_Error_Message error # 4723=PVS-Potential_SPAM_Server spam # 4724=PVS-FTP_File_ISO_Request file-access # 4725=PVS-FTP_File_ZIP_Request file-access # 4726=PVS-FTP_File_EXE_Request file-access # 4727=PVS-FTP_File_RPM_Request file-access # 4730=PVS-Credit_Card_Detection data-leak # 4731=PVS-Webserver_With_Pornography web-access # 4732=PVS-SSN_Detection data-leak # 4733=PVS-Potential_Client_Download_of_Malicious_EXE intrusion # 4734=PVS-Potential_Serving_of_Malicious_EXE intrusion # 4735=PVS-New_WebSite_Detected detected-change # 4736=PVS-RBL_Blocked_Spam_Email spam # 4740=PVS-SCADA_DNPv3_Activity intrusion # 4741=PVS-SCADA_MODBUS_Activity intrusion # 4742=PVS-SCADA_ICCP_Activity intrusion # 4750=PVS-New_Host_Alert detected-change # 4751=PVS-New_Internet_Activity detected-change # 4752=PVS-New_Port_Browsing detected-change # 4753=PVS-New_Open_Port detected-change # 4754=PVS-New_Trust_Relationship detected-change # 4770=PVS-FTP_File_Served file-access # 4771=PVS-New_Network_Data network # 4772=PVS-Medium_Vulnerability vulnerability # 4773=PVS-High_Vulnerability vulnerability # 4777=PVS-SMB_Client_MSI_File_Download file-access # 4778=PVS-SMB_Client_DLL_File_Download file-access # 4779=PVS-FTP_File_Request file-access # 4780=PVS-PGP_Detection network # 4781=PVS-Facebook_Usage_Detection social-networks # 4782=PVS-POP_Session_Detection network # 4783=PVS-SMTP_Return_Address network # 4784=PVS-Myspace_Login_Detection social-networks # 4785=PVS-Gmail_Login_Detection web-access # 4786=PVS-MSN_Messenger_Login_Detection network # 4787=PVS-Yahoo_Messenger_Login_Detection network # 4788=PVS-AOL_Messenger_Login_Detection network # 4789=PVS-Shutdown_Failed restart # 4790=PVS-Proxy_Shutdown_Succeeded restart # 4791=PVS-Accepts_External_Connections detected-change # 4792=PVS-Shutdown_Succeeded restart # 4793=PVS-POP_Session_Detection network # 4794=PVS-Yahoo_Messenger_Login_Detection network # 4795=PVS-SMTP_User_Return_Address network # 4796=PVS-AOL_Messenger_Login_Detection network # 4797=PVS-MSN_Messenger_Login_Detection network # 4798=PVS-Invalid_Key error # 4799=PVS-Invalid_Time_In_Key error # 4800=PVS-Key_Expired error # 4801=PVS-WhatIsMyIP_Activity intrusion # 4802=PVS-SMB_Client_File_Download file-access # 4803=PVS-SMB_Client_EXE_File_Download file-access # 4804=PVS-SMB_Client_INI_File_Download file-access # 4805=PVS-DNS_Client_Query dns # 4806=PVS-Internal_Interactive_Session network # 4807=PVS-Outbound_Interactive_Session network # 4808=PVS-Inbound_Interactive_Session network # 4809=PVS-Internal_Encrypted_Session network # 4810=PVS-Outbound_Encrypted_Session network # 4811=PVS-Inbound_Encrypted_Session network # 4812=PVS-ViewState_Detection_and_Decode vulnerability # 4813=PVS-FTP_File_Download file-access # 4814=PVS-FTP_UserID_Enumeration network # 4815=PVS-POP_UserID_Enumeration network # 4816=PVS-IMAP_UserID_Enumeration network # 4817=PVS-SMTP_UserID_Enumeration network # 4818=PVS-Default_Credentials_Detected vulnerability # 4819=PVS-DNS_Client_Queries dns # 4820=PVS-DNS_Resolution_Reporting dns # 4821=PVS-DNS_Client_Failed_Query dns # 4822=PVS-Microsoft_Group_Policy_Server_Detection network # 4823=PVS-Microsoft_Group_Policy_Client_Download_Detection file-access # 4825=PVS-MySQL_Server_Failed_Login login-failure # 1950=PVS-Web_Request web-access # 1951=PVS-Web_File_XML_Request web-access # 1952=PVS-Proxy_Connection connection # 1953=PVS-Web_Content_ASP_Request web-access # 1954=PVS-Proxy_Login_Failure login-failure # 1955=PVS-Web_Video_AVI_Request web-access # 1956=PVS-Web_Image_BMP_Request web-access # 1957=PVS-Web_Content_CGI_Request web-access # 1958=PVS-Web_Content_CSS_Request web-access # 1959=PVS-Web_Disk_DMG_Request web-access # 1960=PVS-Web_Office_DOC_Request web-access # 1961=PVS-Web_Office_DOCX_Request web-access # 1962=PVS-NetBIOS_Domain_Detected network # 1963=PVS-Web_Image_GIF_Request web-access # 1964=PVS-Web_Executable_EXE_Request web-access # 1965=PVS-Web_Video_FLV_Request web-access # 1966=PVS-Web_File_GZ_Request web-access # 1967=PVS-Web_Content_HTM_Request web-access # 1968=PVS-Web_Content_HTML_Request web-access # 1969=PVS-Web_Disk_ISO_Request web-access # 1970=PVS-Web_Executable_JAVA_Request web-access # 1971=PVS-Web_Image_JPEG_Request web-access # 1972=PVS-Web_Image_JPG_Request web-access # 1973=PVS-Web_Executable_JS_Request web-access # 1974=PVS-Web_Video_MPG_Request web-access # 1975=PVS-Web_Video_MPEG_Request web-access # 1976=PVS-Web_Audio_MPA_Request web-access # 1977=PVS-Web_Audio_M4A_Request web-access # 1978=PVS-Web_Audio_MP3_Request web-access # 1979=PVS-Web_Media_MP4_Request web-access # 1980=PVS-Web_Video_MOV_Request web-access # 1981=PVS-Web_Executable_MSI_Request web-access # 1982=PVS-Web_Office_PDF_Request web-access # 1983=PVS-Web_Content_PHP_Request web-access # 1984=PVS-Web_Executable_PKG_Request web-access # 1985=PVS-Web_Image_PNG_Request web-access # 1986=PVS-Web_Office_PPS_Request web-access # 1987=PVS-Web_Office_PPT_Request web-access # 1988=PVS-Web_Audio_RAM_Request web-access # 1989=PVS-Web_Audio_RA_Request web-access # 1990=PVS-Web_File_RAR_Request web-access # 1991=PVS-Web_Executable_RPM_Request web-access # 1992=PVS-Web_Media_RM_Request web-access # 1993=PVS-Web_Content_RSS_Request web-access # 1994=PVS-Web_Media_SWF_Request web-access # 1996=PVS-Web_File_TORRENT_Request web-access # 1999=PVS-Web_Disk_VCD_Request web-access # 1751=PVS-Web_Audio_WAV_Request web-access # 1752=PVS-Web_Audio_WMA_Request web-access # 1753=PVS-Web_Video_WMV_Request web-access # 1754=PVS-Web_Office_XLSX_Request web-access # 1756=PVS-Web_File_ZIP_Request web-access # 1757=PVS-Web_Office_PPTX_Request web-access # 1758=PVS-Web_Office_TXT_Request web-access # 1760=PVS-Web_Office_RTF_Request web-access # 1761=PVS-SMB_Client_DOC_Download file-access # 1762=PVS-SMB_Client_DOCX_Download file-access # 1763=PVS-SMB_Client_XLS_Download file-access # 1764=PVS-SMB_Client_XLSX_Download file-access # 1765=PVS-SMB_Client_PPT_Download file-access # 1766=PVS-SMB_Client_PPTX_Download file-access # 1767=PVS-SMB_Client_PPS_Download file-access # 1768=PVS-SMB_Client_TXT_Download file-access # 1769=PVS-SMB_Client_RTF_Download file-access # 1770=PVS-SMB_Client_PDF_Download file-access # 1771=PVS-SMB_Client_PST_Download file-access # 1778=PVS-SMB_Client_ACCDB_Download file-access # 1779=PVS-SMB_Client_CSV_Download file-access # 1780=PVS-SMB_Client_SQL_Download file-access # 1783=PVS-Web_Media_SCR_Request web-access # 1785=PVS-Web_Media_XAP_Request web-access # 1786=PVS-Web_Query_Request web-access # 1787=PVS-Web_Query_Baidu_Search web-access # 1788=PVS-Web_Query_Google_Search web-access # 1789=PVS-Web_Query_Yahoo_Search web-access # 1790=PVS-Web_Query_Bing_Search web-access # 1791=PVS-Web_Query_Wikipedia_Search web-access # 1792=PVS-Web_Query_Ask web-access # 1793=PVS-Email_Attachment_Detection file-access # 1794=PVS-Dropbox_Detected file-access # 4827=PVS-Email_Attachment_EXE_Detected file-access # 4828=PVS-Email_Attachment_DLL_Detected file-access # 4829=PVS-Email_Attachment_DOC_Detected file-access # 4830=PVS-Email_Attachment_DOCX_Detected file-access # 4831=PVS-Email_Attachment_DB_Detected file-access # 4832=PVS-Email_Attachment_INI_Detected file-access # 4833=PVS-Email_Attachment_HTML_Detected file-access # 4835=PVS-Email_Attachment_MSI_Detected file-access # 4837=PVS-mDNS_Lookup dns # 4838=PVS-Email_Attachment_PDF_Detected file-access # 4839=PVS-Email_Attachment_PPS_Detected file-access # 4840=PVS-Email_Attachment_PST_Detected file-access # 4841=PVS-Email_Attachment_PPT_Detected file-access # 4842=PVS-Email_Attachment_PPTX_Detected file-access # 4843=PVS-Email_Attachment_RTF_Detected file-access # 4844=PVS-Email_Attachment_XLS_Detected file-access # 4845=PVS-Email_Attachment_XLSX_Detected file-access # 4846=PVS-Email_Attachment_VCF_Detected file-access # 4847=PVS-Email_Attachment_ZIP_Detected file-access # 4848=PVS-Credit_Card_Client_Data_Leakage_Detected data-leak # 4849=PVS-Social_Security_Number_Client_Data_Leakage_Detected data-leak # 4880=PVS-Facebook_ID_Detected social-networks # 4881=PVS-Credit_Card_Server_Data_Leakage_Detected data-leak # 4882=PVS-Social_Security_Number_Server_Data_Leakage_Detected data-leak # 4883=PVS-Facebook_Status_Update_Detected social-networks # 4884=PVS-CPE_Data_Detected network # 4885=PVS-SSH_Server_Session_Start network # 4886=PVS-SSH_Session_Start network # 4887=PVS-VNC_Session_Started network # 4888=PVS-Windows_RDP_Session_Started network # 4889=PVS-SSL_Session_Starting network # 4890=PVS-LinkedIn_Read_Email social-networks # 4891=PVS-LinkedIn_Create_Message social-networks # 4892=PVS-LinkedIn_User_Name social-networks # 4893=PVS-LinkedIn_Status_Update social-networks # 4894=PVS-LinkedIn_Profile_Update social-networks # 4895=PVS-Xbox_Live_Login web-access # 4896=PVS-Non_HTTP_Traffic_Over_Port_80 network # 4897=PVS-MetaSploit_Exploited_Machine_Detection intrusion # 4898=PVS-MetaSploit_Exploited_Machine_Detection intrusion # 4899=PVS-MetaSploit_Server_Detection intrusion # 4921=PVS-Hulu_Start_Video_Session_Detected web-access # 4922=PVS-XM_Radio_Usage_Detected web-access # 4923=PVS-Box web-access # 4924=PVS-Box web-access # 4925=PVS-Hotmail_User_ID_Detection web-access # 4926=PVS-BitTorrent_Protocol_Detection network # 4927=PVS-DNS_Top_Level_Domain_Querries dns # 4928=PVS-FTP_Client_Session_Started network # 4929=PVS-New_Web_Agent detected-change # 4930=PVS-DLL_File_Downloaded web-access # 4931=PVS-DLL_File_Downloaded web-access # 4932=PVS-DLL_File_Downloaded web-access # 4933=PVS-DLL_File_Downloaded web-access # 4934=PVS-Facebook_Profile_Edit social-networks # 4935=PVS-Tumblr_Photo_Uploaded web-access # 4936=PVS-Tumblr_Blog_Uploaded web-access # 4937=PVS-Iheartradio_Stream_Accessed web-access # 4938=PVS-NetFlix_Client_Detected web-access # 4939=PVS-NetFlix_User_Detected web-access # 4940=PVS-AIM_User_Detected login # 4941=PVS-Vulnerable_ActiveX_Component_Detected vulnerability # 4942=PVS-HTTP_Plaintext_Authentication web-access # 4943=PVS-GoToMyPC_Detected web-access # 4944=PVS-World_of_Warcraft_Battle web-access # 4945=PVS-PS3_Network_Login_Detected web-access # 4946=PVS-VNC_Client_Connection_Started network # 4947=PVS-Android_Market_Connection_Started web-access # 4948=PVS-PCAnywhere_Detected network # 4949=PVS-SSH_Server_Detected network # 4950=PVS-SSH_Client_Login_Detected network # 4951=PVS-Google_Music_Upload_Detected web-access # 4952=PVS-Google_Music_Upload_Detected web-access # 4953=PVS-FTP_File_Upload_Detected file-access # 4954=SSL_Cert_Summary network # 4955=PVS-New_DNS_Server_In_Use dns # # Plugins for file /usr/thunder/daemons/plugins/tenable_sc3_console.prm # # 5400=SC3-Correlated_IDS_Event intrusion # # Plugins for file /usr/thunder/daemons/plugins/tenable_sc3_logs.prm # # 3400=SC3-Unreachable_Scanner error # 3401=SC3-Unreachable_Scanner error # 3402=SC3-Admin_Action application # 3403=SC3-Bad_Scanner_Authentication error # 3404=SC3-Failed_To_Refresh_Plugin_List error # 3405=SC3-maild_Warning error # 3406=SC3-Proxy_Started restart # 3407=SC3-logd_Started restart # 3408=SC3-Finished_Generating_Splash_Screens application # 3409=SC3-Command_Run_Warning error # 3410=SC3-Command_Run_Error error # 3411=SC3-Proxy_Ready application # 3412=SC3-Scan_Launched application # 3413=SC3-Proxy_Config_Changed application # 3414=SC3-Proxy_Scan_Cancelled application # 3415=SC3-Started restart # 3416=SC3-Updated_Snort_Sigs application # 3417=SC3-Updated_Nessus_Plugins application # 3418=SC3-Updated_PVS_Plugins application # 3419=SC3-New_IDS_Info application # 3420=SC3-Mail_Not_Connecting error # 3421=SC3-Console_Login_Failure login-failure # 3422=SC3-Console_Logout logout # 3423=SC3-Console_Login login # 3424=SC3-Imported_PVS_Scan application # 3425=SC3-Import_Scan_Failure error # 3426=SC3-Importing_Nessus_Scan application # 3427=SC3-Computing_Asset_Lists application # 3428=SC3-Started_Generating_Splash_Screens application # 3429=SC3-Could_Not_Send_Email error # 3430=SC3-Sent_Email_Message application # 3431=SC3-Cant_Reach_SMTP_Gateway error # 3432=SC3-Nessus_Plugin_Rebuild_Failed error # 3433=SC3-New_Nessus_Plugins application # 3434=SC3-Scans_Can_Not_Launch error # 3435=SC3-Scan_Launch application # 3436=SC3-Scan_Email_Summary application # 3437=SC3-Forced_Update application # 3438=SC3-User_Login login # 3439=SC3-New_User_Added application # 3440=SC3-User_Removed application # 3441=SC3-System_Moved dhcp # 3442=SC3-New_Dhcp_Lease dhcp # 3443=SC3-Too_Many_Proxy_Files error # 3444=SC3-Import_Scan_Failure error # 3445=SC3-Scanner_Offline_During_Scan error # 3446=SC3-Could_Not_List_Plugins_From_Scanner error # 3447=SC3-Could_Not_Upload_Plugins_To_Scanner error # # Plugins for file /usr/thunder/daemons/plugins/tenable_sc4_logs.prm # # 8270=SC4-Not_Connected error # 8271=SC4-Connection_Unavailable_Nessus_PVS error # 8272=SC4-Login login # 8273=SC4-Logout logout # 8274=SC4-Repository_Modified application # 8275=SC4-LCE_Modified application # 8276=SC4-Repository_Changed application # 8277=SC4-Failed_Attempt_To_Create_Role error # 8278=SC4-Created_User application # 8279=SC4-Deleted_User application # 8280=SC4-Modified_User application # 8281=SC4-Critical_Error error # 8282=SC4-Invalid_Logon_Attempt login-failure # 8283=SC4-Scan_Proxy_Starting restart # 8284=SC4-LCE_Deleted application # 8285=SC4-LCE_Created application # 8286=SC4-Oraganization_Created application # 8287=SC4-Access_To_Repository_Granted application # 8288=SC4-Organizational_Name_Change application # 8289=SC4-Asset_Created application # 8290=SC4-Asset_Modified application # 8291=SC4-Database_Error error # 8292=SC4-Visibility_Changed application # 8293=SC4-Organization_Asset_Modified application # 8294=SC4-Asset_Deleted application # 8295=SC4-Repository_Created application # 8296=SC4-Repository_Added_To_Org application # 8297=SC4-Organization_Created_By_Admin application # 8298=SC4-User_Creation_Failure error # 8299=SC4-Invalid_Application_Configuration error # 8300=SC4-Organization_Name_Change application # 8301=SC4-Organization_Modified application # 8302=SC4-Signature_Missmatch error # 8303=SC4-Plugin_Update_Failed error # 8304=SC4-Asset_Field_Changed application # 8305=SC4-Asset_Share_Removed application # 8306=SC4-SSL_Connection_Error error # 8307=SC4-Not_Connected error # 8308=SC4-Finished_Upload_To_Nessus application # 8309=SC4-Started_Upload_To_Nessus application # 8310=SC4-Uploading_Files_To_Nessus application # 8311=SC4-Scan_Launched application # 8312=SC4-Receiving_File application # 8313=SC4-Successfully_Retrieved_File application # 8314=SC4-Passive_Plugins_Updated application # 8315=SC4-Restarted_Nessus_Daemon_Successfully application # 8316=SC4-Import_Beginning_PVS application # 8317=SC4-Import_Successful_PVS application # 8318=SC4-Scan_Proxy_Ready application # 8319=SC4-Nessus_Scanner_Plugins_Updated application # 8320=SC4-Passive_Scanner_Plugins_Updated application # 8321=SC4-Warning_Message error # 8322=SC4-Scan_Job_Ended application # 8323=SC4-DoScan_Warning_Message error # 8324=SC4-Critical_System_Error error # 8325=SC4-Refresh_Scanner_Status application # 8326=SC4-Nightly_Cleanup application # 8327=SC4-Passive_Plugin_Update application # 8328=SC4-Passive_Plugin_Update_Stats application # 8329=SC4-Zone_Created application # 8330=SC4-Passive_Scanner_Created application # 8331=SC4-Scanner_Created application # 8332=SC4-Plugin_Update_Stats application # 8333=SC4-Repository_Added_To_Organization application # # Plugins for file /usr/thunder/daemons/plugins/tenable_stats.prm # # 11000=Statistics-Connection_Reception_Minor_Anomaly stats # 11001=Statistics-Connection_Reception_Large_Anomaly stats # 11002=Statistics-Connection_Reception_Medium_Anomaly stats # 11003=Statistics-Connection_Reception_Anomaly stats # 11004=Statistics-DNS_Minor_Anomaly stats # 11005=Statistics-DNS_Anomaly stats # 11006=Statistics-DNS_Medium_Anomaly stats # 11007=Statistics-DNS_Large_Anomaly stats # 11008=Statistics-Database_Minor_Anomaly stats # 11009=Statistics-Database_Anomaly stats # 11010=Statistics-Database_Medium_Anomaly stats # 11011=Statistics-Database_Large_Anomaly stats # 11012=Statistics-Restart_Minor_Anomaly stats # 11013=Statistics-Restart_Anomaly stats # 11014=Statistics-Restart_Medium_Anomaly stats # 11015=Statistics-Restart_Large_Anomaly stats # 11020=Statistics-Threatlist_Minor_Anomaly stats # 11021=Statistics-Threatlist_Anomaly stats # 11022=Statistics-Threatlist_Medium_Anomaly stats # 11023=Statistics-Threatlist_Large_Anomaly stats # 11036=Statistics-Vulnerability_Minor_Anomaly stats # 11037=Statistics-Vulnerability_Anomaly stats # 11038=Statistics-Vulnerability_Medium_Anomaly stats # 11039=Statistics-Vulnerability_Large_Anomaly stats # 11044=Statistics-Virus_Minor_Anomaly stats # 11045=Statistics-Virus_Anomaly stats # 11046=Statistics-Virus_Medium_Anomaly stats # 11047=Statistics-Virus_Large_Anomaly stats # 11048=Statistics-Firewall_Minor_Anomaly stats # 11049=Statistics-Firewall_Anomaly stats # 11050=Statistics-Firewall_Medium_Anomaly stats # 11051=Statistics-Firewall_Large_Anomaly stats # 11052=Statistics-Scanning_Minor_Anomaly stats # 11053=Statistics-Scanning_Anomaly stats # 11054=Statistics-Scanning_Medium_Anomaly stats # 11055=Statistics-Scanning_Large_Anomaly stats # 11084=Statistics-SPAM_Minor_Anomaly stats # 11085=Statistics-SPAM_Anomaly stats # 11086=Statistics-SPAM_Medium_Anomaly stats # 11087=Statistics-SPAM_Large_Anomaly stats # 11088=Statistics-Application_Minor_Anomaly stats # 11089=Statistics-Application_Anomaly stats # 11090=Statistics-Application_Medium_Anomaly stats # 11091=Statistics-Application_Large_Anomaly stats # 11099=Statistics-Nessus_Large_Anomaly stats # 11100=Statistics-System_Minor_Anomaly stats # 11101=Statistics-System_Anomaly stats # 11102=Statistics-System_Medium_Anomaly stats # 11103=Statistics-System_Large_Anomaly stats # 11112=Statistics-Connection_Minor_Anomaly stats # 11113=Statistics-Connection_Anomaly stats # 11114=Statistics-Connection_Medium_Anomaly stats # 11115=Statistics-Connection_Large_Anomaly stats # 11116=Statistics-Compliance_Minor_Anomaly stats # 11117=Statistics-Compliance_Anomaly stats # 11118=Statistics-Compliance_Medium_Anomaly stats # 11119=Statistics-Compliance_Large_Anomaly stats # 11124=Statistics-Honeypot_Minor_Anomaly stats # 11125=Statistics-Honeypot_Anomaly stats # 11126=Statistics-Honeypot_Medium_Anomaly stats # 11127=Statistics-Honeypot_Large_Anomaly stats # 11132=Statistics-Logout_Minor_Anomaly stats # 11133=Statistics-Logout_Anomaly stats # 11134=Statistics-Logout_Medium_Anomaly stats # 11135=Statistics-Logout_Large_Anomaly stats # 11144=Statistics-Error_Minor_Anomaly stats # 11145=Statistics-Error_Anomaly stats # 11146=Statistics-Error_Medium_Anomaly stats # 11147=Statistics-Error_Large_Anomaly stats # 11148=Statistics-Network_Minor_Anomaly stats # 11149=Statistics-Network_Anomaly stats # 11150=Statistics-Network_Medium_Anomaly stats # 11151=Statistics-Network_Large_Anomaly stats # 11152=Statistics-Login_Failure_Minor_Anomaly stats # 11153=Statistics-Login_Failure_Anomaly stats # 11154=Statistics-Login_Failure_Medium_Anomaly stats # 11155=Statistics-Login_Failure_Large_Anomaly stats # 11156=Statistics-LCE-Agent_Minor_Anomaly stats # 11157=Statistics-LCE-Agent_Anomaly stats # 11158=Statistics-LCE-Agent_Medium_Anomaly stats # 11159=Statistics-LCE-Agent_Large_Anomaly stats # 11160=Statistics-Login_Minor_Anomaly stats # 11161=Statistics-Login_Anomaly stats # 11162=Statistics-Login_Medium_Anomaly stats # 11163=Statistics-Login_Large_Anomaly stats # 11164=Statistics-Intrusion_Minor_Anomaly stats # 11165=Statistics-Intrusion_Anomaly stats # 11166=Statistics-Intrusion_Medium_Anomaly stats # 11167=Statistics-Intrusion_Large_Anomaly stats # 11168=Statistics-Detected_Change_Minor_Anomaly stats # 11169=Statistics-Detected_Change_Anomaly stats # 11170=Statistics-Detected_Change_Medium_Anomaly stats # 11171=Statistics-Detected_Change_Large_Anomaly stats # 11172=Statistics-DHCP_Minor_Anomaly stats # 11173=Statistics-DHCP_Anomaly stats # 11174=Statistics-DHCP_Medium_Anomaly stats # 11175=Statistics-DHCP_Large_Anomaly stats # 11176=Statistics-Web_Access_Minor_Anomaly stats # 11177=Statistics-Web_Access_Anomaly stats # 11178=Statistics-Web_Access_Medium_Anomaly stats # 11179=Statistics-Web_Access_Large_Anomaly stats # 11180=Statistics-Access_Minor_Anomaly stats # 11181=Statistics-Access_Anomaly stats # 11182=Statistics-Access_Medium_Anomaly stats # 11183=Statistics-Access_Large_Anomaly stats # 11184=Statistics-Access_Denied_Minor_Anomaly stats # 11185=Statistics-Access_Denied_Anomaly stats # 11186=Statistics-Access_Denied_Medium_Anomaly stats # 11187=Statistics-Access_Denied_Large_Anomaly stats # 11188=Statistics-File_Access_Minor_Anomaly stats # 11189=Statistics-File_Access_Anomaly stats # 11190=Statistics-File_Access_Medium_Anomaly stats # 11191=Statistics-File_Access_Large_Anomaly stats # 11192=Statistics-USB_Minor_Anomaly stats # 11193=Statistics-USB_Anomaly stats # 11194=Statistics-USB_Medium_Anomaly stats # 11195=Statistics-USB_Large_Anomaly stats # 11196=Statistics-Process_Minor_Anomaly stats # 11197=Statistics-Process_Anomaly stats # 11198=Statistics-Process_Medium_Anomaly stats # 11199=Statistics-Process_Large_Anomaly stats # 11200=Statistics-Web_Error_Minor_Anomaly stats # 11201=Statistics-Web_Error_Anomaly stats # 11202=Statistics-Web_Error_Medium_Anomaly stats # 11203=Statistics-Web_Error_Large_Anomaly stats # 11204=Statistics-Continuous_Minor_Anomaly stats # 11205=Statistics-Continuous_Anomaly stats # 11206=Statistics-Continuous_Medium_Anomaly stats # 11207=Statistics-Continuous_Large_Anomaly stats # 11208=Statistics-Social_Networks_Minor_Anomaly stats # 11209=Statistics-Social_Networks_Anomaly stats # 11210=Statistics-Social_Networks_Medium_Anomaly stats # 11211=Statistics-Social_Networks_Large_Anomaly stats # 11212=Statistics-PVS-Network_Minor_Anomaly stats # 11213=Statistics-PVS-Network_Anomaly stats # 11214=Statistics-PVS-Network_Medium_Anomaly stats # 11215=Statistics-PVS-Network_Large_Anomaly stats # 11216=Statistics-NeverBeforeSeen_Minor_Anomaly stats # 11217=Statistics-NeverBeforeSeen_Anomaly stats # 11218=Statistics-NeverBeforeSeen_Medium_Anomaly stats # 11219=Statistics-NeverBeforeSeen_Large_Anomaly stats # 11220=Statistics-Internal_Connection_Minor_Anomaly stats # 11221=Statistics-Internal_Connection_Anomaly stats # 11222=Statistics-Internal_Connection_Medium_Anomaly stats # 11223=Statistics-Internal_Connection_Large_Anomaly stats # 11224=Statistics-Connection_Initiation_Minor_Anomaly stats # 11225=Statistics-Connection_Initiation_Anomaly stats # 11226=Statistics-Connection_Initiation_Medium_Anomaly stats # 11227=Statistics-Connection_Initiation_Large_Anomaly stats # 11228=Statistics-Outbound_Connection_Minor_Anomaly stats # 11229=Statistics-Outbound_Connection_Anomaly stats # 11230=Statistics-Outbound_Connection_Medium_Anomaly stats # 11231=Statistics-Outbound_Connection_Large_Anomaly stats # # Plugins for file /usr/thunder/daemons/plugins/thunder_compromise.prm # # # Plugins for file /usr/thunder/daemons/plugins/thunder_generic.prm # # # Plugins for file /usr/thunder/daemons/plugins/thunder_network.prm # # # Plugins for file /usr/thunder/daemons/plugins/thunder_spikes.prm # # # Plugins for file /usr/thunder/daemons/plugins/ups.prm # # 131=UPS-On_Battery_Power system # 132=UPS-Battery_Power_Low system # 133=UPS-Battery_Is_Charging system # 134=UPS-System_No_Longer_On_Backup_Battery system # 135=UPS-Battery_Too_Low_To_Support_load system # 136=UPS-Switced_To_Battery_Backup system # 137=UPS-Low_Battery_Resolved system # 138=UPS-Output_Power_Turned_On system # 139=UPS-Output_Power_Turned_Off system # 140=UPS-Batteries_Discharged system # 141=UPS-Returned_From_Backup_Power system # 142=UPS-Returned_From_Low_Battery system # # Plugins for file /usr/thunder/daemons/plugins/virus_clamav.prm # # 300=ClamAV-Virus_Detected virus # 301=ClamAV-Phishing_Attempt_Detected spam # 302=ClamAV-Trojan_Detected virus # 303=ClamAV-Exploit_Detected virus # 304=ClamAV-Worm_Detected virus # 305=ClamAV-Adware_Detected spam # 306=ClamAV-Linux_Virus_Detected virus # 307=ClamAV-Spam_Detected spam # 308=ClamAV-Phishing_Attempt_Detected spam # # Plugins for file /usr/thunder/daemons/plugins/virus_eTrust.prm # # 3080=eTrust-Virus_Warning virus # 3081=eTrust-Virus_Information application # 3082=eTrust-Virus_Detected virus # # Plugins for file /usr/thunder/daemons/plugins/virus_mcafee.prm # # 5470=McAfee-Blocked_By_Anti_Virus_Standard_Protection virus # 5471=McAfee-Blocked_By_Common_Standard_Protection virus # 5472=McAfee-Blocked_By_Common_Maximum_Protection virus # 5473=McAfee-Blocked_By_Anti-Virus_Maximum_Protection virus # 5474=McAfee-Warn_Mode_Would_Be_Blocked virus # 5475=McAfee-File_Was_Infected virus # 5476=McAfee-File_Is_Infected virus # 5477=McAfee-Blocked_By_Port firewall # 5478=McAfee-Blocked_By_Buffer_Overflow intrusion # 5479=McAfee-Scan_Version application # # Plugins for file /usr/thunder/daemons/plugins/virus_mcafee_alt.prm # # 8120=McAfee-Blocked_By_Access_Protection_Rule firewall # 8121=McAfee-Blocked_By_Port_Rule_Warn firewall # # Plugins for file /usr/thunder/daemons/plugins/virus_sophos.prm # # 1650=Sophos-Suspicious_Email_Extension virus # 1651=Sophos-Email_Quarantined virus # 1652=Sophos-Restricted_Attachment_Type virus # 1653=Sophos-Encrypted_Attachment application # # Plugins for file /usr/thunder/daemons/plugins/virus_symantec.prm # # 3061=Symantec-Virus_Warning virus # 3062=Symantec-Virus_Information application # 3063=Symantec-Virus_Central_Quarantine virus # 3065=Symantec-IcePack_ShutDown restart # 3066=Symantec-IcePack_Started restart # 3067=Symantec-Disk_Space_Warning error # 3068=Symantec-Central_Quarantine_Started restart # 3069=Symantec-IcePack_Stopped restart # 3070=Symantec-Quarantine_Service_Stopped restart # 3071=Symantec-Virus_Cleaned_By_Deletion virus # # Plugins for file /usr/thunder/daemons/plugins/virus_symantec_endpoint.prm # # 7956=Symantec-Endpoint_File_Not_Found error # 7957=Symantec-Endpoint_Computer_Moved detected-change # 7958=Symantec-Endpoint_Computer_Deleted detected-change # 7959=Symantec-Endpoint_Logon login # 7960=Symantec-Endpoint_Logout logout # 7961=Symantec-Endpoint_Policy_Edited detected-change # 7962=Symantec-Endpoint_Policy_Added detected-change # 7963=Symantec-Endpoint_Policy_Deleted detected-change # 7964=Symantec-Endpoint_Logon_Failed login-failure # 7965=Symantec-Endpoint_Unexpected_Error error # 7966=Symantec-Endpoint_LDAP_Error error # 7967=Symantec-Endpoint_Exported_Package application # 7968=Symantec-Endpoint_Heuristic_Risk_Sample virus # 7969=Symantec-Endpoint_Allow_Rule_Executed application # 7970=Symantec-Endpoint_Link_Failed_Server_Contact application # 7971=Symantec-Endpoint_Virus_Found virus # # Plugins for file /usr/thunder/daemons/plugins/virus_trendmicro.prm # # 3051=TrendMicro-Virus_Detected virus # 3052=TrendMicro-Outbreak_Detected virus # # Plugins for file /usr/thunder/daemons/plugins/virus_windefender.prm # # 310=Windows-Defender_Has_Detected_Changes detected-change # 311=Windows-Defender_Has_Taken_Action virus # 312=Windows-Defender_Engine_Updated application # 313=Windows-Defender_Signatures_Updated application # 314=Windows-Defender_Scan_Started application # 315=Windows-Defender_Scan_Finished application # # Plugins for file /usr/thunder/daemons/plugins/vmware.prm # # 13850=VMWARE-Machine_Added application # 13851=VMWARE-Machine_Powered_On application # 13852=VMWARE-Machine_Removed_From_Inventory application # 13853=VMWARE-Login login # 13854=VMWARE-Login login # # Plugins for file /usr/thunder/daemons/plugins/vpn_cisco_concentrator.prm # # 2101=Cisco-VPN_Concentrator_IKE_Peer system # 2102=Cisco-VPN_Concentrator_Dropping_Packet firewall # 2103=Cisco-VPN_Concentrator_User_Authenticated login # 2104=Cisco-VPN_Concentrator_User_Client_Type connection # 2105=Cisco-VPN_Concentrator_User_Connected connection # 2106=Cisco-VPN_Concentrator_Phase_1_Completed system # 2107=Cisco-VPN_Concentrator_Received_Remote_Proxy system # 2108=Cisco-VPN_Concentrator_Received_Local_IP_Proxy system # 2109=Cisco-VPN_Concentrator_IKE_Remote_Peer system # 2110=Cisco-VPN_Concentrator_Overriding_Initiator_Duration system # 2111=Cisco-VPN_Concentrator_Negotiation_Complete login # 2112=Cisco-VPN_Concentrator_Phase_2_Complete system # 2113=Cisco-VPN_Concentrator_Time_Sync_Failure error # 2114=Cisco-VPN_Concentrator_Connection_Terminated system # 2115=Cisco-VPN_Concentrator_IKE_Delete system # 2116=Cisco-VPN_Concentrator_Disconnect_Session logout # 2117=Cisco-VPN_Concentrator_IKE_Lost_Contact error # 2118=Cisco-VPN_Concentrator_Auth_Rejected login-failure # 2119=Cisco-VPN_Concentrator_Failed_Admin_Login login-failure # 2120=Cisco-VPN_Concentrator_Admin_Login login # 2121=Cisco-VPN_Concentrator_Negotiation_Complete system # 2122=Cisco-VPN_Concentrator_Phase_2_Complete system # 2123=Cisco-VPN_Concentrator_No_Centry_IPSec error # 2124=Cisco-VPN_Concentrator_Rekeying system # 2125=Cisco-VPN_Concentrator_Phase_1_Completed system # 2126=Cisco-VPN_Concentrator_Received_Remote_Proxy system # 2127=Cisco-VPN_Concentrator_Received_Local_Proxy system # 2128=Cisco-VPN_Concentrator_IKE_Remote_Peer system # # Plugins for file /usr/thunder/daemons/plugins/vpn_citrix_access.prm # # 7545=Citrix_Access-TCP_Conn_Terminate application # 7546=Citrix_Access-CMD_Executed system # 7547=Citrix_Access-SSL_Handshake_Success connection # 7548=Citrix_Access-Extracted_Groups system # 7549=Citrix_Access-Login login # 7550=Citrix_Access-HTTP_Request system # 7551=Citrix_Access-TCP_Connstat connection # 7552=Citrix_Access-ICA_Start system # 7553=Citrix_Access-ICA_End_Connstat system # 7554=Citrix_Access-Logout logout # 7555=Citrix_Access-HTTP_Request system # 7556=Citrix_Access-Save_Config system # 7557=Citrix_Access-Delink system # 7558=Citrix_Access-SSL_Handshake_Failure error # 7559=Citrix_Access-Device_Down error # 7560=Citrix_Access-CMD_Executed system # 7561=Citrix_Access-HTTP_Request system # 7562=Citrix_Access-SNMP_Alarm_Started system # 7563=Citrix_Access-SNMP_Alarm_Ended system # 7564=Citrix_Access-Netscaler_Started restart # 7565=Citrix_Access-CPU_Started restart # 7566=Citrix_Access-Device_Out_Of_Service error # 7567=Citrix_Access-Device_Up system # 7568=Citrix_Access-Network_Interface_Started restart # 7569=Citrix_Access-Network_Interface_Stopped system # 7570=Citrix_Access-Network_Interface_Hung error # 7571=Citrix_Access-Network_Interface_Reset system # 7572=Citrix_Access-Network_Interface_Migrate system # 7573=Citrix_Access-Netscaler_Stopped restart # 7574=Citrix_Access-Bad_Memory_Freed error # 7575=Citrix_Access-Duplicate_Memory_Freed error # 7576=Citrix_Access-Wrong_Pool_Memory_Freed error # 7577=Citrix_Access-HA_Propagation_Succeeded system # 7578=Citrix_Access-HA_Propagation_Failed error # 7579=Citrix_Access-HA_State_Changed system # 7580=Citrix_Access-Cache_Flush_Start system # 7581=Citrix_Access-Cache_Flush_Stop system # 7582=Citrix_Access-Monitor_Threshold_Reached error # 7583=Citrix_Access-Monitor_Down error # 7584=Citrix_Access-Monitor_Up system # 7585=Citrix_Access-Netscaler_Reading_Config restart # 7586=Citrix_Access-Netscaler_Ended_Reading_Config restart # 7587=Citrix_Access-Low_Throughput_Thru_NIC error # 7588=Citrix_Access-Normal_Throughput_Thru_NIC system # 7589=Citrix_Access-Pittboss_System_Restart restart # 7590=Citrix_Access-Pittboss_Process_Restart restart # 7591=Citrix_Access-SSL_Cert_Expiring_Soon error # 7592=Citrix_Access-Session_Timeout system # 7593=Citrix_Access-Non_HTTP_Denied firewall # 7594=Citrix_Access-HTTP_Denied firewall # 7595=Citrix_Access-License_Limit error # 7596=Citrix_Access-Security_Check_Fails error # 7597=Citrix_Access-Security_False error # 7598=Citrix_AAA_Login_Failed login-failure # 7599=Citrix_Access-LACP_Event error # 7600=Citrix_Access-VPN_Login_Failure login-failure # 7601=Citrix_Access-VPN_Login login # # Plugins for file /usr/thunder/daemons/plugins/vpn_juno.prm # # 10515=Juniper-VPN_Access_Log_Nearly_Full system # 10516=Juniper-VPN_Client_Trying_To_Connect error # 10517=Juniper-VPN_Log_Nearly_Full system # 10519=Juniper-VPN_Session_Started connection # 10520=Juniper-VPN_Host_Checker system # 10521=Juniper-VPN_Key_Exchange system # 10522=Juniper-VPN_Logout logout # 10523=Juniper-VPN_Closed_Connection connection # 10524=Juniper-VPN_Session_Ended connection # 10525=Juniper-VPN_Radius_Accounting_Failed error # 10526=Juniper-VPN_Primary_Auth_Success login # 10527=Juniper-VPN_Secondary_Auth_Success login # 10528=Juniper-VPN_Host_Checker_Passed system # 10529=Juniper-VPN_Remote_Address_Change detected-change # 10580=Juniper-VPN_Login_Succeeded login # 10581=Juniper-VPN_Connection connection # 10582=Juniper-VPN_Network_Connection connection # # Plugins for file /usr/thunder/daemons/plugins/web_apache.prm # # 2800=Apache-Access_Denied web-error # 2801=Apache-Invalid_Characters web-error # 2802=Apache-Pausing_Potential_Scanner web-error # 2803=Apache-Refused_Proxy_Attempt web-error # 2804=Apache-Known_Web_probe web-error # 2805=Apache-Invalid_Method web-error # 2806=Apache-Bad_RSA_Certificate web-error # 2807=Apache-Directory_Index_Forbidden web-error # 2808=Apache-Invalid_URI web-error # 2809=Apache-URI_To_Long web-error # 2810=Apache-Failed-CGI web-error # 2811=Apache-Proxy_Request_Failed web-error # 2812=Apache-404_Error web-error # 2813=Apache-Script_Not_Found web-error # 2814=Apache-PHP_Undefined_Var web-error # 2815=Apache-Ref_File_Request_Error web-error # 2817=Apache-PHP_Undefined_Constant web-error # 2818=Apache-PHP_Undefined_Offset web-error # 2819=Apache-PHP_Upload_Max_Filesize_Exceeded web-error # 12820=Apache-PHP_fread_Warning web-error # 12821=Apache-SSI_Config_Warning web-error # 12822=Apache-Script_Not_Found web-error # 12823=Apache-PHP_Undefined_Index web-error # 12824=Apache-Attempt_To_Invoke_Directory_As_Script web-error # 12825=Apache-Client_Denied_By_Server web-error # 12827=Apache-Permission_Denied web-error # 12828=Apache-Premature_End_Of_Script web-error # 12829=Apache-No_Such_File_Or_Directory web-error # 12830=Apache-Malformed_Host_Header web-error # 12831=Apache-Script_With_Unquoted_String web-error # 12832=Apache-Possible_Script_Typo web-error # 12833=Apache-Closed_Script_Filehandle web-error # 12834=Apache-DES_MD5_Connection web-access # 12835=Apache-DHE_RSA_Connection web-access # 12836=Apache-MD5_Connection web-access # 12837=Apache-AES_SHA_Connection web-access # 12838=Apache-304_Error web-error # 12839=Apache-Erroneous_Characters_After_Protocol web-error # 12840=Apache-302_Post web-access # 12841=Apache-PHP_Undefined_Index web-error # 12842=Apache-PHP_Illegal_Offset web-error # 12843=Apache-Permission_Denied web-error # 12844=Apache-Alert_ASCII_NUL web-error # 12845=Apache-Alert_Forbidden_Variable web-error # 12846=Apache-Error_File_Not_Found web-error # 12847=Apache-Valid_Web_GET_Request web-access # 12848=Apache-Valid_Web_POST_Request web-access # 12849=Apache-GET_Redirect web-access # 12850=Apache-POST_Redirect web-access # 12851=Apache-GET_Client_Request_Error web-error # 12852=Apache-POST_Client_Request_Error web-error # 12853=Apache-GET_Server_Error web-error # 12854=Apache-POST_Server_Error web-error # 12855=Apache-File_Name_Too_Long web-error # 12856=Apache-Valid_Web_GET_Request web-access # 12857=Apache-Valid_Web_POST_Request web-access # 12858=Apache-GET_Redirect web-access # 12859=Apache-POST_Redirect web-access # 12860=Apache-GET_Client_Request_Error web-error # 12861=Apache-POST_Client_Request_Error web-error # 12862=Apache-GET_Server_Error web-error # 12863=Apache-POST_Server_Error web-error # 12865=Apache-Executable_APP_Request web-access # 12866=Apache-Content_ASP_Request web-access # 12867=Apache-Video_AVI_Request web-access # 12868=Apache-Image_BMP_Request web-access # 12869=Apache-Content_CGI_Request web-access # 12870=Apache-Content_CSS_Request web-access # 12872=Apache-Office_DOC_DOCX_Request web-access # 12874=Apache-Image_GIF_Request web-access # 12875=Apache-Executable_EXE_Request web-access # 12876=Apache-Video_FLV_Request web-access # 12877=Apache-File_GZ_Request web-access # 12878=Apache-Content_HTM_HTML_Request web-access # 12879=Apache-Disk_ISO_Request web-access # 12880=Apache-Executable_JAVA_Request web-access # 12881=Apache-Image_JPEG_Request web-access # 12882=Apache-Image_JPG_Request web-access # 12883=Apache-Executable_JS_Request web-access # 12884=Apache-Video_MPG_Request web-access # 12885=Apache-Video_MPEG_Request web-access # 12886=Apache-Audio_MPA_Request web-access # 12887=Apache-Audio_M4A_Request web-access # 12888=Apache-Audio_MP3_Request web-access # 12889=Apache-Media_MP4_Request web-access # 12890=Apache-Video_MOV_Request web-access # 12891=Apache-Executable_MSI_Request web-access # 12892=Apache-Office_PDF_Request web-access # 12893=Apache-Content_PHP_Request web-access # 12894=Apache-Executable_PKG_Request web-access # 12895=Apache-Image_PNG_Request web-access # 12896=Apache-Office_PPS_Request web-access # 12897=Apache_Office_PPT_PPTX_Request web-access # 12898=Apache-Audio_RA_Request web-access # 12899=Apache-Audio_RAM_Request web-access # 12900=Apache-File_RAR_Request web-access # 12901=Apache-Executable_RPM_Request web-access # 12902=Apache-Media_RM_Request web-access # 12903=Apache-Content_RSS_Request web-access # 12904=Apache-Media_SWF_Request web-access # 12905=Apache-File_TAR_Request web-access # 12906=Apache-File_TORRENT_Request web-access # 12907=Apache-File_TGZ_Request web-access # 12908=Apache-File_TAR_GZ_Request web-access # 12909=Apache-Disk_VCD_Request web-access # 12910=Apache-Audio_WAV_Request web-access # 12911=Apache-Audio_WMA_Request web-access # 12912=Apache-Video_WMV_Request web-access # 12914=Apache-Office_TXT_Request web-access # 12915=Apache-Office_ICAL_Request web-access # 12916=Apache-Office_RTF_Request web-access # 12917=Apache-File_XML_Request web-access # 12919=Apache-Media_SCR_Request web-access # 12941=Apache-Media_XAP_Request web-access # 12942=Apache-Office_XLS_XLSX_Request web-access # 12943=Apache-Video_VOB_Request web-access # 12944=Apache-File_ZIP_Request web-access # 12945=Apache-Invalid_Content_Length web-error # 12946=Apache-Attempt_To_Serve_Directory web-error # # Plugins for file /usr/thunder/daemons/plugins/web_bluecoat_admin.prm # # 4400=BluecoatAdmin-Connect_Error error # 4411=BluecoatAdmin-Connect_Error error # 4412=BluecoatAdmin-Connection login # 4413=BluecoatAdmin-Connect_Error error # 4414=BluecoatAdmin-Upload_Complete system # 4415=BluecoatAdmin-Connect_Error error # 4416=BluecoatAdmin-Connection login # 4417=BluecoatAdmin-Connection_Failed error # 4418=BluecoatAdmin-Failed_Password login-failure # 4419=BluecoatAdmin-Login login # 4420=BluecoatAdmin-Failed_Login login-failure # 4421=BluecoatAdmin-Login login # 4422=BluecoatAdmin-Password_Enable_Failed login-failure # 4423=BluecoatAdmin-Authentication_Canceled login-failure # 4424=BluecoatAdmin-Configuration_Change system # 4425=BluecoatAdmin-Proxy_Bypassed system # 4426=BluecoatAdmin-Download_Failed error # 4427=BluecoatAdmin-Connection login # 4428=BluecoatAdmin-Write_Connection_Closed error # 4429=BluecoatAdmin-Connection_Closed logout # 4430=BluecoatAdmin-SSL_Error error # 4431=BluecoatAdmin-ReadWrite_Mode system # 4432=BluecoatAdmin-Proxy_Restored system # 4433=BluecoatAdmin-Failed_Proxy error # 4434=BluecoatAdmin-NTP_Time_Acceptable system # 4435=BluecoatAdmin-NTP_Update_Error error # 4436=BluecoatAdmin-Console_Login_Failure login-failure # 4437=BluecoatAdmin-Invalid_User login-failure # 4438=BluecoatAdmin-Snapshot system # 4439=BluecoatAdmin-Download_Complete system # 4440=BluecoatAdmin-Null_Character_Found system # 4441=BluecoatAdmin-No_Identification_String system # 4442=BluecoatAdmin-Invalid_User login-failure # 4443=BluecoatAdmin-Failed_Login login-failure # 4444=BluecoatAdmin-Open_Transparent_Set system # 4445=BluecoatAdmin-Protocol_Versions_Differ_SSH system # # Plugins for file /usr/thunder/daemons/plugins/web_f5_ltm.prm # # 700=F5-LTM_Client-Connection connection # 701=F5-LTM_Server-Connection connection # 702=F5-LTM_Web-Connection connection # # Plugins for file /usr/thunder/daemons/plugins/web_iis.prm # # 7621=IIS-Get_Request web-access # 7622=IIS-Search_Request web-access # 7623=IIS-Bproppatch_Request web-access # 7624=IIS-Bmove_Request web-access # 7625=IIS-Propfind_Request web-access # 7626=IIS-Poll_Request web-access # 7627=IIS-Subscribe_Request web-access # 7628=IIS-Post_Request web-access # 7629=IIS-Proppatch_Request web-access # 7630=IIS-Delete_Request web-access # 7631=IIS-Options_Request web-access # 7632=IIS-Head_Request web-access # 7633=IIS-Bdelete_Request web-access # 7634=IIS-Move_Request web-access # 7635=IIS-Copy_Request web-access # 7636=IIS-Bpropfind_Request web-access # 7637=IIS-Bad_Post_Request web-error # 7638=IIS-Bad_Get_Request web-error # 7639=IIS-Get_Request_Error web-error # 7640=IIS-Bad_Post_Request web-error # 7642=IIS-Executable_APP_Request web-access # 7643=IIS-Content_ASP_Request web-access # 7644=IIS-Video_AVI_Request web-access # 7645=IIS-Image_BMP_Request web-access # 7646=IIS-Content_CGI_Request web-access # 7647=IIS-Content_CSS_Request web-access # 7648=IIS-Disk_DMG_Request web-access # 7649=IIS-Office_DOC_DOCX_Request web-access # 7652=IIS-Image_GIF_Request web-access # 7653=IIS-Executable_EXE_Request web-access # 7654=IIS-Video_FLV_Request web-access # 7655=IIS-File_GZ_Request web-access # 7656=IIS-Content_HTM_HTML_Request web-access # 7658=IIS-Disk_ISO_Request web-access # 7659=IIS-Executable_JAVA_Request web-access # 7660=IIS-Image_JPEG_Request web-access # 7661=IIS-Image_JPG_Request web-access # 7662=IIS-Executable_JS_Request web-access # 7663=IIS-Video_MPG_Request web-access # 7664=IIS-Video_MPEG_Request web-access # 7665=IIS-Audio_MPA_Request web-access # 7666=IIS-Audio_M4A_Request web-access # 7667=IIS-Audio_MP3_Request web-access # 7668=IIS-Media_MP4_Request web-access # 7669=IIS-Video_MOV_Request web-access # 7670=IIS-Executable_MSI_Request web-access # 7671=IIS-Office_PDF_Request web-access # 7672=IIS-Content_PHP_Request web-access # 7673=IIS-Executable_PKG_Request web-access # 7674=IIS-IMage_PNG_Request web-access # 7675=IIS-Office_PPS_Request web-access # 7676=IIS-Office_PPT_PPTX_Request web-access # 7677=IIS-Audio_RA_Request web-access # 7678=IIS-Audio_RAM_Request web-access # 7679=IIS-File_RAR_Request web-access # 7680=IIS-Executable_RPM_Request web-access # 7681=IIS-Media_RM_Request web-access # 7682=IIS-Content_RSS_Request web-access # 7683=IIS-Media_SWF_Request web-access # 7684=IIS-File_TAR_Request web-access # 7685=IIS-File_TORRENT_Request web-access # 7686=IIS-File_TGZ_Request web-access # 7687=IIS-File_TAR_GZ_Request web-access # 7688=IIS-Disk_VCD_Request web-access # 7689=IIS-Audio_WAV_Request web-access # 7690=IIS-Audio_WMA_Request web-access # 7691=IIS-Video_WMV_Request web-access # 7693=IIS-Office_TXT_Request web-access # 7694=IIS-Office_ICAL_Request web-access # 7695=IIS-Office_RTF_Request web-access # 7696=IIS-File_XML_Request web-access # 7697=IIS-Media_SCR_Request web-access # 7699=IIS-Media_XAP_Request web-access # 7700=IIS-Office_XLS_XLSX_Request web-access # 7701=IIS-Video_VOB_Request web-access # 7702=IIS-File_ZIP_Request web-access # # Plugins for file /usr/thunder/daemons/plugins/web_iis_snare.prm # # 4341=IIS-Get_Request web-access # 4342=IIS-Search_Request web-access # 4343=IIS-Bproppatch_Request web-access # 4344=IIS-Bmove_Request web-access # 4345=IIS-Propfind_Request web-access # 4346=IIS-Poll_Request web-access # 4347=IIS-Subscribe_Request web-access # 4348=IIS-Post_Request web-access # 4349=IIS-Proppatch_Request web-access # 4350=IIS-Delete_Request web-access # 4351=IIS-Options_Request web-access # 4352=IIS-Head_Request web-access # 4353=IIS-Bdelete_Request web-access # 4354=IIS-Move_Request web-access # 4355=IIS-Copy_Request web-access # 4356=IIS-Bpropfind_Request web-access # 4357=IIS-Bad_Post_Request web-error # 4358=IIS-Bad_Get_Request web-access # 4359=IIS-Get_Request_Error web-error # 4360=IIS-Bad_Post_Request web-error # # Plugins for file /usr/thunder/daemons/plugins/web_ncsa_common_access_log_format.prm # # 4000=Web_GET_OK web-access # 4001=Web_GET_Accepted web-access # 4002=Web_GET_PartialInfo web-access # 4003=Web_GET_NoResponse web-access # 4004=Web_GET_BadRequest web-error # 4005=Web_GET_UnauthorizedRequest web-error # 4006=Web_GET_PaymentRequired web-access # 4007=Web_GET_Forbidden web-error # 4008=Web_GET_PageNotFound web-error # 4009=Web_GET_ServerError web-error # 4010=Web_GET_ServerErrorNotImplemented web-error # 4011=Web_GET_ServerOverload web-access # 4012=Web_GET_GTWY_Timeout web-access # 4013=Web_POST_OK web-access # 4014=Web_POST_Accepted web-access # 4015=Web_POST_PartialInfo web-access # 4016=Web_POST_NoResponse web-access # 4017=Web_POST_BadRequest web-error # 4018=Web_POST_UnauthorizedRequest web-error # 4019=Web_POST_PaymentRequired web-error # 4020=Web_POST_Forbidden web-error # 4021=Web_POST_PageNotFound web-error # 4022=Web_POST_ServerError web-error # 4023=Web_POST_ServerErrorNotImplemented web-error # 4024=Web_POST_ServerOverload web-access # 4025=Web_POST_GTWY_Timeout web-access # 4026=Web_HEAD_OK web-access # 4027=Web_HEAD_Accepted web-access # 4028=Web_HEAD_PartialInfo web-access # 4029=Web_HEAD_NoResponse web-access # 4030=Web_HEAD_BadRequest web-access # 4031=Web_HEAD_UnauthorizedRequest web-error # 4032=Web_HEAD_PaymentRequired web-error # 4033=Web_HEAD_Forbidden web-error # 4034=Web_HEAD_PageNotFound web-error # 4035=Web_HEAD_ServerError web-error # 4036=Web_HEAD_ServerErrorNotImplemented web-error # 4037=Web_HEAD_ServerOverload web-access # 4038=Web_HEAD_GTWY_Timeout web-access # 4039=Web_POST_Created web-access # 4040=Web_GET_Misc web-access # 4041=Web_POST_Misc web-access # 4042=Web_HEAD_Misc web-access # 4043=Web_CONNECT_407 web-access # 4044=Web_CONNECT_200 web-access # 4045=Web_CONNECT_403 web-access # # Plugins for file /usr/thunder/daemons/plugins/web_oracle_http_server.prm # # 3550=OracleHS-HandShake_Error web-error # 3551=OracleHS-Connection_Error web-error # 3552=OracleHS-General_Error error # # Plugins for file /usr/thunder/daemons/plugins/web_php_errors.prm # # 2550=PHP-Generic_Warning_Message error # 2551=PHP-Generic_Notice_Message error # # Plugins for file /usr/thunder/daemons/plugins/web_php_suhosin.prm # # 5529=Suhosin-NULL_ASCII_Characters web-error # 5530=Suhosin-Max_Execution_Depth web-error # 5531=Suhosin-Forbidden_Variable web-error # 5532=Suhosin-Memory_Increase web-error # 5533=Suhosin-Variable_Size_Limit_Exceeded web-error # 5534=Suhosin-Variable_Size_Limit_Exceeded web-error # 5535=Suhosin-File_Is_Unauthorized_URL web-error # 5536=Suhosin-Buffer_Overflow_Detected web-error # 5537=Suhosin-Corupt_Linked_List web-error # 5538=Suhosin-Filename_Too_Long web-error # 5539=Suhosin-Alert web-error # # Plugins for file /usr/thunder/daemons/plugins/web_squid.prm # # 2825=Squid-Cache_Miss web-access # 2826=Squid-Cache_Hit web-access # 2827=Squid-Proxy_Denied web-error # 2828=Squid-Refresh_Miss web-access # 2829=Squid-Denied web-error # 2830=Squid-Syslog_Errs error # 2831=Squid_HTTP_Invalid_Header web-error # 2832=Squid-Refresh_Miss web-access # 2833=Squid-TCP_Miss web-access # 2834=Squid-Refresh_Hit web-access # 2835=Squid-TCP_IMS_Hit web-access # 2837=Squid-TCP_Miss web-access # 2838=Squid-TCP_Miss web-access # 2839=Squid-TCP_Miss web-access # 2840=Squid-TCP_Miss web-access # 2841=Squid-TCP_Miss web-access # 2842=Squid-Negative-Hit web-access # 2843=Squid-TCP_Miss web-access # 2844=Squid-TCP_Miss web-access # 2845=Squid-TCP_Miss web-access # # Plugins for file /usr/thunder/daemons/plugins/web_suricata.prm # # 2650=Suricata-HTTP_Request_Logged web-access # # Plugins for file /usr/thunder/daemons/plugins/web_w3c_extended_log_format.prm # # 4051=Web_GET_Accepted web-access # 4052=Web_GET_PartialInfo web-access # 4053=Web_GET_NoResponse web-error # 4054=Web_GET_BadRequest web-error # 4055=Web_GET_UnauthorizedRequest web-error # 4056=Web_GET_PaymentRequired web-error # 4057=Web_GET_Forbidden web-error # 4058=Web_GET_NotFound web-error # 4059=Web_GET_ServerError web-error # 4060=Web_GET_ServerErrorNotImplemented web-error # 4061=Web_GET_ServerOverload web-access # 4062=Web_GET_GTWY_Timeout web-access # 4063=Web_POST_OK web-access # 4064=Web_POST_Accepted web-access # 4065=Web_POST_PartialInfo web-access # 4066=Web_POST_NoResponse web-access # 4067=Web_POST_BadRequest web-error # 4068=Web_POST_UnauthorizedRequest web-error # 4069=Web_POST_PaymentRequired web-error # 4070=Web_POST_Forbidden web-error # 4071=Web_POST_NotFound web-error # 4072=Web_POST_ServerError web-error # 4073=Web_POST_ServerErrorNotImplemented web-error # 4074=Web_POST_ServerOverload web-access # 4075=Web_POST_GTWY_Timeout web-access # 4076=Web_HEAD_OK web-access # 4077=Web_HEAD_Accepted web-access # 4078=Web_HEAD_PartialInfo web-access # 4079=Web_HEAD_NoResponse web-access # 4080=Web_HEAD_BadRequest web-error # 4081=Web_HEAD_UnauthorizedRequest web-error # 4082=Web_HEAD_PaymentRequired web-error # 4083=Web_HEAD_Forbidden web-error # 4084=Web_HEAD_NotFound web-error # 4085=Web_HEAD_ServerError web-error # 4086=Web_HEAD_ServerErrorNotImplemented web-error # 4087=Web_HEAD_ServerOverload web-access # 4088=Web_HEAD_GTWY_Timeout web-error # 4089=Web_GET_Misc web-access # 4090=Web_POST_Misc web-access # 4091=Web_HEAD_Misc web-access # 4050=Web_GET_Ok web-access # 4093=Web-Executable_APP_Request web-access # 4094=Web-Content_ASP_Request web-access # 4095=Web-Video_AVI_Request web-access # 4096=Web-Image_BMP_Request web-access # 4097=Web-Content_CGI_Request web-access # 4098=Web-Content_CSS_Request web-access # 4100=Web-Office_DOC_Request web-access # 4101=Web-Office_DOCX_Request web-access # 4103=Web-Image_GIF_Request web-access # 4104=Web-Executable_EXE_Request web-access # 4105=Web-Video_FLV_Request web-access # 4106=Web-File_GZ_Request web-access # 4107=Web-Content_HTM_Request web-access # 4108=Web-Content_HTML_Request web-access # 4110=Web-Executable_JAVA_Request web-access # 4111=Web-Image_JPEG_Request web-access # 4112=Web-Image_JPG_Request web-access # 4113=Web-Executable_JS_Request web-access # 4114=Web-Video_MPG_Request web-access # 4115=Web-Video_MPEG_Request web-access # 4116=Web-Audio_MPA_Request web-access # 4117=Web-Audio_M4A_Request web-access # 4118=Web-Audio_MP3_Request web-access # 4119=Web-Media_MP4_Request web-access # 4120=Web-Video_MOV_Request web-access # 4121=Web-Executable_MSI_Request web-access # 4122=Web-Office_PDF_Request web-access # 4123=Web-Content_PHP_Request web-access # 4125=Web-IMage_PNG_Request web-access # 4126=Web-Office_PPS_Request web-access # 4127=Web-Office_PPT_Request web-access # 4128=Web-Audio_RAM_Request web-access # 4129=Web-Audio_RA_Request web-access # 4130=Web-File_RAR_Request web-access # 4131=Web-Executable_RPM_Request web-access # 4132=Web-Media_RM_Request web-access # 4133=Web-Content_RSS_Request web-access # 4134=Web-Media_SWF_Request web-access # 4135=Web-File_TAR_Request web-access # 4137=Web-File_TGZ_Request web-access # 4138=Web-File_TAR_GZ_Request web-access # 41410=Web-Audio_WAV_Request web-access # 41411=Web-Audio_WMA_Request web-access # 41412=Web-Video_WMV_Request web-access # 41413=Web-Office_PPTX_Request web-access # 41414=Web-Office_TXT_Request web-access # 41417=Web-File_XML_Request web-access # 41418=Web-Office_XLSX_Request web-access # 41419=Web-File_ZIP_Request web-access # 41421=Web-Media_SCR_Request web-access # 41422=Web-Media_XAP_Request web-access # 41423=Web-Office_XLS_Request web-access # # Plugins for file /usr/thunder/daemons/plugins/web_weblabyrinth.prm # # 10570=WebLabrinth-New_Host_Logged honeypot # 10571=WebLabrinth-Webcrawler_Ensnared honeypot # # Plugins for file /usr/thunder/daemons/plugins/xpient_cc.prm # # 6954=Xpient-Transaction_Amount_Logged application # 6955=Xpient-CreditCard_Logged application # CUSTOMER RESERVED IDs # 25000 - 27999 # # List of IDs with user tags # # id=1032 event=BlueSocket-User_Login # id=13107 event=CiscoASA-AAA_Invalid_Password # id=13108 event=CiscoASA-AAA_Logon_Successful # id=13109 event=CiscoASA-AAA_WebVPN_Session_Started # id=13110 event=CiscoASA-AAA_Port_Forwarding_Started # id=13111 event=CiscoASA-AAA_WebVPN_Session_Terminated # id=13112 event=CiscoASA-AAA_Logon_Successful # id=13113 event=CiscoASA-AAA_Authentication_Failed # id=13114 event=CiscoASA-User_Executed_Commands # id=13115 event=CiscoASA-Session_Timeout # id=13116 event=CiscoASA-Session_Disconnected # id=13300 event=CiscoASA-IPsec_Session_Disconnect # id=13305 event=CiscoASA-AAA_Retrieved_Default_Policy # id=13306 event=CiscoASA-DAP_IPSec_Connection # id=13307 event=CiscoASA-Unsupported_Transaction # id=13308 event=CiscoASA-Client_Type # id=13312 event=CiscoASA-Assigned_Private_IP_Address # id=13349 event=CiscoASA-WebVPN_Created # id=13353 event=CiscoASA-Large_Packet_Transmitted # id=13354 event=CiscoASA-WebVPN_Session_Terminated # id=13357 event=CiscoASA-WebVPN_Deleted # id=13358 event=CiscoASA-DaP_User # id=13359 event=CiscoASA-WebVPN_UDP_Connection # id=13360 event=CiscoASA-WebVPN_UDP_Connection_No_Compresion # id=13362 event=CiscoASA-IPSEC_Received_ESP_Packet # id=13364 event=CiscoASA-WebVPN_User_Disconnect # id=13365 event=CiscoASA-WebVPN_User_Disconnected_Without_Compression # id=13366 event=CiscoASA-WebVPN_User_DPD_Failure # id=13371 event=CiscoASA-AAA_Group_Policy_Set # id=13372 event=CiscoASA-AAA_Group_Policy_Retrieved # id=13377 event=CiscoASA-Anyconnect_Lost_Connection # id=13378 event=CiscoASA-Assigned_To_Session # id=13381 event=CiscoASA-Recovering_From_error # id=13382 event=CiscoASA-No_Existing_Connection # id=13384 event=CiscoASA-No_IPv6_Address_Available # id=13385 event=CiscoASA-Session_Resumed # id=8862 event=CiscoFWSM-AAA_User_Accounting_Successful # id=4155 event=F5BigIP-User_Audit # id=10656 event=FIOS_Wireless-Login # id=10657 event=FIOS_Wireless-Configuration_Change # id=10448 event=Fortigate-Tunnel_Up # id=10449 event=Fortigate-Successful_VPN_Login # id=10450 event=Fortigate-Tunnel_Down # id=105020 event=Juniper-User_Authenticated # id=105021 event=Juniper-Login_Event # id=9812 event=Sidewinder_Firewall_Relayed_Email # id=6213 event=WatchGuard-User_Authenticated # id=6214 event=WatchGuard-VPN_User_Logged_Out # id=6215 event=WatchGuard-Authentication_Failed # id=6216 event=WatchGuard-Configuration_Change # id=8022 event=VSFTPD-Authentication_Failure # id=8023 event=VSFTPD-Session_Opened # id=8024 event=VSFTPD-Session_Closed # id=8025 event=VSFTPD-Error_Retrieving_Information # id=8027 event=VSFTPD-Authentication_Error # id=8028 event=VSFTPD-Failed_Login # id=8034 event=VSFTPD-Authentication_Error_Admin # id=10316 event=LSASSD-Authentication_Failed # id=10317 event=LSASSD-Authentication_Failed_Admin # id=3450 event=Dovecot-IMAP-User_Login # id=3451 event=Dovecot-POP-User_Login # id=5450 event=IMAP-User_Login # id=5453 event=IMAP-User_Login # id=5454 event=IMAP-User_Login_Failed # id=9928 event=Postfix-SASL_Login # id=3803 event=QPopper-Login # id=1708 event=IMAP-Login # id=4611 event=Cisco-NAC_Out_Of_Band_User_Login # id=4614 event=Cisco-NAC_Login_Temporary # id=18000 event=ForeScout-CounterAct_Compliant # id=18001 event=ForeScout-CounterAct_Non_Compliant # id=5834 event=TippingPoint-Logout # id=5835 event=TippingPoint-Login # id=5836 event=TippingPoint-Idle_Timeout # id=1378 event=Linux-SU_Session_Opened # id=1379 event=Linux-SU_Session_Closed # id=1380 event=Linux-SU_Authentication_Failure # id=7005 event=Linux-Audit_Credential_Refresh # id=7006 event=Linux-Audit_Credential_Reset # id=7007 event=Linux-Audit_User_Session_End # id=7008 event=Linux-Audit_User_Authorized # id=7009 event=Linux-Audit_Credential_Set # id=7011 event=Linux-Audit_User_Session_Started # id=7013 event=Linux-Audit_User_Authenticated # id=7016 event=Linux-Audit_User_Authenticate_Failed # id=7017 event=Linux-Audit_User_Login_Failed # id=7018 event=Linux-Audit_Credential_Refresh # id=7019 event=Linux-Audit_Credential_Reset # id=7020 event=Linux-Audit_User_Session_End # id=7021 event=Linux-Audit_User_Authorized # id=7022 event=Linux-Audit_Credential_Set # id=7023 event=Linux-Audit_User_Session_Started # id=7024 event=Linux-Audit_User_Authenticated # id=7025 event=Linux-Audit_User_Authenticate_Failed # id=7026 event=Linux-Audit_User_Login_Failed # id=10072 event=Unix-Audit_Login_Failure # id=10074 event=Unix-Audit_Login # id=10075 event=Unix-Audit_User_Authentication # id=10077 event=Unix-Audit_User_Authentication_Failed # id=10081 event=Unix-Audit_Add_User_To_Group # id=10082 event=Unix-Audit_Ssauthint # id=10084 event=Unix-Audit_Password_Modified # id=7293 event=Windows-Successful_Login # id=7304 event=Windows-Login # id=7306 event=Windows-Credential_Validation # id=7308 event=Windows-Account_Logged_Off # id=7311 event=Windows-Failed_Login # id=7329 event=Windows-User_Logoff # id=7334 event=Windows-Disconnected_Session # id=7365 event=Windows-Domain_Controller_Failed_Validation # id=7387 event=Windows-User_Account_Unlocked # id=17466 event=Windows-Credential_Validation # id=17467 event=Windows-Successful_Login # id=17468 event=Windows-Failed_Login # id=17469 event=Windows-Login # id=17471 event=Windows-Successful_Login # id=17472 event=Windows-Failed_Login # id=30515 event=Windows-IRIS_Authentication_Successful # id=30516 event=Windows-IRIS_Signon_Successful # id=30517 event=Windows-IRIS_Signon_Failed # id=30518 event=Windows-IRIS_Signoff_Completed # id=30520 event=Windows-Remote_User_Login_Record # id=3201 event=Windows-Logon_Failure # id=3209 event=Windows-Account_Used_For_Login # id=3210 event=Windows-Authentication_Ticket_Granted # id=3229 event=Windows-User_Account_Changed # id=3242 event=Windows-Successfull_Access_Grant # id=3249 event=Windows-Special_Privilege_New_Logon # id=3260 event=Windows-Successful_Network_Login # id=3262 event=Windows-Logon_With_Credentials # id=3294 event=Windows-Successful_Network_Login # id=3324 event=Windows-Logon_With_Credentials # id=3326 event=Windows-Authentication_Ticket_Not_Granted # id=3328 event=Windows-Account_Locked # id=3338 event=Windows-Pre-authentication_Failed # id=3339 event=Windows-Admin_ACLs_Set # id=3340 event=Windows-Successful_Network_Login # id=31527 event=Windows-IAS_User_Granted_Access # id=31534 event=Windows-Restart_Shutdown # id=2860 event=Radius-Access_Granted # id=2870 event=Steel-Belted-Radius_Password_Accepted # id=1161 event=Cisco-Failed_Login # id=28425 event=MSSQLSVR-Successful_Login # id=28426 event=MSSQLSVR-Trace_Toggled # id=28429 event=MSSQLSVR-CHECKCATALOG # id=28433 event=MSSQLSVR-Login_Failed # id=28434 event=MSSQLSVR-Login_Succeeded_For_Local_Machine # id=22860 event=Oracle-Audit_Action_Connection # id=22861 event=Oracle-Audit_Action_Shutdown # id=22862 event=Oracle-Audit_Action_Startup # id=22863 event=Oracle-Audit_Action_Logoff # id=22864 event=Oracle-Audit_Action_Logon # id=18015 event=FreeSSH_Login # id=18016 event=FreeSSH-Server_Disconnected_User # id=18017 event=FreeSSH-Server_Failed_Login # id=18018 event=FreeSSH-Server_User_Unknown # id=2907 event=Nessus-Scan_Starting # id=2908 event=Nessus-Host_Scan_Start # id=4816 event=PVS-IMAP_UserID_Enumeration # id=4937 event=PVS-Iheartradio_Stream_Accessed # id=4940 event=PVS-AIM_User_Detected # id=8272 event=SC4-Login # id=8273 event=SC4-Logout # id=8274 event=SC4-Repository_Modified # id=8275 event=SC4-LCE_Modified # id=8277 event=SC4-Failed_Attempt_To_Create_Role # id=8278 event=SC4-Created_User # id=8279 event=SC4-Deleted_User # id=8280 event=SC4-Modified_User # id=8282 event=SC4-Invalid_Logon_Attempt # id=8284 event=SC4-LCE_Deleted # id=8285 event=SC4-LCE_Created # id=8287 event=SC4-Access_To_Repository_Granted # id=8293 event=SC4-Organization_Asset_Modified # id=8294 event=SC4-Asset_Deleted # id=8295 event=SC4-Repository_Created # id=8297 event=SC4-Organization_Created_By_Admin # id=8298 event=SC4-User_Creation_Failure # id=8301 event=SC4-Organization_Modified # id=7959 event=Symantec-Endpoint_Logon # id=7960 event=Symantec-Endpoint_Logout # id=7964 event=Symantec-Endpoint_Logon_Failed # id=13853 event=VMWARE-Login # id=13854 event=VMWARE-Login # id=2103 event=Cisco-VPN_Concentrator_User_Authenticated # id=2104 event=Cisco-VPN_Concentrator_User_Client_Type # id=2105 event=Cisco-VPN_Concentrator_User_Connected # id=2106 event=Cisco-VPN_Concentrator_Phase_1_Completed # id=2107 event=Cisco-VPN_Concentrator_Received_Remote_Proxy # id=2108 event=Cisco-VPN_Concentrator_Received_Local_IP_Proxy # id=2109 event=Cisco-VPN_Concentrator_IKE_Remote_Peer # id=2110 event=Cisco-VPN_Concentrator_Overriding_Initiator_Duration # id=2111 event=Cisco-VPN_Concentrator_Negotiation_Complete # id=2112 event=Cisco-VPN_Concentrator_Phase_2_Complete # id=2114 event=Cisco-VPN_Concentrator_Connection_Terminated # id=2115 event=Cisco-VPN_Concentrator_IKE_Delete # id=2116 event=Cisco-VPN_Concentrator_Disconnect_Session # id=2117 event=Cisco-VPN_Concentrator_IKE_Lost_Contact # id=7549 event=Citrix_Access-Login # id=7550 event=Citrix_Access-HTTP_Request # id=7551 event=Citrix_Access-TCP_Connstat # id=7554 event=Citrix_Access-Logout # id=7555 event=Citrix_Access-HTTP_Request # id=7561 event=Citrix_Access-HTTP_Request # id=7592 event=Citrix_Access-Session_Timeout # id=7593 event=Citrix_Access-Non_HTTP_Denied # id=7594 event=Citrix_Access-HTTP_Denied # id=7596 event=Citrix_Access-Security_Check_Fails # id=7597 event=Citrix_Access-Security_False # id=7598 event=Citrix_AAA_Login_Failed # id=10520 event=Juniper-VPN_Host_Checker # id=10526 event=Juniper-VPN_Primary_Auth_Success # id=10527 event=Juniper-VPN_Secondary_Auth_Success # id=10528 event=Juniper-VPN_Host_Checker_Passed # id=10529 event=Juniper-VPN_Remote_Address_Change # id=10580 event=Juniper-VPN_Login_Succeeded # id=12856 event=Apache-Valid_Web_GET_Request # id=12857 event=Apache-Valid_Web_POST_Request # id=12858 event=Apache-GET_Redirect # id=12859 event=Apache-POST_Redirect # id=12860 event=Apache-GET_Client_Request_Error # id=12861 event=Apache-POST_Client_Request_Error # id=12862 event=Apache-GET_Server_Error # id=12863 event=Apache-POST_Server_Error #