# # (LCE) THUNDER PRM LIBRARY # Copyright 2006-2009 Tenable Network Security # This library may only be used with the LCE server and may not # be used with other products or open source projects # $Daten # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_airport.prm # # 3500=Airport-Group_Key_Rotated system # 3501=Airport-Station_Association_Attempt system # 3502=Airport-Station_Bad_WPA_Key error # 3503=Airport-Station_Deauthentication system # 3504=Airport-Station_Disassociated system # 3505=Airport-Station_Authenticated system # 3506=Airport-Admin_Access_Denied login-failure # 3507=Airport-Admin_Access_Granted login # 3508=Airport-Base_Station_Restart restart # 3509=Airport-Base_Station_Config_Change system # 3510=Airport-Station_Re-association system # 3511=Airport-Station_Authentication_Failed error # 3512=Airport-Group_Key_Rotated system # 3513=Airport-Station_Association_Attempt system # 3514=Airport-Station_Bad_WPA_Key error # 3515=Airport-Station_Deauthentication system # 3516=Airport-Station_Disassociated system # 3517=Airport-Station_Authenticated system # 3518=Airport-Station_Re-association system # 3519=Airport-Station_Authentication_Failed error # 3520=Airport-Station_Handshake_Failed error # 3521=Airport-Station_UDP_Connection connection # 3522=Airport-Station_UDP_Connection_Expired connection # 3523=Airport-Station_TCP_Connection connection # 3524=Airport-Station_TCP_Connection_Expired connection # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_buffalo.prm # # 400=BuffaloWAP-Associated_MAC system # 401=BuffaloWAP-DeAuthentication_MAC system # 402=BuffaloWAP-DHCP_Address_Offer dhcp # 403=BuffaloWAP-DHCP_Address_ACK dhcp # 404=BuffaloWAP-Attack_Detected intrusion # 405=BuffaloWAP-ReAssociated_MAC system # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_cisco.prm # # 1900=CiscoAironet-Out_Of_Memory error # 1901=CiscoAironet-Failed_IP_Change system # 1902=CiscoAironet-Rogue_Access_Point intrusion # 1903=CiscoAironet-WLAN_Attack intrusion # 1905=CiscoAironet-Control_Attack intrusion # 1906=CiscoAironet-Plaintext_Traffic_Detected error # 1907=CiscoAironet-Rogue_Host_Assumed_Valid_MAC intrusion # 1908=CiscoAironet-Rogue_Host_Sending_Frames intrusion # 1909=CiscoAironet-Rogue_Host_Sending_Frames intrusion # 1910=CiscoAironet_Rogue_Host_Sending_Frames intrusion # 1911=CiscoAironet-Cannot_Access_DNS error # 1912=CiscoAironet-Out_of_Memory error # 1913=CiscoAironet-Failed_Admin_Function error # 1914=CiscoAironet-NULL_MAC_Address error # 1915=CiscoAironet-NULL_IP_Address error # 1917=CiscoAironet-Firmware_Upgrade_Reboot restart # 1918=CiscoAironet-New_Interface_Reboot restart # 1919=CiscoAironet-Factory_Restore_Reboot restart # 1920=CiscoAironet-Hardware_Address_Reboot restart # 1921=CiscoAironet-Trace_Buffer_Reboot restart # 1922=CiscoAironet-Rogue_Device_Assumed_AP_IP_Address intrusion # 1923=CiscoAironet-WEP_Encryption_Error error # 1924=CiscoAironet-Misconfigured_WEP error # 1925=CiscoAironet-Misconfigured_WEP error # 1926=CiscoAironet-Rogue_802_11_Traffic intrusion # 1927=CiscoAironet-Hot_Standby_Taking_Over restart # 1928=CiscoAironet-Denied_Authentication access-denied # 1929=CiscoAironet-Lack_Of_Memory_Reboot error # 1930=CiscoAironet-Client_Authentication_Unmatched error # 1931=CiscoAironet-Failed_Radius_Authentication login-failure # 1932=CiscoAironet-Multiple_SSH_Failed_Logins login-failure # 1933=CiscoAironet-SSH_CRC_Attack intrusion # 1934=CiscoAironet-Rogue_Access_Point intrusion # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_cisco_wireless_lan_controller.prm # # 7769=CiscoWireless-Delete_Username_Failed error # 7770=CiscoWireless-Retransmissions_Exceeded error # 7771=CiscoWireless-ACL_Not_Found error # 7772=CiscoWireless-Bind_Error error # 7773=CiscoWireless-Big_Nav_Attack intrusion # 7774=CiscoWireless-Error_Processing_RSN_WARP error # 7775=CiscoWireless-No_Heartbeat error # 7776=CiscoWireless-Not_Advertising_SSID system # 7777=CiscoWireless-AP_Not_Added_ToDebug_Database system # 7778=CiscoWireless-Cannot_Contain_Rogue intrusion # 7779=CiscoWireless-Invalid_WPA_Key_State error # 7780=CiscoWireless-CCKM_Updated system # 7781=CiscoWireless-MAX_EAP_Exceeded_Client error # 7782=CiscoWireless-System_Call_Failed error # 7783=CiscoWireless-Time_Set system # 7784=CiscoWireless-Invalid_Replay_Counter error # 7785=CiscoWireless-User_Login login # 7786=CiscoWireless-Validate_CCKM_Failed error # 7787=CiscoWireless-Client_Not_Found error # 7788=CiscoWireless-Radius_Override_Disabled system # 7789=CiscoWireless-MAC_Add_Not_Found error # 7790=CiscoWireless-Max_EAP_Retrans_Exceeded error # 7791=CiscoWireless-Authentication_Failed login-failure # 7792=CiscoWireless-Radius_Server_Not_Found error # 7793=CiscoWireless-Login_Failed login-failure # 7794=CiscoWireless-User_Passwd login-failure # 7795=CiscoWireless-IP_Add_On_MSCB_Failed error # 7796=CiscoWireless-Max_Reached_Configure_Command error # 7797=CiscoWireless-AP_Not_Found error # 7798=CiscoWireless-Invalid_Slot error # 7799=CiscoWireless-Received_Action_Frame system # 7800=CiscoWireless-MAC_Mgmt_Failed error # 7801=CiscoWireless-Link_Failure_Rebooted restart # 7802=CiscoWireless-Failed_Get error # 7803=CiscoWireless-Invalid_Country_Code error # 7804=CiscoWireless-Country_Code_Changed system # 7805=CiscoWireless-Controller_Boot restart # 7806=CiscoWireless-Replay_Error error # 7807=CiscoWireless-OTAP_Disabled error # 7808=CiscoWireless-Discovery_Request error # 7809=CiscoWireless-Conflicting_Rates error # 7810=CiscoWireless-Invalid_DOT1x_Or_CB error # 7811=CiscoWireless-Radius_Failed error # 7812=CiscoWireless-Disconnected_Mobile system # 7813=CiscoWireless-Send_Failure error # 7814=CiscoWireless-Login_Failed login-failure # 7815=CiscoWireless-Config_Error error # 7816=CiscoWireless-Packet_Rejected error # 7817=CiscoWireless-Process_Request_Failed error # 7818=CiscoWireless-UsmDbWcpGet_Non_Doberman system # 7819=CiscoWireless-ACL_Does_Not_Exist error # 7820=CiscoWireless-Bad_Packets error # 7821=CiscoWireless-No_Acceptable_Pkts error # 7822=CiscoWireless-No_Clients_In_Database system # 7823=CiscoWireless-Invalid_Sequence_Number error # 7824=CiscoWireless-Invalid_WPA_State error # 7825=CiscoWireless-Invalid_Pointer_Passed error # 7826=CiscoWireless-Cannot_Contain_Rogue intrusion # 7827=CiscoWireless-Rates_Check_Failed error # 7828=CiscoWireless-Association_Request_Failed system # 7829=CiscoWireless-Rogue_Association_Failed system # 7830=CiscoWireless-Invalid_Rates system # 7831=CiscoWireless-IP_Add_Failed system # 7832=CiscoWireless-Disconnected_Mobile system # 7833=CiscoWireless-Mobile_Excluded system # 7834=CiscoWireless-Username_Created system # 7835=CiscoWireless-Bind_Error error # 7836=CiscoWireless-IP_Add_On_MSCB_Failed system # 7837=CiscoWireless-Authentication_Aborted error # 7838=CiscoWireless-Invalid_WPA_Key_State error # 7839=CiscoWireless-Max_EAP_Retrans_Exceeded system # 7840=CiscoWireless-MAX_EAP_Exceeded_Client system # 7841=CiscoWireless-Retransmissions_Exceeded system # 7842=CiscoWireless-Received_Unknown_AVP system # 7843=CiscoWireless-IP_Conflict error # 7844=CiscoWireless-ARP_Orphan_Packet system # 7845=CiscoWireless-ARP_Not_Sent system # 7846=CiscoWireless-HTTP_Request_Error web-error # 7847=CiscoWireless-HTTP_Parse_Error web-error # 7848=CiscoWireless-HTTP_Request_Error web-error # 7849=CiscoWireless-Invalid_IPV6_Address error # 7850=CiscoWireless-Controller_Timeout system # 7851=CiscoWireless-Signature_Info system # 7852=CiscoWireless-PMK_Cache_Delete_Failure system # 7853=CiscoWireless-Timer_Reallocated system # 7854=CiscoWireless-DHCP_No_Reply system # 7855=CiscoWireless-SISF_Entry_Changed system # 7856=CiscoWireless-SISF_Entry_Created system # 7857=CiscoWireless-SISF_Entry_Deleted system # 7858=CiscoWireless-Data_Processing_Failure error # 7859=CiscoWireless-NMSP_Transmit_Failure error # 7860=CiscoWireless-locp_Message_Task_Failure error # 7861=CiscoWireless-Signature_Alarm_Off system # 7862=CiscoWireless-Signature_Alarm_Off system # 7863=CiscoWireless-Address_Already_In_Use error # 7864=CiscoWireless-Invalid_Checkpoint error # 7865=CiscoWireless-Invalid_Checkpoint_Multiple_Times error # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_generic.prm # # 145=Wireless-Notice_Station_Authenticated system # 146=Wireless-Notice_Station_Forwarding system # 147=Wireless-Notice_Station_Associated system # # Plugins for file /usr/thunder/daemons/plugins/accesspoint_hipath_siemens_wireless.prm # # 10369=SeimensWireless-Radius_Authentication login # 10370=SiemensWireless-Client_Authorized system # 10371=SiemensWireless-MAC_Authorized system # 10372=SiemensWireless-Registration_Succeeded system # 10373=SiemensWireless-Client_Roaming system # 10374=SiemensWireless-AP_Connects_For_Registration system # 10375=SiemensWireless-AP_Authenticated system # 10376=SiemensWireless-AP_Succeeded system # 10377=SiemensWireless-Sensor_Upgrade system # # Plugins for file /usr/thunder/daemons/plugins/airwatch.prm # # 14807=AirWatch-Application_Redirected error # 14808=AirWatch-Exception_Not_Handled_By_Application error # 14809=AirWatch-Failed_Login login-failure # 14810=AirWatch-User_Not_Logged_In error # 14811=AirWatch-Unable_To_Read_From_Connection error # 14812=AirWatch-Location_Group_Error error # 14813=AirWatch-Provisioning_Password_For_User_Failed error # 14814=AirWatch-Message_Queue_Not_Available error # 14815=AirWatch-Receiving_Accounts_From_Gem_Failed error # 14816=AirWatch-Certificate_Thumbprint_Not_Found error # 14817=AirWatch-Account_Processing_Unsuccessful error # 14818=AirWatch-Channel_Timed_Out error # 14819=AirWatch-HTTP_Response_Receiving_Error error # 14820=AirWatch-Endpoint_Not_Found_Exception error # 14821=AirWatch-Unable_To_Read_From_Queue error # 14822=AirWatch-Stopping_API_Workflow_Error error # 14823=AirWatch-Shutting_Down_Service error # 14824=AirWatch-Error_Pulling_Messages_Continued error # 14825=AirWatch-No_GCM_Token_Found error # 14826=AirWatch-Entity_Thread_Count error # 14827=AirWatch-Entity_Main_Processing_Error error # 14828=AirWatch-SMS_Service_Error_Occurred error # 14829=AirWatch-GetWorkItems_Error error # 14830=AirWatch-Service_Scheduler_Service_Error error # 14831=AirWatch-Call_Failed_LdapException error # 14832=AirWatch-Controller_Path_Not_Found error # 14833=AirWatch-Object_Reference_Not_Set error # 14834=AirWatch-Public_Action_Not_Found error # 14835=AirWatch-Anti_Forgery_Token_Not_Decrypted error # 14836=AirWatch-Anti_Forgery_Cookie_Not_Found error # 14837=AirWatch-File_Not_Found error # 14838=AirWatch-Anti_Forgery_Form_Not_Found error # 14839=AirWatch-Anti_Forgery_Cookie_Form_Notmatched error # 14840=AirWatch-Dangerous_Request_From_Client error # 14841=AirWatch-Executing_Child_Request_Error error # # Plugins for file /usr/thunder/daemons/plugins/as400_powertech.prm # # 10250=PowerTech-Interact_Transaction_Rejected login-failure # 10251=PowerTech-Interact_Transaction_Allowed login # 10252=PowerTech-Interact_System_i_Transaction_Allowed login # 10253=PowerTech-Interact_Invalid_Password login-failure # 10254=PowerTech-Interact_Potential_Intrusion intrusion # 10255=PowerTech-Interact_New_Library_Created system # 10256=PowerTech-Interact_Profile_Changed system # 10257=PowerTech-Interact_System_Value_Changed system # 10258=PowerTech-Interact_Profile_Disabled system # 10259=PowerTech-Interact_System_i_Transaction_Rejected login-failure # 10260=PowerTech-Interact_Invalid_Username login-failure # # Plugins for file /usr/thunder/daemons/plugins/asset_lists.prm # # # Plugins for file /usr/thunder/daemons/plugins/auth_bluesocket.prm # # 1025=BlueSocket-Added_Unregistered_User dhcp # 1026=BlueSocket-DHCP-Request_From_Wrong_Network error # 1027=BlueSocket-Login_Failure login-failure # 1028=BlueSocket-DHCP-Request dhcp # 1029=BlueSocket-DHCPPACK dhcp # 1030=BlueSocket-Action_Command dhcp # 1031=BlueSocket-User_Logout logout # 1032=BlueSocket-User_Login login # # Plugins for file /usr/thunder/daemons/plugins/auth_cisco_acs.prm # # 12000=CiscoACS-Passed_Authentication login # 12001=CiscoACS-Failed_Authentication login-failure # 12002=CiscoACS-Radius_Access_Known_ID system # 12003=CiscoACS-Radius_Access_Known_Station_ID system # 12004=CiscoACS-Radius_Access_Unknown_ID error # 12005=CiscoACS-TACACS_Accounting system # 12006=CiscoACS-TACACS_Admin system # 12007=CiscoACS-VoIP_Accounting system # 12008=CiscoACS-Backup_Activity system # 12009=CiscoACS-Database_Replication system # 12010=CiscoACS-Administrator_Login login # 12011=CiscoACS-User_Modified system # 12012=CiscoACS-Config_Change system # 12013=CiscoACS-Administrator_Activity system # 12014=CiscoACS-Administrator_Logout logout # 12015=CiscoACS-User_Password_Change system # 12016=CiscoACS-Service_Monitor system # 12017=CiscoACS-Acount_Disabled_Activity login-failure # 12018=CiscoACS-Service_Application_Admin system # 12019=CiscoACS-Session_Disconnected logout # 12020=CiscoACS-Passed_Authentication login # 12021=CiscoACS-Failed_Attempts system # 12022=CiscoACS-Failed_Authentication login-failure # 12023=CiscoACS-Passed_Authentication login # 12024=CiscoACS-Radius_Accounting_Start_Request system # 12025=CiscoACS-Radius_Accounting_Session system # 12026=CiscoACS-Radius_Accounting_Diagnostics system # 12027=CiscoACS-Radius_Accounting_Diagnostics system # 12028=CiscoACS-Radius_Accounting system # 12029=CiscoACS-Statistics system # 12030=CiscoACS-TACACS_Accounting system # # Plugins for file /usr/thunder/daemons/plugins/auth_cisco_ise.prm # # 11657=CiscoISE-Statistics_Utilization application # 11658=CiscoISE-Statistics_Health application # 11659=CiscoISE-Posture_Client_Provisioning application # 12642=CiscoISE-Passed_Authentication login # 12643=CiscoISE-Passed_Authentication login # 12644=CiscoISE-Passed_Dynamic_Authorization login # 12645=CiscoISE-Passed_Guest_Authentication login # 12646=CiscoISE-Passed_Authentication login # 12647=CiscoISE-Failed_Authentication login-failure # 12648=CiscoISE-Failed_Authentication login-failure # 12649=CiscoISE-Failed_Authentication_Radius_Request_Dropped login-failure # 12650=CiscoISE-Radius_Accounting_Request system # 12651=CiscoISE-Radius_Accounting_Request system # 12652=CiscoISE-Profiling_Event application # 12653=CiscoISE-Failed_Authentication login-failure # 12654=CiscoISE-Passed_Authentication login # 12655=CiscoISE-Radius_Accounting system # # Plugins for file /usr/thunder/daemons/plugins/backup_misc.prm # # 13546=AppAssure-Log_Write_Failure error # # Plugins for file /usr/thunder/daemons/plugins/bit9_parity.prm # # 11416=Bit9-New_Unapproved_File_To_Computer application # 11417=Bit9-New_File_On_Network application # 11418=Bit9-File_Group_Created application # 11419=Bit9-File_Approved application # 11420=Bit9-Report_Read_Removable_Media application # 11421=Bit9-Trusted_Directory_Check application # 11422=Bit9-Device_Attached_Or_Detached application # 11423=Bit9-New_Device_Found application # 11424=Bit9-Agent_Restart application # 11425=Bit9-Cache_Check_Complete application # 11426=Bit9-Old_Events_Were_Deleted application # 11427=Bit9-Agent_Policy_Changed application # 11428=Bit9-Baseline_Drift_Report_Generated application # 11429=Bit9-Computer_Deleted application # 11430=Bit9-Computer_Modified application # 11431=Bit9-Console_User_Login login # 11432=Bit9-Execution_Block access-denied # 11433=Bit9-File_Approval_Created application # 11434=Bit9-First_Execution_On_Network application # 11435=Bit9-File_Modified_Deleted application # 11436=Bit9-File_Was_Executed application # 11437=Bit9-Certificate_Invalid error # 11438=Bit9-Module_Signed_But_Failed_Certificate_Validation error # 11439=Bit9-Module_Signed_But_Could_Not_Check_Revocation error # 11440=Bit9-Kernel_Not_Attached application # 11441=Bit9-Computer_Signature_On_File_Invalid error # 11442=Bit9-Module_Signed_But_Failed_File_Validation error # 11443=Bit9-Parity_Agent_Failed_Health_Check application # 11444=Bit9-Console_User_Logout logout # 11445=Bit9-Multiple_Failed_Logins login-failure # 11446=Bit9-Agent_Changed_Enforcement_Level detected-change # 11447=Bit9-Console_User_Deleted application # 11448=Bit9-Parity_Filtering_Not_Operational error # 11449=Bit9-Agent_Deleted_Events application # 11450=Bit9-Agent_Shutdown application # 11451=Bit9-New_Certificate_On_Network application # 11452=Bit9-Console_User_Created application # 11453=Bit9-Console_User_Modified application # 11454=Bit9-Certificate_Checked_For_Errors application # 11455=Bit9-Configuration_Changed detected-change # # Plugins for file /usr/thunder/daemons/plugins/chat_irc.prm # # 54701=IRC-Chat_Connect connection # 54702=IRC-Chat_Disconnect application # 54703=IRC-Forced_Join application # 54704=IRC-Rename_Virtual_Host application # 54705=IRC-Rename_Virtual_Identity application # 54706=IRC-Operator_Override application # 54707=IRC-Operator_Kick_User application # # Plugins for file /usr/thunder/daemons/plugins/cise.prm # # # Plugins for file /usr/thunder/daemons/plugins/citrix_xencenter.prm # # 13492=XenCenter-Xenstore_Error error # 13493=XenCenter-Xenstore_Get_Domain application # 13494=XenCenter-Xenstore_Introduce application # 13495=XenCenter-Xenstore_Mkdir application # 13496=XenCenter-Xenstore_Rm application # 13497=XenCenter-Xenstore_Setperms file-access # 13498=XenCenter-Xenstore_Unwatch application # 13499=XenCenter-Xenstore_Watch_Event error # 13500=XenCenter-Xenstore_Watch application # 13501=XenCenter-Xenstore_Write application # 13502=XenCenter-Xenopsd_Removing_Core_Files detected-change # 13503=XenCenter-Xenopsd_Entry_Delete error # 13504=XenCenter-NVML_Not_Loaded error # 13505=XenCenter-Xapi_Login login # 13506=XenCenter-Xapi_Slave_Session_Login login # 13507=XenCenter-Xapi_Session_Logout logout # 13508=XenCenter-Xapi_Slave_Session_Logout logout # 13509=XenCenter-Xapi_Slave_Session_Logout logout # 13510=XenCenter-Virtual_Interface_Configuration detected-change # 13511=XenCenter-Open_vSwitch_Netdev_Linux_Warning application # 13512=XenCenter-Open_vSwitch_Netdev_Warning error # 13513=XenCenter-Open_vSwitch_Timeval_Warning error # 13514=XenCenter-Open_vSwitch_Ofproto_Warning error # 13515=XenCenter-Open_vSwitch_Poll_Loop_Warning error # 13516=XenCenter-Open_vSwitch_Bridge_Info application # 13517=XenCenter-Open_vSwitch_Netdev_Linux_Info application # 13518=XenCenter-SSL_Connection_Reset error # 13519=XenCenter-Connection_Reset error # 13520=XenCenter-Xapi_Connection connection # 13521=XenCenter-Command_Call_Osv-vsctl detected-change # 13522=XenCenter-XCP_Networkd_Call_Error error # # Plugins for file /usr/thunder/daemons/plugins/compliance.prm # # # Plugins for file /usr/thunder/daemons/plugins/denyhost.prm # # 9716=DenyHosts-Added application # # Plugins for file /usr/thunder/daemons/plugins/dhcp.prm # # 2955=DHCP-Request dhcp # 2957=DHCP-Request dhcp # 2958=DHCP-Request dhcp # 3600=DHCPCLIENT-No_Offers error # 3601=DHCPCLIENT-No_Working_Leases error # 3602=DHCPCLIENT-Address_Leased dhcp # 3603=DHCP-Request dhcp # 3604=DHCP-Packet_Too_Small error # 3605=DHCP-Discover dhcp # 3606=DHCP-Offer dhcp # 3607=DHCP-Inform dhcp # 3608=DHCP-Ack dhcp # 3609=DHCP-Reverse_Map_Added dhcp # 3610=DHCP-Lease_Duplicate dhcp # 3611=DHCP-Timed_Out error # 3612=DHCP-BOOTREQUEST dhcp # 3614=DHCP-No_DHCID error # 3615=DHCP-Leases_Running_Out error # 3616=DHCP-Inform dhcp # 3617=DHCP-Leases_Present dhcp # 3618=DHCP-Address_Assigned dhcp # 3619=DHCP-Unable_To_Renew_Address dhcp # 3620=DHCP-Failed_To_See_Directory dhcp # 3621=DHCP-No_Addresses_Available dhcp # 3622=DHCP-Request dhcp # 3623=DHCPCLIENT-version dhcp # 3624=DHCP-Release dhcp # 3625=DHCP-Forward_Map_Added dhcp # 3626=DHCP-Reverse_Map_Unable_To_Add dhcp # 3627=DHCP-Reverse_Map_Removed dhcp # 3628=DHCP-Delete_IN_TXT_Success dhcp # 3629=DHCP-Deleted_IN_A_Success dhcp # 3630=DHCP-Deleted_IN_A_No_RRest dhcp # 3631=DHCP-Wrote_Leases_To_File dhcp # 3632=DHCP-Non_Null_Pointer dhcp # 3633=DHCP-Discover_No_Free_Leases dhcp # 3634=DHCP-Unable_To_Add_Forward_Map dhcp # 3635=DHCP-DHCPNAK dhcp # 3636=DHCP-Log_Start_Windows system # 3637=DHCP-Log_Stop_Windows system # 2956=DHCP-Request_Windows dhcp # 3640=DHCP-Release_Windows dhcp # 3648=DHCP-Address_Cleanup_Windows dhcp # 3649=DHCP-Address_Cleanup_Windows dhcp # 3650=DHCP-DNS_Update_Request_Windows dns # 3651=DHCP-DNS_Update_Fail_Windows dns # 3652=DHCP-DNS_Update_Success_Windows dns # 3653=DHCP-Unreachable_Domain_Windows error # 3658=DHCP-Auth_Servicing_Windows system # 3659=DHCP-Auth_Failed_Windows error # 3663=DHCP-No_DC_DS_Enabled_Windows error # 3665=DHCP-Restarting_Rogue_Detection_Windows system # 3666=DHCP-Packet_Dropped dhcp # 3667=DHCP-Renew_Request dhcp # 3668=DHCP-DHCP_Start_Authorized dhcp # 3669=DHCP-Scope_Out_Of_Addresses error # 3670=DHCP-Dynamic_IPv6_Detected dhcp # # Plugins for file /usr/thunder/daemons/plugins/dns_bind.prm # # 1500=Bind-Version_Query application # 1501=Bind-Denied_Version_Query application # 1502=Bind-Denied_Version_Query access-denied # 1503=Bind-Zone_Transfer_Deny access-denied # 1504=Bind-Zone_Transfer application # 1505=Bind-Refused_Query access-denied # 1506=Bind-Port_Zero_Packet access-denied # 1507=Bind-Unapproved_Update access-denied # 1508=Bind-Unapproved_Recursive_Query access-denied # 1509=Bind-Fatal_Exit process # 1510=Bind-Unexpected_Response error # 1511=Bind-Potential_Attack intrusion # 1512=Bind-Potential_Attack intrusion # 1513=Bind-Segmentation_Fault error # 1514=Bind-Zone_Transfer_started application # 1515=Bind-Update_Denied access-denied # 1516=Bind-Update_Failed access-denied # 1517=Bind-Lame_NameServer_Resolution error # 1518=Bind-Unexpected_Return_Code dns # 1519=Bind-Resolve_Error dns # 1520=Bind-Running restart # 1521=Bind-Shut-Down restart # 1522=Bind-Query_Denied access-denied # 1523=Bind-Zone_Update application # 1524=Bind-Extra_Info_Sent application # 1525=Bind-Bad_Referral error # 1526=Bind-Query_IPv4 dns # 1527=Bind-Query_IPv6 dns # 1528=Bind-Query_Domain dns # 1529=Bind-Query_TXT dns # 1530=Bind-Query_Mail_Server dns # 1531=Bind-Query_Service_Locator dns # 1532=Bind-Query_Start_Of_Authority dns # 1533=Bind-Query_Transaction_Key dns # 1534=Bind-Zone_Transfer_Query application # 1535=Bind-Zone_Notify application # 1536=Bind-Transfer application # 1537=Bind-Master_File_Dump_Denied access-denied # 1538=Bind-Failed_Transfer access-denied # 1539=Bind-Transfer_Ended application # 1540=Bind-Bad_Owner_Name error # 1541=Bind-Refresh_In_Progress application # 1542=Bind-Process_Exit restart # 1543=Bind-Query_Name_Server dns # 1544=Bind-Lame_NameServer_Unexpected_RCODE dns # 1545=Bind-Network_Unreachable error # 1546=Bind-Client_Query_Denied access-denied # 1547=Bind-Time_Modification_Denied error # 1548=Bind-DNS_Format_Error_Invalid_Response dns # 1549=Bind-FORMERR_Response_Error dns # 1550=Bind-Response_From_Internet dns # 3300=Bind-Success_After_Disabling_EDNS dns # 3301=Bind-Zone_Transfer_Complete dns # 3302=Bind-Truncated_TCP_Resonse error # 3303=Bind-Connection_Refused error # 3304=Bind-Zone_Is_Up_To_Date dns # 3305=Bind-Pre_Cache_Entries dns # 3306=Bind-Pre_Cache_Entries dns # # Plugins for file /usr/thunder/daemons/plugins/dns_windows.prm # # 10200=Windows-DNS_Probe intrusion # 10201=Windows-DNS_Lookup_Success dns # 10202=Windows-DNS_Lookup_Norecord_For_Host dns # 10203=Windows-DNS_Lookup_Not_Authoritative_For_Domain dns # 10204=Windows-DNS_Lookup_Servfail_Temp_Error dns # 10205=Windows-DNS_Lookup_Security_Error access-denied # 10206=Windows-DNS_UDP_Packet_Successfully_Received dns # 10207=Windows-DNS_Zone_Transfer_Request dns # 10208=Windows-DNS_Zone_Transfer_Refused access-denied # # Plugins for file /usr/thunder/daemons/plugins/fail2ban.prm # # 10913=Fail2ban-Stop_Process application # 10914=Fail2ban-Start_Process application # 10915=Fail2ban-Ban_IP intrusion # 10916=Fail2ban-Unban_IP intrusion # # Plugins for file /usr/thunder/daemons/plugins/fim_honeycomb.prm # # 11852=Honeycomb_Successful_File_Create file-access # 11853=Honeycomb_Unsuccessful_File_Move file-access # 11854=Honeycomb_Successful_File_Move file-access # 11855=Honeycomb_Successful_File_Ownerchange detected-change # 11856=Honeycomb_Successful_File_Rename detected-change # 11857=Honeycomb_Successful_File_Delete detected-change # 11858=Honeycomb_Unsuccessful_File_Rename detected-change # 11859=Honeycomb_Successful_File_Security file-access # 11860=Honeycomb_Successful_File_Create detected-change # 11861=Honeycomb_Successful_File_Modify detected-change # 11862=Honeycomb_Unsuccessful_File_Delete access-denied # 11863=Honeycomb_Unsuccessful_File_Modify access-denied # 11864=Honeycomb_Successful_File_Open file-access # 11865=Honeycomb_Unsuccessful_File_Open access-denied # 11866=Honeycomb_Successful_File_Attribute_Changed detected-change # 11867=Honeycomb_Unsuccessful_File_Attribute_Changed access-denied # # Plugins for file /usr/thunder/daemons/plugins/firewall_adtran.prm # # 16250=Adtran-Allowed_UDP_Connection connection # 16251=Adtran-Connection_Timed_Out_UDP firewall # 16252=Adtran-Allowed_TCP_Connection connection # 16253=Adtran-TCP_Connection_Closed connection # 16254=Adtran-Allowed_ICMP_Connection connection # 16255=Adtran-Connection_Timed_Out_ICMP firewall # 16256=Adtran-Allowed_LDAP_Connection connection # 16257=Adtran-Allowed_SMTP_Connection connection # 16258=Adtran-Allowed_Web_Connection connection # 16259=Adtran-Web_Connection_Closed connection # 16260=Adtran-Allowed_Telnet_Connection connection # 16261=Adtran-Telnet_Connection_Closed firewall # 16262=Adtran-Allowed_FTP_Connection connection # 16263=Adtran-FTP_Connection_Closed connection # 16280=Adtran-Invalid_TCP_Session firewall # 16281=Adtran-Dropped_Invalid_Packet firewall # 16282=Adtran-Spoofing_Detected firewall # 16283=Adtran-Zero_Byte_Connection firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_arkoon.prm # # 9550=Arkoon-UDP_Deny firewall # 9551=Arkoon-TCP_Deny firewall # 9555=Arkoon-Portscan_Detected scanning # # Plugins for file /usr/thunder/daemons/plugins/firewall_astaro.prm # # 2301=Astaro-UDP_Dropped firewall # 2302=Astaro-TCP_Dropped firewall # 2303=Astaro-TCP_Accepted connection # 2304=Astaro-UDP_Accepted connection # 2305=Astaro-ICMP_Accepted firewall # 2306=Astaro-ICMP_Dropped firewall # 2307=Astaro-UDP_Dropped firewall # 2308=Astaro-TCP_Dropped firewall # 2309=Astaro-TCP_Accepted connection # 2310=Astaro-UDP_Accepted connection # 2311=Astaro-ASG_Web-Blocked firewall # 2312=Astaro-Connection_Logged connection # 2313=Astaro-AFC_Connection_Logged connection # 2314=Astaro-ASG_Web_Session web-access # 2315=Astaro-AFC_Connection_Blocked firewall # 2316=Astaro-ICMP_Dropped firewall # 2317=Astaro-Packet_Dropped firewall # 2318=Astaro-ICMP_Accepted connection # 2319=Astaro-ICMP_Rejected firewall # 2320=Astaro-TCP_Rejected firewall # 2321=Astaro-UDP_Rejected firewall # 2322=Astaro-TCP_Spoof intrusion # 2323=Astaro-UDP_Spoof intrusion # 2324=Astaro-Gatekeeper firewall # 2325=Astaro-Portscan scanning # 2326=Astaro-SYN_Flood scanning # 2327=Astaro-UDP_Flood scanning # 2328=Astaro-ASG_Web_Session web-access # 2329=Astaro-ASG_Web_Error web-error # # Plugins for file /usr/thunder/daemons/plugins/firewall_barracuda.prm # # 15660=Barracuda-Connection_Allow_UDP connection # 15661=Barracuda-Connection_Allow_ICMP connection # 15662=Barracuda-Connection_Allow_TCP connection # 15663=Barracuda-Blocked_TCP firewall # 15664=Barracuda-Blocked_UDP firewall # 15665=Barracuda-Blocked_UDP firewall # 15666=Barracuda-Blocked_TCP firewall # 15667=Barracuda-Outbound_Connection_Allow_TCP connection # 15668=Barracuda-Inbound_Connection_Allow_ICMP connection # 15669=Barracuda-TCP_Packet_No_Active_Session system # 15670=Barracuda-Errors error # 15671=Barracuda-ICMP_Packet_No_Active_Session system # 15672=Barracuda-Outbound_Connection_Allow_UDP connection # 15673=Barracuda-TCP_Header_Invalid_ACK_Number firewall # 15674=Barracuda-ICMP_Packet_Ignored firewall # 15675=Barracuda-IPS_Attack_Blocked intrusion # 15676=Barracuda-Packet_Blocked firewall # 15677=Barracuda-Source_UDP_Session_Limit_Exceeded firewall # 15678=Barracuda-Reverse_Routing_Interface_Mismatch firewall # 15679=Barracuda-Invalid_SYN_Established_TCP_Session firewall # 15680=Barracuda-Failed_To_Init_Interface_Address error # # Plugins for file /usr/thunder/daemons/plugins/firewall_barracuda_waf.prm # # 15700=Barracuda-WF_Query_String_Not_Allowed error # 15701=Barracuda-No_Parameter_Profile_Match error # 15702=Barracuda-Read_Only_Param_Tampered application # 15703=Barracuda-Session_Not_Found application # 15704=Barracuda-Unknown_Content_Type application # 15705=Barracuda-Deny_ACL_Matched application # # Plugins for file /usr/thunder/daemons/plugins/firewall_checkpoint.prm # # 1250=Checkpoint-Accepted_UDP connection # 1251=Checkpoint-Accepted_TCP connection # 1252=Checkpoint-Accepted_ICMP connection # 1253=Checkpoint-Blocked_UDP firewall # 1254=Checkpoint-Blocked_TCP firewall # 1255=Checkpoint-Blocked_ICMP firewall # 1256=Checkpoint-FTP_Query_Info firewall # 1257=Checkpoint-Documentation_Via_Web_Query_High firewall # 1258=Checkpoint-Source_code_Low firewall # 1259=Checkpoint-FTP_Destination_High firewall # 1260=Checkpoint-Spreadsheets_Low firewall # 1261=Checkpoint-FTP_Configuration_Files_High firewall # 1262=Checkpoint-Agent_Up system # 1263=Checkpoint-Agent_Down error # 1264=Checkpoint-Component_Installed system # 1265=Checkpoint-Component_Uninstalled system # 1266=Checkpoint-Interface_Not_Protected system # 1267=Checkpoint-Certificate_Error error # 1268=Checkpoint-Certificate_Initialized system # 1269=Checkpoint-Certificate_Revoked system # 1270=Checkpoint-Certificate_Valid system # 1271=Checkpoint-Certificate_Issued system # 1272=Checkpoint-Certificate_Renewed system # 1273=Checkpoint-Certificate_Service_Started system # 1274=Checkpoint-Dynamic_Object_Changed system # 1275=Checkpoint-Blocked_Packet firewall # 1276=Checkpoint-Connection_Closed firewall # 1277=Checkpoint-TCP_Connection_Closed firewall # 1278=Checkpoint-Blocked_TCP firewall # 1279=Checkpoint-Blocked_TCP firewall # 1280=Checkpoint-Authentication_Failure login-failure # 1281=Checkpoint-Blocked_UDP firewall # 1282=Checkpoint-Blocked_TCP firewall # 1283=Checkpoint-Invalid_Request firewall # 1284=Checkpoint-TCP_Connection_Failed firewall # 1285=Checkpoint-SmartDefense_Denial_Prevention intrusion # 1286=Checkpoint-Certificate_Error error # 1287=Checkpoint-Blocked_ICMP firewall # 1288=Checkpoint-Log_Switched system # 1289=Checkpoint-Drop_Packet firewall # 1290=Checkpoint-Machine_Authentication_Successful login # 1291=Checkpoint-User_Authentication_Successful login # 1292=Checkpoint-User_Session_Expired logout # 1293=Checkpoint-Session_Expired logout # 1294=Checkpoint-Accept_IGMP connection # 1295=Checkpoint-Hit_Frequency stats # 1296=Checkpoint-URL_Filtering_Allow web-access # 1297=Checkpoint-Application_Control_Allow web-access # 1298=Checkpoint-SmartDefense_Monitor firewall # 1299=Checkpoint-SmartDefense_Monitor firewall # 15500=Checkpoint-Machine_Authentication_Failed login-failure # 15501=Checkpoint-User_Authentication_Failed login-failure # 15502=Checkpoint-Application_Control_Allow web-access # 15503=Checkpoint-SmartDefense_Reject firewall # 15504=Checkpoint-SmartDefense_Drop firewall # 15505=Checkpoint-SmartDefense_Alert firewall # 15506=Checkpoint-SmartDefense_Download_Success system # 15507=Checkpoint-SmartDefense_Download_Success error # 15508=Checkpoint-Accept_IGMP connection # 15509=Checkpoint-URL_Filtering_Block web-error # 15510=Checkpoint-URL_Filtering_Redirect web-error # 15511=Checkpoint-URL_Filtering_Allow web-access # 15512=Checkpoint-User_Role_Change system # 15513=Checkpoint-Bad_Configuration error # 15514=Checkpoint-Network_Login_Statistics system # 15515=Checkpoint-Gateway_Down error # 15516=Checkpoint-Service_Update_Failed error # 15517=Checkpoint-Service_Update_Error error # 15518=Checkpoint-Service_Update_Started system # 15519=Checkpoint-Service_Update_Finished system # 15520=Checkpoint-Application_Control system # # Plugins for file /usr/thunder/daemons/plugins/firewall_checkpoint_loggrabber.prm # # 3025=Checkpoint-Accepted_UDP connection # 3026=Checkpoint-Accepted_TCP connection # 3027=Checkpoint-Blocked_TCP firewall # 3028=Checkpoint-Blocked_UDP firewall # 3029=Checkpoint-Blocked_ICMP firewall # 3030=Checkpoint-Accepted_ICMP connection # 3031=Checkpoint-Dropped_TCP firewall # 3032=Checkpoint-Dropped_UDP firewall # 3033=Checkpoint-Dropped_ICMP firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_cisco_asa.prm # # 13001=CiscoASA-Blocked_UDP firewall # 13002=CiscoASA-Blocked_TCP firewall # 13003=CiscoASA-Blocked_ICMP firewall # 13004=CiscoASA-Blocked_UDP firewall # 13005=CiscoASA-Blocked_TCP firewall # 13006=CiscoASA-Blocked_ICMP firewall # 13007=CiscoASA-Blocked_Inbound_TCP_Noxlate firewall # 13008=CiscoASA-Blocked_Inbound_ICMP_Noxlate firewall # 13009=CiscoASA-Blocked_UDP firewall # 13010=CiscoASA-Blocked_TCP firewall # 13011=CiscoASA-Blocked_ICMP firewall # 13012=CiscoASA-Blocked_ICMP firewall # 13013=CiscoASA-Blocked_IP_Options firewall # 13014=CiscoASA-Blocked_TCP firewall # 13015=CiscoASA-Blocked_UDP firewall # 13016=CiscoASA-Blocked_UDP firewall # 13017=CiscoASA-Blocked_TCP firewall # 13018=CiscoASA-Blocked_TCP firewall # 13019=CiscoASA-Blocked_Protocol firewall # 13020=CiscoASA-Allowed_TCP connection # 13021=CiscoASA-Allowed_UDP connection # 13022=CiscoASA-User_Log_Out logout # 13023=CiscoASA-User_Authentication_Failure login-failure # 13024=CiscoASA-User_Log_In login # 13025=CiscoASA-User_Privilege_Change system # 13026=CiscoASA-Admin_Permitted login # 13027=CiscoASA-Admin_Permitted_Console login # 13028=CiscoASA-Admin_Denied login-failure # 13029=CiscoASA-Admin_Denied_Console login-failure # 13030=CiscoASA-PPP_User_AAA_Status login # 13031=CiscoASA-SSH_Disconnect logout # 13032=CiscoASA-SSH_Bad_Password login-failure # 13033=CiscoASA-Multiple_Enable_Failures login-failure # 13034=CiscoASA-User_Authorization_Denied login-failure # 13035=CiscoASA-User_Authorization_Allowed login # 13036=CiscoASA-User_Authorization_Allowed login # 13037=CiscoASA-Too_Many_Users error # 13038=CiscoASA-Split_DNS error # 13039=CiscoASA-Split_DNS error # 13040=CiscoASA-OSPF_IP_Area_Change system # 13041=CiscoASA-Interface_Zero_Bandwidth error # 13042=CiscoASA-Auto_Update_Failure error # 13043=CiscoASA-Command_Failure access-denied # 13044=CiscoASA-Bad_NTP_Packet access-denied # 13045=CiscoASA-NTP_Packet_Denied firewall # 13046=CiscoASA-Duplicate_Router_ID error # 13047=CiscoASA-Duplicate_Router_ID error # 13048=CiscoASA-Invalid_OSPF_Packet error # 13049=CiscoASA-Invalid_OSPF_Packet error # 13050=CiscoASA-Routing_Limit_Reached error # 13051=CiscoASA-Manager_Connection login # 13052=CiscoASA-High_CPU error # 13054=CiscoASA-Potential_DOS_Attack dos # 13055=CiscoASA-VPN_Rollover intrusion # 13056=CiscoASA-PPTP_Out_Of_Sequence_Packet error # 13057=CiscoASA-DNS_Overflow intrusion # 13058=CiscoASA-DNS_Overflow intrusion # 13059=CiscoASA-DNS_Overflow intrusion # 13060=CiscoASA-DNS_Overflow intrusion # 13061=CiscoASA-DOS_Attack dos # 13062=CiscoASA-FTP_Port_Rewrite intrusion # 13063=CiscoASA-FTP_Low_Port intrusion # 13064=CiscoASA-ARP_Poison intrusion # 13065=CiscoASA-Spoofed_PPTP_Packet intrusion # 13066=CiscoASA-Spoofed_IPSEC_Packet error # 13067=CiscoASA-Spoofed_IPSEC_Packet error # 13068=CiscoASA-Invalid_ICMP_Error_Destination firewall # 13069=CiscoASA-Invalid_RIP_Header firewall # 13070=CiscoASA-Invalid_RIP_Header firewall # 13071=CiscoASA-Potential_Manager_Session_Attack intrusion # 13072=CiscoASA-Potential_SNMP_Overflow_Attempt intrusion # 13073=CiscoASA-IP_Frag_Drop_Too_Many_Elements dos # 13074=CiscoASA-IP_Frag_Drop_Max_Size_Exceeded dos # 13075=CiscoASA-IP_Frag_Database_Exceeded dos # 13076=CiscoASA-WebSense_URL_Server_Not_Responding error # 13077=CiscoASA-Websense_Leaving_Allow_mode system # 13078=CiscoASA-Built_Outbound_TCP_Connection connection # 13079=CiscoASA-Built_Outbound_UDP_Connection connection # 13080=CiscoASA-Deny_IP_Teardrop_Fragment dos # 13082=CiscoASA-Deny_UDP_Reverse_Path_Check firewall # 13083=CiscoASA-Built_Inbound_TCP_Connection connection # 13084=CiscoASA-Accessed_URL web-access # 13085=CiscoASA-Built_Dynamic_TCP_Translation connection # 13086=CiscoASA-Teardown_TCP_Connection connection # 13087=CiscoASA-Teardown_LocalHost connection # 13088=CiscoASA-Teardown_Dynamic_TCP_Translation connection # 13089=CiscoASA-Accessed_Denied_URL web-error # 13090=CiscoASA-Teardown_UDP_Connection connection # 13091=CiscoASA-Blocked_UDP firewall # 13092=CiscoASA-Blocked_UDP firewall # 13093=CiscoASA-Terminating_Proxy firewall # 13094=CiscoASA-Translation_Creation_Failed error # 13095=CiscoASA-Invalid_Transport firewall # 13096=CiscoASA-Built_Dynamic_UDP_Translation connection # 13097=CiscoASA-DNS_Overflow intrusion # 13098=CiscoASA-Started_SSL_Handshake connection # 13099=CiscoASA-Completed_SSL_Handshake connection # 13100=CiscoASA-Resume_Previous_Session connection # 13101=CiscoASA-Session_Terminated connection # 13102=CiscoASA-Failed_Handshake login-failure # 13103=CiscoASA-Built_Outbound_ICMP_Connection connection # 13104=CiscoASA-Teardown_ICMP_Connection connection # 13105=CiscoASA-Built_Dynamic_ICMP_Translation connection # 13106=CiscoASA-Built_Inbound_ICMP_Connection connection # 13107=CiscoASA-AAA_Invalid_Password login-failure # 13108=CiscoASA-AAA_Logon_Successful login # 13109=CiscoASA-AAA_WebVPN_Session_Started login # 13110=CiscoASA-AAA_Port_Forwarding_Started connection # 13111=CiscoASA-AAA_WebVPN_Session_Terminated logout # 13112=CiscoASA-AAA_Logon_Successful login # 13113=CiscoASA-AAA_Authentication_Failed login-failure # 13115=CiscoASA-Session_Timeout logout # 13116=CiscoASA-Session_Disconnected logout # 13117=CiscoASA-Blacklisted_Source_Address threatlist # 13118=CiscoASA-Blacklisted_Destination_Address threatlist # 13121=CiscoASA-Whitelisted_Source_Address connection # 13122=CiscoASA-Whitelisted_Destination_Address connection # 13125=CiscoASA-Greylisted_Source_Address threatlist # 13126=CiscoASA-Greylisted_Destination_Address threatlist # 13127=CiscoASA-Intercepted_DNS_Reply threatlist # 13128=CiscoASA-Added_Rule system # 13129=CiscoASA-Removed_Rule system # 13130=CiscoASA-Filter_Data_Download_Success system # 13131=CiscoASA-Filter_Data_Download_Failed error # 13132=CiscoASA-Failed_Authentication error # 13133=CiscoASA-Failed_Decryption error # 13134=CiscoASA-Dynamically_Changed_Updater_Server system # 13135=CiscoASA-Dynamic_Filter_Updater_Not_Supported error # 13136=CiscoASA-Failed_Update error # 13137=CiscoASA-Built_Inbound_UDP_Connection connection # 13138=CiscoASA-Deny_Hopopt_Reverse_Path_Check firewall # 13139=CiscoASA-Built_ICMP_Connection connection # 13140=CiscoASA-Dropped_TCP firewall # 13141=CiscoASA-ACL_UDP_Permit connection # 13142=CiscoASA-FTP_Connection connection # 13143=CiscoASA-Blocked_TCP_Reverse_Path_Check firewall # 13144=CiscoASA-No_Matching_Connection error # 13145=CiscoASA-Duplicate_TCP_Syn error # 13146=CiscoASA-Blocked_ICMP_Reverse_Path_Check firewall # 13147=CiscoASA-Drop_Rate_Exceeded error # 13148=CiscoASA-Blocked_ICMP_No_Matching_Session firewall # 13149=CiscoASA-Testing_Interface system # 13150=CiscoASA-Interface_Up system # 13151=CiscoASA-Interface_Changed_State system # 13152=CiscoASA-Monitoring_Interface system # 13153=CiscoASA-No_Response_From_Other_Firewall error # 13154=CiscoASA-Other_Firewall_Failure error # 13155=CiscoASA-Blocked_IP_Spoof intrusion # 13156=CiscoASA-Memory_Request error # 13157=CiscoASA-Blocked_TCP firewall # 13158=CiscoASA-Switching system # 13159=CiscoASA-Configuration_Replication system # 13160=CiscoASA-Failed_Login login-failure # 13161=CiscoASA-Enabling_Failover system # 13162=CiscoASA-Stateful_Failover error # 13163=CiscoASA-Begin_Configuration system # 13165=CiscoASA-Built_Connection connection # 13166=CiscoASA-AAA_Operation_Failed login-failure # 13167=CiscoASA-ACL_TCP_Permit connection # 13168=CiscoASA-Begin_Config system # 13169=CiscoASA-User_Executed_Cmd system # 13170=CiscoASA-Login_Permitted login # 13171=CiscoASA-Sending_New_Key system # 13172=CiscoASA-Login_Denied login-failure # 13173=CiscoASA-Allowed_TCP_Session connection # 13174=CiscoASA-Cipher_Types_Supported system # 13175=CiscoASA-Retrieved_Data web-access # 13176=CiscoASA-AAA_Status_Accept system # 13177=CiscoASA-Changed_State system # 13178=CiscoASA-Size_Violation error # 13179=CiscoASA-AAA_Successful_Operation system # 13180=CiscoASA-Statistics system # 13181=CiscoASA-Cipher_Chosen system # 13182=CiscoASA-Receiving_New_Key system # 13183=CiscoASA-Configuration_Failed error # 13184=CiscoASA-Configuration_Ended_OK system # 13185=CiscoASA-ACL_UDP_Deny firewall # 13187=CiscoASA-UDP_Failed_To_Locate_Egress_Interface error # 13189=CiscoASA-LAN-to-LAN_Negotiation_Complete system # 13190=CiscoASA-IPSEC_Outbound_LAN-to-LAN_Created connection # 13191=CiscoASA-IPSEC_Inbound_LAN-to-LAN_Created connection # 13192=CiscoASA-Phase_2_Completed system # 13193=CiscoASA-IPSEC_Inbound_LAN-to-LAN_Deleted connection # 13194=CiscoASA-IPSEC_Outbound_LAN-to-LAN_Deleted connection # 13195=CiscoASA-Phase_1_Completed system # 13197=CiscoASA-Group_Not_Found firewall # 13198=CiscoASA-Statistics system # 13199=CiscoASA-UDP_Pre-allocate_backconnection connection # 13301=CiscoASA-IPAA_Freeing_Address system # 13302=CiscoASA-IPsec_Message system # 13303=CiscoASA-Phase_1_Failure error # 13304=CiscoASA-Automatic_NAT_Detection_Status system # 13305=CiscoASA-AAA_Retrieved_Default_Policy system # 13306=CiscoASA-DAP_IPSec_Connection connection # 13307=CiscoASA-Unsupported_Transaction error # 13308=CiscoASA-Client_Type system # 13309=CiscoASA-IPAA_DHCP_Configured system # 13310=CiscoASA-IPAA_Client_Assigned dhcp # 13311=CiscoASA-IPAA_Local_Pool_Request_Suceeded system # 13312=CiscoASA-Assigned_Private_IP_Address system # 13313=CiscoASA-TCP_Flow_Terminated firewall # 13314=CiscoASA-ESMTP_Dropped_Connection firewall # 13315=CiscoASA-Payload_Error firewall # 13316=CiscoASA-Peer_Table_Match_Failed firewall # 13317=CiscoASA-Peer_Table_Remove_Error firewall # 13318=CiscoASA-Contructing_Hash_Payload system # 13319=CiscoASA-IKE_Message system # 13320=CiscoASA-Sending_Keep_Alive firewall # 13321=CiscoASA-Payload_Processed firewall # 13322=CiscoASA-Received_Key_Message system # 13323=CiscoASA-Key_Messages system # 13324=CiscoASA-Blocked_Protocol firewall # 13325=CiscoASA-Starting_P2_Rekey system # 13326=CiscoASA-Receiving_SA_Active_Message system # 13327=CiscoASA-Computing_Hash system # 13328=CiscoASA-Delete_Event system # 13329=CiscoASA-Phase2_Terminate_Message firewall # 13330=CiscoASA-Added_Static_Route system # 13331=CiscoASA-Subnet_Id_Received system # 13332=CiscoASA-Received_Remote_Data system # 13333=CiscoASA-Received_Local_Data system # 13334=CiscoASA-Map_Check system # 13335=CiscoASA-Map_Check_ACL_Not_Matched error # 13336=CiscoASA-Drop_Rate_Exceeded error # 13337=CiscoASA-Tunnel_Manager_Failed error # 13338=CiscoASA-Setting_Up_Proxy_ID firewall # 13339=CiscoASA-IKE_Message system # 13340=CiscoASA-Received_Wrong_Sequence_Number error # 13341=CiscoASA-Tunnel_Manager_Removed_Entry system # 13342=CiscoASA-Sent_Received_VID system # 13343=CiscoASA-Keep_Alive_Message system # 13344=CiscoASA-Processing_Vendor_Payload system # 13345=CiscoASA-Send_Receive_Vid system # 13346=CiscoASA-Duplicate_Entry system # 13347=CiscoASA-Dropping_Packet system # 13348=CiscoASA-Teardown_Dynamic_UDP_Translation connection # 13349=CiscoASA-WebVPN_Created login # 13350=CiscoASA-UDP_Allowed connection # 13351=CiscoASA-Call_Home error # 13352=CiscoASA-DHCP_Guest_Access_Granted dhcp # 13353=CiscoASA-Large_Packet_Transmitted firewall # 13354=CiscoASA-WebVPN_Session_Terminated firewall # 13355=CiscoASA-No_Proposal_Chosen firewall # 13356=CiscoASA-Ciphers_Proposed firewall # 13357=CiscoASA-WebVPN_Deleted firewall # 13358=CiscoASA-DaP_User firewall # 13359=CiscoASA-WebVPN_UDP_Connection connection # 13360=CiscoASA-WebVPN_UDP_Connection_No_Compresion connection # 13361=CiscoASA-Static_Route_Deleted system # 13362=CiscoASA-IPSEC_Received_ESP_Packet login-failure # 13363=CiscoASA-SSL_Lib_Error error # 13364=CiscoASA-WebVPN_User_Disconnect connection # 13365=CiscoASA-WebVPN_User_Disconnected_Without_Compression connection # 13366=CiscoASA-WebVPN_User_DPD_Failure connection # 13367=CiscoASA-Session_Torn_Down error # 13368=CiscoASA-Ciphers_Proposed system # 13369=CiscoASA-Cipher_Chosen system # 13370=CiscoASA-Certificate_Requested system # 13371=CiscoASA-AAA_Group_Policy_Set system # 13372=CiscoASA-AAA_Group_Policy_Retrieved system # 13373=CiscoASA-Duplicate_First_Packet error # 13374=CiscoASA-NAT-T_Keepalive system # 13375=CiscoASA-Failed_To_Update_Runtime error # 13376=CiscoASA-Duplicate_Packet error # 13377=CiscoASA-Anyconnect_Lost_Connection error # 13378=CiscoASA-Assigned_To_Session system # 13379=CiscoASA-IPAA_Message_Received system # 13380=CiscoASA-IPAA_DHCP_Configured system # 13381=CiscoASA-Recovering_From_error error # 13382=CiscoASA-No_Existing_Connection connection # 13383=CiscoASA-Connection_Terminated_For_Peer connection # 13384=CiscoASA-No_IPv6_Address_Available system # 13385=CiscoASA-Session_Resumed connection # 13386=CiscoASA-ACL_TCP_Deny firewall # 13387=CiscoASA-ACL_ICMP_Permit connection # 13388=CiscoASA-ACL_Permit connection # 13389=CiscoASA-Deny_QNX_Reverse_Path_Check firewall # 13390=CiscoASA-Bad_TCP_Header firewall # 13391=CiscoASA-UDP_Flow_Terminated firewall # 13392=CiscoASA-ASDM_Session_Started_Ended system # 13393=CiscoASA-ASDM_Session_Number_Ended system # 13394=CiscoASA-ACL_ICMP_Deny firewall # 13396=CiscoASA-Unable_To_Pre-allocate connection # 13397=CiscoASA-Link_Intrface_Down error # 13398=CiscoASA-ACL_Denied firewall # 13399=CiscoASA-Failover_Intrface_Failed error # 13400=CiscoASA-Shunned_Packet firewall # 13401=CiscoASA-Land_Attack intrusion # 13402=CiscoASA-Route_Failed_Next_Hop error # 13403=CiscoASA-Blocked_Protocol firewall # 13404=CiscoASA-Blocked_Protocol firewall # 13405=CiscoASA-Packet_Error firewall # 13406=CiscoASA-SIP_Signalling system # 13407=CiscoASA-Key_Acquire_Messages firewall # 13408=CiscoASA-Nat_Reverse_Path_Failure firewall # 13409=CiscoASA-IPS_Connection_Reset firewall # 13410=CiscoASA-IPS_Dropped_Packet firewall # 13411=CiscoASA-SYN_Flood_Attack intrusion # 13412=CiscoASA-Unknown_Message_Received firewall # 13413=CiscoASA-WebVPN_Access_Granted login # 13414=CiscoASA-IPSEC_Packet_Failed_Anti_Replay error # 13415=CiscoASA-AAA_Marking_Server_Group_Failed error # 13416=CiscoASA-Static_Route_Deleted system # 13417=CiscoASA-AAA_Marking_Server_As_Active system # 13418=CiscoASA-IPS_Application_Reloading detected-change # 13419=CiscoASA-IPS_Application_Is_Up application # 13420=CiscoASA-Parsing_SVC_Connect_Request error # 13421=CiscoASA-Authenticating_SVC_Connect_Request error # 13422=CiscoASA-Tacacs_Unreachable application # 13423=CiscoASA-Task_Statistics application # 13424=CiscoASA-Lost_Failover_Communications application # 13425=CiscoASA-Remote_User_Failed_Authentication login-failure # 13426=CiscoASA-New_TCP_SVC_Connection connection # 13427=CiscoASA-Stale_SVC_Connection_CLosed connection # 13428=CiscoASA-Bytes_Greater_Than_MTU system # 13429=CiscoASA-Pre-Allocate_Skinny_RTP_RTCP system # 13430=CiscoASA-Pre-Allocate_Skinny_RTP_RTCP system # 13431=CiscoASA-Non-Routine_Notify_Message system # 13432=CiscoASA-AAA_Challenged_Received system # 13433=CiscoASA-AAA_Unable_To_Complete_Request system # 13434=CiscoASA-AAA_Server_Not_Accessible system # 13435=CiscoASA-Session_Terminated system # 13436=CiscoASA-Session_Terminated system # 13437=CiscoASA-Destination_Unreachable system # 13438=CiscoASA-Forcing_iPhone_To_Host_Mask system # 13439=CiscoASA-Network_Denied firewall # 13440=CiscoASA-IP_Not_Configured_Packet_Drop firewall # 13441=CiscoASA-Connection_Limit_Exceeded firewall # 13442=CiscoASA-Configuration_Change system # 13445=CiscoASA-Scanning_Threat_Targeted intrusion # 13446=CiscoASA-Scanning_Threat_Attacking intrusion # 13447=CiscoASA-Large_Packet_Received firewall # 13448=CiscoASA-Configuration_Change system # 13449=CiscoASA-AnyConnect_Parent_Started system # 13450=CiscoASA-New_UDP_SVC_Connection connection # 13451=CiscoASA-Unable_to_Remove_Address system # 13452=CiscoASA-Alternate_ACL_Used system # 13453=CiscoASA-IPS_Data_Channel_Up system # 13454=CiscoASA-IPS_Data_Channel_Down error # 13455=CiscoASA-License_Expiration application # 13456=CiscoASA-Teardown_Dynamic_ICMP_Translation connection # 13457=CiscoASA-User_Identity_Obsolete system # 13458=CiscoASA-User_Identity_Resolution system # 13459=CiscoASA-User_Identity_Resolution_Error error # 13460=CiscoASA-SSH_Disconnect_Error logout # 13461=CiscoASA-TCP_Connection_Reset firewall # 13462=CiscoASA-Drop_TCP_Packet firewall # 13463=CiscoASA-UDP_Connection_Reset firewall # 13464=CiscoASA-Drop_UDP_Packet firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_cisco_asa_ngfw.prm # # 15590=Cisco_NGFW_TCP_Flow_Complete connection # 15591=Cisco_NGFW_TCP_Flow_Create connection # 15592=Cisco_NGFW_TCP_HTTP_Complete connection # 15593=Cisco_NGFW_UDP_Flow_Tear_Down connection # 15594=Cisco_NGFW_UDP_Flow_Create connection # 15595=Cisco_NGFW_TCP_Flow_Tear_Down connection # 15596=Cisco_NGFW_Syslog_Export_Statistics application # 15597=Cisco_NGFW_TCP_Flow_Create connection # 15598=Cisco_NGFW_TCP_HTTP_Aborted error # 15599=Cisco_NGFW_TCP_HTTP_Deny firewall # 15600=Cisco_NGFW_TCP_Packet_Deny firewall # 15601=Cisco_NGFW_Redirect_Authentication application # 15602=Cisco_NGFW_TCP_TLS_Complete connection # 15603=Cisco_NGFW_Authentication_Failure login-failure # 15604=Cisco_NGFW_Authentication_Server_Down error # 15605=Cisco_NGFW_Authentication_Server_Up application # 15606=Cisco_NGFW_Authentication_Success login # 15607=Cisco_NGFW_Auth_Maximum_Retries login-failure # 15608=Cisco_NGFW_TCP_Dropped_Event firewall # 15609=Cisco_NGFW_UDP_Packet_Deny firewall # 15610=Cisco_NGFW_UDP_Dropped_Event firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_cisco_meraki.prm # # 14270=CiscoMerakiMX-GET_Request web-access # 14271=CiscoMerakiMX-Blocked_UDP_Flow connection # 14272=CiscoMerakiMX-Blocked_TCP_Flow connection # 14273=CiscoMerakiMX-Blocked_ICMP_Flow connection # 14274=CiscoMerakiMX-Allowed_UDP_Flow connection # 14275=CiscoMerakiMX-Allowed_TCP_Flow connection # 14276=CiscoMerakiMX-Allowed_ICMP_Flow connection # 14277=CiscoMerakiMX-IDS_Alert intrusion # 14278=CiscoMerakiMX-DHCP_Lease_Event dhcp # 14279=CiscoMerakiMX-Association_Event system # 14280=CiscoMerakiMX-Packet_Flood_Event dos # 14281=CiscoMerakiMX-DHCP_Release_Event dhcp # 14282=CiscoMerakiMX-DHCP_No_Offers_Event error # 14283=CiscoMerakiMX-Blocked_URL_Event web-error # 14284=CiscoMerakiMX-VPN_Disconnect_Event connection # 14285=CiscoMerakiMX-VPN_Connect_Event connection # 14286=CiscoMerakiMX-Connect_Event connection # 14287=CiscoMerakiMX-Disconnect_Event connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_cisco_pix.prm # # 8626=CiscoPIX-Blocked_UDP firewall # 8627=CiscoPIX-Blocked_TCP firewall # 8628=CiscoPIX-Blocked_ICMP firewall # 8629=CiscoPIX-Blocked_UDP firewall # 8630=CiscoPIX-Blocked_TCP firewall # 8631=CiscoPIX-Blocked_ICMP firewall # 8632=CiscoPIX-Blocked_Inbound_TCP_Noxlate firewall # 8633=CiscoPIX-Blocked_Inbound_ICMP_Noxlate firewall # 8634=CiscoPIX-Blocked_UDP firewall # 8635=CiscoPIX-Blocked_TCP firewall # 8636=CiscoPIX-Blocked_ICMP firewall # 8637=CiscoPIX-Blocked_ICMP firewall # 8638=CiscoPIX-Blocked_IP_Options firewall # 8639=CiscoPIX-Blocked_TCP firewall # 8640=CiscoPIX-Blocked_UDP firewall # 8641=CiscoPIX-Blocked_UDP firewall # 8642=CiscoPIX-Blocked_TCP firewall # 8643=CiscoPIX-Blocked_TCP firewall # 8644=CiscoPIX-Blocked_Protocol firewall # 8645=CiscoPIX-Allowed_TCP connection # 8646=CiscoPIX-Allowed_UDP connection # 8647=CiscoPIX-User_Log_Out logout # 8648=CiscoPIX-User_Authentication_Failure login-failure # 8649=CiscoPIX-User_Log_In login # 8650=CiscoPIX-User_Privilege_Change system # 8651=CiscoPIX-Admin_Permited login # 8652=CiscoPIX-Admin_Permited_Console login # 8653=CiscoPIX-Admin_Denied login-failure # 8654=CiscoPIX-Admin_Denied_Console login-failure # 8655=CiscoPIX-PPP_User_AAA_Status login # 8656=CiscoPIX-SSH_Disconnect logout # 8657=CiscoPIX-SSH_Bad_Password login-failure # 8658=CiscoPIX-Multiple_Enable_Failures login-failure # 8659=CiscoPIX-User_Authorization_Denied login-failure # 8660=CiscoPIX-User_Authorization_Allowed login # 8661=CiscoPIX-User_Authorization_Allowed login # 8662=CiscoPIX-Too_Many_Users error # 8663=CiscoPIX-Split_DNS system # 8664=CiscoPIX-Split_DNS system # 8665=CiscoPIX-OSPF_IP_Area_Change system # 8666=CiscoPIX-Interface_Zero_Bandwidth error # 8667=CiscoPIX-Auto_Update_Failure error # 8668=CiscoPIX-Command_Failure error # 8669=CiscoPIX-Bad_NTP_Packet access-denied # 8670=CiscoPIX-NTP_Packet_Denied firewall # 8671=CiscoPIX-Duplicate_Router_ID error # 8672=CiscoPIX-Duplicate_Router_ID error # 8673=CiscoPIX-Invalid_OSPF_Packet system # 8674=CiscoPIX-Invalid_OSPF_Packet system # 8675=CiscoPIX-Routing_Limit_Reached error # 8676=CiscoPIX-Manager_Connection login # 8677=CiscoPIX-High_CPU error # 8678=CiscoPIX-Config_Modification system # 8679=CiscoPIX-Potential_DOS_Attack dos # 8680=CiscoPIX-VPN_Rollover intrusion # 8681=CiscoPIX-PPTP_Out_Of_Sequence_Packet error # 8682=CiscoPIX-DNS_Overflow intrusion # 8683=CiscoPIX-DNS_Overflow intrusion # 8684=CiscoPIX-DNS_Overflow intrusion # 8685=CiscoPIX-DNS_Overflow intrusion # 8686=CiscoPIX-DOS_Attack dos # 8687=CiscoPIX-FTP_Port_Rewrite intrusion # 8688=CiscoPIX-FTP_Low_Port intrusion # 8689=CiscoPIX-ARP_Poison error # 8690=CiscoPIX-Spoofed_PPTP_Packet firewall # 8691=CiscoPIX-Spoofed_IPSEC_Packet error # 8692=CiscoPIX-Spoofed_IPSEC_Packet error # 8693=CiscoPIX-Invalid_ICMP_Error_Destination firewall # 8694=CiscoPIX-Invalid_RIP_Header firewall # 8695=CiscoPIX-Invalid_RIP_Header firewall # 8696=CiscoPIX-Potential_Manager_Session_Attack intrusion # 8697=CiscoPIX-Potential_SNMP_Overflow_Attempt intrusion # 8698=CiscoPIX-IP_Frag_Drop_Too_Many_Elements dos # 8699=CiscoPIX-IP_Frag_Drop_Max_Size_Exceeded dos # 8700=CiscoPIX-IP_Frag_Database_Exceeded dos # 8701=CiscoPIX-WebSense_URL_Server_Not_Responding error # 8702=CiscoPIX-Websense_Leaving_Allow_mode error # 8703=CiscoPIX-Built_Outbound_TCP_Connection connection # 8704=CiscoPIX-Built_Outbound_UDP_Connection connection # 8705=CiscoPIX-Deny_IP_Teardrop_Fragment dos # 8706=CiscoPIX-No_Translation_Group_Found firewall # 8707=CiscoPIX-Deny_UDP_Reverse_Path_Check firewall # 8708=CiscoPIX-Built_Inbound_TCP_Connection connection # 8709=CiscoPIX-Accessed_URL web-access # 8601=CiscoPIX-Built-Dynamic_TCP_Translation connection # 8602=CiscoPIX-Teardown_TCP_Connection connection # 8603=CiscoPIX-Teardown_LocalHost connection # 8604=CiscoPIX-Teardown_Dynamic_TCP_Translation connection # 8605=CiscoPIX-Accessed_Denied_URL web-error # 8606=CiscoPIX-Teardown_UDP_Connection connection # 8607=CiscoPIX-Built_inbound_UDP_Connection connection # 8608=CiscoPIX-Built-Dynamic_UDP_Translation connection # 8609=CiscoPIX-Built-Dynamic_ICMP_Translation connection # 8610=CiscoPIX-Blocked_Inbound_UDP_Noxlate connection # 8611=CiscoPIX-Built_Local_Host connection # 8612=CiscoPIX-Dropping_Echo_Request connection # 8613=CiscoPIX-Retrieved_Or_Stored file-access # 8614=CiscoPIX-In_Use_Most_used system # 8615=CiscoPIX-Built_Static_Translation connection # 8616=CiscoPIX-Deny_IP_Spoof firewall # 8618=CiscoPIX-Translation_Creation_Failure firewall # 8619=CiscoPIX-No_Route error # 8620=CiscoPIX-URL_Server_Not_Responding error # 8621=CiscoPIX-Accessed_URL web-access # 8622=CiscoPIX-Accessed_Denied_URL web-error # 8623=CiscoPIX-ACL_TCP_Allow connection # 8624=CiscoPIX-ACL_TCP_Deny firewall # 8625=CiscoPIX-ACL_UDP_Allow connection # 8600=CiscoPIX-ACL_UDP_Deny firewall # 15325=CiscoPIX-Config_Begin system # 15326=CiscoPIX-Command_Executed system # 15327=CiscoPIX-ACL_Deny firewall # 15328=CiscoPIX-Non_IPSEC_Packet_Received firewall # 15329=CiscoPIX-Invalid_Transport firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_cisco_pix_alt.prm # # 8400=CiscoFWSM-Blocked_UDP firewall # 8401=CiscoFWSM-Blocked_TCP firewall # 8402=CiscoFWSM-Blocked_ICMP firewall # 8403=CiscoFWSM-Blocked_UDP firewall # 8404=CiscoFWSM-Blocked_TCP firewall # 8405=CiscoFWSM-Blocked_ICMP firewall # 8406=CiscoFWSM-Blocked_Inbound_TCP_Noxlate firewall # 8407=CiscoFWSM-Blocked_Inbound_ICMP_Noxlate firewall # 8408=CiscoFWSM-Blocked_UDP firewall # 8409=CiscoFWSM-Blocked_TCP firewall # 8410=CiscoFWSM-Blocked_ICMP firewall # 8411=CiscoFWSM-Blocked_ICMP firewall # 8412=CiscoFWSM-Blocked_IP_Options firewall # 8413=CiscoFWSM-Blocked_TCP firewall # 8414=CiscoFWSM-Blocked_UDP firewall # 8415=CiscoFWSM-Blocked_UDP firewall # 8416=CiscoFWSM-Blocked_TCP firewall # 8417=CiscoFWSM-Blocked_TCP firewall # 8418=CiscoFWSM-Blocked_Protocol firewall # 8419=CiscoFWSM-Allowed_TCP connection # 8420=CiscoFWSM-Allowed_UDP connection # 8421=CiscoFWSM-User_Log_Out logout # 8422=CiscoFWSM-User_Authentication_Failure login-failure # 8423=CiscoFWSM-User_Log_In login # 8424=CiscoFWSM-User_Privilege_Change system # 8425=CiscoFWSM-Admin_Permited login # 8426=CiscoFWSM-Admin_Permited_Console login # 8427=CiscoFWSM-Admin_Denied login-failure # 8428=CiscoFWSM-Admin_Denied_Console login-failure # 8429=CiscoFWSM-PPP_User_AAA_Status login # 8430=CiscoFWSM-SSH_Disconnect logout # 8431=CiscoFWSM-SSH_Bad_Password login-failure # 8432=CiscoFWSM-Multiple_Enable_Failures login-failure # 8433=CiscoFWSM-User_Authorization_Denied login-failure # 8434=CiscoFWSM-User_Authorization_Allowed login # 8435=CiscoFWSM-User_Authorization_Authentication_Allowed login # 8436=CiscoFWSM-Too_Many_Users error # 8437=CiscoFWSM-Split_DNS error # 8438=CiscoFWSM-Split_DNS error # 8439=CiscoFWSM-OSPF_IP_Area_Change system # 8440=CiscoFWSM-Interface_Zero_Bandwidth error # 8441=CiscoFWSM-Auto_Update_Failure error # 8442=CiscoFWSM-Command_Failure access-denied # 8443=CiscoFWSM-Bad_NTP_Packet access-denied # 8444=CiscoFWSM-NTP_Packet_Denied firewall # 8445=CiscoFWSM-Duplicate_Router_ID error # 8446=CiscoFWSM-Duplicate_Router_ID error # 8447=CiscoFWSM-Invalid_OSPF_Packet error # 8448=CiscoFWSM-Invalid_OSPF_Packet error # 8449=CiscoFWSM-Routing_Limit_Reached error # 8450=CiscoFWSM-Manager_Connection login # 8451=CiscoFWSM-High_CPU error # 8452=CiscoFWSM-Config_Modification system # 8453=CiscoFWSM-Potential_DOS_Attack dos # 8454=CiscoFWSM-VPN_Rollover intrusion # 8455=CiscoFWSM-PPTP_Out_Of_Sequence_Packet error # 8456=CiscoFWSM-DNS_Overflow intrusion # 8457=CiscoFWSM-DNS_Overflow intrusion # 8458=CiscoFWSM-DNS_Overflow intrusion # 8459=CiscoFWSM-DNS_Overflow intrusion # 8460=CiscoFWSM-DOS_Attack dos # 8461=CiscoFWSM-FTP_Port_Rewrite intrusion # 8462=CiscoFWSM-FTP_Low_Port intrusion # 8463=CiscoFWSM-ARP_Poison intrusion # 8464=CiscoFWSM-Spoofed_PPTP_Packet intrusion # 8465=CiscoFWSM-Spoofed_IPSEC_Packet intrusion # 8466=CiscoFWSM-Spoofed_IPSEC_Packet intrusion # 8467=CiscoFWSM-Invalid_ICMP_Error_Destination firewall # 8468=CiscoFWSM-Invalid_RIP_Header error # 8469=CiscoFWSM-Invalid_RIP_Header error # 8470=CiscoFWSM-Potential_Manager_Session_Attack intrusion # 8471=CiscoFWSM-Potential_SNMP_Overflow_Attempt intrusion # 8472=CiscoFWSM-IP_Frag_Drop_Too_Many_Elements dos # 8473=CiscoFWSM-IP_Frag_Drop_Max_Size_Exceeded dos # 8474=CiscoFWSM-IP_Frag_Database_Exceeded dos # 8475=CiscoFWSM-WebSense_URL_Server_Not_Responding error # 8476=CiscoFWSM-Websense_Leaving_Allow_mode system # 8477=CiscoFWSM-Built_Outbound_TCP_Connection connection # 8478=CiscoFWSM-Built_UDP_Connection connection # 8479=CiscoFWSM-Deny_IP_Teardrop_Fragment dos # 8481=CiscoFWSM-Deny_UDP_Reverse_Path_Check firewall # 8482=CiscoFWSM-Built_Inbound_TCP_Connection connection # 8483=CiscoFWSM-Accessed_URL web-access # 8484=CiscoFWSM-Built-Dynamic_TCP_Translation connection # 8485=CiscoFWSM-Teardown_TCP_Connection connection # 8486=CiscoFWSM-Teardown_LocalHost connection # 8487=CiscoFWSM-Teardown_Dynamic_TCP_Translation connection # 8488=CiscoFWSM-Accessed_Denied_URL web-error # 8489=CiscoFWSM-Teardown_UDP_Connection connection # 8490=CiscoFWSM-Built_inbound_UDP_Connection connection # 8491=CiscoFWSM-Built-Dynamic_UDP_Translation connection # 8492=CiscoFWSM-Built-Dynamic_ICMP_Translation connection # 8493=CiscoFWSM-Blocked_Inbound_UDP_Noxlate firewall # 8494=CiscoFWSM-Built_Local_Host connection # 8495=CiscoFWSM-Dropping_Echo_Request connection # 8496=CiscoFWSM-Retrieved_Or_Stored file-access # 8497=CiscoFWSM-In_Use_Most_Used system # 8498=CiscoFWSM-Built_Dynamic_Static_Translation system # 8499=CiscoFWSM-Deny_IP_Spoof firewall # 8800=CiscoFWSM-Shunned_IP firewall # 8801=CiscoFWSM-Built_ICMP_Connection connection # 8802=CiscoFWSM-Teardown_ICMP connection # 8803=CiscoFWSM-Blocked_ICMP firewall # 8804=CiscoFWSM-DHCP_Interface dhcp # 8805=CiscoFWSM-Teardown_Static connection # 8806=CiscoFWSM-Pre-allocate connection # 8807=CiscoFWSM-Built_H245 connection # 8812=CiscoFWSM-Built_outbound_TCP connection # 8813=CiscoFWSM-Teardown_TCP_Connection connection # 8814=CiscoFWSM-Built_UDP connection # 8815=CiscoFWSM-Teardown_UDP_Connection connection # 8817=CiscoFWSM-TCP_Deny_DNS firewall # 8818=CiscoFWSM-Inbound_UDP_Denied firewall # 8819=CiscoFWSM-Permit_Untrusted_Network connection # 8820=CiscoFWSM-ThirdParty_ICMP_Permit connection # 8821=CiscoFWSM-DNS_Deny firewall # 8822=Cisco-IKE_NO_SA firewall # 8823=CiscoFWSM-Teardown_TCP_Connection connection # 8824=CiscoFWSM-Teardown_TCP_Outside_To_Untrusted connection # 8829=CiscoFWSM-Teardown_UDP_VPN_To_Outside connection # 8830=CiscoFWSM-Teardown_UDP_Outside_To_DNS connection # 8831=CiscoFWSM-Teardown_UDP_Untrusted_To_Outside connection # 8832=CiscoFWSM-Teardown_UDP_Outside_To_VPN connection # 8833=CiscoFWSM-Teardown_TCP_VPN_To_DMZ connection # 8834=CiscoFWSM-Teardown_TCP_Outside_To_DMZ connection # 8835=CiscoFWSM-Teardown_TCP_Untrusted_To_VPN connection # 8836=CiscoFWSM-Teardown_TCP_Outside_DNS connection # 8837=CiscoFWSM-Teardown_UDP_VPN_To_DNS connection # 8838=CiscoFWSM-Teardown_UDP_VPN_To_DMZ connection # 8839=CiscoFWSM-Teardown_TCP_Untrusted_To_Outside connection # 8840=CiscoFWSM-Teardown_UDP_Outside_To_Untrusted connection # 8841=CiscoFWSM-No_Route error # 8843=CiscoFWSM-Dropped_UDP_DNS_Request intrusion # 8844=CiscoFWSM-Access_List_Permited_Or_Denied firewall # 8845=CiscoFWSM-Teardown_IP_Protocol connection # 8846=CiscoFWSM-Teardown_TCP_From_VPN_To_3rdpty connection # 8847=CiscoFWSM-Teardown_UDP_From_VPN_To_VPN connection # 8849=CiscoFWSM-Teardown_TCP_Connection connection # 8850=CiscoFWSM-Built_Outbound_TCP_Connection connection # 8851=CiscoFWSM-Teardown_UDP_Connection connection # 8852=CiscoFWSM-Built_IP_Protocol_Connection connection # 8853=CiscoFWSM-Blocked_Protocol firewall # 8854=CiscoFWSM-Built_UDP_Connection connection # 8855=CiscoFWSM-Built_Inbound_TCP_Connection connection # 8856=CiscoFWSM-Teardown_TCP_Connection connection # 8857=CiscoFWSM-Built_Dynamic_IP_Translation connection # 8858=CiscoFWSM-MAC_Address_Moved system # 8859=Cisco-IKMP_MODE_FAILURE error # 8860=CiscoFWSM-Built_Dynamic_ICMP_Translation connection # 8861=CiscoFWSM-No_Translation_Group_Found error # 8862=CiscoFWSM-AAA_User_Accounting_Successful login # 8863=CiscoFWSM-Preallocated_TCP_Backconnection connection # 8864=CiscoFWSM-Preallocated_UDP_Backconnection connection # 8865=CiscoFWSM-Status_Received_Before_Setup connection # 8866=CiscoFWSM-Regular_Translation_Failed_TCP firewall # 8867=CiscoFWSM-Regular_Translation_Failed_ICMP firewall # 8868=CiscoFWSM-Unable_To_Preallocate_Connection firewall # 8870=CiscoFWSM-Blocked_Inbound_Protocol_Noxlate firewall # 8871=CiscoFWSM-SSH_Session_Timed_Out connection # 8872=CiscoFWSM-SSH_Internal_Error error # 8873=Cisco-IKMP_Failed_Check_Or_Malformed firewall # 8874=CiscoFWSM-Invalid_Trasport_Field error # 8875=CiscoFWSM-TCP_Access_Denied_By_ACL firewall # 8876=CiscoFWSM-Built_H245_Connection connection # 8877=CiscoFWSM-Login_Failed login-failure # 8878=CiscoFWSM-Portmap_Failed_Translation_UDP connection # 8879=CiscoFWSM-DNS_Overflow intrusion # 8880=CiscoFWSM-Blocked_TCP_Reverse_Path_Check firewall # 8881=CiscoFWSM-Portmap_Failed_Translation_ICMP error # 8882=CiscoFWSM-Config_Out_Of_Sync error # 8883=CiscoFWSM-Blocked_Land_Attack intrusion # 8884=CiscoFWSM-Portmap_Failed_Translation_TCP error # 8885=CiscoFWSM-SSH_Host_Retrieval_Failed login-failure # 8886=CiscoFWSM-Changed_State system # 8887=CiscoFWSM-Built_Outbound_TCP_Connection connection # 8888=CiscoFWSM-Built_Outbound_UDP_Connection connection # 8889=CiscoFWSM-Built_Inbound_TCP_Connection connection # 8890=CiscoFWSM-Built_inbound_UDP_Connection connection # 8891=CiscoFWSM-Built_outbound_TCP connection # 8892=CiscoFWSM-Inbound_UDP_Denied firewall # 8893=CiscoFWSM-ARP_Poison intrusion # 8894=CiscoFWSM-Access_List_Permitted firewall # 8895=CiscoFWSM-Teardown_UDP_Connection connection # 8896=CiscoFWSM-Pre_Allocate_SIP system # 8897=CiscoFWSM-Pre_Allocate_SIP system # 8898=CiscoFWSM-Blocked_TCP firewall # 8899=CiscoFWSM-ESMTP_Request connection # 14000=CiscoFWSM-Teardown_Dynamic connection # 14001=CiscoFWSM-Allowed_UDP connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_cyberguard.prm # # # Plugins for file /usr/thunder/daemons/plugins/firewall_cyberoam.prm # # 19271=Cyberoam-Blocked firewall # 19272=Cyberoam-Blocked firewall # 19273=Cyberoam-Blocked firewall # 19274=Cyberoam-Blocked firewall # 19275=Cyberoam-Blocked firewall # 19276=Cyberoam-Allowed connection # 19277=Cyberoam-Allowed connection # 19278=Cyberoam-Allowed connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_dlink.prm # # 7220=DLink-Updated_DNS system # 7221=DLink-Allowed_Access system # 7222=DLink-Log_Viewed system # 7223=DLink-Dropped_Packet firewall # 7224=DLink-Denied_Incoming_TCP_Connection firewall # 7225=DLink-Denied_Incoming_TCP_Packet firewall # 7226=DLink-Denied_Outgoing_TCP_Packet firewall # 7227=DLink-Wireless_System_Associated system # 7228=DLink-Wireless_System_Secured system # 7229=DLink-Network_Computer_Assigned_IP dhcp # 7230=DLink-Network_Computer_Lost_Lease dhcp # 7231=DLink-Web_Site_Accessed web-access # 7232=DLink-Stored_Configuration system # 7233=DLink-Denied_Incoming_UDP_Packet firewall # 7234=DLink-Denied_Outgoing_TCP_Packet firewall # 7235=DLink-Admin_Login_Failure login-failure # 7236=DLink-Admin_Login login # 7237=DLink-Rejected_Packet firewall # 7238=DLink-Firewall_Rule_Added_Via_UPnP system # 7239=DLink-Firewall_Rule_Deleted_Via_UPnP system # 7240=DLink-Firewall_IP_Protocol_Blocked firewall # 7241=DLink-Firewall_Blocked_Outbound_Ping firewall # 7242=DLink-Firewall_Blocked_Packet firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_f5bigip.prm # # 4141=F5BigIP-Request_Blocked firewall # 4142=F5BigIP-SSL_Accelarator web-access # 4143=F5BigIP-Node_Down system # 4144=F5BigIP-Node_Up system # 4145=F5BigIP-Pool_Member_Up system # 4146=F5BigIP-Pool_Member_Down system # 4147=F5BigIP-SSL_Request connection # 4148=F5BigIP-Clear_Cache_Request system # 4149=F5BigIP-Attempting_Configuration system # 4150=F5BigIP-Authcache_Pam_Error login-failure # 4151=F5BigIP-Radius_Server_Failed_To_Respond error # 4152=F5BigIP-All_Radius_Servers_Failed_To_Respond error # 4153=F5BigIP-Radius_Bad_Shared_Secret error # 4154=F5BigIP-HAL_Stats_Not_Found error # 4155=F5BigIP-User_Audit system # 4156=F5BigIP-No_Members_For_Pool error # 4157=F5BigIP-Connection_Refused_UDP firewall # 4158=F5BigIP-Rule_Fired application # 4159=F5BigIP-Log_Rate_Throttling system # 4160=F5BigIP-Log_Rate_Resuming system # 4161=F5BigIP-Web_Scraping intrusion # 4162=F5BigIP-Request_Violation intrusion # 4163=F5BigIP-LTM_Connection connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_fios.prm # # 10650=FIOS_Wireless_Blocked_TCP firewall # 10651=FIOS_Wireless_Blocked_UDP firewall # 10652=FIOS_Wireless_Blocked_ICMP firewall # 10653=FIOS_Wireless_Allowed_TCP connection # 10654=FIOS_Wireless_Allowed_UDP connection # 10655=FIOS_Wireless_Allowed_ICMP connection # 10656=FIOS_Wireless-Login login # 10657=FIOS_Wireless-Configuration_Change system # 10658=FIOS_Wireless_Invalid_UDP_Packet firewall # 10659=FIOS_Wireless_Invalid_TCP_Packet firewall # 10660=FIOS_Wireless_Blocked_Remote_Admin access-denied # 10661=FIOS_Wireless_Allowed_Remote_Admin connection # 10662=FIOS_Wireless_Illegal_Packet_Options firewall # 10663=FIOS_Wireless-Configuration_Change system # 10664=FIOS_Wireless_Blocked_IP_Proto firewall # 10665=FIOS_Wireless_NAT_Error error # 10666=FIOS_Wireless_Allowed_Remote_Admin connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_fortigate.prm # # 10427=Fortigate-Allowed_TCP_Connection connection # 10428=Fortigate-Allowed_UDP_Connection connection # 10429=Fortigate-Allowed_ICMP_Connection connection # 10430=Fortigate-Blocked_TCP_Connection firewall # 10431=Fortigate-Blocked_UDP_Connection firewall # 10432=Fortigate-Blocked_ICMP_Connection firewall # 10433=Fortigate-VPN_Allowed_Connection connection # 10434=Fortigate-VPN_Deleted_Connection connection # 10435=Fortigate-VPN_Installed_Connection connection # 10436=Fortigate-VPN_Tunnel_Failure error # 10437=Fortigate-VPN_Tunnel_Down connection # 10438=Fortigate-VPN_Tunnel_Up connection # 10439=Fortigate-VPN_Tunnel_Deleted_Isakmp_Phase1_Sa system # 10440=Fortigate-Admin_Logout logout # 10441=Fortigate-Admin_Login login # 10442=Fortigate-Update system # 10443=Fortigate-Blocked_TCP_Connection firewall # 10444=Fortigate-Blocked_UDP_Connection firewall # 10445=Fortigate-Blocked_ICMP_Connection firewall # 10446=Fortigate-Allowed_TCP_Connection connection # 10447=Fortigate-Allowed_UDP_Connection connection # 10448=Fortigate-Tunnel_Up connection # 10449=Fortigate-Successful_VPN_Login login # 10450=Fortigate-Tunnel_Down connection # 10451=Fortigate-VPN_Allowed_Connection connection # 10452=Fortigate-Blocked_TCP_Connection firewall # 10453=Fortigate-Blocked_UDP_Connection firewall # 10454=Fortigate-Blocked_ICMP_Connection firewall # 10455=Fortigate-Allowed_TCP_Connection connection # 10456=Fortigate-Allowed_UDP_Connection connection # 10457=Fortigate-Allowed_ICMP_Connection connection # 10458=Fortigate-Allowed_TCP_Connection connection # 10459=Fortigate-Timeout_TCP_Connection connection # 10460=Fortigate-Start_TCP_Connection connection # 10461=Fortigate-Start_UDP_Connection connection # 10462=Fortigate-Start_ICMP_Connection connection # 10463=Fortigate-Allowed_ICMP_Connection connection # 10464=Fortigate-Blocked_TCP_Connection firewall # 10465=Fortigate-Blocked_UDP_Connection firewall # 10466=Fortigate-Blocked_ICMP_Connection firewall # 10467=Fortigate-Log_Roll_Request system # 10468=Fortigate-Blocked_ICMP_Connection firewall # 10469=Fortigate-Will_Overwrite_Old_Logs system # 10470=Fortigate-Add_Firewall_Address_Policy system # 10471=Fortigate-Performance_Statistics system # 10472=Fortigate-Phone_Vpn system # 10473=Fortigate-Configuration_Changed detected-change # 10474=Fortigate-Blocked_URL firewall # 10475=Fortigate-Scanerror_Passthrough web-access # 10476=Fortigate-HTTP_Invalid_Domain_Name_Passthrough web-access # 10477=Fortigate-Configuration_Deleted detected-change # 10478=Fortigate-Configuration_Backup system # 10479=Fortigate-Completed_Reputation_Maintenance system # 10480=Fortigate-HA_Slave_Sync system # 10481=Fortigate-Connect_Disconnect_FortiAnalyzer system # 10482=Fortigate-Edit_System_Global system # 10483=Fortigate-Sync_Status_With_Master system # 10484=Fortigate-Memory_Log_Full system # 10485=Fortigate-Login_Failed_Invalid_Password login-failure # 10486=Fortigate-Login_Failed_Invalid_User_Name login-failure # 10487=Fortigate-Certificate_Generated detected-change # 10488=Fortigate-Firmware_Available system # 10489=Fortigate-Failed_Connect_FortiAnalyzer error # 10490=Fortigate-Edit_Policy detected-change # 10491=Fortigate-File_Downloaded file-access # 10492=Fortigate-User_Timed_Out logout # 10493=Fortigate-User_Login login # 10494=Fortigate-User_Logout logout # 10495=Fortigate-User_Login login # 10496=Fortigate-Edit_System_Console system # 10497=Fortigate-NTP_Server_Unreachable system # 10498=Fortigate-Session_Clash system # 10499=Fortigate-IPsec_ESP error # 10575=Fortigate-DHCP_Statistics system # 10576=Fortigate-Blocked_Connection firewall # 10577=Fortigate-Allowed_Connection connection # 10579=Fortigate-Allowed_TCP_Connection connection # 10680=Fortigate-Allowed_TCP_Connection connection # 10681=Fortigate-Blocked_TCP_Connection firewall # 10682=Fortigate-Timeout_TCP_Connection connection # 10683=Fortigate-Allowed_UDP_Connection connection # 10684=Fortigate-Allowed_UDP_Connection connection # 10685=Fortigate-Blocked_UDP_Connection firewall # 10686=Fortigate-Timeout_UDP_Connection connection # 10687=Fortigate-Allowed_TCP_Connection connection # 10688=Fortigate-Allowed_TCP_Connection connection # 10689=Fortigate-Blocked_TCP_Connection firewall # 10690=Fortigate-Timeout_TCP_Connection connection # 10691=Fortigate-Allowed_UDP_Connection connection # 10692=Fortigate-Allowed_UDP_Connection connection # 10693=Fortigate-Blocked_UDP_Connection firewall # 10694=Fortigate-Timeout_UDP_Connection connection # 10695=Fortigate-Allowed_TCP_Connection connection # 10696=Fortigate-Allowed_TCP_Connection connection # 10697=Fortigate-Blocked_TCP_Connection firewall # 10698=Fortigate-Timeout_TCP_Connection connection # 10699=Fortigate-Allowed_UDP_Connection connection # 10700=Fortigate-Blocked_UDP_Connection firewall # 10701=Fortigate-Timeout_UDP_Connection connection # 10703=Fortigate-Allowed_UDP_Connection connection # 10704=Fortigate-AppControl_Detection_Allow connection # 10705=Fortigate-AppControl_Blocked_Session firewall # 10706=FortiWeb-Blocked_TCP_IDS_Event firewall # 10707=FortiWeb-TCP_IDS_Event intrusion # 10708=FortiWeb-UDP_IDS_Event intrusion # 10709=FortiWeb-TCP_Traffic connection # 10710=FortiWeb-UDP_Traffic connection # 10711=FortiWeb-User_Logout logout # 10712=FortiWeb-User_Login_Failed login-failure # 10713=FortiWeb-User_Login login # 10714=FortiWeb-User_Login_Failed login-failure # 20715=FortiWeb-Admin_Messages application # 20716=FortiWeb-Error_Messages error # 20717=FortiWeb-Blocked_UDP_IDS_Event firewall # 15100=Fortigate-Blocked_TCP_Connection firewall # 15101=Fortigate-Blocked_UDP_Connection firewall # 15102=Fortigate-Blocked_ICMP_Connection firewall # 15103=Fortigate-Allowed_TCP_Connection connection # 15104=Fortigate-Allowed_UDP_Connection connection # 15105=Fortigate-Allowed_ICMP_Connection connection # 15106=Fortigate-Allowed_TCP_Connection connection # 15107=Fortigate-Allowed_UDP_Connection connection # 15108=Fortigate-Allowed_ICMP_Connection connection # 15109=Fortigate-Timeout_TCP_Connection connection # 15110=Fortigate-Timeout_UDP_Connection connection # 15111=Fortigate-Timeout_ICMP_Connection connection # 15112=Fortigate-Start_TCP_Connection connection # 15113=Fortigate-Start_UDP_Connection connection # 15114=Fortigate-Start_ICMP_Connection connection # 15115=Fortigate-IP_Connection connection # 15116=Fortigate-DNS_Connection connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_fortinet.prm # # 8710=Fortinet-Allowed_Connection connection # 8711=Fortinet-Blocked_Connection firewall # 8712=Fortinet-UDP_IDS_Event intrusion # 8713=Fortinet-TCP_IDS_Event intrusion # 8714=Fortinet-Client error # 8715=Fortinet-Firewall_Policy_Added system # 8716=Fortinet-Firewall_Policy_Deleted system # 8717=Fortinet-Firewall_Not_Valid_RSA_Signature error # 8718=Fortinet-Firewall_Restored_Image system # 8719=Fortinet-Firewall_Update_Failed error # 8720=Fortinet-Firewall_Login_Successful login # 8721=Fortinet-Firewall_Login_Failed login-failure # 8722=Fortinet-Firewall_Login_Successful login # 8723=Fortinet-Firewall_Change system # 8724=Fortinet-Firewall_Change system # 8725=Fortinet-Firewall_Admin_Logoff logout # 8726=Fortinet-Firewall_Login_Failed login-failure # 8727=Fortinet-Firewall_Added_Radius_User system # 8728=Fortinet-Firewall_Added_Local_User system # 8729=Fortinet-Firewall_Deleted_Local_User system # 8730=Fortinet-Firewall_Interface_Changed system # 8733=Fortinet-Firewall_Static_Route_Added system # 8734=Fortinet-Firewall_Static_Route_Deleted system # 8735=Fortinet-Firewall_Static_Route_Changed system # 8736=Fortinet-Firewall_Config_Downloaded system # 8737=Fortinet-Firewall_Assignments dhcp # 8738=Fortinet-Firewall_Virus_Infection virus # 8739=Fortinet-Firewall_Virus_Oversized firewall # 8740=Fortinet-Firewall_Virus_Email_Oversized firewall # 8741=Fortinet-Firewall_Virus_Upload firewall # 8742=Fortinet-Firewall_Gateway_Down error # 8743=Fortinet-Firewall_FTP_Authenticated login # 8744=Fortinet-Firewall_Login_Failed login-failure # 8745=Fortinet-IDS_Event intrusion # 8746=Fortinet-DHCP_Discover dhcp # 8747=Fortinet-DHCP_Config_Offer dhcp # 8748=Fortinet-DHCP_Received dhcp # 8749=Fortinet-Virus_FileIgnored_Exceed_Size firewall # 18750=Fortinet-Virus_Blocked virus # 18751=Fortinet-Email_PossibleSpam spam # 18752=Fortinet-Virus_Passthrough virus # 18753=Fortinet-DHCP_Released dhcp # 18754=Fortinet-GUI_Logout logout # 18755=Fortinet-Signature_Updated system # 18756=Fortinet-VPN_Connection_Success connection # 18757=Fortinet-Apache_LongSlash intrusion # 18758=Fortinet-Intrusion_Attempt intrusion # 18759=Fortinet-TCP_Reassembler intrusion # 18760=Fortinet-Allowed_Connection connection # 18761=Fortinet-Blocked_Connection firewall # 18762=Fortinet-UDP_IDS_Event intrusion # 18763=Fortinet-TCP_IDS_Event intrusion # 18764=Fortinet-IDS_Event intrusion # 18765=Fortinet-Apache_LongSlash intrusion # 18766=Fortinet-Blocked_Connection firewall # 18767=Fortinet-Firewall_Login_Failed login-failure # 18768=Fortinet-Firewall_Login_Disabled login-failure # # Plugins for file /usr/thunder/daemons/plugins/firewall_gauntlet.prm # # # Plugins for file /usr/thunder/daemons/plugins/firewall_gnatbox.prm # # 14580=Gnatbox-Remote_Admin_Login login # 14581=Gnatbox-HA_No_Reply system # 14582=Gnatbox-NTP_No_Reply system # 14583=Gnatbox-ALSlatency_Connection_Timeout system # 14584=Gnatbox-Block_IBP_icmp firewall # 14585=Gnatbox-Block_IBP_tcp firewall # 14586=Gnatbox-Block_IBP_udp firewall # 14587=Gnatbox-Block_OBP_icmp firewall # 14588=Gnatbox-Block_OBP_tcp firewall # 14589=Gnatbox-Block_OBP_udp firewall # 14590=Gnatbox-Block_PTP_icmp firewall # 14591=Gnatbox-Block_PTP_tcp firewall # 14592=Gnatbox-Block_PTP_udp firewall # 14593=Gnatbox-Accept_OBP_icmp connection # 14594=Gnatbox-Accept_OBP_tcp connection # 14595=Gnatbox-Accept_OBP_udp connection # 14596=Gnatbox-Accept_In_NAT_icmp connection # 14597=Gnatbox-Accept_In_NAT_tcp connection # 14598=Gnatbox-Accept_In_NAT_udp connection # 14599=Gnatbox-Accept_In_Pass_icmp connection # 14600=Gnatbox-Accept_In_Pass_tcp connection # 14601=Gnatbox-Accept_In_Pass_udp connection # 14602=Gnatbox-Accept_Out_NAT_icmp connection # 14603=Gnatbox-Accept_Out_NAT_tcp connection # 14604=Gnatbox-Accept_Out_NAT_udp connection # 14605=Gnatbox-Accept_Out_Pass_icmp connection # 14606=Gnatbox-Accept_Out_Pass_tcp connection # 14607=Gnatbox-Accept_Out_Pass_udp connection # 14608=Gnatbox-Close_In_NAT_icmp connection # 14609=Gnatbox-Close_In_NAT_tcp connection # 14610=Gnatbox-Close_In_NAT_udp connection # 14611=Gnatbox-Close_In_Pass_icmp connection # 14612=Gnatbox-Close_In_Pass_tcp connection # 14613=Gnatbox-Close_In_Pass_udp connection # 14614=Gnatbox-Close_Out_NAT_icmp connection # 14615=Gnatbox-Close_Out_NAT_tcp connection # 14616=Gnatbox-Close_Out_NAT_udp connection # 14617=Gnatbox-Close_Out_Pass_icmp connection # 14618=Gnatbox-Close_Out_Pass_tcp connection # 14619=Gnatbox-Close_Out_Pass_udp connection # 14620=Gnatbox-Open_Outbound_NAT_icmp connection # 14621=Gnatbox-Open_Outbound_NAT_tcp connection # 14622=Gnatbox-Open_Outbound_NAT_udp connection # 14623=Gnatbox-Accept_Persist_In_NAT_Web web-access # 14624=Gnatbox-Accept_In_NAT_Web web-access # 14625=Gnatbox-Accept_In_Pass_Web web-access # 14626=Gnatbox-Accept_Out_NAT_Web web-access # 14627=Gnatbox-Accept_Out_Pass_Web web-access # 14628=Gnatbox-Open_Outbound_NAT_Web web-access # # Plugins for file /usr/thunder/daemons/plugins/firewall_iboss.prm # # 15273=IBoss-Allowed_Event web-access # 15274=IBoss-Blocked_Event firewall # 15275=IBoss-Blocked_Event_Malware_Detected virus # # Plugins for file /usr/thunder/daemons/plugins/firewall_ipchains.prm # # # Plugins for file /usr/thunder/daemons/plugins/firewall_ipfilter.prm # # 16=Ipfilter-Blocked_TCP firewall # 17=Ipfilter-Blocked_UDP firewall # 18=Ipfilter-Blocked_IGMP firewall # 19=Ipfilter-Blocked_ICMP firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_iptables.prm # # 9000=IPTables-TCP firewall # 9001=IPTables-UDP firewall # 9002=IPTables-ICMP firewall # 9003=IPTables-Blocked_Connection firewall # 9004=IPTables-Dropped_Outbound_UDP_Connection firewall # 9005=IPTables-Dropped_Inbound_TCP_Connection firewall # 9006=IPTables-Dropped_Inbound_UDP_Connection firewall # 9007=IPTables-Dropped_Outbound_TCP_Connection firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_isa_snare.prm # # 4275=ISA-Denied_Internal_To_Local_Connection_UDP firewall # 4276=ISA-Terminated_External_To_Internal_Connection_TCP firewall # 4277=ISA-External_To_Internal_Connection_TCP connection # 4278=ISA-Local_To_Internal_Connection_TCP connection # 4279=ISA-External_To_Local_Connection_TCP connection # 4280=ISA-Terminated_Local_To_Internal_Connection_TCP firewall # 4281=ISA-Terminated_External_To_Local_Connection_TCP firewall # 4282=ISA-Denied_Internal_To_Local_Connection_IGMP firewall # 4283=ISA-Established_Local_To_Internal_Connection_ICMP connection # 4284=ISA-Denied_External_To_Local_Connection_TCP firewall # 4285=ISA-Denied_Local_To_External_Connection_UDP firewall # 4286=ISA-Established_Local_To_External_Connection_UDP connection # 4287=ISA-Denied_External_To_Local_Connection_ICMP firewall # 4288=ISA-Terminated_Local_To_Internal_Connection_ICMP firewall # 4289=ISA-Terminated_Local_To_Internal_Connection_UDP firewall # 4290=ISA-Denied_Internal_To_Local_Connection_ICMP firewall # 4291=ISA-Intermediate_Connection connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_juno.prm # # 105003=Juniper-Allowed_TCP_Session connection # 105004=Juniper-Allowed_TCP_Session connection # 105005=Juniper-Allowed_TCP_Session connection # 105006=Juniper-Allowed_ICMP_Session connection # 105007=Juniper-Allowed_ICMP_Session connection # 105008=Juniper-Allowed_UDP_Session connection # 105009=Juniper-Allowed_UDP_Session connection # 105010=Juniper-Blocked_TCP_Session firewall # 105011=Juniper-Blocked_ICMP_Session firewall # 105012=Juniper-Blocked_UDP_Session firewall # 105013=Juniper-Blocked_UDP_Session firewall # 105014=Juniper-Fragmented_Traffic firewall # 105015=Juniper-Source_Session_Limit error # 105016=Juniper-Destination_Session_Limit error # 105017=Juniper-Closed_UDP_Session connection # 105018=Juniper-Closed_TCP_Session connection # 105019=Juniper-Keepalive_Out_Of_Sequence error # 105020=Juniper-User_Authenticated login # 105021=Juniper-Login_Event login # 105022=Juniper-Command_Issued process # 105023=Juniper-Closed_ICMP_Session connection # 105024=Juniper-Allowed_TCP_Session connection # 105025=Juniper-Allowed_TCP_Session connection # 105026=Juniper-Allowed_TCP_Session connection # 105027=Juniper-Allowed_ICMP_Session connection # 105028=Juniper-Allowed_ICMP_Session connection # 105029=Juniper-Allowed_UDP_Session connection # 105030=Juniper-Allowed_UDP_Session connection # 105031=Juniper-Blocked_TCP_Session firewall # 105032=Juniper-Blocked_ICMP_Session firewall # 105033=Juniper-Blocked_UDP_Session firewall # 105034=Juniper-Blocked_UDP_Session firewall # 105035=Juniper-Closed_UDP_Session connection # 105036=Juniper-Closed_TCP_Session connection # 105037=Juniper-Closed_ICMP_Session connection # 105038=Juniper-Vol_Update_TCP_Session connection # 105039=Juniper-Login_Event login # 105040=Juniper-Logout_Event logout # 105041=Juniper-Database_Logout_Event logout # 105042=Juniper-New_Config_Audit system # 105043=Juniper-JUNOS_Script_Command_Issued process # 105044=Juniper-snmpd_Auth_Failure error # 105045=Juniper-Vol_Update_ICMP_Session connection # 105046=Juniper-Vol_Update_UDP_Session connection # 105047=Juniper-SNMP_Trap_Link_Down system # 105048=Juniper-SNMP_Trap_Link_UP system # 105049=Juniper-IP_Spoof intrusion # 105050=Juniper-IPSec_Replay intrusion # 105051=Juniper-Attack_Detected intrusion # 105052=Juniper-Algorithm_Warning firewall # 105053=Juniper-CPU_Usage_OK system # 105054=Juniper-CPU_Usage_Threshold_Exceeded error # 105055=Juniper-Flow_Reassembly_Failure error # 105056=Juniper-Flow_Reassembly_Succeeded system # 105057=Juniper-Closed_IP_Session connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_kerio.prm # # # Plugins for file /usr/thunder/daemons/plugins/firewall_microsoft.prm # # 2960=Microsoft_Drop_UDP firewall # 2961=Microsoft_Open_UDP connection # 2962=Microsoft_Close_UDP connection # 2963=Microsoft_Close_TCP connection # 2964=Microsoft_Drop_TCP firewall # 2965=Microsoft_Open_TCP connection # 2966=Microsoft_Drop_ICMP firewall # 2967=Microsoft_Open-Inbound_TCP connection # 2968=Microsoft_Allow_TCP connection # 2969=Microsoft_Allow_UDP connection # 2970=Microsoft_Allow_IGMP connection # 2971=Microsoft_Drop_IGMP firewall # 2972=Microsoft_Allow_ICMP connection # 2973=Microsoft_Allow connection # 2974=Microsoft_Drop firewall # 12525=Windows-Firewall_Setting_Changed system # 12526=Windows-Firewall_Setting_Changed system # 12527=Windows-Firewall_Setting_Changed system # 12528=Windows-Firewall_Setting_Changed system # 12529=Windows-Firewall_Rule_Added system # 12530=Windows-Firewall_Rule_Changed system # 12531=Windows-Firewall_Rule_Deleted system # 12532=Windows-Firewall_Rule_Listed system # 12533=Windows-Firewall_Setting_Changed system # 12534=Windows-Firewall_Service_Failed error # 12535=Windows-Firewall_Profile_Changed system # 12536=Windows-Firewall_Failed_Notification error # 12537=Windows-Firewall_Default_Settings_Restored system # 12538=Windows-Firewall_Rule_Deleted system # # Plugins for file /usr/thunder/daemons/plugins/firewall_netgear.prm # # 9400=Netgear-Suspicious_TCP_data intrusion # 9401=Netgear-Suspicious_UDP_data intrusion # 9409=NetGear-Blocked_TCP firewall # 9410=NetGear-Blocked_ICMP firewall # 9411=NetGear-Blocked_UDP firewall # 9412=NetGear-Blocked_UDP firewall # 9413=NetGear-Blocked_TCP firewall # 9414=NetGear-Blocked_ICMP firewall # 9417=NetGear-Blocked_UDP firewall # 9415=NetGear-Forward_TCP connection # 9416=NetGear-Forward_UDP connection # 9418=NetGear-Site_Accessed web-access # 9402=Netgear-Failed_Login login-failure # 9403=Netgear-Admin_Login login # 9404=Netgear-Admin_Logout logout # 9405=Netgear-Admin_Login_Failure login-failure # 9406=Netgear-Admin_Login_Failure login-failure # 9407=Netgear-Admin_Login login # 9408=Netgear-Admin_Log_Out logout # # Plugins for file /usr/thunder/daemons/plugins/firewall_netscreen.prm # # 9500=Netscreen_Blocked_TCP firewall # 9501=Netscreen_Blocked_UDP firewall # 9502=Netscreen_Blocked_ICMP firewall # 9503=Netscreen-Critical_Event error # 9504=Netscreen-Admin_User_Login login # 9505=Netscreen-System_Alert_TCP dos # 9506=Netscreen-System_Alert_UDP dos # 9507=Netscreen_Accept_TCP connection # 9508=Netscreen_Accept_UDP connection # 9509=Netscreen_Accept_ICMP connection # 9510=Netscreen-SNMP_Poll connection # 9511=Netscreen-Rule_Added system # 9512=Netscreen-Rule_Change system # 9513=Netscreen-Blocked_OSPF_Traffic firewall # 9514=Netscreen-IKE_Packet_Received connection # 9515=Netscreen-IKE_Packet_Rejected firewall # 9516=Netscreen-Retransmission_Limit_Reached error # 9517=Netscreen-Agressive_Mode_Negotiations connection # 9518=Netscreen-Initiated_Negotiations connection # 9519=Netscreen-Responded_To_Peer system # 19520=Netscreen-Received_Notification system # 19521=Netscreen-Completed_Negotiations system # 19522=Netscreen-System_Critical_ICMP_Event intrusion # 19523=Netscreen-Admin_Login login # 19524=Netscreen-Could_Not_Obtain_Time error # 19525=Netscreen-NSRP_Peer_Address_Deleted system # 19526=Netscreen-Syslog_Enabled system # 19527=Netscreen-PKI_CA_Configuration_Saved system # 19528=Netscreen-Enviroment_Varaible_Changed system # 19529=Netscreen-Cannot_Connect_NSM_Server error # 19530=Netscreen-Tunnel_Traffic_UDP connection # 19531=Netscreen-Tunnel_Traffic_ICMP connection # 19532=Netscreen-Tunnel_Traffic_TCP connection # 19533=Netscreen-IKE_Negotiations_Failed error # 19534=Netscreen_Blocked_Proto_41 firewall # 19535=Netscreen-System_Alert_UDP_Flood intrusion # 19536=Netscreen-System_Alert_IP_Spoofing intrusion # 19537=Netscreen_Accept_Proto50 connection # 19538=Netscreen-System_Critical_UDP_Event intrusion # 19539=Netscreen-System_Critical_TCP_Event intrusion # 19540=Netscreen-System_Clock_Updated system # 19541=Netscreen-Valid_Route system # 19542=Netscreen-Source_Session_Limit_Reached error # 19543=Netscreen-System_Alert_IP_Spoofing intrusion # 19544=Netscreen-Login login # 19545=Netscreen-Logout logout # 19546=Netscreen-Login_Failed login-failure # 19547=Netscreen-Login login # 19548=Netscreen-Login login # 19549=Netscreen-Login login # 29550=Netscreen-Logout logout # 29551=Netscreen-Lock_Ended system # 29552=Netscreen-Blocked_Proto50_Traffic firewall # 29553=Netscreen-Allowed_Proto47_Traffic firewall # 29554=Netscreen-User_Logged_Out logout # 29555=Netscreen-Port_Scan firewall # 29556=Netscreen-Log_Viewed_Admin application # 29557=Netscreen-File_Transferred file-access # 29558=Netscreen-Session_Timed_Out connection # 29559=Netscreen-Transceiver_Unplugged_plugged application # 29560=Netscreen-Turn_Off_On_Debug_Switch application # 29561=Netscreen-Login_Failed login-failure # 29562=Netscreen-Clock_Changed_Manually detected-change # 29563=Netscreen-Clock_Configurations_Changed detected-change # 29564=Netscreen-Radius_Rejected_User login-failure # 29565=Netscreen-Login_Failed login-failure # 29566=Netscreen-Multiple_Login_Failures login-failure # 29567=Netscreen-Web_Login_Failed web-access # 29568=Netscreen-User_To_Be_Unlocked application # 29569=Netscreen-User_Re-Enabled application # 29570=Netscreen-Server_Modified detected-change # 29571=Netscreen-Server_Name_Set application # 29572=Netscreen-Server_Name_Unset application # 29573=Netscreen-Configuration_Saved web-access # 29574=Netscreen-Configuration_Saved application # 29575=Netscreen-Remote_Server_Now_Primary application # 29576=Netscreen-Policy_Moved application # 29577=Netscreen-Active_Server_Switchover application # 29578=Netscreen-Forced_Logout logout # 29579=Netscreen-Service_Added application # 29580=Netscreen-Privileged_Admins_Permited application # 29581=Netscreen-NSRP_Peer_Modified_Policy system # 29582=Netscreen-NSRP_Peer_Added_Trust_Zone system # 29583=Netscreen-NSRP_Peer_Added_Service system # 29584=Netscreen-NSRP_Peer_Added_Service_To_Policy system # 29585=Netscreen-Connection_Closed_TimedOut connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_paloalto.prm # # 2200=Paloalto-Allow_TCP_Start connection # 2201=Paloalto-Allow_TCP_End connection # 2202=Paloalto-Allow_UDP_Start connection # 2203=Paloalto-Allow_UDP_End connection # 2204=Paloalto-Allow_ICMP_Start connection # 2205=Paloalto-Allow_ICMP_End connection # 40000=Paloalto-Deny_TCP firewall # 40001=Paloalto-Deny_UDP firewall # 40002=Paloalto-Deny_ICMP firewall # 40013=Paloalto-Deny_TCP firewall # 40014=Paloalto-Deny_UDP firewall # 40015=Paloalto-Deny_ICMP firewall # 2206=Paloalto-Configuration_Edit system # 2207=Paloalto-Configuration_Delete system # 2208=Paloalto-Configuration_Commit system # 40003=Paloalto-Threat_Spyware intrusion # 40004=Paloalto-Threat_Spyware intrusion # 40005=Paloalto-Threat_Spyware intrusion # 40006=Paloalto-Threat_URL intrusion # 40007=Paloalto-Threat_Vulnerability intrusion # 40008=Paloalto-Threat_Vulnerability intrusion # 40009=Paloalto-Threat_Vulnerability intrusion # 40010=Paloalto-Threat_File intrusion # 40011=Paloalto-Threat_File intrusion # 40012=Paloalto-Threat_File intrusion # 40016=Paloalto-Threat_Virus intrusion # 40017=Paloalto-Threat_Virus intrusion # 40018=Paloalto-Threat_Virus intrusion # 2209=Paloalto-System_General_Msg system # 40019=Paloalto-Authentication_Failed login-failure # 40020=Paloalto-Authentication_Failed login-failure # 40021=Paloalto-Authentication_Failed_Threshold_Reached login-failure # 40022=Paloalto-Login login # 40023=Paloalto-VPN_Authentication_Successful login # # Plugins for file /usr/thunder/daemons/plugins/firewall_pf.prm # # 8900=PF-Blocked_ICMP firewall # 8901=PF-Blocked_TCP firewall # 8902=PF-Blocked_UDP firewall # 8910=PF-Blocked_ICMP firewall # 8911=PF-Blocked_TCP firewall # 8912=PF-Blocked_UDP firewall # 8913=PF-Blocked_IGMP firewall # 8914=PF-Blocked_NTPv4 firewall # 8915=PF-Blocked_DNS firewall # 8903=PF-Allowed_ICMP connection # 8904=PF-Allowed_TCP connection # 8905=PF-Allowed_UDP connection # 8906=PF-Allowed_UDP connection # 8907=PF-Allowed_TCP connection # 8908=PF-Allowed_ICMP connection # 8916=PF-Allowed_IGMP connection # 8917=PF-Allowed_NTPv4 connection # 8918=PF-Allowed_DNS connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_portsentry.prm # # 9600=Portsentry-Blocked_TCP firewall # 9601=Portsentry-Blocked_UDP firewall # 9602=Portsentry-Blocked_Connection firewall # 9603=Portsentry-Blocked_TCP scanning # 9604=Portsentry-Blocked_Connection firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_securesphere.prm # # 18084=SecureSphere-Parameter_Value_Length_Violation intrusion # 18085=SecureSphere-Cookie_Tampering intrusion # 18086=SecureSphere-Unauthorized_Method_Known_URL intrusion # 18087=SecureSphere-Signature_Violation_Blocked firewall # 18088=SecureSphere-Custom_Violation_Blocked firewall # 18089=SecureSphere-Double_URL_Encoding intrusion # 18090=SecureSphere-Custom_Violation intrusion # 18091=SecureSphere-SQL_Injection_Blocked firewall # 18092=SecureSphere-Stream_Signature_Violation intrusion # 18093=SecureSphere-Read_Only_Violation intrusion # 18094=SecureSphere-Parameter_Type_Violation intrusion # 18095=SecureSphere-Required_Parameter_Not_Found intrusion # 18096=SecureSphere-Extremely_Long_Parameter intrusion # 18097=SecureSphere-Cookie_Injection intrusion # 18098=SecureSphere-Illegal_Parameter_Encoding intrusion # 18099=SecureSphere-Null_Character_In_Method intrusion # 18100=SecureSphere-Stream_Signature_Violation intrusion # 18101=SecureSphere-Malicious_IPs_Blocked firewall # 18102=SecureSphere-Jigsaw_Classic intrusion # 18103=SecureSphere-TOR_IPs_Blocked firewall # 18104=SecureSphere-Directory_Traversal_Blocked firewall # 18105=SecureSphere-Anonymous_Proxies_Blocked firewall # 18106=SecureSphere-Recommended_Signatures_Blocked firewall # 18107=SecureSphere-Large_Select intrusion # 18108=SecureSphere-Baidu_PNG_Stop_Blocked firewall # 18109=SecureSphere-Web_Profile_Policy_Blocked firewall # 18110=SecureSphere-iOpus_Block_Blocked firewall # 18111=SecureSphere-Anti_Jobo_Blocked firewall # 18112=SecureSphere-API_Scraping intrusion # # Plugins for file /usr/thunder/daemons/plugins/firewall_sidewinder.prm # # 9800=Sidewinder-Blocked_UDP firewall # 9805=Sidewinder-Blocked_TCP firewall # 9806=Sidewinder-Blocked_ICMP firewall # 9802=Sidewinder-IKE_Initiated connection # 9803=Sidewinder-IPSec_Packet_From_Illegal_Host error # 9807=Sidewinder-Blocked_UntrustedSource firewall # 9808=Sidewinder-Blocked_Unsupported_UDP_Service firewall # 9809=Sidewinder-Blocked_Unsupported_TCP_Service firewall # 9810=Sidewinder-Blocked-Virus virus # 9811=Sidewinder-Firewall_Accessed_URL web-access # 9812=Sidewinder-Firewall_Relayed_Email connection # 9813=Sidewinder-Blocked_TCP firewall # 9814=Sidewinder-Blocked_UDP firewall # 9815=Sidewinder-Blocked_ICMP firewall # 9816=Sidewinder-Allowed_UDP connection # 9817=Sidewinder-Blocked_UDP firewall # 9818=Sidewinder-Blocked_TCP firewall # 9819=Sidewinder-Blocked_ICMP firewall # 9820=Sidewinder-Blocked_UntrustedSource firewall # 9821=Sidewinder-Blocked_Unsupported_UDP_Service firewall # 9822=Sidewinder-Blocked_Unsupported_TCP_Service firewall # 9830=Sidewinder-Blocked-Virus virus # 9831=Sidewinder-Blocked_TCP firewall # 9832=Sidewinder-Blocked_UDP firewall # 9833=Sidewinder-Blocked_ICMP firewall # 9834=Sidewinder-Allowed_TCP connection # 9835=Sidewinder-Blocked_TCP firewall # 9836=Sidewinder-Firewall_Relayed_Email connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_sonicwall.prm # # 6100=Sonicwall-Blocked_UDP firewall # 6101=Sonicwall-Blocked_TCP firewall # 6102=Sonicwall-Blocked_ICMP firewall # 6103=Sonicwall-Blocked_ICMP firewall # 6104=Sonicwall-Blocked_UDP firewall # 6105=Sonicwall-Blocked_TCP firewall # 6106=Sonicwall-Blocked_TCP firewall # 6107=Sonicwall-Allowed_UDP connection # 6108=Sonicwall-Allowed_TCP connection # 6109=Sonicwall-Allowed_Connection connection # 6110=Sonicwall-Blocked_Attack intrusion # # Plugins for file /usr/thunder/daemons/plugins/firewall_sonicwall2.prm # # 7489=Sonicwall-Allowed_GET_TCP web-access # 7491=Sonicwall-Allowed_DNS_Packet_UDP connection # 7492=Sonicwall-Blocked_TCP_Non_Connection firewall # 7493=Sonicwall-Blocked_UDP_Broadcast_Packets firewall # 7494=Sonicwall-Blocked_Abort_Received firewall # 7496=Sonicwall-Interface_Stat_Report system # 7497=Sonicwall-Other_Request connection # 7498=Sonicwall-User_Auto_Logout logout # 7499=Sonicwall-SSL_Connection_Failed error # 7500=Sonicwall-NetExtender_Disconnected application # 7501=Sonicwall-User_Logged_Out logout # 7502=Sonicwall-User_Logged_In login # 7503=Sonicwall-NetExtender login # 7504=Sonicwall-HTTPS_Connection connection # 7505=Sonicwall-User_SSO_Policy application # 7506=Sonicwall-Bookmarks application # 7507=Sonicwall-HTTP_Connection connection # 7508=Sonicwall-NetExtender_Connected application # 7509=Sonicwall-SSO_Not_Enabled_For_Bookmark application # 7510=Sonicwall-User_Login_Failed login-failure # 7511=Sonicwall-Preauthentication_Failed login-failure # 7512=Sonicwall-NetExtender_Connection_Request application # 7513=Sonicwall-SSO_Not_Enabled_For_URL application # 7514=Sonicwall-Login_Uniqueness_Enforcement login-failure # 7515=Sonicwall-Blocked_IP firewall # 7516=Sonicwall-Alert_Proxy_Access_Key_Exchange application # 7517=Sonicwall-Alert_Protocols_DNS application # 7518=Sonicwall-Alert_Protocols_SMTP application # 7519=Sonicwall-Alert_Protocols_SSL application # 7520=Sonicwall-Alert_Protocols_STUN application # 7521=Sonicwall-Alert_Protocols_CIFS application # 7522=Sonicwall-Alert_Protocols_SNMP application # 7523=Sonicwall-Alert_Protocols_HTTP application # 7524=Sonicwall-Alert_Web_Browser application # 7525=Sonicwall-Alert_Filetype_Detection application # 7526=Sonicwall-Alert_Download_Apps application # 7527=Sonicwall-Alert_Misc_Apps application # 7528=Sonicwall-Alert_Social_Networking application # 7529=Sonicwall-Alert_App_Update application # 7530=Sonicwall-Alert_Protocols_SSH application # 7531=Sonicwall-Alert_Proxy_Access application # 7532=Sonicwall-Alert_Browsing_Privacy application # 7533=Sonicwall-Alert_Backup_Apps application # 7534=Sonicwall-Alert_Infrastructure application # 7535=Sonicwall-Alert_Business_Apps application # 7536=Sonicwall-Alert_Multimedia application # 7537=Sonicwall-Alert_Webmail application # 7538=Sonicwall-Alert_Database_Apps application # 7539=Sonicwall-Alert_VoIP_Apps application # 7540=Sonicwall-Alert_Protocols_ICMP application # 7541=Sonicwall-Alert_Protocols_IMAP application # 7542=Sonicwall-Alert_Protocols_FTP application # 7543=Sonicwall-Alert_Protocols_Websocket application # 7544=Sonicwall-IPS_ICMP_Ping intrusion # 17545=Sonicwall-IPS_Info intrusion # 17546=Sonicwall-IPS_ICMP_Destination_Unreachable intrusion # 17547=Sonicwall-Category_Info_Technology_Computers application # 17548=Sonicwall-Category_Search_Engines_Portals application # 17549=Sonicwall-Category_Business_Economy application # 37550=Sonicwall-Category_Online_Brokerage_Trading application # 37551=Sonicwall-Category_Not_Rated application # 18552=Sonicwall-Category_Administrative_Custom_List application # 18553=Sonicwall-Category_Government application # 18554=Sonicwall-Category_Shopping application # 18555=Sonicwall-Category_Online_Banking application # 18556=Sonicwall-Category_Real_Estate application # 18557=Sonicwall-Category_Reference application # 18558=Sonicwall-Category_Education application # 18559=Sonicwall-Category_Advertisement application # 18560=Sonicwall-Category_Travel application # 18561=Sonicwall-Category_Political_Advocacy_Groups application # 18562=Sonicwall-Category_Multimedia application # 18563=Sonicwall-Category_News_Media application # 18564=Sonicwall-Category_Social_Networking application # 18565=Sonicwall-Category_Arts_Entertainment application # 18566=Sonicwall-Category_Job_Search application # 18567=Sonicwall-Check_System_Is_Up error # 18568=Sonicwall-Statistics_Report application # 18569=Sonicwall-Possible_SYN_Flood intrusion # 18570=Sonicwall-Blocked_IP_Spoof firewall # 18571=Sonicwall-Login_Denied login-failure # 18572=Sonicwall-Connections_High_For_User network # 18573=Sonicwall-Login_Allowed login # 18574=Sonicwall-Login_Denied login-failure # 18575=Sonicwall-LDAP_Search_For_User application # 18576=Sonicwall-User_Logoff logout # # Plugins for file /usr/thunder/daemons/plugins/firewall_stonegate.prm # # 9520=Stonegate-Connection_Discarded_TCP firewall # 9521=Stonegate-New_Connection_Allowed_TCP connection # 9522=Stonegate-Connection_Incomplete_Closed_TCP firewall # 9523=Stonegate-Connection_Discarded_UDP connection # 9524=Stonegate-Connection_Allow_ICMP connection # 9525=Stonegate-New_Connection_UDP connection # 9526=Stonegate-Connection_Closed_ICMP connection # 9527=Stonegate-Connection_Closed_TCP connection # 9528=Stonegate-New_Connection_ICMP connection # 9529=Stonegate-Connection_Closed_UDP connection # 9530=Stonegate-Connection_Discarded_ICMP connection # 9531=Stonegate-Packet_Discarded_ICMP firewall # 9532=Stonegate-Notice_TCP firewall # 9533=Stonegate-Allow_Related_Connection_TCP connection # 9534=Stonegate-Error_Undefined_TCP firewall # 9535=Stonegate-Packet_Discarded_TCP firewall # 9536=Stonegate-Connection_Incomplete_Discarded_TCP firewall # 9537=Stonegate-Connection_Discarded_Refuse_UDP firewall # 9538=Stonegate-Connection_Discarded_IGMP firewall # 9539=Stonegate-Connection_Discarded_Refuse_TCP firewall # 9540=Stonegate-Connection_Incomplete_Discarded_UDP firewall # 9541=Stonegate-Connection_Incomplete_Discarded_ICMP firewall # 9542=Stonegate-Protocol_Data_Modification_Failed_TCP firewall # 9543=Stonegate-Connection_Discarded_Refused_IGMP firewall # 9544=Stonegate-New_Connection_Allowed_IGMP connection # 9545=Stonegate-NAT_Could_Not_Be_Done_Discarded firewall # 9546=Stonegate-High_Load_Level system # 9547=Stonegate-Normal_Load_Level system # 9548=Stonegate-Diagnostic_Invalid_Packet firewall # 9549=Stonegate-Diagnostic_Packet_Discarded firewall # 19550=Stonegate-Diagnostic_Protocol_Agent firewall # 19551=Stonegate-Connection_Discarded_UDP firewall # 19552=Stonegate-IKE_Phase_1_Or_2_Deleted firewall # 19553=Stonegate-VPN_New_Connection_UDP connection # 19554=Stonegate-IKE_Phase_1_Or_2_Initiator_Done firewall # 19555=Stonegate-IKE_Phase_1_Or_2_Responder_Done firewall # 19556=Stonegate-IKE_Rejected_Message error # 19557=Stonegate-Host_Unreachable firewall # 19558=Stonegate-Port_Unreachable firewall # 19559=Stonegate-IKE_No_Proposal_Chosen error # 19560=Stonegate-VPN_New_Connection_TCP connection # 19561=Stonegate-IKE_Starting_Initiator_Negotiation firewall # 19562=Stonegate-IKE_Starting_Responder_Negotiation firewall # 19564=Stonegate-ESP_SA_Lookup_Failure error # 19565=Stonegate-Connection_Closed connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_sygate.prm # # # Plugins for file /usr/thunder/daemons/plugins/firewall_symantec.prm # # # Plugins for file /usr/thunder/daemons/plugins/firewall_ufw.prm # # 15462=UFW-Block_TCP_Inbound firewall # 15463=UFW-Block_TCP_Outbound firewall # 15464=UFW-Block_UDP_Inbound firewall # 15465=UFW-Block_UDP_Outbound firewall # 15466=UFW-Block_ICMP_Inbound firewall # 15467=UFW-Block_ICMP_Outbound firewall # 15468=UFW-Block_IGMP_Inbound firewall # 15469=UFW-Block_IGMP_Outbound firewall # 15470=UFW-Block_Unassigned_Protocol_Inbound firewall # 15471=UFW-Block_Unassigned_Protocol_Outbound firewall # 15472=UFW-Allow_TCP_Inbound connection # 15473=UFW-Allow_TCP_Outbound connection # 15474=UFW-Allow_UDP_Inbound connection # 15475=UFW-Allow_UDP_Outbound connection # 15476=UFW-Allow_ICMP_Inbound connection # 15477=UFW-Allow_ICMP_Outbound connection # 15478=UFW-Allow_IGMP_Inbound connection # 15479=UFW-Allow_IGMP_Outbound connection # 15480=UFW-Allow_Unassigned_Protocol_Inbound connection # 15481=UFW-Allow_Unassigned_Protocol_Outbound connection # # Plugins for file /usr/thunder/daemons/plugins/firewall_watchguard.prm # # 6200=WatchGuard-Blocked_UDP firewall # 6201=WatchGuard-Blocked_TCP firewall # 6202=WatchGuard-Blocked_IP firewall # 6203=WatchGuard-Blocked_Web_Proxy firewall # 6204=WatchGuard-Blocked_Mail_Proxy firewall # 6205=WatchGuard-Allow_TCP connection # 6206=WatchGuard-Allow_UDP connection # 6207=WatchGuard-High_CPU_Usage error # 6208=WatchGuard-Blocked_Web_Proxy firewall # 6209=WatchGuard-Blocked_UDP firewall # 6210=WatchGuard-Blocked_TCP firewall # 6211=WatchGuard-Allow_TCP connection # 6212=WatchGuard-Allow_UDP connection # 6213=WatchGuard-User_Authenticated login # 6214=WatchGuard-VPN_User_Logged_Out logout # 6215=WatchGuard-Authentication_Failed login-failure # 6216=WatchGuard-Configuration_Change system # 6217=WatchGuard-DHCP_Config_Offer dhcp # 6218=WatchGuard-Blocked_ICMP firewall # 6219=WatchGuard-Allow_ICMP connection # 6220=WatchGuard-Blocking_Host firewall # 6221=WatchGuard-Admin_User_Authenticated login # 6222=WatchGuard-Management_User_Login login # 6223=WatchGuard-Management_User_Logout logout # 6224=WatchGuard-Invalid_Serial error # 6225=WatchGuard-Failed_Fetch system # 6226=WatchGuard-Feature_Expiration system # 6227=WatchGuard-Interface_Error error # 6228=WatchGuard-Failed_Get_Node error # 6229=WatchGuard-Interface_Missing system # 6230=WatchGuard-Process_Error error # 6231=WatchGuard-DOS_Type_Unsupported system # 6232=WatchGuard-Modified_Policy system # 6233=WatchGuard-Modified_Alias system # 6234=WatchGuard-Modified_Ports system # 6235=WatchGuard-Remote_Connection_Error error # # Plugins for file /usr/thunder/daemons/plugins/firewall_websense.prm # # 9654=Websense-Allowed_Event web-access # 9655=Websense-Blocked_Event firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_webtrends.prm # # 7110=WebTrends-Deny_TCP_Out firewall # 7111=WebTrends-Possible_Portscan scanning # 7112=WebTrends-Malformed_IP_Packet_Dropped firewall # 7113=WebTrends-Possible_SYN_Flood_Attack dos # 7114=WebTrends-Failed_Payload_Verification error # 7115=WebTrends-NetBus_Attack_Dropped intrusion # 7116=WebTrends-SubSeven_Attack_Dropped intrusion # 7117=WebTrends-Connection_Opened connection # 7118=WebTrends-Connection_Closed connection # 7119=WebTrends-IPSec_Packet_Dropped firewall # 7120=WebTrends-UDP_Packet_Dropped firewall # 7121=WebTrends-TCP_Connection_Dropped firewall # 7122=WebTrends-ICMP_Packet_Dropped firewall # 7123=WebTrends_Denied_UDP_Packet_LAN firewall # 7124=WebTrends-Web_Access_Received web-access # 7125=WebTrends-Web_Access_Dropped web-error # 7126=WebTrends-VPN_Starting connection # 7127=WebTrends-VPN_Closing connection # 7128=WebTrends-Firewall_Starting restart # 7129=WebTrends-Firewall_Configuration_Changes firewall # 7130=WebTrends-ICMP_Packet_Allowed firewall # 7131=WebTrends-ICMP_Packet_Allowed_From_LAN firewall # 7132=WebTrends-Management_Request_Allowed firewall # 7133=WebTrends-Found_Rogue_Access_Point firewall # 7134=WebTrends-IKE_Negotiation_Complete firewall # 7135=WebTrends-Initiator_Accepted_IPSec firewall # 7136=WebTrends-Received_IPSec_Delete_Request firewall # 7137=WebTrends-IKE_Initiator_Quick_Mode firewall # 7138=WebTrends-Malformed_IP_Packet_Dropped firewall # 7139=WebTrends-ICMP_Packet_Dropped_From_LAN firewall # 7140=WebTrends-Web_Access_Denied firewall # 7141=WebTrends-WLAN_Null_Probing intrusion # 7142=WebTrends-IKE_Respond_Message firewall # 7143=WebTrends-Post firewall # 7144=WebTrends-Unknown_Protocol_Dropped firewall # 7145=WebTrends-Failed_License_Sync firewall # 7146=WebTrends-Smurf_Amp_Attack_Dropped intrusion # 7147=WebTrends-NAT_Discovery firewall # 7148=WebTrends-IKE_Lifetime_Expired firewall # # Plugins for file /usr/thunder/daemons/plugins/firewall_zonealarm.prm # # 6450=ZoneAlarm-Blocked_Outbound firewall # 6451=ZoneAlarm-Blocked_Inbound firewall # # Plugins for file /usr/thunder/daemons/plugins/ftp.prm # # 31=FTP-Login_Failed login-failure # 32=FTP-Connection connection # 33=FTP-Connection connection # 34=FTP-Anonymous_Login login # 35=FTP-Login login # 36=FTP-Login_Refused login-failure # 37=FTP-Login_Refused login-failure # 39=FTP-Login_Failed login-failure # 40=FTP-File_GET file-access # 41=FTP-File_PUT file-access # 42=FTP-Session_Closed connection # 43=FTP-User_Login login # 44=FTP-Send_Password file-access # 245=FTP-Change_Working_Directory detected-change # 246=FTP-Set_To_Passive detected-change # 247=FTP-Set_Transfer_Type detected-change # 248=FTP-Retrieve_Remote_File file-access # 249=FTP-Transfer_Ftp_Log file-access # 350=FTP-Quit_Session connection # # Plugins for file /usr/thunder/daemons/plugins/ftp_cerbeusftp.prm # # 45=Cerbeus-FTP_Anonymous_Log_in login # 46=Cerbeus-FTP_Incoming_Connection connection # 47=Cerbeus-FTP_Connection_Accepted connection # 48=Cerbeus-FTP_Logon_Failure login-failure # 49=Cerbeus-FTP_Improper_Format error # # Plugins for file /usr/thunder/daemons/plugins/ftp_filezilla.prm # # 4900=Filezilla-Login_Time_Exceeded login-failure # 4901=Filezilla-Connection connection # 4902=Filezilla-Incorrect_Password login-failure # 4903=Filezilla-Version application # 4904=Filezilla-Login login # 4905=Filezilla-Directory_Listing application # 4906=Filezilla-CWD_Successful application # 4907=Filezilla-User_Has_Retrieved_File file-access # 4908=Filezilla-CWD_Failed access-denied # 4910=Filezilla-File_Upload_Request file-access # # Plugins for file /usr/thunder/daemons/plugins/ftp_iis.prm # # 16000=FTP-Anonymous_Login_Request login # 16001=FTP-User_Login login # 16002=FTP-File_Not_Found access-denied # 16003=FTP-File_Downloaded file-access # 16004=FTP-File_Upload_Denied access-denied # 16005=FTP-File_Uploaded file-access # 16006=FTP-Bad_Password login-failure # 16007=FTP-Connection_Closed application # 16008=FTP-Directory_Removed application # 16009=FTP-Directory_Created application # 16010=FTP-Directory_Creation_Failed access-denied # 16011=FTP-Changed_Directory application # 16012=FTP-Change_Directory_Denied access-denied # 16013=FTP-Valid_User_Name connection # 16014=FTP-File_Deleted file-access # 16015=FTP-File_Renamed file-access # 16016=FTP-Possible_Warez_Activity intrusion # 16017=FTP-ControlChannelOpened connection # 16018=FTP-Anonymous_Login_Request login # 16019=FTP-Send_Password login # 16020=FTP-Entered_Passive_Mode application # 16021=FTP-Return_System_Type application # 16022=FTP-DataChannelOpened application # 16023=FTP-DataChannelClosed application # 16024=FTP-List_Remote_Files application # 16025=FTP-Set_Transfer_Type application # 16026=FTP-Store_File_On_Remote_Host application # 16027=FTP-Print_Working_Directory application # 16028=FTP-Change_Working_Directory application # 16029=FTP-Deleted_Remote_File file-access # 16030=FTP-Login_Request login # # Plugins for file /usr/thunder/daemons/plugins/ftp_ncftp.prm # # 6500=NcFTPd-Anonymous_Download file-access # 6501=NcFTPd-Anonymous_Upload file-access # 6502=NcFTPd-Anonymous_Directory application # 6503=NcFTPd-Anonymous_Delete file-access # 6504=NcFTPd-Anonymous_Login_Denied login-failure # 6505=NcFTPd-Anonymous_Port_Below_1024 firewall # 6506=NcFTPd-Buffer_Overflow intrusion # # Plugins for file /usr/thunder/daemons/plugins/ftp_proftp.prm # # 6300=ProFTP-Login_Failure login-failure # 6301=ProFTP-Login_Failure login-failure # 6302=ProFTP-Authentication_Failure login-failure # 6303=ProFTP-Startup restart # 6304=ProFTP-Successful_Login login # 6305=ProFTP-Connection connection # 6306=ProFTP-Bounce_Attack intrusion # 6307=ProFTP-Connection_Closed connection # 6309=ProFTP-CHROOT_Denied access-denied # 6310=ProFTP-Error error # 6311=ProFTP-Notice_Message error # 6312=ProFTP-Successful_Login login # 6313=ProFTP-Authenticated_Login login # # Plugins for file /usr/thunder/daemons/plugins/ftp_pureftp.prm # # 6325=PureFTP-Connection connection # 6326=PureFTP-Permission_Denied access-denied # 6327=PureFTP-Logout logout # 6328=PureFTP-Auth_Failure login-failure # 6329=PureFTP-Login login # 6330=PureFTP-Warning login-failure # 6333=PureFTP-Endpoint_Not_Connected error # # Plugins for file /usr/thunder/daemons/plugins/ftp_solaris.prm # # 4500=FTP-Solaris_Imported_File file-access # 4501=FTP-Solaris_Exported_File file-access # 4502=FTP-Solaris_Repeated_Login_Failures login-failure # # Plugins for file /usr/thunder/daemons/plugins/ftp_vsftpd.prm # # 8000=VSFTPD-Authentication_Failure login-failure # 8001=VSFTPD-Authentication_Succeeds login # 8002=VSFTPD-Authentication_Failure login-failure # 8017=VSFTPD-Login_Successful login # 8018=VSFTPD-Welcome_Message application # 8019=VSFTPD-Anonymous_Login login # 8020=VSFTPD-Command_Issued application # 8021=VSFTPD-Issued_Response application # 8022=VSFTPD-Authentication_Failure login-failure # 8023=VSFTPD-Session_Opened connection # 8024=VSFTPD-Session_Closed connection # 8025=VSFTPD-Error_Retrieving_Information error # 8026=VSFTPD-Check_Pass login-failure # 8027=VSFTPD-Authentication_Error login-failure # 8028=VSFTPD-Failed_Login login-failure # 8029=VSFTPD-Client_Connect connection # 8030=VSFTPD-Service_Refused access-denied # 8031=VSFTPD-Client_Login login # 8032=VSFTPD-Failed_Download error # 8033=VSFTPD-Successful_Download file-access # 8034=VSFTPD-Authentication_Error_Admin login-failure # # Plugins for file /usr/thunder/daemons/plugins/ftp_wuftp.prm # # 6400=FTP-Failed_Login login-failure # 6401=FTP-Anonymous_Login login # 6402=FTP-User_Login login # 6403=FTP-Login_Refused login-failure # 6404=FTP-Login_Refused login-failure # 6406=FTP_Refused_Connect firewall # 6407=FTP-Connection connection # 6408=FTP-Connect_Event connection # 6409=FTP-Directory_Create_Attempt access-denied # 6410=FTP-Segmentation_Fault error # 6411=FTP-Lost_Connection connection # 6412=FTP-Failed_To_Overwrite access-denied # 6413=FTP-Failed_To_Delete access-denied # 6414=FTP-User_Timed_Out application # 6415=FTP-Access_Denied login-failure # 6416=FTP-Multiple_Login_Failures login-failure # 6417=FTP-Refused_PORT_Command access-denied # 6418=FTP-Login login # 6419=FTP-Login_Failed login-failure # 6420=FTP-Refused_Site_Help access-denied # 6421=FTP-User_Login login # 6422=FTP-Failed_To_Download access-denied # 6424=FTP-Change_Directory application # 6425=FTP-Rename_File_Old_Name application # 6426=FTP-Rename_File_New_Name application # 6427=FTP-Retrieve_File file-access # 6428=FTP-Login_User_Name application # 6429=FTP-Login_Password_Sent application # 6430=FTP-File_Upload file-access # 6431=FTP-Passive_Mode_Enabled application # 6432=FTP-File_Transfer_Type application # 6433=FTP-Directory_List application # 6435=FTP-Delete_File file-access # 6436=FTP-Run_SITE_Command application # 6437=FTP-File_Append file-access # 6438=FTP-Obtain_File_Modification_Time application # 6439=FTP-Create_Directory application # 6440=FTP-Remove_Directory application # 6441=FTP-Obtain_File_Size application # 6442=FTP-Login_Failed login-failure # # Plugins for file /usr/thunder/daemons/plugins/ftp_xlight.prm # # 3900=FTP-Valid_Directory_Change application # 3902=FTP-Denied_Directory_Change access-denied # 3903=FTP-Login_Request connection # 3904=FTP-Login_Failure login-failure # 3905=FTP-Illegal_Command error # 3906=FTP-File_Download_Request file-access # 3907=FTP-Unknown_File_Request error # 3908=FTP-Unknown_Command error # 3909=FTP-Valid_Login login # 3910=FTP-File_Transfer_Start file-access # 3911=FTP-Directory_Listing_Start application # 3912=FTP-Transfer_Complete file-access # # Plugins for file /usr/thunder/daemons/plugins/hids_cimcor.prm # # # Plugins for file /usr/thunder/daemons/plugins/hids_csa.prm # # # Plugins for file /usr/thunder/daemons/plugins/hids_tripwire.prm # # 71=Tripwire-Connection_Error error # 72=Tripwire-Warning application # 73=Tripwire-Warning_Add_Violation application # 74=Tripwire-Warning_Remove_Violation application # 75=Tripwire-Warning_Change_Violation detected-change # 76=Tripwire-Warning_Change_Violation application # 77=Tripwire-File_Modified application # 78=Tripwire-File_Added application # 79=Tripwire-Database_Updated application # 80=Tripwire-File_Deleted application # 81=Tripwire-Addition_Detected application # 82=Tripwire-Removal_Detected application # 83=Tripwire-Mod_Detected application # 84=Tripwire-Deletion_Detected application # 85=Tripwire-Deletion_Detected application # 86=Tripwire-Creation_Detected application # 87=Tripwire-Modification_Detected application # 88=Tripwire-Set_Security_Detected application # 89=Tripwire-Rename_To_Detected application # 90=Tripwire-Create_Key_Detected application # 91=Tripwire-Error_Detected error # 92=Tripwire-Rename_From_Detected application # 93=Tripwire-Change_Report_Started application # 94=Tripwire-Change_Report_Completed application # 95=Tripwire-Archived_Change_Report application # 96=Tripwire-Modified_Change_Report application # 97=Tripwire-User_Login login # 98=Tripwire-Clear_Unlinked_Groups_Completed application # 99=Tripwire-Clear_Unlinked_Groups_Started application # 100=Tripwire-Change_Add detected-change # 101=Tripwire-Change_Remove detected-change # # Plugins for file /usr/thunder/daemons/plugins/hids_tripwire_server.prm # # # Plugins for file /usr/thunder/daemons/plugins/honeypot_forescout.prm # # 5600=Forescout-Port_Bite honeypot # 5601=Forescout-Port_Mark honeypot # 5602=Forescout-Hostname_Bite honeypot # 5603=Forescout-User_Bite honeypot # 5604=Forescout-User_Mark honeypot # 5605=Forescout-Share_Bite honeypot # 5606=Forescout-Share_Mark honeypot # 5607=Forescout-Scan_Event scanning # 5608=Forescout-Scan_Event scanning # # Plugins for file /usr/thunder/daemons/plugins/honeypot_honeyd.prm # # 6600=Honeyd-ICMP_Echo_Reply honeypot # 6601=Honeyd-TCP_Connection_Request honeypot # 6602=Honeyd-UDP_Connection_To_Closed_Port honeypot # 6603=Honeyd-TCP_Connection_Established honeypot # 6604=Honeyd-UDP_Connection_Established honeypot # 6605=Honeyd-TCP_Connection_Reset honeypot # 6606=Honeyd-TCP_Connection_Killed honeypot # # Plugins for file /usr/thunder/daemons/plugins/honeypot_labrea.prm # # 6700=LaBrea-Tarpitting honeypot # # Plugins for file /usr/thunder/daemons/plugins/honeypot_multipot.prm # # 6720=Multipot-Veritas_Worm honeypot # 6721=Multipot-Veritas_Worm honeypot # 6722=Multipot-Bagle_Worm honeypot # 6723=Multipot-My_Doom_Virus honeypot # 6724=Multipot-Optix_Virus honeypot # 6725=Multipot-Sub_7_Trojan honeypot # 6726=Multipot-Kuang_Trojan honeypot # 6727=Multipot-Lsass honeypot # 6728=Multipot-Bagle_Worm_Timeout honeypot # 6729=Multipot-Shellcode_Folder honeypot # 6731=Multipot-Veritas_Shellcode_Handled honeypot # 6732=Multipot-Bagle_Upload honeypot # 6733=Multipot-VeritasCmd honeypot # 6734=Multipot-VeritasCmd_HandlerError honeypot # 6735=Multipot-VeritasCmd_Failed honeypot # 6736=Multipot-Veritas_Downloaded_File honeypot # 6737=Multipot-Veritas_URL_Failed honeypot # 6738=Multipot-Veritas_Url_ErrMsg honeypot # # Plugins for file /usr/thunder/daemons/plugins/honeypot_nepenthes.prm # # 6613=Nepenthes-Warning_Alert honeypot # 6614=Nepenthes-Critical_Alert honeypot # 6616=Nepenthes-Warning_Alert honeypot # 6619=Nepenthes-TCP_Connection honeypot # 6620=Nepenthes-UDP_Connection honeypot # # Plugins for file /usr/thunder/daemons/plugins/honeypot_symantec_decoy.prm # # # Plugins for file /usr/thunder/daemons/plugins/hyperv.prm # # 561=Hyper-V_Virtual_Machine_Saved application # 562=Hyper-V_Shutdown_Physical_Machine application # 563=Hyper-V_Adapter_Disconnected application # 564=Hyper-V_Blocked_Connection_Virtual_Machine error # 565=Hyper-V_Deleted_Partition application # 566=Hyper-V_Failed_To_Receive_Data error # 567=Hyper-V_WMI_Provider_Shutdwon application # 568=Hyper-V_Cannot_Find_File error # 569=Hyper-V_Partial_Message error # 570=Hyper-V_Invalid_Corrupted_Data error # 571=Hyper-V_Most_Recent_Version_Message application # 572=Hyper-V_Disk_Image_Update application # 573=Hyper-V_Controller_Failed_Power_on error # 574=Hyper-V_Cannot_Create_Checkpoint error # 575=Hyper-V_Start_Failed error # 576=Hyper-V_File_Not_Found error # 577=Hyper-V_Checkpoint_Operation_Failed error # 578=Hyper-V_Adapter_Started application # 579=Hyper-V_Virtual_Machine_Loaded application # 580=Hyper-V_Adapter_Connected application # 581=Hyper-V_Created_New_Partition application # 582=Hyper-V_Disk_Info_Failed error # 583=Hyper-V_Failed_To_Get_VHD error # 584=Hyper-V_Networking_Driver_Loaded system # 585=Hyper-V_Checkpoint_Missing error # 586=Hyper-V_VHD_Tree_Generation_Failed error # 587=Hyper-V_Server_Started application # 588=Hyper-V_Server_Reset_By_Guest application # 589=Hyper-V_MAC_Address_Port_Moved system # 590=Hyper-V_Live-Migration_Completed application # # Plugins for file /usr/thunder/daemons/plugins/icap.prm # # 11801=ICAP-Scan-Timeout error # 11802=ICAP-Timed_Out_Connection error # # Plugins for file /usr/thunder/daemons/plugins/lce_tasl.prm # # 20000=PVS-New_Host_Portscanning scanning # 20002=New_SSH_User detected-change # 20003=New_MAC detected-change # 20004=Invalid_Account-Logon_Attempt login-failure # 20005=New_User detected-change # 20007=Application_Change detected-change # 20008=Database_Change detected-change # 20009=User_Change detected-change # 20010=Server_Change detected-change # 20011=Device_Change detected-change # 20012=Network_Change detected-change # 20014=LCE-Client_Logout lce # 20015=LCE-Client_Login lce # 20016=LCE-Dead_Client lce # 20017=Suspicious_Proxy network # 20018=Multiple_System_Crashes process # 20019=Password_Guessing intrusion # 20020=Successful_Password_Guess intrusion # 20021=New_Windows_Process detected-change # 20022=Network_Login_Sweep intrusion # 20023=Software_Installed detected-change # 20024=Software_Removed detected-change # 20025=User_Removed detected-change # 20026=LCE-High_Memory_Usage error # 20027=LCE-High_CPU_Usage error # 20028=LCE-High_Disk_Usage error # 20029=LCE-High_Load lce # 20030=New_Command process # 20031=Hourly_Command_Summary process # 20032=Daily_Command_Summary process # 20033=Daily_User_Summary process # 20035=Firewall_Change detected-change # 20036=Router_Change detected-change # 20037=Switch_Change detected-change # 20042=PVS-Database_SELECT_Command database # 20043=PVS-Database_CREATE_Command database # 20044=PVS-Database_INSERT_Command database # 20045=PVS-Database_DELETE_Command database # 20046=PVS-Database_UPDATE_Command database # 20047=PVS-Database_DROP_Command database # 20048=PVS-Database_GRANT_Command database # 20049=LCE-Unix_Executable_File_Modified detected-change # 20050=LCE-Unix_Configuration_File_Modified detected-change # 20051=LCE-Unix_Tenable_File_Modified detected-change # 20052=LCE-Unix_Library_File_Modified detected-change # 20053=LCE-Unix_Misc_File_Modified detected-change # 20054=LCE-Windows_Executable_File_Modified detected-change # 20055=LCE-Windows_Executable_Modified detected-change # 20056=LCE-Windows_System_File_Modified detected-change # 20057=LCE-Windows_Configuration_File_Modified detected-change # 20058=LCE-Windows_Misc_File_Modified detected-change # 20059=Suspicious_SQL_Query_Detected intrusion # 20060=Suspicious_SQL-Command_Execution intrusion # 20061=Suspicious_SQL-Benchmark_Delay intrusion # 20062=Suspicious_SQL-Meta_Characters_Seen intrusion # 20063=Suspicious_SQL-CONCAT_Command_Seen intrusion # 20064=Suspicious_SQL-Write_Output_to_File intrusion # 20065=Suspicious_SQL-User_Database_Dump intrusion # 20066=PVS-Database_GRANT_ALL_Privileges database # 20067=PVS-Database_GRANT_INSERT_Privileges database # 20068=PVS-Database_GRANT_SELECT_Privileges database # 20069=PVS-Database_GRANT_DELETE_Privileges database # 20070=PVS-Database_GRANT_DELETE_Privileges database # 20071=PVS-Database_GRANT_CREATE_Privileges database # 20072=PVS-Database_GRANT_CREATE_Privileges database # 20073=PVS-Database_User_Created database # 20074=PVS-Database_User_RENAME database # 20075=PVS-Database_Schema_Changed database # 20076=Unique_Windows_Executable process # 20077=Domain_Summary dns # 20079=Web_Servers_Scanned intrusion # 20080=Web_Server_Scan intrusion # 20081=New_Windows_Process_Seen process # 20083=Hourly_Crashed_Summary process # 20084=Hourly_Hung_Summary process # 20085=Daily_Crashed_Summary process # 20086=Daily_Hung_Summary process # 20087=Intrusion_Host_Scan intrusion # 20088=Intrusion_Network_Scan intrusion # 20089=Unique_Unix_Executable process # 20091=User_Added detected-change # 20092=PVS-Storm intrusion # 20093=PVS-Warbot_Trojan_Detected intrusion # 20094=Suspicious_SQL-Injection_Attack_Detected intrusion # 20095=PVS-Malicious_Web_Request threatlist # 20096=LCE-Windows_File_Removed detected-change # 20097=LCE-Windows_File_Readded detected-change # 20098=Potential_Worm_Outbreak intrusion # 20099=Suspicious_SSH_Proxy network # 20100=Suspicious_VNC_Proxy network # 20101=Suspicious_RDP_Proxy network # 20102=New_Wireless_MAC detected-change # 20104=Daily_EXE_Download_Summary file-access # 20105=VPN_Login_From_Unusual_Source login # 22025=Crowd_Surge network # 22026=Host_Software_List system # 22027=Host_Microsoft_Software_List system # 22028=Domain_Failure_Summary dns # 22029=Daily_Host_Alert system # 22030=Malware_Host_Summary virus # 22031=New_User_Source detected-change # 22032=User_Source_Summary detected-change # 22033=Malicious_Web_Request threatlist # 22034=Daily_Host_Login_Summary login # 22035=New_Mobile_MAC detected-change # # Plugins for file /usr/thunder/daemons/plugins/lce_tasl_continuous.prm # # 2050=Long_Term_Statistical_Anomalies continuous # 2051=Long_Term_Network_Scanning continuous # 2052=Long_Term_Intrusion_Activity continuous # 2053=Long_Term_Virus_Or_Malware_Activity continuous # 2054=Long_Term_Web_Error_Activity continuous # 2055=Long_Term_Error_Activity continuous # 2056=Long_Term_HighCPU_Activity continuous # 2057=Long_Term_DNS_Failures continuous # 2058=Long_Term_Social_Network_Activity continuous # 2059=Long_Term_DOS_Activity continuous # 2060=Long_Term_Threatlist_Activity continuous # 2061=Long_Term_Windows_App_Errors continuous # 2062=Long_Term_SSH_Client_Activity continuous # 2063=Long_Term_VNC_Client_Activity continuous # 2064=Long_Term_RDP_Client_Activity continuous # 2065=Indicator_Alert-Level_01 indicator # 2066=Indicator_Alert-Level_02 indicator # 2067=Indicator_Alert-Level_03 indicator # 2068=Indicator_Alert-Level_04 indicator # 2069=Indicator_Alert-Level_05 indicator # 2070=Indicator_Alert-Level_06 indicator # 2071=Indicator_Alert-Level_07 indicator # 2072=Indicator_Alert-Level_08 indicator # 2073=Indicator_Alert-Level_09 indicator # 2074=Indicator_Alert-Level_10 indicator # 2075=Indicator_Alert-Level_11 indicator # 2076=Indicator_Alert-Level_12 indicator # 2077=Indicator_Alert-Level_13 indicator # 2078=Indicator_Alert-Level_14 indicator # 2079=Indicator_Alert-Level_15 indicator # 2080=Indicator_Alert-Level_16 indicator # 2081=Indicator_Alert-Level_17 indicator # 2082=Indicator_Alert-Level_18 indicator # 2083=Indicator_Alert-Level_19 indicator # 2084=Indicator_Alert-Level_20 indicator # # Plugins for file /usr/thunder/daemons/plugins/lce_tasl_long_tcp.prm # # 2250=TFM-Long_TCP_Session_15_Minutes network # 2251=TFM-Long_TCP_Session_30_Minutes network # 2252=TFM-Long_TCP_Session_45_Minutes network # 2253=TFM-Long_TCP_Session_60_Minutes network # 2254=TFM-Long_TCP_Session_Many_Hours network # 2255=TFM-Long_TCP_Session_1_Day network # 2256=TFM-Long_TCP_Session_Many_Days network # 2257=TFM-TCP_Session_Whole_1-10MB network # 2258=TFM-TCP_Session_Whole_10-100MB network # 2259=TFM-TCP_Session_Whole_100-1024MB network # 2260=TFM-TCP_Session_Whole_ network # # Plugins for file /usr/thunder/daemons/plugins/lce_tasl_nbs.prm # # 2450=Never_Before_Seen-Change_Detected_Event nbs # 2451=Never_Before_Seen-Restart_Event nbs # 2452=Never_Before_Seen-Application_Event nbs # 2453=Never_Before_Seen-System_Event nbs # 2454=Never_Before_Seen-Error_Event nbs # 2455=Never_Before_Seen-Login_Event nbs # 2456=Never_Before_Seen-Login-Failure_Event nbs # 2457=Never_Before_Seen-File_Access_Event nbs # # Plugins for file /usr/thunder/daemons/plugins/lce_tasl_threatlist.prm # # 2350=Threatlist_Outbound_Connection_FTP threatlist # 2379=Threatlist_Outbound_Connection_SMTP threatlist # 2380=Threatlist_Outbound_Connection_HTTP threatlist # 2381=Threatlist_Outbound_Connection_HTTPS threatlist # 2382=Threatlist_Outbound_Connection_Low_Port threatlist # 2383=Threatlist_Outbound_Connection_High_Port threatlist # 2384=Threatlist_Outbound_Connection_IRC threatlist # 2385=Threatlist_Inbound_Connection_SSH threatlist # 2386=Threatlist_Inbound_Connection_SMTP threatlist # 2387=Threatlist_Inbound_Connection_HTTP threatlist # 2388=Threatlist_Inbound_Connection_HTTPS threatlist # 2389=Threatlist_Inbound_Connection_Low_Port threatlist # 2390=Threatlist_Inbound_Connection_High_Port threatlist # 2391=Threatlist_Inbound_Connection_IRC threatlist # 2392=Threatlist_Inbound_Web_Error threatlist # 2393=Threatlist_Inbound_Login threatlist # 2394=Threatlist_Inbound_Login_Failure threatlist # 2395=Threatlist_Outbound_FileDownload threatlist # 2396=Threatlist_Inbound_FileDownload threatlist # 2397=Threatlist_Inbound_Scanning threatlist # 2398=Threatlist_Inbound_SSL_Session threatlist # 2399=Threatlist_Inbound_VNC_Session threatlist # 21000=Threatlist_Inbound_RDP_Session threatlist # 21001=Threatlist_Inbound_SSH_Session threatlist # 21002=Threatlist_Outbound_VNC_Session threatlist # 21003=Threatlist_Outbound_RDP_Session threatlist # 21004=Threatlist_Outbound_SSH_Session threatlist # 21005=Threatlist_Outbound_Non-HTTP_Traffic threatlist # 21006=Threatlist_Inbound_Non-HTTP_Traffic threatlist # 21007=Threatlist_Inbound_Web_Access threatlist # 21008=Threatlist_Outbound_Web_Access threatlist # 21009=Threatlist_Intrusion threatlist # 21010=Threatlist_Outbound_Suspicious_Proxy_Traffic threatlist # 21011=Threatlist_Inbound_Suspicious_Proxy_Traffic threatlist # 200013=Threatlist_Outbound_Data_Leak threatlist # 200014=Threatlist_Inbound_Data_Leak threatlist # 200015=Threatlist_Outbound_Login threatlist # 200016=Threatlist_Outbound_Login_Failure threatlist # 200017=Threatlist_Outbound_Web_Error threatlist # 200018=Threatlist_Outbound_Scanning threatlist # 200019=Threatlist_Outbound_Crowd_Surge threatlist # 200020=Threatlist_Outbound_Connection_SSH threatlist # 200021=Threatlist_Outbound_Connection_ICMP threatlist # 200022=Threatlist_Inbound_Connection_ICMP threatlist # # Plugins for file /usr/thunder/daemons/plugins/likewise_security.prm # # 10310=LSASSD-Failed_Re-sync error # 10311=LSASSD-LDAP_Server_Down error # 10312=LSASSD-Retrying_LDAP_Search error # 10313=LSASSD-Clearing_Connection_List system # 10314=LSASSD-LDAP_Api_Bind_Failed error # 10315=LSASSD-GSS_Failure error # 10316=LSASSD-Authentication_Failed login-failure # 10317=LSASSD-Authentication_Failed_Admin login-failure # 10318=LSASSD-Preauthentication_Failed error # 10319=LSASSD-Input_Output_Error error # # Plugins for file /usr/thunder/daemons/plugins/mail_dovecot.prm # # 3450=Dovecot-IMAP-User_Login login # 3451=Dovecot-POP-User_Login login # # Plugins for file /usr/thunder/daemons/plugins/mail_exchange.prm # # 8084=MSExchange-Sync_Folder_Items application # 8085=MSExchange-Get_Item application # 8086=MSExchange-Create_Item application # 8087=MSExchange-Get_Events application # 8088=MSExchange-Get_User_Settings_Response application # 8089=MSExchange-Subscription_Not_Found error # 8090=MSExchange-Find_Folder application # 8091=MSExchange-Subscribe application # 8092=MSExchange-Cmd_Ping application # 8093=MSExchange-Syncing_Folder application # 8094=MSExchange-Get_Folder application # 8095=MSExchange-Cmd_Sync application # 8096=MSExchange-Update_Item application # 8097=MSExchange-Copy_Item application # 8098=MSExchange-Delete_Item application # 8099=MSExchange-Update_Folder application # 8100=MSExchange-Convert_Id application # 8101=MSExchange-Get_Mail_Tips application # 8102=MSExchange-Get_Service_Configuration application # 8103=MSExchange-Get_User_Availability application # 8104=MSExchange-Cmd_Folder_Sync application # 8105=MSExchange-Server_Characteristics application # 8106=MSExchange-Replication_Failure application # 8107=MSExchange-Identity_References_Not_Translated error # 8108=MSExchange-ADAccess_Process_Messages application # 8109=MSExchange-ADAccess_Set_Active application # 8110=MSExchange-Mid_Tier_Storage application # 8111=MSExchange-ActiveSync_Loaded_Unloaded application # 8112=MSExchange-Clearing_Organizations application # 8113=MSExchange-Setting_Not_Valid application # 8114=MSExchange-Common_Messages application # 8115=MSExchange-Configuration_Updated application # 8116=MSExchange-Configuration_Read_Updated application # 8117=MSExchange-Populated_ServiceTopology application # 8118=MSExchange-Application_Logic_Messages application # 8119=MSExchange-Control_Panel_Messages application # 81200=MSExchange-Filtering_ADConnector_Messages application # 81201=MSExchange-Assistants_Messages application # 81202=MSExchange-Authentication_Invalid_Token login-failure # 81203=MSExchange-Authentication_Failed login-failure # 81204=MSExchange-Authentication_Tasks_Complete application # 81205=MSExchange-GroupMetrics_Messages application # 81206=MSExchange-Store_Promoted_Properties application # 81207=MSExchange-Disk_Space_Below_Threshold error # 81208=MSExchange-Resource_Pressure_Increased application # 81209=MSExchange-Transport_Server_Is_Healthy application # 81210=MSExchange-Unified_Messaging application # 81211=MSExchange-Common_Messages error # 81212=MSExchange-Mailbox_Assistants_Messages application # 81213=MSExchange-Anti_Spam_Enabled application # 81214=MSExchange-Autodiscover_Service_Started application # 81216=MSExchange-Script_Must_Be_Updated application # 81218=MSExchange-Error_Reading_Configuration error # 81219=MSExchange-Active_Monitoring_Results application # 81220=MSExchange-Active_Responder_Results application # 81221=MSExchange-Active_Probe_Results application # 81222=MSExchange-Worker_process_Error error # 81223=MSExchange-Activation_Service_Failed error # 81224=MSExchange-Client_Proxy application # 81225=MSExchange-Maintenance_Results application # 81226=MSExchange-Autoconfig_Failed error # 81227=MSExchange-Managed_Availability_Messages application # 81228=MSExchange-Server_Information_Store_Error error # 81229=MSExchange-Fast_Search_Indexing_Stopped application # 81230=MSExchange-Office_Server_Search application # 81231=MSExchange-RPC_Started application # 81232=MSExchange-Address_Book_Started_Stopped application # 81233=MSExchange-HighAvailability_Messages application # 81234=MSExchange-Misc_Messages application # 81235=MSExchange-SMTP_Receive_Protocol_Default application # 81236=MSExchange-SMTP_Receive_Protocol_Default application # 81237=MSExchange-Unable_To_Process_Determine error # 81238=MSExchange-Mailbox_Database_Failure_Items application # 81239=MSExchange-Callback_Invoked_With_Request_Code application # 81240=MSExchange-ESE_Backup application # 81241=MSExchange-ESE_Messages application # 81243=MSExchange-Server_Out_of_Space error # 81244=MSExchange-Server_Unexpectedly_Dismounted error # 81245=MSExchange-Server_Mount_Error error # 81246=MSExchange-Active_Manager_Operation_Failed error # 81247=MSExchange-Worker_Process_Started_Stopped application # 81248=MSExchange-Unexpected_Database_Error error # 81249=MSExchange-Not_Enough_Disk_Space error # 81250=MSExchange-Worker_Process_Messages application # 81251=MSExchange-Active_Monitoring_Probe_Definition application # 81252=MSExchange-Active_Monitoring_Responder_Definition application # 81253=MSExchange-Active_Monitoring_Monitor_Definition application # 81254=MSExchange-Not_Enough_Disk_Space error # 81255=MSExchange-ActiveMonitoring_Event_Log_Cleared system # 81256=MSExchange-Mount_Completed_For_Database application # 81257=MSExchange-Mailbox_Database_Mounted application # 81258=MSExchange-Database_Copy_Error error # 81259=MSExchange-ActiveMonitoring_Maintenance_Definition application # 81260=MSExchange-ADTopology_Discovery_Failed error # 81261=MSExchange-Exception_During_FAST_Operation application # 81262=MSExchange-OWA application # 81263=MSExchange-ECP application # 81264=MSExchange-EWS application # 81265=MSExchange-AutoDiscover application # 81266=MSExchange-PowerShell_ClientAccess application # 81267=MSExchange-ActiveSync_Proxy application # 81268=MSExchange-OWA application # 81269=MSExchange-OAB application # 81270=MSExchange-Routing_Probe_Message_Dropped error # 81271=MSExchange-SMTP_Redirect_Failed error # 81272=MSExchange-Agent_Info application # 81273=MSExchange-Routing_Transfer application # 81274=MSExchange-OWA application # 81275=MSExchange-Test_Active_Sync application # 81276=MSExchange-GET_Active_Sync application # 81277=MSExchange-Cmd_Settings application # 81278=MSExchange-SMTP_Mailbox_Database application # 81279=MSExchange-SMTP_Receive application # 81280=MSExchange-SMTP_Send application # 81281=MSExchange-Server_Performance_Statistics application # 81282=MSExchange-Search_Indexer_Temporarily_Disabled application # 81283=MSExchange-Mailbox_Database_Stopped application # 81284=MSExchange-ESE_BACKUP application # 81285=MSExchange-Queuing_Status_At_Shutdown application # 81286=MSExchange-VSS_Writer_Terminated_Initialized application # 81287=MSExchange-ESE_Statistics application # 81288=MSExchange-Information_Store_Stopped application # 81289=MSExchange-TransportService_Stop_Start application # 81290=MSExchange-TransportService_Worker_Process_Has_Existed application # 81291=MSExchange-CmdletLogs_Message application # 81292=MSExchange-Service_Changed application # 81293=MSExchange-Could_Not_Find_Directory application # 81294=MSExchange-EdgeSync_Starting_Stopping_Stopped application # 81295=MSExchange-Anti_Spam_Update_Started_Stopped application # 81296=MSExchange-Replication_Service_Started_Stopped application # 81297=MSExchange-System_Attendant_Started_Stopped application # 81298=MSExchange-TransportService_Worker_Process_Has_Exited application # 81299=MSExchange-TransportService_Stopped application # 81300=MSExchange-Transport_Disconnecting_Counters application # 81301=MSExchange-Search_Indexer_Failed_Enable_Of_Database error # 81302=MSExchange-Activation_Took_Longer_Than_Expected application # 81303=MSExchange-Transport_Background_Scan_Complete application # 81304=MSExchange-Virus_Scanning_Enabled application # 81305=MSExchange-Digest_Sampling_On application # 81306=MSExchange-Information_Store_Started application # 81307=MSExchange-Information_Store_Start_Attempted application # 81308=MSExchange-Patch_All_ID_Counters application # 81309=MSExchange-Size_Of_Database application # 81310=MSExchange-Message_Database_Allocated application # 81311=MSExchange-Enabled_Indexing_Mailbox_Database application # 81312=MSExchange-Mailbox_Database_Started application # 81313=MSExchange-Metrics_Synchronization_Completed application # 81314=MSExchange-Address_Book_Synchronization_Completed application # 81315=MSExchange-Rule_Collection_Loaded application # 81316=MSExchange-Cleanup application # 81317=MSExchange-Log_Search_Started_Stopped application # 81318=MSExchange-Service_Host_Started_Stopped application # 81319=MSExchange-RPC_Stopped application # 81320=MSExchange-Protected_Service_Host_Started_Stopped application # 81321=MSExchange-Search_Indexer_Started_Stopped application # 81322=MSExchange-Mail_Submission_Started_Stopped application # 81323=MSExchange-Service_Changed application # 81324=MSExchange-Servicelet_Module_Loading application # 81325=MSExchange-Protected_Service_Host_Installed application # 81326=MSExchange-MSFTESQL_Started_Stopped application # 81327=MSExchange-Repl_Initialized application # 81328=MSExchange-Hub_Transport_Server_Installed application # 81329=MSExchange-System_Attendant_Initializing application # 81330=MSExchange-System_Attendant_Loading application # 81331=MSExchange-System_Attendant_Started application # 81332=MSExchange-System_Attendant_Bind_Domain_Controller application # 81333=MSExchange-System_Attendant_Registering_Principal_Name application # 81334=MSExchange-Service_Host_Mailbox_Installed application # 81335=MSExchange-Service_Host_Transport_Installed application # 81336=MSExchange-OAB_Recovery_Scan_Begun_Completed application # 81337=MSExchange-OAB_Servicelet_Started application # 81338=MSExchange-Client_Installed application # 81339=MSExchange-Server_Responsible_OAB_Scan application # 81340=MSExchange-OAB_No_Offline_Books application # 81341=MSExchange-OALGEN_Failed application # 81342=MSExchange-SACL_Servicelet_Error error # 81343=MSExchange-Authentication_Failed login-failure # 81344=MSExchange-Proxy_Error error # 81345=MSExchange-Logon_Denied login-failure # 81346=MSExchange-Control_Panel_Request_Timeout error # 81347=MSExchange-Mail_Submission_Failed error # 81348=MSExchange-Transient_Failure error # 81349=MSExchange-Service_Control_Error error # 81350=MSExchange-Agent_Exceeded_Usual_TIme application # 81351=MSExchange-Exceeded_Mailbox_Retrieval_Time application # 81352=MSExchange-Background_Thread_Halted error # 81353=MSExchange-Locator_Service_Started application # 81354=MSExchange-Replication_Service_Starting application # 81355=MSExchange-Email_Filter_Updated application # 81356=MSExchange-Unbound_NIC_Message application # 81357=MSExchange-VBuster_Not_Supported application # 81358=MSExchange-ADTopology_Active_Directory_List application # 81359=MSExchange-Login_Failed_With_LoginDenied login-failure # 81360=MSExchange-Long_Heartbeat_Intervals application # 81361=MSExchange-Server_Has_Data_Protection application # 81362=MSExchange-EdgeSync_Replication_Credential_Missing application # 81363=MSExchange-OAuth_Unable_To_Find_Certificate application # 81364=MSExchange-Deployment_Auth_Certificate_Not_found application # 81365=MSExchange-Statistics application # 81366=MSExchange-Deployment_Auth_Certificate_Required application # 81367=MSExchange-Connection_To_Mailbox_Server_Failed error # 81368=MSExchange-Mailbox_Approaching_Storage_Limit application # 81369=MSExchange-Full_Mailbox_Database_Reload application # 81370=MSExchange-HubMailbox_HAREDIRECT application # 81371=MSExchange-Agent_Receive application # 81372=MSExchange-Routing_Resolve application # 81373=MSExchange-Routing_Expand application # 81374=MSExchange-Routing_Transfer application # 81375=MSExchange-SMTP_Send_Protocol_Email_Relay application # 81376=MSExchange-SMTP_Send_Protocol_Email_Relay application # 81377=MSExchange-Administrative_Group_Message application # 81380=MSExchange-EWS application # 81381=MSExchange-Update_Item application # 81382=MSExchange-Get_Events application # 81383=MSExchange-Sync_Folder_Items application # 81384=MSExchange-Create_Item application # 81385=MSExchange-Get_Item application # 81386=MSExchange-Move_Item application # 81387=MSExchange-Get_Item application # 81388=MSExchange-Update_Item application # 81389=MSExchange-Find_Item application # 81390=MSExchange-Get_User application # 81391=MSExchange-Get_Folder application # 81392=MSExchange-Sync_Folder_Hierarchy application # 81393=MSExchange-Find_Folder application # 81394=MSExchange-Get_Service_Configuration application # 81395=MSExchange-Get_Mail_Tips application # 81396=MSExchange-Sync_Folder_Items application # 81397=MSExchange-Get_Room_Lists application # 81398=MSExchange-Get_Folder application # 81399=MSExchange-Resolve_Names application # 81400=MSExchange-Find_Folder application # 81401=MSExchange-Sync_Folder_Items application # 81402=MSExchange-Apply_Conversation_Action application # 81403=MSExchange-Sync_Folder_Hiearchy application # # Plugins for file /usr/thunder/daemons/plugins/mail_exim.prm # # 7900=Exim-Bad_Recipient_Address error # 7901=Exim-Bad_Sender_Address access-denied # 7902=Exim-Possible_Open_Relay spam # 7903=Exim-Relay_Not_Permitted access-denied # 7904=Exim-Sender_Blacklisted spam # 7906=Exim-Potentially_Executable_Attachment virus # 7905=Exim-Failed_Authentication login-failure # 7907=Exim-Empty_SMTP_Message error # 7908=Exim-SMTP_Message connection # 7909=Exim-Too_Many_Connections access-denied # # Plugins for file /usr/thunder/daemons/plugins/mail_imaps.prm # # 5450=IMAP-User_Login login # 5451=IMAP-User_Opened_Folder application # 5452=IMAP-User_Has_Deleted_Mail application # 5453=IMAP-User_Login login # 5454=IMAP-User_Login_Failed login-failure # 5455=IMAP-User_Login_Failed login-failure # # Plugins for file /usr/thunder/daemons/plugins/mail_ironport.prm # # 14389=IronPort-Invalid_DNS_Response error # 14390=IronPort-Antivirus_Clean virus # 14391=IronPort-Scanning_Corrupt_File error # 14392=IronPort-Antispam_Messages application # 14393=IronPort-Senderbase_Not_Reached error # 14394=IronPort-Invalid_IP_Address error # 14395=IronPort-Failed_Sending_Message error # # Plugins for file /usr/thunder/daemons/plugins/mail_postfix.prm # # 9900=Postfix-SMTP_Connection connection # 9901=Postfix-SMTP_Disconnection connection # 9903=Postfix-User_Authentication_Failure login-failure # 9904=Postfix-Illegal_Address_Syntax error # 9905=Postfix-Illegal_Relay_Attempt access-denied # 9906=Postfix-Spam_Mail_Rejected spam # 9902=Postfix-Email_Rejected access-denied # 9908=Postfix-Unknown_Recipient error # 9907=Postfix-SPF_Mail_Rejected spam # 9910=Postfix-Client_Blacklisted spam # 9911=Postfix-Client_DNS_Unresolvable error # 9912=Postfix-SMTP_Discard_Bounce_Suppressed error # 9913=Postfix-SMTP_TLS_Connection_From_Unknown_DNS connection # 9914=Postfix-SMTP_TLS_Established_From_Unknown_DNS connection # 9915=Postfix-SMTP_Hostname_Verification_Failed error # 9916=Postfix-Cleanup_Message application # 9917=Postfix-Removed_Message application # 9918=Postfix-Message_In_Active_Queue application # 9919=Postfix-SMTP_Message_Relayed application # 9920=Postfix-Delivered_Via_Spamcyr_Service application # 9921=Postfix-Verification_Failed error # 9922=Postfix-Bounced_Email error # 9923=Postfix-TLS_Connection connection # 9924=Postfix-SASL_Login_Failure login-failure # 9925=Postfix-SMTP_Spam_Message_Dropped spam # 9926=Postfix-Message_Sent application # 9927=Postfix-SMTP_Message_Sent application # 9928=Postfix-SASL_Login login # 9929=Postfix-Message_Pickup application # 9930=Postfix-Message_Queued_For_Days application # 9931=Postfix-No_Space_Left_On_Device error # # Plugins for file /usr/thunder/daemons/plugins/mail_qpopper.prm # # 3800=QPopper-Connection connection # 3801=QPopper-Admin_Login_Failure login-failure # 3802=QPopper-Login_Failure login-failure # 3803=QPopper-Login login # # Plugins for file /usr/thunder/daemons/plugins/mail_sendmail.prm # # 6000=Sendmail-Message_Accepted application # 6001=Sendmail-Relay_Accepted application # 6004=Sendmail-Mail_To_Unknown_User error # 6007=Sendmail-Mail_To_Unknown_User error # 6016=Sendmail-Possible_Spam_Attempt spam # 6002=Sendmail-Probe_550_Access_Denied login-failure # 6003=Sendmail-Possible_Attack intrusion # 6005=Sendmail-Invalid_Sender error # 6006=Sendmail-Possible_Attack intrusion # 6008=Sendmail-MIME_Overflow_Attack intrusion # 6009=Sendmail-Mail_To_Program_Attack intrusion # 6010=Sendmail-SMTP_Settings_Probe application # 6011=Sendmail-Expand_User_Attempt application # 6012=Sendmail-Expand_User_Attack intrusion # 6013=Sendmail-Verify_User_Attempt application # 6015=Sendmail-QF_File_Attack intrusion # 6017=Sendmail-QF_File_Attack intrusion # 6020=Sendmail-Long_DNS_Name intrusion # 6021=Sendmail-Newline_In_String intrusion # 6022=Sendmail-Blacklist_Relay spam # 6023=Sendmail-Milter_Reject_Spam spam # 6024=Sendmail-Mail_Relayed_Successful application # 6025=Sendmail-Unresolved_Domain error # 6026=Sendmail-Bad_Connection_Termination connection # 6027=Sendmail-SYSERR_Read_Timeout error # 6028=Sendmail-Spam_Email spam # 6029=Sendmail-Relay_Attempt_Without_Auth access-denied # 6030=Sendmail-Spam_Email spam # 6031=Sendmail-Low_Drive_Space error # 6032=Sendmail-Get_Host_Failed error # 6033=Sendmail-Forwarding_Error error # 6034=Sendmail-Host_Name_Unknown error # 6035=Sendmail-Using_Short_Name application # 6036=Sendmail-Starting restart # 6037=Sendmail-Possibly_Forged spam # 6038=Sendmail-Mail_Sent_To_Relay application # 6039=Sendmail-Message_Accepted application # 6040=Sendmail-Message_Connection_Refused application # 6041=Sendmail-Message_Authentication_Warning application # # Plugins for file /usr/thunder/daemons/plugins/mail_snare.prm # # 4538=Exchange-Email_Connection_Hello application # 4539=Exchange-Email_Received application # 4541=Exchange-Email_Connection_Receipt application # 4543=Exchange-RCPT_Outbound_Connection_Command application # 4544=Exchange-DATA_Outbound_Connection_Command application # 4545=Exchange-Outbound_Connection_Response application # 4546=Exchange-QUIT_Outbound_Connection_Command application # 4547=Exchange-EHLO_Outbound_Connection_Command application # 4548=Exchange-MAIL_Outbound_Connection_Command application # 4549=Exchange-RSET_Outbound_Connection_Command application # 4550=Exchange-HELO_Alert application # 4551=Exchange-X-Exps application # 4552=Exchange-X-Link2state application # 4553=Exchange-Email_Delivered application # 4554=Exchange-User_Does_Not_Exist error # 4555=Exchange-User_Does_Not_Have_SID error # 4556=Exchange-Unauthorized_Source_Address access-denied # 4557=Exchange-POP3_User_Download_Error error # 4558=Exchange-POP3_Connection connection # 4559=Exchange-POP3_Disconnect connection # 4560=Exchange-POP3_Unsecure_Connection_Rejected access-denied # # Plugins for file /usr/thunder/daemons/plugins/mail_wuimap.prm # # 1700=IMAP-User_Overflow intrusion # 1701=IMAP-TCP_Wrappers_Blocked login-failure # 1702=IMAP-Login_Failed login-failure # 1703=IMAP-Login_Failed login-failure # 1704=IMAP-Banner_Grab scanning # 1705=IMAP-Long_Client_Name intrusion # 1706=IMAP-Long_Line intrusion # 1707=IMAP-Crash process # 1708=IMAP-Login login # 1709=IMAP-Logout logout # # Plugins for file /usr/thunder/daemons/plugins/malware_ahnlab_mds.prm # # 13760=AhnLab-MDS-VM_Inspection_Malicious_Code_Detection virus # 13761=AhnLab-MDS-VM_Inspection_Normal_Code_Detection virus # 13762=AhnLab-MDS-Administrator_Login login # 13763=AhnLab-MDS-Blocked_IPS_Detection intrusion # 13764=AhnLab-MDS-Allowed_IPS_Detection intrusion # 13765=AhnLab-MDS-AntiMalsite_Detection virus # 13766=AhnLab-MDS-Redirection_Installation application # # Plugins for file /usr/thunder/daemons/plugins/malware_fireeye.prm # # 5658=FireEye-Binary_Analysis_Alert virus # 5659=FireEye-Domain_Match_Alert virus # 5660=FireEye-Infection_Match_Alert virus # 5661=FireEye-Malware_Callback_Alert virus # 5662=FireEye-Web_Infection_Alert virus # 5663=FireEye-Domain_Match_Alert virus # 5664=FireEye-Malware_Callback virus # 5665=FireEye-Malware_Object virus # 5666=FireEye-Web_Infection_Alert virus # 5667=FireEye-Domain_Match_Alert virus # 5668=FireEye-Infection_Match_Alert virus # 5669=FireEye-Web_Infection_Alert virus # 5670=FireEye-Malware_Object virus # # Plugins for file /usr/thunder/daemons/plugins/malware_microsoft_endpoint_protection.prm # # 14101=Microsoft-MalwareProtection_Scan_Started application # 14102=Microsoft-MalwareProtection_Scan_Completed application # 14103=Microsoft-MalwareProtection_Scan_Cancelled application # 14104=Microsoft-MalwareProtection_Scan_Failed error # 14105=Microsoft-MalwareProtection_Scan_Malware_Detected virus # 14106=Microsoft-MalwareProtection_Scan_Malware_Action_Taken virus # 14107=Microsoft-MalwareProtection_Malware_Action_Failed error # 14108=Microsoft-MalwareProtection_Quarantine_Restore application # 14109=Microsoft-MalwareProtection_Quarantine_Restore_Failed error # 14110=Microsoft-MalwareProtection_Quarantine_Delete application # 14111=Microsoft-MalwareProtection_Quarantine_Delete_Failed application # 14112=Microsoft-MalwareProtection_History_Delete application # 14113=Microsoft-MalwareProtection_History_Delete_Failed error # 14114=Microsoft-MalwareProtection_Behavior_Detected virus # 13927=Microsoft-MalwareProtection-Malware_Detection virus # 13928=Microsoft-MalwareProtection-Malware_Action_Not_Applicable virus # 13929=Microsoft-MalwareProtection-Malware_Remove virus # 13930=Microsoft-MalwareProtection-Malware_Quarantine virus # 13931=Microsoft-MalwareProtection-Malware_Clean virus # 13932=Microsoft-MalwareProtection-Malware_Allow virus # 14115=Microsoft-MalwareProtection_Action_Non-Critical_Failed error # 14116=Microsoft-MalwareProtection_Action_Critical_Failed virus # 14117=Microsoft-MalwareProtection_Healthy_State application # 14118=Microsoft-MalwareProtection_Signature_Updated application # 14119=Microsoft-MalwareProtection_Signature_Update_Failed error # 14120=Microsoft-MalwareProtection_Engine_Updated application # 14121=Microsoft-MalwareProtection_Engine_Update_Failed error # 14122=Microsoft-MalwareProtection_Signature_Reversion error # 14123=Microsoft-MalwareProtection_Signature_Reversion error # 14124=Microsoft-MalwareProtection_Signature_Reversion error # 14125=Microsoft-MalwareProtection_Signature_Reversion application # 14126=Microsoft-MalwareProtection_RTP_Started application # 14127=Microsoft-MalwareProtection_RTP_Stopped application # 14128=Microsoft-MalwareProtection_RTP_Agent_Failure error # 14129=Microsoft-MalwareProtection_RTP_Checkpoint_Failure error # 14130=Microsoft-MalwareProtection_RTP_Malware_Detected virus # 14131=Microsoft-MalwareProtection_RTP_Malware_Action_Taken virus # 14132=Microsoft-MalwareProtection_RTP_Malware_Action_Failed error # 14133=Microsoft-MalwareProtection_RTP_Feature_Recovered restart # 14134=Microsoft-MalwareProtection_RTP_Startup_Failed error # 14135=Microsoft-MalwareProtection_RTP_Enabled application # 14136=Microsoft-MalwareProtection_RTP_Disabled application # 14137=Microsoft-MalwareProtection_OnAccess_Enabled application # 14138=Microsoft-MalwareProtection_OnAccess_Disabled application # 14139=Microsoft-MalwareProtection_RTP_Configured detected-change # 14140=Microsoft-MalwareProtection_RTP_Checkpoint_Configured detected-change # 14141=Microsoft-MalwareProtection_OnAccess_Filter_Unloaded application # 14142=Microsoft-MalwareProtection_Config_Changed detected-change # 14143=Microsoft-MalwareProtection_Engine_Failure error # 14144=Microsoft-MalwareProtection_Antispyware_Enabled application # 14145=Microsoft-MalwareProtection_Antispyware_Disabled application # 14146=Microsoft-MalwareProtection_Antivirus_Enabled application # 14147=Microsoft-MalwareProtection_Antivirus_Disabled application # 14148=Microsoft-MalwareProtection_OS_Support_Expired error # # Plugins for file /usr/thunder/daemons/plugins/misc_airmagnet.prm # # 2150=AirMagnet-High_Noise_Channel error # 2151=AirMagnet-RF_Jamming_Attack dos # 2152=AirMagnet-Overloaded_APs intrusion # 2153=AirMagnet-DOS_Flood dos # 2154=AirMagnet-AdHoc_Mode_Detected system # 2155=AirMagnet-Bandwidth_Exceeded error # 2156=AirMagnet-Open_WLAN vulnerability # # Plugins for file /usr/thunder/daemons/plugins/misc_arpwatch.prm # # 3350=ArpWatch-New_Activity detected-change # 3351=ArpWatch-New_Station detected-change # 3352=ArpWatch-Flip_Flop detected-change # 3353=ArpWatch-Changed_Ethernet_Address detected-change # 3354=ArpWatch-Reused_Old_Ethernet_Address application # 3355=ArpWatch-Ethernet_Mismatch error # 3356=ArpWatch-Bogon network # 3357=ArpWatch-Ethernet_Broadcast network # # Plugins for file /usr/thunder/daemons/plugins/misc_cisco.prm # # 15570=Cisco-Cluster_Manager_Unrecognized_Host application # 15571=Cisco-Log_Partition_Disk_Space_Exceeded application # 15572=Cisco-Log_Partition_Alert_Water_Mark_Exceeded application # 15573=Cisco-AMC_Alert_Low_Available_Virtual_Memory application # 15574=Cisco-DirSync_Process_Started application # 15575=Cisco-DirSync_Process_Completed application # 15576=Cisco-DirSync_Scheduled_Task_Over application # 15577=Cisco-AMC_Call_Processing_Node_Cpu_Pegging application # 15578=Cisco-Certificate_Not_Backed_Up application # 15579=Cisco-AMC_Alert_Email_Notify_Failure error # 15580=Cisco-AMC_Alert_License_Violation error # 15581=Cisco-IMS_Credential_Read_Success application # 15582=Cisco-IMS_User_Successfully_Authenticated login # 15583=Cisco-CTIManager_Failed_To_Start error # 15584=Cisco-IMS_Authentication_Failed login-failure # 15585=Cisco-Unity_Alert error # 15586=Cisco-Unity_Recording_Stopped_Timeout error # 15587=Cisco-Unity_Invalid_Password_In_Mailbox login-failure # 15588=Cisco-Unity_Failed_To_Set_Message_Waiting error # # Plugins for file /usr/thunder/daemons/plugins/misc_stratus_sam.prm # # 13710=Stratus-SAM-Low_Disk_Space error # # Plugins for file /usr/thunder/daemons/plugins/mobileiron.prm # # 14526=MobileIron_ActiveSync_Error error # 14527=MobileIron_ActiveSync_Timed_Out error # 14528=MobileIron_ActiveSync_Service_Unavailable error # 14529=MobileIron_Login login # 14530=MobileIron_ActiveSync_Move_Status error # # Plugins for file /usr/thunder/daemons/plugins/modsecurity.prm # # 9226=ModSecurity_Protocol_Violation web-error # 9227=ModSecurity_Notice application # 9228=ModSecurity_Invalid_URI web-error # # Plugins for file /usr/thunder/daemons/plugins/nac_cisco.prm # # 4600=Cisco-NAC_Admin_Logout logout # 4603=Cisco-NAC_Admin_Login login # 4604=Cisco-NAC_Device_Added_To_List system # 4605=Cisco-NAC_Device_Removed_From_Mac_List system # 4606=Cisco-NAC_Device_Added_To_Mac_List system # 4607=Cisco-NAC_Antivirus_Updated system # 4609=Cisco-NAC_Admin_Auto_Logout logout # 4610=Cisco-NAC_Admin_Forced_Logout access-denied # 4611=Cisco-NAC_Out_Of_Band_User_Login login # 4612=Cisco-NAC_Failed_Login login-failure # 4613=Cisco-NAC_Logout_Sucessful logout # 4614=Cisco-NAC_Login_Temporary login # 4615=Cisco-NAC_Forced_Logout access-denied # 4616=Cisco-NAC_User_Session_Timeout logout # 4617=Cisco-NAC_Invalid_Login login-failure # 4618=Cisco-NAC_SW_Mgt_Failed_Login login-failure # 4619=Cisco-NAC_SW_Mgt_Multiple_MAC_Addresses system # 4620=Cisco-NAC_SW_Mgt_Trap_Not_In_Database error # 4621=Cisco-NAC_SW_Mgt_Kicked_User access-denied # 4622=Cisco-NAC_CleanAccess_Rules_Update_Failed error # # Plugins for file /usr/thunder/daemons/plugins/nagios.prm # # 10860=Nagios_Service_Flapping_Alert application # 10861=Nagios_Service_Notification application # 10862=Nagios_Service_Alert application # 10863=Nagios_Auto_Save application # # Plugins for file /usr/thunder/daemons/plugins/nbad_arbor.prm # # 200=Arbor-TCP_Protocol_Anomaly intrusion # 201=Arbor-UDP_Protocol_Anomaly intrusion # 202=Arbor-Protocol_Anomaly intrusion # 203=Arbor-Router_Anomaly intrusion # 204=Arbor-Flow_Anomaly intrusion # # Plugins for file /usr/thunder/daemons/plugins/nbad_stealthwatch.prm # # 6815=StealthWatch-Spam spam # 6816=StealthWatch-Out_Of_Profile intrusion # 6817=StealthWatch-High_Concern_Index intrusion # 6818=StealthWatch-Suspect_UDP_Activity intrusion # 6819=StealthWatch-New_Flows detected-change # 6820=StealthWatch-High_File_Sharing_Index intrusion # 6821=StealthWatch-Mail_Rejects_Index spam # 6822=StealthWatch-Suspect_Long_Flow intrusion # 6823=StealthWatch-NAT_IP error # 6824=StealthWatch-High_Total_Traffic intrusion # 6825=StealthWatch-High_Target_Index intrusion # 6826=StealthWatch-SYNs_Received dos # 6828=StealthWatch-High_Volume_Email spam # 6829=StealthWatch-Port_Flood dos # 6831=StealthWatch-Multiple_Operating_Systems vulnerability # 6832=StealthWatch-Unknown_Operating_System vulnerability # 6833=StealthWatch-System_High_Traffic_In intrusion # 14200=StealthWatch-Spam spam # 14201=StealthWatch-Out_Of_Profile intrusion # 14202=StealthWatch-High_Concern_Index intrusion # 14203=StealthWatch-Suspect_UDP_Activity intrusion # 14204=StealthWatch-New_Flows detected-change # 14205=StealthWatch-High_File_Sharing_Index intrusion # 14206=StealthWatch-Mail_Rejects_Index spam # 14207=StealthWatch-Suspect_Long_Flow intrusion # 14208=StealthWatch-NAT_IP error # 14209=StealthWatch-High_Total_Traffic intrusion # 14210=StealthWatch-High_Target_Index intrusion # 14211=StealthWatch-SYNs_Received dos # 14212=StealthWatch-High_Volume_Email spam # 14213=StealthWatch-Port_Flood dos # 14214=StealthWatch-Multiple_Operating_Systems vulnerability # 14215=StealthWatch-Unknown_Operating_System vulnerability # 14216=StealthWatch-System_High_Traffic_In intrusion # 14217=StealthWatch-Bad_Host intrusion # 14218=StealthWatch-SYN_Flood dos # 14219=StealthWatch-ICMP_Flood dos # # Plugins for file /usr/thunder/daemons/plugins/netapp_filer.prm # # 10780=NetApp-Filer_CIFS_Audit system # 10781=NetApp-Filer_Kernal_Uptime_Stats system # 10782=NetApp-Filer_EMS_Input_Suppress error # 10783=NetApp-Filer_SSH_Version_Exchange_Failed login-failure # 10784=NetApp-Filer_Raid_Aggrgate_Log system # 10785=NetApp-Filer_Link_Up system # 10786=NetApp-Filer_Command_Line_Input system # 10787=NetApp-Filer_Interface_Down system # 10788=NetApp-Filer_Link_Configured_Down system # 10789=NetApp-Filer_Interface_Up system # 10790=NetApp-Filer_QP_Connected system # 10791=NetApp-Filer_Event_Suppressed system # 10792=NetApp-Filer_Kstat_Connected system # 10793=NetApp-Filer_Event_Error error # 10794=NetApp-Filer_Failover_Monitor system # 10795=NetApp-Filer_Possible_Truncation error # 10796=NetApp-Filer_QP_Disconnected system # 10797=NetApp-Filer_Heartbeat system # 10798=NetApp-Filer_Ndmpd_Access_Denied access-denied # 10799=NetApp-Filer_Ndmpd_Access_Denied access-denied # 10800=NetApp-Filer_FindFirst_Not_Supported system # 10801=NetApp-Filer_Sysconf_Commands system # 10802=NetApp-Filer_Java_Thread system # 10803=NetApp-Filer_Failed_Login login-failure # 10804=NetApp-Filer_Failed_Login login-failure # 10805=NetApp-Filer_CIFS_GPO_System system # 10806=NetApp-Replication_Error error # 10807=NetApp-Replication_Error error # 10808=NetApp-Fpolicy_Messages application # 10809=NetApp-Fpolicy_Feature_Enabled application # # Plugins for file /usr/thunder/daemons/plugins/nids_bro.prm # # 5300=Bro-FTP_Event intrusion # 5302=Bro-SMTP_Event intrusion # 5303=Bro-RPC_Event intrusion # 5304=Bro-SSH_Event intrusion # 5305=Bro-HTTP_Event intrusion # 5306=Bro-Sensitive_Connection intrusion # 5307=Bro-HTTP_Event intrusion # 5308=Bro-WeirdActivity intrusion # 5309=Bro-PortScan scanning # # Plugins for file /usr/thunder/daemons/plugins/nids_cisco.prm # # 2700=Cisco-IDS_Event intrusion # 2701=Cisco-IDS_Event intrusion # 2702=Cisco-IDS_Event intrusion # 2703=Cisco-IDS_Buffer_Overflow intrusion # 2704=Cisco-IDS_Command_Execution intrusion # 2705=Cisco-IDS_Directory_Traversal intrusion # 2706=Cisco-IDS_Network_Sweep scanning # 2707=Cisco-IDS_Virus virus # 2708=Cisco-IDS_Worm virus # 2709=Cisco-IDS_Event intrusion # 2710=Cisco-IDS_Buffer_Overflow intrusion # 2711=Cisco-IDS_Command_Execution intrusion # 2712=Cisco-IDS_Directory_Traversal intrusion # 2713=Cisco-IDS_Port_Sweep scanning # 2714=Cisco-IDS_HTTP intrusion # 2715=Cisco-IDS_Event intrusion # 2716=Cisco-IDS_Buffer_Overflow intrusion # 2717=Cisco-IDS_Command_Execution intrusion # 2718=Cisco-IDS_Directory_Traversal intrusion # 2719=Cisco-IDS_Network_Sweep scanning # 2720=Cisco-IDS_Authorization_Failure login-failure # 2721=Cisco-IDS_ARP_Attack intrusion # 2722=Cisco-IDS_Known_String intrusion # 2723=Cisco-IDS_Backdoor intrusion # 2724=Cisco-IDS_Policy_Violation intrusion # 2725=Cisco-IDS_Peer_To_Peer intrusion # 2726=Cisco-IDS_Spyware_Activity intrusion # 2727=Cisco-IDS_External_Scan scanning # 2728=Cisco-IDS_Custom intrusion # 2729=Cisco-IDS_Outbreak_Prevention_Signature intrusion # 2730=Cisco-IDS_Net_Flood intrusion # 2731=Cisco-IDS_Credential_Reflection_Vulnerability intrusion # 2732=Cisco-IDS_Worm_Activity_Brute_Force intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_cisco_ips.prm # # 17504=CiscoIPS-Severity1_Event error # 17505=CiscoIPS-Severity2_Event error # 17506=CiscoIPS-Severity3_Event error # 17507=CiscoIPS-Severity4_Event error # 17508=CiscoIPS-Severity5_Event error # 17509=CiscoIPS-Severity6_Event error # 17510=CiscoIPS-Severity7_Event error # 17511=CiscoIPS-Severity8_Event error # 17512=CiscoIPS-Severity9_Event error # 17513=CiscoIPS-Severity10_Range_Event error # 17514=CiscoIPS-Severity20_Range_Event error # 17515=CiscoIPS-Severity30_Range_Event error # 17516=CiscoIPS-Severity40_Range_Event error # 17517=CiscoIPS-Severity50_Range_Event error # 17518=CiscoIPS-Severity60_Range_Event error # 17519=CiscoIPS-Severity70_Range_Event error # 17520=CiscoIPS-Severity80_Range_Event error # 17521=CiscoIPS-Severity90_Range_Event error # 17522=CiscoIPS-Severity100_Event error # 17523=CiscoIPS-Signature_File_Protocol_Error error # 17524=CiscoIPS-Signature_File_Update_Failed error # # Plugins for file /usr/thunder/daemons/plugins/nids_damballa.prm # # 14450=Damballa-DNS_Lookup dns # 14451=Damballa-TCP_Connection connection # 14452=Damballa-UDP_Connection connection # 14453=Damballa-File_Download file-access # 14454=Damballa-File_Download_Status_Change file-access # 14455=Damballa-File_Execution file-access # 14456=Damballa-File_Execution_Status_Change file-access # 14457=Damballa-P2P_Session connection # 14458=Damballa-Http_Request web-access # 14459=Damballa-Proxy_Http_Request web-access # 14460=Damballa-Asset_Suspected intrusion # 14461=Damballa-Asset_Infected intrusion # 14462=Damballa-Asset_Remediated application # 14463=Damballa-Asset_Expired application # 14464=Damballa-Sensor_Down system # 14465=Damballa-NIC_Down system # # Plugins for file /usr/thunder/daemons/plugins/nids_dragon.prm # # 5000=Dragon-FTP_Event intrusion # 5002=Dragon-DNS_Event intrusion # 5003=Dragon-SSH_Event intrusion # 5004=Dragon-WEB_Event intrusion # 5005=Dragon-ICMP_Event intrusion # 5006=Dragon-Compromise_Event intrusion # 5007=Dragon-RPC_Event intrusion # 5008=Dragon-Buffer_Overflow_Event intrusion # 5009=Dragon-Port_Scan scanning # 5010=Dragon-Port_Sweep scanning # 5011=Dragon-Telnet_Event intrusion # 5012=Dragon-Potential_Shell_Bound intrusion # 5013=Dragon-IRC_Join connection # 5014=Dragon-IRC_Bot_Download intrusion # 5015=Dragon-IRC_Bot_Login intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_fortigate_ips.prm # # 10715=Fortigate-IPS_NAC_Quaratine intrusion # 10731=Fortigate-IPS_Attack intrusion # 10732=Fortigate-IPS_Blocked_Infected_File virus # 10733=Fortigate-IPS_Webfilter_Blocked virus # 10734=Fortigate-IPS_NAC_Quaratine intrusion # 10735=Fortigate-IPS_Attack_Passthrough intrusion # 10736=Fortigate-IPS_Blocked_Infected_File virus # 10737=Fortigate-IPS_Webfilter_Blocked virus # 10738=Fortigate-IPS_Attack_Blocked intrusion # 10739=Fortigate-IPS_Webfilter_Passthrough web-access # 10741=Fortigate-IPS_Attack intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_fourscout_counteract.prm # # 18000=ForeScout-CounterAct_Compliant application # 18001=ForeScout-CounterAct_Non_Compliant application # 18002=ForeScout-CounterAct_Vulnerablilities vulnerability # 18003=ForeScout-CounterAct_Scan_Event_Short application # 18004=ForeScout-CounterAct_Scan_Event_Long application # 18005=ForeScout-CounterAct_Block_Non_Corporate_Windows application # 18006=ForeScout-CounterAct_Symantec_Not_Running login-failure # 18007=ForeScout-CounterAct_Critical_Patches_Missing application # 18008=ForeScout-CounterAct_Status_Message application # 18009=ForeScout-CounterAct_Host_Evaluation_Changed application # 18010=ForeScout-CounterAct_Host_Identity_Ignored application # 18051=ForeScout-CounterAct_Ignore_Registry_Requests application # 18052=ForeScout-CounterAct_Command_Executed application # 18053=ForeScout-CounterAct_Host_Removed application # 18054=ForeScout-CounterAct_User_logged_Off logout # 18055=ForeScout-CounterAct_Evaluated_New_Host system # 18056=ForeScout-CounterAct_Host_Cleared system # 18057=ForeScout-CounterAct_Collecting_Fields system # 18058=ForeScout-CounterAct_Sending_Email system # 18059=ForeScout-CounterAct_Email_Sent system # # Plugins for file /usr/thunder/daemons/plugins/nids_intruguard.prm # # 7607=Intruguard-TCP_Invalid_Flag intrusion # 7608=Intruguard-TCP_Foreign_Packet intrusion # 7609=Intruguard-Blocked_Source firewall # 7610=Intruguard-Most_Active_Source dos # 7611=Intruguard-Most_Active_SYN_Source dos # 7612=Intruguard-Most_Active_Destination dos # 7613=Intruguard-L4_Anomalies intrusion # 7614=Intruguard-Blocked_ICMP firewall # 7615=Intruguard-TCP_SM_State_Transition_Anomaly intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_intrushield.prm # # 5200=IntruShield-Protocol_Violation intrusion # 5201=IntruShield-Protocol_Violation intrusion # 5202=IntruShield-Protocol_Violation intrusion # 5203=IntruShield-Probe scanning # 5204=IntruShield-Probe scanning # 5205=IntruShield-Probe scanning # 5206=IntruShield-DOS dos # 5207=IntruShield-DOS dos # 5208=IntruShield-DOS dos # 5209=IntruShield-DDOS_Agent intrusion # 5210=IntruShield-DDOS_Agent intrusion # 5211=IntruShield-DDOS_Agent intrusion # 5212=IntruShield-Backdoor intrusion # 5213=IntruShield-Backdoor intrusion # 5214=IntruShield-Backdoor intrusion # 5215=IntruShield-Worm virus # 5216=IntruShield-Worm virus # 5217=IntruShield-Worm virus # 5218=IntruShield-Virus virus # 5219=IntruShield-Virus virus # 5220=IntruShield-Virus virus # 5221=IntruShield-Read_Exposure intrusion # 5222=IntruShield-Read_Exposure intrusion # 5223=IntruShield-DOS dos # 5224=IntruShield-Write_Exposure intrusion # 5225=IntruShield-Write_Exposure intrusion # 5227=IntruShield-Buffer_Overflow intrusion # 5228=IntruShield-Buffer_Overflow intrusion # 5230=IntruShield-Shellcode_Execution intrusion # 5231=IntruShield-Shellcode_Execution intrusion # 5233=IntruShield-Remote_Access intrusion # 5234=IntruShield-Remote_Access intrusion # 5235=IntruShield-Remote_Access intrusion # 5236=IntruShield-Privileged_Access intrusion # 5237=IntruShield-Privileged_Access intrusion # 5239=IntruShield-Evasion_Attempt intrusion # 5240=IntruShield-Evasion_Attempt intrusion # 5241=IntruShield-Evasion_Attempt intrusion # 5242=IntruShield-Command_Execution intrusion # 5243=IntruShield-Command_Execution intrusion # 5244=IntruShield-Command_Execution intrusion # 5245=IntruShield-Code_Execution intrusion # 5246=IntruShield-Code_Execution intrusion # 5248=IntruShield-Host_Sweep scanning # 5249=IntruShield-Host_Sweep scanning # 5251=IntruShield-Port_Scan scanning # 5252=IntruShield-Port_Scan scanning # 5254=IntruShield-Brute_Force login-failure # 5255=IntruShield-Brute_Force login-failure # 5256=IntruShield-Brute_Force login-failure # 5257=IntruShield-Fingerprinting scanning # 5258=IntruShield-Fingerprinting scanning # 5260=IntruShield-Service_Sweep scanning # 5261=IntruShield-Service_Sweep scanning # 5262=IntruShield-Audit connection # 5263=IntruShield-Audit connection # 5264=IntruShield-Restricted_Access intrusion # 5265=IntruShield-Restricted_Access intrusion # 5266=IntruShield-Restricted_Access intrusion # 5267=IntruShield-Unauthorized_IP intrusion # 5270=IntruShield-Sensitive_Content data-leak # 5271=IntruShield-Sensitive_Content data-leak # 5273=IntruShield-Covert_Channel intrusion # 5274=IntruShield-Covert_Channel intrusion # 5275=IntruShield-Covert_Channel intrusion # 5276=IntruShield-Command_Shell intrusion # 5277=IntruShield-Command_Shell intrusion # 5279=IntruShield-Statistical_Deviation intrusion # 5280=IntruShield-Statistical_Deviation intrusion # 5281=IntruShield-Statistical_Deviation intrusion # 5282=IntruShield-Over_Threshold intrusion # 5283=IntruShield-Over_Threshold intrusion # 5284=IntruShield-Over_Threshold intrusion # 5286=IntruShield-Audit connection # 5288=Intrushield-Backdoor intrusion # 5289=Intrushield-Buffer_Overflow intrusion # 5290=Intrushield-Buffer_Overflow intrusion # 5291=Intrushield-Buffer_Overflow intrusion # 5292=Intrushield-Directory_Traversal_Attempt intrusion # 5293=Intrushield-Remote_Code_Execution intrusion # 5294=Intrushield-Code_Red intrusion # 5295=Intrushield-IIS_Index_Server_Overflow intrusion # 5296=Intrushield-IIS_Index_Server_idq_read_file intrusion # 5297=Intrushield-Mambo_Site_Server_PHPSESSID_Exploit intrusion # 5298=Intrushield-Microsoft_ASN_Memory_Corruption intrusion # 5299=Intrushield-Phf_Execute_Arbitary_Commands intrusion # 5311=Intrushield-Trillian_Overflow intrusion # 5312=Intrushield-Botnet_IRC_Scan_Activity intrusion # 5313=IntruShield-Port_Scan_Botnet_Worm_Activity intrusion # 5314=IntruShield-Privileged_Access intrusion # 5315=IntruShield-DDoS_Activity dos # 5316=Intrushield-DNS_Overflow intrusion # 5317=Intrushield-Directory_Traversal_Attempt intrusion # 5318=Intrushield-NMAP_Probe scanning # 5320=Intrushield-Password_Brute_Force login-failure # 5321=Intrushield-Scanning scanning # 5323=Intrushield-SMTP_Relay_Attempt spam # 5325=Intrushield-TCP_Ack_Scan scanning # 5326=Intrushield-Invalid_Telnet_Flow intrusion # 5327=Intrushield-Password_Brute_Force login-failure # 5328=Intrushield-Password_Guessing login-failure # 5329=Intrushield-Password_Brute_Force login-failure # 5330=Intrushield-WinNT_DOS dos # 5331=Intrushield-Virus_Attachment virus # 5332=Intrushield-Fingerprinting scanning # 5333=IntruShield-Port_Scan scanning # 5334=IntruShield-Port_Scan scanning # 5335=Intrushield-Botnet_IRC_Scan_Activity scanning # 5336=IntruShield-Port_Scan_Botnet_Worm_Activity scanning # 5337=IntruShield-mIRC_Overflow intrusion # 5338=Intrushield-Unwanted_Software vulnerability # 5339=IntruShield-Illegal_FIN intrusion # 5340=IntruShield-IRC_Activity network # 5341=IntruShield-Restricted_Application vulnerability # 5344=IntruShield-Code_Execution intrusion # 5346=IntruShield-Buffer_Overflow intrusion # 5347=IntruShield-Read_Exposure intrusion # 5348=IntruShield-Audit connection # 5349=IntruShield-Arbitrary_Cmd_Execution intrusion # 5350=IntruShield-Write_Exposure intrusion # 5351=Intrushield-Backdoor intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_iss.prm # # 2600=ISS-Buffer_Overflow intrusion # 2602=ISS-Backdoor_Request intrusion # 2603=ISS-Backdoor_Response intrusion # 2604=ISS-Rootkit intrusion # 2605=ISS-Worm_Activity virus # 2606=ISS-Web_Probe intrusion # 2607=ISS-FTP_Probe intrusion # 2608=ISS-SMTP_Probe intrusion # 2609=ISS-Denial_Of_Service dos # 2610=ISS-Network_Probe scanning # 2611=ISS-Buffer_Overflow intrusion # 2612=ISS-Windows_Shell intrusion # 2613=ISS-Network_Sweep scanning # 2614=ISS-Network_Scan scanning # # Plugins for file /usr/thunder/daemons/plugins/nids_juniper_srx.prm # # 2750=NetscreenIDP-Trojan_Activity virus # 2751=NetscreenIDP-DNS_Abuse intrusion # 2752=NetscreenIDP-SNMP_Abuse intrusion # 2753=NetscreenIDP-HTTP_Abuse intrusion # 2754=NetscreenIDP-IP_Protocol_Abuse intrusion # 2755=NetscreenIDP-ICMP_Protocol_Abuse intrusion # 2756=NetscreenIDP-Port_Scanning scanning # 2757=NetscreenIDP-NETBIOS_Probing intrusion # 2758=NetscreenIDP-SMB_Probing intrusion # 2759=NetscreenIDP-Printer_Attacks intrusion # 2760=NetscreenIDP-P2P_Activity intrusion # 2761=NetscreenIDP-TCP_Activity intrusion # 2762=NetscreenIDP-SMTP_Activity intrusion # 2763=NetscreenIDP-SNMPTrap_Activity intrusion # 2764=NetscreenIDP-Spyware_Activity virus # 2765=NetscreenIDP-MS_RPC_Activity intrusion # 2766=NetscreenIDP-P2P_Activity intrusion # 2767=NetscreenIDP-RTSP_Activity intrusion # 2768=NetscreenIDP-SSH_Activity intrusion # 2769=NetscreenIDP-SSL_Activity intrusion # 2770=NetscreenIDP-Suspicious_Application intrusion # 2771=NetscreenIDP-LDAP_Activity intrusion # 2772=NetscreenIDP-DHCP_Activity intrusion # 2773=NetscreenIDP-NTP_Activity intrusion # 2774=NetscreenIDP-DOS_Activity dos # 2775=NetscreenIDP-FTP_Activity intrusion # 2776=NetscreenIDP-Worm_Activity virus # 2777=NetscreenIDP-Database_Activity intrusion # 2778=NetscreenIDP-POP_Activity intrusion # 2779=NetscreenIDP-IMAP_Activity intrusion # 2780=NetscreenIDP-DDOS_Activity dos # 2781=NetscreenIDP-NFS_Activity intrusion # 2782=NetscreenIDP-Off-Port_Activity intrusion # 2783=NetscreenIDP-SCADA_Activity intrusion # 2784=NetscreenIDP-TELNET_Activity intrusion # 2785=NetscreenIDP-TFTP_Activity intrusion # 2786=NetscreenIDP-VNC_Activity intrusion # 2787=NetscreenIDP-Virus_Activity virus # 2788=NetscreenIDP-VOIP_Activity intrusion # # Plugins for file /usr/thunder/daemons/plugins/nids_netscreen_idp.prm # # 6850=NetScreenIDP-Attack_Critical_TCP intrusion # 6851=NetScreenIDP-Attack_Critical_UDP intrusion # 6852=NetScreenIDP-Attack_Critical_ICMP intrusion # 6853=NetScreenIDP-Attack_High_TCP intrusion # 6854=NetScreenIDP-Attack_High_UDP intrusion # 6855=NetScreenIDP-Attack_High_ICMP intrusion # 6856=NetScreenIDP-Attack_Medium_TCP intrusion # 6857=NetScreenIDP-Attack_Medium_UDP intrusion # 6858=NetScreenIDP-Attack_Medium_ICMP intrusion # 6859=NetScreenIDP-Attack_Low_TCP intrusion # 6860=NetScreenIDP-Attack_Low_UDP intrusion # 6861=NetScreenIDP-Attack_Low_ICMP intrusion # 6862=NetScreenIDP-Attack_Info_TCP intrusion # 6863=NetScreenIDP-Attack_Info_UDP intrusion # 6864=NetScreenIDP-Attack-Info_ICMP intrusion # 6865=NetScreenIDP-Bad_Traffic_Critical intrusion # 6866=NetScreenIDP-Bad_Traffic_High intrusion # 6867=NetScreenIDP-Bad_Traffic_Medium intrusion # 6868=NetScreenIDP-Bad_Traffic_Low intrusion # 6869=NetScreenIDP-Bad_Traffic_Info intrusion # 6870=NetScreenIDP-Backdoor_ICMP intrusion # 6871=NetScreenIDP-Backdoor_UDP intrusion # 6872=NetScreenIDP-Backdoor_TCP intrusion # 6873=NetScreenIDP-Port_Scan_TCP scanning # 6874=NetScreenIDP-Port_Scan_UDP scanning # # Plugins for file /usr/thunder/daemons/plugins/nids_netscreen_idp4.prm # # 5900=NetscreenIDP-Trojan_Activity intrusion # 5901=NetscreenIDP-DNS_Abuse intrusion # 5902=NetscreenIDP-SNMP_Abuse intrusion # 5903=NetscreenIDP-HTTP_Abuse intrusion # 5904=NetscreenIDP-IP_Protocol_Abuse intrusion # 5905=NetscreenIDP-ICMP_Protocol_Abuse intrusion # 5906=NetscreenIDP-Port_Scanning scanning # 5907=NetscreenIDP-NETBIOS_Probing scanning # 5908=NetscreenIDP-SMB_Probing scanning # 5909=NetscreenIDP-Printer_Attacks intrusion # 5910=NetscreenIDP-P2P_Activity intrusion # 5911=NetscreenIDP-TCP_Activity intrusion # 5912=NetscreenIDP-SMTP_Activity intrusion # 5914=NetscreenIDP-SNMPTrap_Activity intrusion # 5915=NetscreenIDP-Spyware_Activity virus # 5916=NetscreenIDP-MS_RPC_Activity intrusion # 5917=NetscreenIDP-P2P_Activity intrusion # 5918=NetscreenIDP-RTSP_Activity intrusion # 5919=NetscreenIDP-SSH_Activity intrusion # 5920=NetscreenIDP-SSL_Activity intrusion # 5921=NetscreenIDP-Suspicious_Application intrusion # 5922=NetscreenIDP-LDAP_Activity intrusion # 5923=NetscreenIDP-DHCP_Activity intrusion # 5924=NetscreenIDP-NTP_Activity intrusion # 5926=NetscreenIDP-DOS_Activity dos # 5927=NetscreenIDP-FTP_Activity intrusion # 5928=NetscreenIDP-Worm_Activity virus # 5929=NetscreenIDP-Database_Activity intrusion # 5930=NetscreenIDP-POP_Activity intrusion # 5931=NetscreenIDP-IMAP_Activity intrusion # 5932=NetscreenIDP-DDOS_Activity dos # # Plugins for file /usr/thunder/daemons/plugins/nids_netscreen_idp_2.prm # # 13200=NetscreenIDP_Dropped_UDP_Traffic firewall # 13201=NetscreenIDP_Accepted_Traffic_dmz_UDP network # 13202=NetscreenIDP_Dropped_TCP_Traffic firewall # 13203=NetscreenIDP_Accepted_TCP_Traffic network # 13204=NetscreenIDP_Accepted_ICMP_Traffic network # 13205=NetscreenIDP_Dropped_ICMP_Traffic firewall # 13206=NetscreenIDP_Accepted_DNS intrusion # 13207=NetscreenIDP_Accepted_SNMP intrusion # 13208=NetscreenIDP_Accepted_HTTP intrusion # 13209=NetscreenIDP_Accepted_IP intrusion # 13210=NetscreenIDP_Accepted_ICMP intrusion # 13211=NetscreenIDP_Accepted_SCAN scanning # 13212=NetscreenIDP_Accepted_NETBIOS_TCP intrusion # 13213=NetscreenIDP_Accepted_SMB intrusion # 13214=NetscreenIDP_Accepted_LPR intrusion # 13215=NetscreenIDP_Accepted_CHAT intrusion # 13216=NetscreenIDP_Accepted_TCP intrusion # 13217=NetscreenIDP_Accepted_SMTP intrusion # 13218=NetscreenIDP_Accepted_NETBIOS_UDP intrusion # 13219=NetscreenIDP_Accepted_SNMPTRAP intrusion # 13220=NetscreenIDP_Accepted_SPYWARE virus # 13221=NetscreenIDP_Accepted_MS-RCP intrusion # 13222=NetscreenIDP_Accepted_P2P intrusion # 13223=NetscreenIDP_Accepted_DNS intrusion # 13224=NetscreenIDP_Accepted_RTSP intrusion # 13225=NetscreenIDP_Accepted_SSH intrusion # 13226=NetscreenIDP_Accepted_SSL network # 13227=NetscreenIDP_Accepted_APP intrusion # 13228=NetscreenIDP_Accepted_LDAP intrusion # 13229=NetscreenIDP_Accepted_DHCP intrusion # 13230=NetscreenIDP_Accepted_NTP intrusion # 13231=NetscreenIDP_DOS dos # 13232=NetscreenIDP_Accepted_Trojan virus # # Plugins for file /usr/thunder/daemons/plugins/nids_nevo.prm # # # Plugins for file /usr/thunder/daemons/plugins/nids_psad.prm # # 454=PSAD-Scan_Detected scanning # 455=PSAD-Scan_Detected scanning # 456=PSAD-Scan_Detected scanning # 457=PSAD-Block_Added firewall # 458=PSAD-Block_Removed firewall # 460=PSAD-Scan_Detected scanning # 461=PSAD-Scan_Detected scanning # 462=PSAD-Scan_Detected scanning # # Plugins for file /usr/thunder/daemons/plugins/nids_snort.prm # # 5100=Snort-UDP_Portsweep scanning # 5101=Snort-TCP_Portsweep scanning # 5102=Snort-TCP_Portscan scanning # 5103=Snort-UDP_Portscan scanning # 5104=Snort-Distributed_Portscan scanning # 5105=Snort-ICMP_Sweep scanning # 5106=Snort-Decoy_Portscan scanning # 5107=Snort-Portscan scanning # 5108=Snort-Portscan scanning # 5109=Snort-HTTP_Inspect intrusion # 5110=Snort-Access_To_A_Potentially_Vulnerable_Web_Application intrusion # 5111=Snort-Access_To_A_Potentially_Vulnerable_Web_Application intrusion # 5112=Snort-A_Client_Was_Using_An_Unusual_Port intrusion # 5113=Snort-A_Client_Was_Using_An-Unusual_Port intrusion # 5114=Snort-An_Attempted_Login_Using_A_Suspicious_Username_Was_Detected login-failure # 5115=Snort-An_Attempted_Login_Using_A_Suspicious_Username_Was_Detected login-failure # 5116=Snort-A_Network_Trojan_Was_Detected virus # 5117=Snort-A_Network_Trojan_Was_Detected virus # 5118=Snort-A_Suspicious_Filename_Was_Detected intrusion # 5119=Snort-A_Suspicious_Filename_Was_Detected intrusion # 5120=Snort-A_Suspicious_String_Was_Detected intrusion # 5121=Snort-A_Suspicious_String_Was_Detected intrusion # 5122=Snort-A_System_Call_Was_Detected intrusion # 5123=Snort-A_System_Call_Was_Detected intrusion # 5124=Snort-A_TCP_Connection_Was_Detected network # 5125=Snort-A_TCP_Connection_Was_Detected network # 5126=Snort-Attempted_Administrator_Privilege_Gain intrusion # 5127=Snort-Attempted_Denial_Of_Servica dos # 5128=Snort-Attempted_Information_Leak intrusion # 5129=Snort-Attempted_User_Privilege_Gain intrusion # 5130=Snort-Attempt_To_Login_By_A_Default_Username_And_Password login-failure # 5131=Snort-Attempt_To_Login_By_A_Default_Username_And_Password login-failure # 5132=Snort-Decode_Of_An_RPC_Query intrusion # 5133=Snort-Denial_Of_Service dos # 5134=Snort-Detection_Of_A_Denial_Of_Service_Attack dos # 5135=Snort-Detection_Of_A_Network_Scan scanning # 5136=Snort-Detection_Of_A_NonStandard_Protocol_Or_Event intrusion # 5137=Snort-Detection_Of_A_NonStandard_Protocol_Or_Event intrusion # 5138=Snort-Executable_Code_Was_Detected intrusion # 5139=Snort-Executable_Code_Was_Detected intrusion # 5140=Snort-Generic_ICMP_Event network # 5141=Snort-Generic_Protocol_Command_Decode network # 5142=Snort-Inappropriate_Content_Was_Detected compliance # 5143=Snort-Information_Leak intrusion # 5144=Snort-Large_Scale_Information_Leak intrusion # 5145=Snort-Misc_Activity intrusion # 5146=Snort-Misc_Attack intrusion # 5147=Snort-Not_Suspicious_Traffic intrusion # 5148=Snort-Potential_Corporate_Privacy_Violation network # 5149=Snort-Potentially_Bad_Traffic intrusion # 5150=Snort-Adult_Content_Detection compliance # 5151=Snort-Successful_Administrator_Privilege_Gain intrusion # 5152=Snort-Successful_User_Privilege_Gain intrusion # 5153=Snort-Unknown_Traffic intrusion # 5154=Snort-Unsuccessful_User_Privilege_Gain intrusion # 5155=Snort-Web_Application_Attack intrusion # 5156=Snort-FTP_Attack intrusion # 5157=Snort-Misc_Activity intrusion # 5158=Snort-Rule_Not_Initialized_Properly error # 5159=Snort-Sensitive_Data data-leak # 5160=Snort-Phishing_Attempt intrusion # 5161=Snort-External_DNS_Lookups intrusion # 5162=Snort-Possible_Call_Setup intrusion # 5163=Snort-Executable_Code_Detected intrusion # 5164=Snort-Potential_Corporate_Privacy_Violation network # 5165=Snort-ICMP_Network_Scan scanning # 5166=Snort-Attempted_Information_Leak intrusion # 5167=Snort-Port_Scan scanning # 5168=Snort-Potentially_Bad_Traffic intrusion # 5169=Snort-Attempted_Information_Leak intrusion # 5170=Snort-Port_Scan scanning # 5171=Snort-Port_Sweep scanning # 5172=Snort-SDF_Combo_Alert data-leak # 5173=Snort-Port_Sweep scanning # 5174=Snort-Generic_Protocol_Command_Decode network # 5175=Snort-Started restart # 5176=Snort-Blacklisted_Potentially_Bad_Traffic intrusion # 5177=Snort-TCP_Filtered_Portscan scanning # 5178=Snort-Exceeded_Max_Bytes application # 5179=Snort-Sessions_Pruned_From_Cache application # # Plugins for file /usr/thunder/daemons/plugins/nids_snort_emergingthreats.prm # # # Plugins for file /usr/thunder/daemons/plugins/nids_sophos.prm # # 11303=Sophos-Access_To_A_Potentially_Vulnerable_Web_Application intrusion # 11304=Sophos-Access_To_A_Potentially_Vulnerable_Web_Application intrusion # 11305=Sophos-A_Client_Was_Using_An_Unusual_Port intrusion # 11306=Sophos-A_Client_Was_Using_An-Unusual_Port intrusion # 11307=Sophos-An_Attempted_Login_Using_A_Suspicious_Username_Was_Detected login-failure # 11308=Sophos-An_Attempted_Login_Using_A_Suspicious_Username_Was_Detected login-failure # 11309=Sophos-A_Network_Trojan_Was_Detected virus # 11310=Sophos-A_Network_Trojan_Was_Detected virus # 11311=Sophos-A_Suspicious_Filename_Was_Detected intrusion # 11312=Sophos-A_Suspicious_Filename_Was_Detected intrusion # 11313=Sophos-A_Suspicious_String_Was_Detected intrusion # 11314=Sophos-A_Suspicious_String_Was_Detected intrusion # 11315=Sophos-A_System_Call_Was_Detected intrusion # 11316=Sophos-A_System_Call_Was_Detected intrusion # 11317=Sophos-A_TCP_Connection_Was_Detected network # 11318=Sophos-A_TCP_Connection_Was_Detected network # 11319=Sophos-Attempted_Administrator_Privilege_Gain intrusion # 11320=Sophos-Attempted_Denial_Of_Servica dos # 11321=Sophos-Attempted_Information_Leak intrusion # 11322=Sophos-Attempted_User_Privilege_Gain intrusion # 11323=Sophos-Attempt_To_Login_By_A_Default_Username_And_Password login-failure # 11324=Sophos-Attempt_To_Login_By_A_Default_Username_And_Password login-failure # 11325=Sophos-Decode_Of_An_RPC_Query intrusion # 11326=Sophos-Denial_Of_Service dos # 11327=Sophos-Detection_Of_A_Denial_Of_Service_Attack dos # 11328=Sophos-Detection_Of_A_Network_Scan scanning # 11329=Sophos-Detection_Of_A_NonStandard_Protocol_Or_Event intrusion # 11330=Sophos-Detection_Of_A_NonStandard_Protocol_Or_Event intrusion # 11331=Sophos-Executable_Code_Was_Detected intrusion # 11332=Sophos-Executable_Code_Was_Detected intrusion # 11333=Sophos-Generic_ICMP_Event network # 11334=Sophos-Generic_Protocol_Command_Decode network # 11335=Sophos-Inappropriate_Content_Was_Detected compliance # 11336=Sophos-Information_Leak intrusion # 11337=Sophos-Large_Scale_Information_Leak intrusion # 11338=Sophos-Misc_Activity intrusion # 11339=Sophos-Misc_Attack intrusion # 11340=Sophos-Not_Suspicious_Traffic intrusion # 11341=Sophos-Potential_Corporate_Privacy_Violation network # 11342=Sophos-Potentially_Bad_Traffic intrusion # 11343=Sophos-Adult_Content_Detection compliance # 11344=Sophos-Successful_Administrator_Privilege_Gain intrusion # 11345=Sophos-Successful_User_Privilege_Gain intrusion # 11346=Sophos-Unknown_Traffic intrusion # 11347=Sophos-Unsuccessful_User_Privilege_Gain intrusion # 11348=Sophos-Web_Application_Attack intrusion # 11350=Sophos-Misc_Activity intrusion # 11352=Sophos-Sensitive_Data data-leak # 11353=Sophos-Phishing_Attempt intrusion # 11354=Sophos-External_DNS_Lookups intrusion # 11355=Sophos-Possible_Call_Setup intrusion # 11356=Sophos-Executable_Code_Detected intrusion # 11357=Sophos-Potential_Corporate_Privacy_Violation network # 11358=Sophos-ICMP_Network_Scan scanning # 11359=Sophos-Attempted_Information_Leak intrusion # 11360=Sophos-Port_Scan scanning # 11361=Sophos-Potentially_Bad_Traffic intrusion # 11362=Sophos-Attempted_Information_Leak intrusion # 11363=Sophos-Port_Scan scanning # 11364=Sophos-Port_Sweep scanning # 11365=Sophos-SDF_Combo_Alert data-leak # 11366=Sophos-Port_Sweep scanning # # Plugins for file /usr/thunder/daemons/plugins/nids_sourcefire.prm # # # Plugins for file /usr/thunder/daemons/plugins/nids_sourcefire_RNA.prm # # 10150=RNA-UDP_Service_Confidence_Update vulnerability # 10151=RNA-TCP_Service_Confidence_Update vulnerability # 10152=RNA-New_TCP_Service detected-change # 10153=RNA-UDP_Service_Information detected-change # 10154=RNA-New_UDP_Service detected-change # 10155=RNA-New_Host detected-change # 10156=RNA-New_Transport_Protocol detected-change # 10157=RNA-TCP_Port_Closed detected-change # 10158=RNA-OS_Information vulnerability # 10159=RNA-Hops_Change detected-change # 10160=RNA-New_Network_Protocol detected-change # 10161=RNA-OS_Confidence_Update vulnerability # 10162=RNA-TCP_Service_Info vulnerability # 10163=RNA-UDP_Port_Timeout detected-change # 10164=RNA-New_Client_Application detected-change # 10165=RNA-Client_Application_Update detected-change # 10166=RNA-VLAN_Tag_Information_Update detected-change # 10167=RNA-NETBIOS_Name_Change detected-change # 10168=RNA-Host_Timeout detected-change # 10169=RNA-New_OS detected-change # 10170=RNA-Cleint_Application_Timeout detected-change # 10171=RNA-TCP_Port_Timeout detected-change # 10172=RNA-Identity_Timeout detected-change # # Plugins for file /usr/thunder/daemons/plugins/nids_sourcefire_SFIMS.prm # # # Plugins for file /usr/thunder/daemons/plugins/nids_stealthwatch.prm # # # Plugins for file /usr/thunder/daemons/plugins/nids_suricata.prm # # 2650=Suricata-HTTP_Request_Logged web-access # 2651=Suricata-TCP_Stream_Tracking network # # Plugins for file /usr/thunder/daemons/plugins/nids_tipping_point.prm # # 5750=TippingPoint-Alert_TCP_Low intrusion # 5751=TippingPoint-Alert_UDP_Low intrusion # 5752=TippingPoint-Alert_ICMP_Low intrusion # 5753=TippingPoint-Alert_Minor intrusion # 5754=TippingPoint-Alert_TCP_Minor intrusion # 5755=TippingPoint-Alert_UDP_Minor intrusion # 5756=TippingPoint-Alert_ICMP_Minor intrusion # 5757=TippingPoint-Alert_Major intrusion # 5758=TippingPoint-Alert_TCP_Major intrusion # 5759=TippingPoint-Alert_UDP_Major intrusion # 5760=TippingPoint-Alert_ICMP_Major intrusion # 5762=TippingPoint-Alert_TCP_Critical intrusion # 5763=TippingPoint-Alert_UDP_Critical intrusion # 5764=TippingPoint-Alert_ICMP_Critical intrusion # 5765=TippingPoint-Alert_Critical intrusion # 5766=TippingPoint-Block_TCP_Low firewall # 5767=TippingPoint-Block_UDP_Low firewall # 5768=TippingPoint-Block_ICMP_Low firewall # 5769=TippingPoint-Block_Minor firewall # 5770=TippingPoint-Block_TCP_Minor firewall # 5771=TippingPoint-Block_UDP_Minor firewall # 5772=TippingPoint-Block_ICMP_Minor firewall # 5773=TippingPoint-Block_Major firewall # 5774=TippingPoint-Block_TCP_Major firewall # 5775=TippingPoint-Block_UDP_Major firewall # 5776=TippingPoint-Block_ICMP_Major firewall # 5778=TippingPoint-Block_TCP_Critical firewall # 5779=TippingPoint-Block_UDP_Critical firewall # 5780=TippingPoint-Block_ICMP_Critical firewall # 5781=TippingPoint-Block_Critical firewall # 5782=TippingPoint-Misuse_TCP_Low intrusion # 5783=TippingPoint-Misuse_UDP_Low intrusion # 5784=TippingPoint-Misuse_ICMP_Low intrusion # 5785=TippingPoint-Misuse_Minor intrusion # 5786=TippingPoint-Misuse_TCP_Minor intrusion # 5787=TippingPoint-Misuse_UDP_Minor intrusion # 5788=TippingPoint-Misuse_ICMP_Minor intrusion # 5789=TippingPoint-Misuse_Major intrusion # 5790=TippingPoint-Misuse_TCP_Major intrusion # 5791=TippingPoint-Misuse_UDP_Major intrusion # 5792=TippingPoint-Misuse_ICMP_Major intrusion # 5794=TippingPoint-Misuse_TCP_Critical intrusion # 5795=TippingPoint-Misuse_UDP_Critical intrusion # 5796=TippingPoint-Misuse_ICMP_Critical intrusion # 5797=TippingPoint-Misuse_Critical intrusion # 5800=TippingPoint-Critical_ICMP intrusion # 5801=TippingPoint-Critical_UDP intrusion # 5802=TippingPoint-Critical_TCP intrusion # 5803=TippingPoint-Critical intrusion # 5804=TippingPoint-Major_ICMP intrusion # 5805=TippingPoint-Major_UDP intrusion # 5806=TippingPoint-Major_TCP intrusion # 5807=TippingPoint-Major intrusion # 5808=TippingPoint-Minor_ICMP intrusion # 5809=TippingPoint-Minor_UDP intrusion # 5810=TippingPoint-Minor_TCP intrusion # 5811=TippingPoint-Minor intrusion # 5812=TippingPoint-Low intrusion # 5813=TippingPoint-Info intrusion # 5814=TippingPoint-Block_Critical intrusion # 5815=TippingPoint-Block_Major intrusion # 5816=TippingPoint-Block_Minor intrusion # 5817=TippingPoint-Block_Low intrusion # 5818=TippingPoint-Block_Info intrusion # 5819=TippingPoint-P2P_Critical intrusion # 5820=TippingPoint-P2P_Major intrusion # 5821=TippingPoint-P2P_Minor intrusion # 5822=TippingPoint-P2P_Low intrusion # 5823=TippingPoint-P2P_Info intrusion # 5824=TippingPoint-Critical_HTTP intrusion # 5825=TippingPoint-Minor_SNMP intrusion # 5826=TippingPoint-Low intrusion # 5827=TippingPoint-Low intrusion # 5828=TippingPoint-Low intrusion # 5829=TippingPoint-Recon_Scan scanning # 5830=TippingPoint-Probe scanning # 5831=TippingPoint-Probe scanning # 5832=TippingPoint-Invalid_Session login-failure # 5833=TippingPoint-Invalid_Session login-failure # 5834=TippingPoint-Logout logout # 5835=TippingPoint-Login login # 5836=TippingPoint-Idle_Timeout connection # 5837=TippingPoint-Alert_HTTP_Low intrusion # 5838=TippingPoint-Alert_HTTP_Minor intrusion # 5839=TippingPoint-Alert_HTTP_Major intrusion # 5840=TippingPoint-Alert_HTTP_Critical intrusion # 5841=TippingPoint-Block_HTTP_Low firewall # 5842=TippingPoint-Block_HTTP_Minor firewall # 5843=TippingPoint-Block_HTTP_Major firewall # 5844=TippingPoint-Block_HTTP_Critcial firewall # 5845=TippingPoint-Alert_IP_Low intrusion # 5846=TippingPoint-Alert_IP_Minor intrusion # 5847=TippingPoint-Alert_IP_Major intrusion # 5848=TippingPoint-Alert_IP_Critical intrusion # 5849=TippingPoint-Block_IP_Low firewall # 5850=TippingPoint-Block_IP_Minor firewall # 5851=TippingPoint-Block_IP_Major firewall # 5852=TippingPoint-Block_IP_Critcial firewall # 5853=TippingPoint-Alert_SNMP_Low intrusion # 5854=TippingPoint-Alert_SNMP_Minor intrusion # 5855=TippingPoint-Alert_SNMP_Major intrusion # 5856=TippingPoint-Alert_SNMP_Critical intrusion # 5857=TippingPoint-Block_SNMP_Low firewall # 5858=TippingPoint-Block_SNMP_Minor firewall # 5859=TippingPoint-Block_SNMP_Major firewall # 5860=TippingPoint-Block_SNMP_Critcial firewall # # Plugins for file /usr/thunder/daemons/plugins/nids_toplayer.prm # # 12100=TopLayer-System_Events system # 12101=TopLayer-Flow_Events system # 12102=TopLayer-Flow_TCP_Network_Session_Events connection # 12103=TopLayer-Flow_UDP_Network_Session_Events connection # 12104=TopLayer-Flow_ICMP_Network_Session_Events connection # 12105=TopLayer-Flow_IP_Network_Session_Events connection # 12106=TopLayer-Flow_Non_IP_Network_Session_Events connection # 12107=TopLayer-Flow_Lost_Detail_Events system # 12108=TopLayer-Flow_MIB_Threshold_Events system # 12109=TopLayer-IP_Forwarding_Events system # 12110=TopLayer-Bridge_Forwarding_Events system # 12111=TopLayer-Interface_Events system # 12112=TopLayer-Attack_Mitigator_Events intrusion # 12113=TopLayer-Attack_Mitigator_TCP_Session_Events intrusion # 12114=TopLayer-Attack_Mitigator_UDP_Session_Events intrusion # 12115=TopLayer-Attack_Mitigator_ICMP_Session_Events intrusion # 12116=TopLayer-Attack_Mitigator_IP_Session_Events intrusion # 12117=TopLayer-Attack_Mitigator_State_Of_Client_Events intrusion # 12118=TopLayer-Attack_Mitigator_State_Of_Server_Events intrusion # 12119=TopLayer-Attack_Mitigator_Transition_Record_To_Second_Level firewall # 12120=TopLayer-Attack_Mitigator_Transition_Record_To_First_Level firewall # 12121=TopLayer-Attack_Mitigator_IP_Fragment dos # 12122=TopLayer-Attack_Mitigator_Detected_Address_Spoof intrusion # 12123=TopLayer-Attack_Mitigator_Event_Recurring_Spoof intrusion # 12124=TopLayer-Attack_Mitigator_Event_Ending_Spoof intrusion # 12125=TopLayer-Attack_Mitigator_MIB_Threshold system # 12126=TopLayer-Classification_Events system # 12127=TopLayer-Remote_Access_Events login # 12128=TopLayer-Remote_Access_Session_Events login # 12129=TopLayer-Remote_Access_MIB_Threshold_Events system # 12130=TopLayer-Policy_Events system # 12131=TopLayer-Configuration_Events system # 12132=TopLayer-Statistic_Events intrusion # 12133=TopLayer-ROE_Events error # 12134=TopLayer-ROE_Events_IP_Fragement_Errors error # 12135=TopLayer-ROE_Events_MIB_Thresholds error # # Plugins for file /usr/thunder/daemons/plugins/nips_vsecure_netprotect.prm # # # Plugins for file /usr/thunder/daemons/plugins/observeit.prm # # 3750=ObserveIT-High_Alert_Opened_Window application # 3751=ObserveIT-Medium_Alert_Opened_Window application # 3752=ObserveIT-High_Alert_Web_Application application # 3753=ObserveIT-High_Alert_Directory_Removal application # 3754=ObserveIT-Alert_Desktop application # 3755=ObserveIT-Medium_Alert_LogMeIn application # 3756=ObserveIT-Medium_Alert_Security_Warning application # 3757=ObserveIT-High_Alert_New_Virtual_Device application # 3758=ObserveIT-Medium_Alert_Download application # # Plugins for file /usr/thunder/daemons/plugins/os_freebsd.prm # # 1200=Promiscuous_Mode_Enabled system # 1201=Promiscuous_Mode_Disabled system # 1202=FreeBSD-IP_Address_In_Use error # 1203=FreeBSD-ICMP_Bandwidth_Limit system # 1204=FreeBSD-ICMP_Limiting_Ping_Response scanning # 1205=FreeBSD-Limiting_RST_Response scanning # 1206=FreeBSD-Refused_ROOT_Login login-failure # 1207=FreeBSD-Mulitple_Login_Failures login-failure # 1208=FreeBSD-TCP_Connection_Attempt connection # 1209=FreeBSD-syslogd_Discarded_Packets system # 1211=FreeBSD-rpc intrusion # 1212=RPC-STATD_Exploit_Attempt intrusion # 1213=FreeBSD-Root_Process_Exited process # 1214=FreeBSD-Failed_calife_Usage system # 1215=FreeBSD-Begin_calife_Usage system # 1216=FreeBSD-End_calife_Usage system # 1217=FreeBSD-syslogd_Crash error # 1218=FreeBSD-File_System_Full error # 1219=FreeBSD-NonRoot_Process_Exited process # 1220=FreeBSD-Out_of_memory error # 1221=FreeBSD-Out_of_swap_space error # 1223=FreeBSD-Disk_Error error # 1224=FreeBSD-Disk_Error error # 1225=FreeBSD-Time_Adjusted system # 1226=FreeBSD-Login_Error login-failure # 1227=BSD-Disk_Full error # 1228=BSD-File_System_Full error # 1229=BSD-User_Added system # 1230=FreeBSD-Root_Command_Issued process # 1231=FreeBSD-User_Issued_Command process # # Plugins for file /usr/thunder/daemons/plugins/os_linux.prm # # 600=Linux-Systemd_Unit_Failed_State process # 601=Linux-Systemd_Main_Process_Exited process # 602=Linux-Systemd_Service_Start process # 603=Linux-Systemd_Logind_Session_Removed system # 604=Linux-Systemd_Logind_Session_New system # 605=Linux-Dbus_Service_Activated_Successfully system # 606=Linux-Fprintd_Failed process # 607=Linux-GDM_Keyring_Login_Unlocked system # 608=Linux-GDM_Slot_Initialization_Password_Failure error # 609=Linux-Rsyslog_HUP process # 610=Linux-ABRT_Core_Backtrace_Generated system # 611=Linux-ABRT_Core_Backtrace_Duplicate system # 612=Linux-ABRT_Directory_Duplicate system # 613=Linux-ABRT_Directory_Delete system # 614=Linux-NetworkManager_Auth_Error login-failure # 615=Linux-NetworkManager_State_Change_Device system # 616=Linux-NetworkManager_Policy_Set system # 617=Linux-NetworkManager_Activation_Device system # 618=Linux-NetworkManager_State_Connecting system # 619=Linux-NetworkManager_State_Connected_Local system # 620=Linux-NetworkManager_State_Connected_Global system # 621=Linux-NetworkManager_Device_Ethernet_New system # 622=Linux-NetworkManager_Connection_Auto_Activating system # 1300=Linux-User_Added system # 1301=Linux-Group_Added system # 1302=Linux-User_Locked system # 1303=Linux-User_Unlocked system # 1304=Linux-User_Changed_Shell system # 1305=Linux-User_Changed system # 1306=Linux-Root_Login login # 1307=Linux-Password_Change system # 1308=Linux-Failed_Login login-failure # 1309=Linux-Failed_Login login-failure # 1310=Linux-DPKG_Software_Installed system # 1311=Linux-DPKG_Software_Removed system # 1312=Linux-RPC_Statd_Exploit intrusion # 1313=Linux-RPC_Mountd_Export_Request connection # 1314=Linux-PAM_Remote_Auth_Failure login-failure # 1315=Linux-PAM_Local_Auth login-failure # 1316=Linux-Promiscuous_Mode_Enabled system # 1317=Linux-Promiscuous_Mode_Enabled system # 1318=Linux-Group_Added system # 1319=Linux-User_Exists error # 1320=Linux-User_Added system # 1321=Linux-User_Removed_From_Group system # 1322=Linux-User_Deleted system # 1323=Linux-User_PW_Changed system # 1324=Linux-User_PW_Changed system # 1325=Linux-User_Deleted system # 1326=Linux-User_Added system # 1327=Linux-Group_Added system # 1328=SELinux-AVC_granted system # 1329=SELinux-AVC_denied access-denied # 1331=Linux-Out_Of_Memory error # 1332=Named-Cache_Denied access-denied # 1333=Named-Configuration_Failure error # 1334=SELinux-Action_Prevention access-denied # 1335=Linux-Out_Of_Memory error # 1336=Linux-CDROM_Error error # 1337=Linux-Xinetd_Connection connection # 1338=Linux-Yum_Installation system # 1339=Linux-System_Start restart # 1340=Linux-Yum_Updated system # 1341=Linux-Yum_Erased system # 1342=Linux-Up2date_Authenticated system # 1343=Linux-Up2date_Connection_Failure error # 1344=Linux-Up2date_Registered_System system # 1345=Linux-Up2date_Package_Additions system # 1346=Linux-Up2date_Package_Deletions system # 1347=Linux-Up2date_Activation_Failure error # 1348=Linux-Up2date_Invalid_Credentials error # 1349=Linux-Network_Time_Update system # 1350=Linux-Promiscuous_Mode_Disabled system # 1351=Linux-User_Removed_From_Group system # 1352=Linux-Group_Removed system # 1353=Linux-Group_Passwd_Change system # 1354=Linux-Network_Time_Daemon_Shutdown process # 1355=Linux-Network_Time_Daemon_Version system # 1356=Linux-Segfault_Detected process # 1357=Linux-Network_Time_Permission_Denied error # 1358=Linux-Promiscuous_Mode_Enabled system # 1359=Linux-Promiscuous_Mode_Disabled system # 1360=Linux-Multiple_SUDO_Failures login-failure # 1361=Linux-Network_Time_Local_Update system # 1362=Linux-User_Account_Removed system # 1363=SELinux-Disabled system # 1364=SELinux-Enabled system # 1365=Linux-Xinetd restart # 1366=Linux-Xinetd_Connection_Finished connection # 1367=Linux-Command_Issued_By_Root process # 1368=Linux-Command_Issued_By_SuperUser process # 1369=Linux-User_Issued_Command process # 1370=Linux-DPKG_Software_Configured system # 1371=Linux-Network_Time_Reset system # 1372=Linux-SFCB_SSL_Connection_Error error # 1373=Linux-Command_Issued_By_SuperUser_With_ParentID process # 1374=Linux-User_Issued_Command_With_ParentID process # 1375=Linux-Command_Issued_By_Root_With_ParentID process # 1376=Linux-Command_Exited_Abnormally process # 1377=Linux-PAM_Unknown_User login-failure # 1378=Linux-PAM_Session_Opened login # 1379=Linux-PAM_Session_Closed logout # 1382=Linux-Argus_Started process # 1383=Linux-Argus_Interface_Status process # 1384=Linux-CRON_CMD system # 1385=Linux-CRON_CMD system # 1386=Linux-PAM-KRB5_Authentication_Failure login-failure # 1387=Linux-PAM-KRB5_Authentication_Succeeds login # 1388=Linux-Error_Reading_Keytab error # 1389=Linux-NetworkManager_State_Change_DHCP system # 1390=Linux-Network_Time_Status_Change system # 1391=Linux-Avahi_Invalid_Query system # 1392=Linux-Avahi_Invalid_Response system # 1393=Linux-PAM_User_Unknown login-failure # 1394=Linux-Failed_NFS_Mount access-denied # 1395=Linux-Password_Check_Failed login-failure # 1396=Linux-Telnet_Login_Not_Secure login-failure # 1397=Linux-Login_Failure login-failure # 1398=Linux-CRON_CMD system # 1399=Linux-Process_Core_Dump_Saved process # 11400=Linux-Polkit_Autentication_Operator_Failed login-failure # 11401=Linux-Polkit_Authentication_Agent_Registered login # 11402=Linux-Polkit_Authentication_Agent_Unregistered system # 11403=Linux-Polkit_Authentication_Operator_Successful login # 15400=Linux-ABRT_Email_Sending system # 15401=Linux-ABRT_Email_Sent system # 15402=Linux-ABRT_UUID_Duplicate_Detected system # 15403=Linux-ABRT_Directory_Problem_New system # 15404=Linux-ABRT_Directory_Problem_Duplicate system # 15405=Linux-ABRT_Directory_Or_File_Missing system # 15406=Linux-ABRT_Directory_Creation system # 15407=Linux-ABRT_Executable_ system # 15408=Linux-ABRT_Post-create_Exit system # 15409=Linux-ABRT_Corrupt_Bad_Directory system # 15410=Linux-ABRT_Client_Connected_New system # 15411=Linux-IO_Error error # 15412=Linux-IO_Error_Buffer error # 11404=Linux-Network_Time_Listen_Socket system # 11405=Linux-Network_Time_Listen_Normal system # 11406=Linux-Network_Time_IO_Info system # 11407=Linux-Network_Time_Peers_Refreshed system # 11408=Linux-Network_Time_Listen_Drop system # 11409=Linux-Network_Time_Proto_Info system # 11410=Linux-Network_Time_Bind_Failed error # 11411=Linux-Network_Time_Interface_Found system # 11412=Linux-Network_Time_Interface_Delete system # 11413=Linux-Network_Time_Bind_Failed error # 11414=Linux-Network_Time_Interface_Failed error # 11415=Linux-Network_Time_Socket_Failed error # 11459=Linux-Group_Added system # # Plugins for file /usr/thunder/daemons/plugins/os_linux_audit.prm # # 7005=Linux-Audit_Credential_Refresh process # 7006=Linux-Audit_Credential_Reset process # 7007=Linux-Audit_User_Session_End logout # 7008=Linux-Audit_User_Authorized login # 7009=Linux-Audit_Credential_Set process # 7010=Linux-Audit_User_Login login # 7011=Linux-Audit_User_Session_Started login # 7012=Linux-Audit_User_Execute system # 7013=Linux-Audit_User_Authenticated login # 7014=Linux-Audit_Service_Started system # 7015=Linux-Audit_Configuration_Changed system # 7016=Linux-Audit_User_Authenticate_Failed login-failure # 7017=Linux-Audit_User_Login_Failed login-failure # 7018=Linux-Audit_Credential_Refresh process # 7019=Linux-Audit_Credential_Reset process # 7020=Linux-Audit_User_Session_End logout # 7021=Linux-Audit_User_Authorized login # 7022=Linux-Audit_Credential_Set process # 7023=Linux-Audit_User_Session_Started login # 7024=Linux-Audit_User_Authenticated login # 7025=Linux-Audit_User_Authenticate_Failed login-failure # 7026=Linux-Audit_User_Login_Failed login-failure # 7027=Linux-Audit_Syscall system # 7028=Linux-Audit_Privilege_Inspect system # 7029=Linux-Audit_User_Error login-failure # 7030=Linux-Audit_User_Error login-failure # 7031=Linux-Audit_User_Login login # 7032=Linux-Audit_System_Shutdown restart # 7033=Linux-Audit_Add_User_Failed error # 7034=Linux-Audit_Daemon_Modified system # 7035=Linux-Audit_User_Role_Change system # 7036=Linux-Audit_Time_Change system # 7037=Linux-Audit_Runlevel_Changed system # 7038=Linux-Audit_Mac system # 7039=Linux-Audit_Chauthtok system # 7040=Linux-Audit_Login_Violation login-failure # 7041=Linux-Audit_Lock_Unlock_User system # 7042=Linux-Audit_Promiscuous_Device system # 7043=Linux-Audit_User_Role_Change_Failed system # 7044=Linux-Audit_User_Cmd_Issued system # 7045=Linux-Audit_User_Login login # 7046=Linux-Audit_User_Login_Failed login-failure # 7047=Linux-Audit_User_Authenticate_Failed login-failure # 7048=Linux-Audit_User_Login_Failed login-failure # 7049=Linux-Audit_Crypto_Session connection # 7050=Linux-Audit_Crypto_Key_User system # 7051=Linux-Audit_User_Login_Failed login-failure # 7052=Linux-Audit_User_Logout logout # 7053=Linux-Audit_Crypto_Key_User system # 7054=Linux-Audit_User_Session_End logout # 7055=Linux-Audit_User_Added system # 7056=Linux-Audit_Group_Added system # 7057=Linux-Audit_Daemon_Exiting system # 7058=Linux-Audit_Init_Complete_Listening_For_Events system # # Plugins for file /usr/thunder/daemons/plugins/os_mvs_mainframe.prm # # 10500=ZOS-Logon login # 10501=ZOS-Logoff logout # 10502=ZOS-Invalid_Password login-failure # 10503=ZOS-Undefined_User login-failure # 10504=ZOS-Insufficient_Authority access-denied # 10505=ZOS-Insufficient_Authority access-denied # 10506=ZOS-DB2_SQL_Grant_Access system # 10507=ZOS-DB2_SQL_Alter_Table system # 10508=ZOS-Job_Abend error # 10509=ZOS-Job_Started system # 10510=ZOS-Auth_Check system # 10511=ZOS-Job_Init system # # Plugins for file /usr/thunder/daemons/plugins/os_osx.prm # # 2400=OSX-Network_Transition system # 2401=OSX-Failed_SU_Login login-failure # 2404=OSX-Software_Update system # 2405=OSX-Su_Failure login-failure # 2406=OSX-Brute_Force_Root login-failure # 2407=OSX-Brute_Force login-failure # 2408=OSX-Process_Crash process # 2409=OSX-Limiting_RST_Response scanning # 2410=OSX-Admin_Installing_Software system # 2411=OSX-Failed_Login login-failure # 2412=OSX-Failed_Authorization login-failure # 2413=OSX-User_Authenticated login # 2414=OSX-Failed_Name_Resolution error # 2415=OSX-Failed_Authentication login-failure # 2416=OSX-Admin_Action_Authenticated login # 2417=OSX-Valid_Authentication login # 2418=OSX-Process_Crash_Report process # 2419=OSX-AFP_Mount system # 2420=OSX-AFP_Unmount system # 2421=OSX-TimeMachine_MountAttempt system # 2422=OSX-TimeMachine_Mount system # 2423=OSX-TimeMachine_Backup system # 2424=OSX-TimeMachine_Backup_Copied_Files system # 2425=OSX-TimeMachine_Backup_Thinning system # 2426=OSX-TimeMachine_Backup_Succeeded system # 2427=OSX-TimeMachine_Backup_Canceled system # 2428=OSX-SecurityAgent_AdminPrivRequest system # 2429=OSX-SecurityAgent_PrivRequest system # 2430=OSX-SecurityServer-Success login # 2431=OSX-Root_Command_Issued process # 2432=OSX-Application_Installed_From_Remote_Share system # 2433=OSX-Application_Installed_From_Remote_Share system # 2434=OSX-Application_Installed_From_Remote_Share system # 2435=OSX-Application_Installed_From_Remote_Share system # 2436=OSX-Application_Installed_From_Remote_Share system # 2437=OSX-Application_Installed system # 2438=OSX-AdobeFlash_Installed system # 2439=OSX-Root_Process_Crash process # 2440=OSX-User_Process_Crash process # 2441=OSX-Application_Installed system # 2442=OSX-Firewall_TCP_Attempt connection # 2443=OSX-Firewall_UDP_Attempt connection # 2444=OSX-Software_Installed system # 2445=OSX-App_Store system # 2446=OSX-App_Store system # 2447=OSX-Airport_Cannot_Be_Turned_On system # 2448=OSX-Penalty_Time_Resetting system # 2449=OSX-Software_Update_Exited system # 12450=OSX-Storeagent_Port_Created system # 12451=OSX-Audit_Enter_Promiscous_Mode process # 12452=OSX-SoftwareUpdate-check system # 12453=OSX-SoftwareUpdate-Success system # 12454=OSX-SoftwareUpdate-Failed system # 12455=OSX-Login login # 12456=OSX-Failed_Login login-failure # 12457=OSX-Failed_Login login-failure # 12458=OSX-Evernote_Messages application # 12459=OSX-Blacklist_Entry_Not_Added system # 12460=OSX-Quicksilver_Hosts_Not_Loaded system # 12461=OSX-Firewall_UDP_Attempt firewall # 12462=OSX-Firewall_TCP_Attempt firewall # 12463=OSX-Listening_Process system # 12464=OSX-Hostname_Update system # 12465=OSX-AccessPoint_Association_Attempt system # 12466=OSX-Entering_Sleep_Mode system # 12467=OSX-Resumed_From_Sleep system # 12468=OSX-Running_OS_Build system # 12469=OSX-Software_Installed system # 12470=OSX-System_Start restart # 12471=OSX-Free_Space system # 12472=OSX-Sandbox_Deny_Lookup access-denied # 12473=OSX-Sandbox_Deny_File_Access access-denied # 12474=OSX-Sandbox_Deny_Job_Creation access-denied # 12475=OSX-FTP_Access_Failure login-failure # 12476=OSX-Launchd_Throttling_Respawn system # # Plugins for file /usr/thunder/daemons/plugins/os_racf_mainframe.prm # # 10530=ZOS-RACF_Invalid_Password_At_Terminal login-failure # 10531=ZOS-RACF_User_Not_Defined login-failure # 10532=ZOS-RACF_User_Profile_Not_Found login-failure # 10533=ZOS-RACF_Insufficeint_Read_Authority access-denied # 10534=ZOS-RACF_Violation_Of_Command access-denied # # Plugins for file /usr/thunder/daemons/plugins/os_smf_mainframe.prm # # 10550=ZOS-Dataset_Opened_For_Update system # 10551=ZOS-Dataset_Deleted system # 10552=ZOS-Dataset_Opened_For_Input system # 10553=ZOS-Step_Termination system # 10554=ZOS-Task_Termination system # 10555=ZOS-Job_Started system # 10556=ZOS-Termination_TSO system # 10557=ZOS-VSAM_Opened system # 10558=ZOS-Job_Ended system # 10559=ZOS-Interval_Accounting system # 10560=ZOS-Task_Termination_Abnormal error # 10561=ZOS-Task_Termination_Abnormal error # 10562=ZOS-Dataset_Closed system # 10563=ZOS-Filesystem_ReMount system # 10564=ZOS-Filesystem_Mount system # 10565=ZOS-Dataset_Opened_For_Update system # 10566=ZOS-Dataset_Closed system # 10567=ZOS-Dataset_Opened_For_Input system # 10568=ZOS-Task_Termination system # # Plugins for file /usr/thunder/daemons/plugins/os_solaris.prm # # 2500=Solaris-cachefsd_Segmentation_Fault process # 2503=Solaris-SNMP_Protos_Attack intrusion # 2505=Solaris-SU_Root_Failure login-failure # 2506=Solaris-SU_Root_Succeeded login # 2507=Solaris-Muliple_Login_Failures login-failure # 2508=Solaris-ypbind_Connection_Refused access-denied # 2509=Solaris-statd_Exploit intrusion # 2510=Solaris-SU_root_Succeeded login # 2511=Solaris-SU_root_Failed login-failure # 2512=Solaris-Overflow_Attempt intrusion # # Plugins for file /usr/thunder/daemons/plugins/os_suse.prm # # # Plugins for file /usr/thunder/daemons/plugins/os_unix.prm # # 1400=Unix-Failed_SU_Attempt login-failure # 1403=Unix-Sudo_Failure login-failure # 1404=Unix-Successful_Sudo login # 1405=Unix-NFS_Mount_Failure error # 1406=Unix-Excessive_xinetd_Connections scanning # 1407=Unix-Sudo_Attempt login-failure # 1408=Unix-Sudo_Success login # 1409=Unix-Sudo_Failure login-failure # 1410=Unix-Logon login # 1411=Unix-Logon_Failure login-failure # 1412=Unix-Su_To_Root_Successful login # 1413=Unix-Su_To_Root_Failed login-failure # 1414=Unix-Syslog_Restarted restart # 1415=Unix-Telnet_Session_Died scanning # 1416=Unix-Rshd_From_Address_Not_Valid scanning # 1417=Unix-Rlogin_Illegal_Port_Connection scanning # 1418=Unix-Password_Read_Failed error # 1419=Unix-Failed_Login login-failure # 1420=Unix-Failed_RSH_Login login-failure # 1421=Unix-Failed_Unknown_User_Login login-failure # 1422=UNIX-Login_Failures login-failure # 1423=UNIX-Portmapper_Connection intrusion # 1424=Unix-Failed_SU_Attempt login-failure # 1425=Unix-SU_Event login # 1426=Unix-Unable_To_Get_Filestats error # 1427=Unix-Unable_To_Update_Domain_Stats error # 1428=Unix-Error_Threshold_Exceeded error # 1430=Unix-Pdntfs_Exit_Status process # 1431=Unix-Unable_To_RPC_Register error # 1432=Unix-Rshd_Connection_On_Illegal_Port scanning # 1433=Unix-Rlogind_Connection_On_Illegal_Port scanning # 1436=Unix-Sshd_Illegal_Protocol_Version error # 1437=Unix-Sshd_Wrong_Root_Password login-failure # 1438=Unix-Vmunix_Domain_Panic error # 1439=Unix-Syslog_Restarted restart # 1440=Unix-LPD_Restarted restart # 1441=Unix-System_Reboot restart # 1442=Unix-System_Reboot restart # 1443=Unix-CRONTAB_Edit detected-change # 1444=Unix-Root_Issued_Command process # 1445=Unix-User_Issued_Command process # 1446=Unix-User_Issued_SU_Command login # 1447=Unix-System_Rebooted restart # 1448=Unix-FTP_Daemon_Notice process # 11750=Unix-Smartd_Unreadable_Sectors error # 11751=Unix-Smartd_Uncorrectable_Sectors error # 11752=Unix-Successful_Sudo_as_Root login # # Plugins for file /usr/thunder/daemons/plugins/os_unix_audit.prm # # 10000=Unix-Audit_Boot restart # 10001=Unix-Audit_Enter_Promiscous_Mode process # 10002=Unix-Audit_Exited_Promiscous_Mode process # 10003=Unix-Audit_Mount_Unmount_File_System process # 10004=Unix-Audit_Connection_Inetd process # 10005=Unix-Audit_Login login # 10006=Unix-Audit_Logout logout # 10007=Unix-Audit_Telnet process # 10008=Unix-Audit_Rlogin process # 10009=Unix-Audit_Rshd process # 10010=Unix-Audit_Su process # 10011=Unix-Audit_Authentication_Failed login-failure # 10012=Unix-Audit_Ftp_Bad_Password login-failure # 10013=Unix-Audit_Ftp_No_Account login-failure # 10014=Unix-Audit_Ftp_Misc login-failure # 10015=Unix-Audit_Ftp_Anonymous login-failure # 10016=Unix-Audit_Ssh_Permission_Denied login-failure # 10017=Unix-Audit_Ftp_User_Excluded login-failure # 10018=Unix-Audit_Ssh_Login login # 10019=Unix-Audit_Rexecd process # 10020=Unix-Audit_Passwd detected-change # 10021=Unix-Audit_Rexd process # 10022=Unix-Audit_Admin_Authenticte process # 10023=Unix-Audit_Enable_User detected-change # 10024=Unix-Audit_Disable_User detected-change # 10025=Unix-Audit_Delete_User detected-change # 10026=Unix-Audit_Modify_User detected-change # 10027=Unix-Audit_Create_User detected-change # 10028=Unix-Audit_Listdevice_Failure error # 10029=Unix-Audit_Listdevice process # 10030=Unix-Audit_Deallocate_fail error # 10031=Unix-Audit_Deallocate process # 10032=Unix-Audit_Crontab_modified detected-change # 10033=Unix-Audit_Solaris_Poweroff restart # 10034=Unix-Audit_Solaris_Shutdown restart # 10035=Unix-Audit_Solaris_Uadmin process # 10036=Unix-Audit_Solaris_Init process # 10037=Unix-Audit_Solaris_Reboot restart # 10038=Unix-Audit_Solaris_Halt process # 10039=Unix-Audit_Crontab_Permissions detected-change # 10040=Unix-Audit_Crontab_Delete detected-change # 10041=Unix-Audit_Crontab_Create detected-change # 10042=Unix-Audit_Cron_Invoke process # 10043=Unix-Audit_At_Permissions detected-change # 10044=Unix-Audit_At_Delete detected-change # 10045=Unix-Audit_At_Create detected-change # 10046=Unix-Audit_Umount process # 10047=Unix-Audit_Setaudit process # 10048=Unix-Audit_Processor_Bind process # 10049=Unix-Audit_P_Online process # 10050=Unix-Audit_Module process # 10051=Unix-Audit_UTSSYS process # 10052=Unix-Audit_AUDITON process # 10053=Unix-Audit_STIME process # 10054=Unix-Audit_AUDITSTAT process # 10055=Unix-Audit_SETKERNSTATE process # 10056=Unix-Audit_AUDITSVC process # 10057=Unix-Audit_SETUSERAUDIT process # 10058=Unix-Audit_SETAUID process # 10059=Unix-Audit_NFS_SVC process # 10060=Unix-Audit_ASYSNC_DAEMON process # 10061=Unix-Audit_Mount process # 10062=Unix-Audit_EXPORTFS process # 10063=Unix-Audit_QUOTACTL process # 10064=Unix-Audit_Set_Domain_Name process # 10065=Unix-Audit_Ajust_Time process # 10066=Unix-Audit_Set_Time process # 10067=Unix-Audit_Set_Host_Name process # 10068=Unix-Audit_Swap_On process # 10069=Unix-Audit_Reboot process # 10070=Unix-Audit_ACCT process # 10071=Unix-Audit_MKNOD process # 10072=Unix-Audit_Login_Failure login-failure # 10073=Unix-Audit_Started process # 10074=Unix-Audit_Login login # 10075=Unix-Audit_User_Authentication login # 10076=Unix-Audit_Login_Failure login-failure # 10077=Unix-Audit_User_Authentication_Failed login-failure # 10078=Unix-Audit_Ssauthorize login # 10079=Unix-Audit_Console_Login login # 10080=Unix-Audit_Lw_Login login # 10081=Unix-Audit_Add_User_To_Group detected-change # 10082=Unix-Audit_Ssauthint login # 10084=Unix-Audit_Password_Modified detected-change # 10085=Unix-Audit_Group_Added detected-change # 10086=Unix-Audit_Operation_Not_Permitted error # 10087=Unix-Audit_Builtin_Authenticate login # 10088=Unix-Audit_Modify_Group detected-change # # Plugins for file /usr/thunder/daemons/plugins/os_win2008_sec.prm # # 7287=Windows-Shadow_Copy_Created system # 7288=Windows-Handle_Requested system # 7289=Windows-Process_Exited process # 7290=Windows-Connection_Allowed connection # 7291=Windows-New_Process_Created process # 7292=Windows-Bind_Blocked access-denied # 7293=Windows-Successful_Login login # 7294=Windows-Privileges_Assigned login # 7295=Windows-Primary_Token_Assigned system # 7296=Windows-Privileged_Service_Called system # 7297=Windows-Attempted_Hard_Link_Creation system # 7298=Windows-Attempted_Handle_Duplication system # 7299=Windows-Handle_Closed system # 7300=Windows-Transaction_Changed system # 7301=Windows-Attempted_Access_Object system # 7302=Windows-Privileged_Service_Call_Failed access-denied # 7303=Windows-Handle_Request_Failed access-denied # 7304=Windows-Login login # 7305=Windows-Time_Changed system # 7306=Windows-Credential_Validation login # 7307=Windows-Firewall_Started system # 7308=Windows-Account_Logged_Off logout # 7309=Windows-Network_Share_Accessed system # 7311=Windows-Failed_Login login-failure # 7312=Windows-Filtering_Changed system # 7313=Windows-Hash_Invalid error # 7314=Windows-Scheduled_Task_Created system # 7315=Windows-Scheduled_Task_Deleted system # 7316=Windows-Process_Registered login # 7317=Windows-Provider_Context_Changed system # 7318=Windows-Callout_Changed system # 7319=Windows-Object_Deleted system # 7320=Windows-Kerberos_Loaded system # 7321=Windows-Audit_Policy_Created system # 7322=Windows-RPC_Detected_Integrity_Violation error # 7323=Windows-Registered_Security_Event system # 7324=Windows-Unregistered_Security_Event system # 7325=Windows-Firewall_Rule_Ignored error # 7326=Windows-Screen_Saver_Invoked system # 7327=Windows-Screen_Saver_Dismissed system # 7328=Windows-Audit_Settings_Changed system # 7329=Windows-User_Logoff logout # 7330=Windows-Incorrect_Parameter error # 7332=Windows-Firewall_Change system # 7333=Windows-Reconnected_Session connection # 7334=Windows-Disconnected_Session connection # 7336=Windows-Workstation_Unlocked system # 7337=Windows-User_Added_Global_Group system # 7338=Windows-User_Created system # 7339=Windows-User_Enabled system # 7340=Windows-User_Changed system # 7341=Windows-User_Added_Local_Group system # 7342=Windows-User_Removed_Local_Group system # 7343=Windows-User_Removed_Global_Group system # 7344=Windows-User_Deleted system # 7345=Windows-Domain_Policy_Changed system # 7346=Windows-Password_Changed system # 7347=Windows-Key_File_Operation system # 7348=Windows-Cryptographic-Operation_Failure system # 7349=Windows-Firewall_Rule_Added system # 7350=Windows-Service_Installed system # 7351=Windows-Local_Group_Created system # 7352=Windows-System_Security_Granted_Account system # 7353=Windows-User_Right_Assigned system # 7354=Windows-Local_Group_Changed system # 7355=Windows-Cryptographic-Test system # 7356=Windows-User_Locked_Out access-denied # 7357=Windows-Connection_Blocked firewall # 7358=Windows-Packet_Blocked firewall # 7359=Windows-Bind_Allowed connection # 7360=Windows-Global_Group_Deleted system # 7361=Windows-Global_Group_Created system # 7362=Windows-User_Account_Disabled system # 7363=Windows-Password_Changed system # 7364=Windows-Replay_Attack_Detected intrusion # 7365=Windows-Domain_Controller_Failed_Validation login-failure # 7366=Windows-Kerberos_Auth_Ticket_Request login # 7367=Windows-Kerberos_Service_Ticket_Request system # 7368=Windows-Kerberos_Service_Ticket_Renewed system # 7369=Windows-Computer_Account_Created system # 7370=Windows-Computer_Account_Changed system # 7371=Windows-Computer_Account_Deleted system # 7372=Windows-Account_Accessed system # 7374=Windows-Audit_Policy_Changed system # 7376=Windows-Filter_Present system # 7377=Windows-Firewall_Rule_Not_Applied error # 7378=Windows-Local_Group_Deleted system # 7379=Windows-Global_Group_Changed system # 7380=Windows-Universal_Group_Created system # 7381=Windows-Universal_Group_Changed system # 7382=Windows-Universal_Group_Member_Added system # 7383=Windows-Universal_Group_Member_Removed system # 7384=Windows-Universal_Group_Deleted system # 7385=Windows-SID_History_Added system # 7386=Windows-SID_History_Add_Failed error # 7387=Windows-User_Account_Unlocked system # 7388=Windows-ACL_Set_On_Admin_Groups system # 7389=Windows-Account_Name_Changed system # 7390=Windows-Active_Directory_Attributes_Replicated system # 7392=Windows-Replication_Failure_Begins system # 7393=Windows-Replication_Failure_Ends system # 7394=Windows-Directory_Service_Modified system # 7395=Windows-Directory_Service_Created system # 7396=Windows-Directory_Service_Undeleted system # 7397=Windows-Directory_Service_Moved system # 7398=Windows-Directory_Service_Deleted system # 7399=Windows-Directory_Sync_Begun system # 7400=Windows-Directory_Sync_Ended system # 7401=Windows-SIDS_Filtered system # 7402=Windows-Credentials_Disallowed access-denied # 7403=Windows-Wireless_Request connection # 7404=Windows-Wired_Request connection # 7405=Windows-File_Virtualized system # 7406=Windows-Blocked_Incoming_Connection firewall # 7407=Windows-Scheduled_Task_Enabled system # 7408=Windows-Scheduled_Task_Disabled system # 17409=Windows-Scheduled_Task_Updated system # 17410=Windows-Registry_Changed system # 17411=Windows-Registry_Key_Virtualized system # 17412=Windows-SACL_Policy_Changed system # 17413=Windows-CrashOnAuditFail_Changed system # 17414=Windows-Domain_New_Trust_Created system # 17415=Windows-Domain_Trust_Removed system # 17416=Windows-Kerberos_Policy_Changed system # 17417=Windows-Domain_Info_Modified system # 17418=Windows-Security_Granted_Or_Removed system # 17419=Windows-Namespace_Collision error # 17420=Windows-Trusted_Forest_Added system # 17421=Windows-Trusted_Forest_Removed system # 17422=Windows-Trusted_Forest_Modified system # 17423=Windows-User_Right_Removed system # 17424=Windows-Encryption_Policy_Changed system # 17425=Windows-Firewall_Policy_Active system # 17426=Windows-Firewall_Rule_Listed system # 17427=Windows-Firewall_Rule_Deleted system # 17428=Windows-Firewall_Default_Settings_Restored system # 17429=Windows-Firewall_Setting_Changed system # 17430=Windows-Firewall_Rule_Ignored error # 17431=Windows-Firewall_Rule_Parts_Ignored error # 17432=Windows-Firewall_Policy_Applied system # 17433=Windows-Firewall_Profile_Changed system # 17434=Windows-Firewall_Rule_Discarded system # 17435=Windows-Group_Policy_Applied system # 17436=Windows-Security_Policy_Errors error # 17437=Windows-Firewall_Stopped error # 17438=Windows-Firewall_Policy_Storage_Error error # 17439=Windows-Firewall_Policy_Parsing_Error error # 17440=Windows-Firewall_Service_Failed error # 17441=Windows-Firewall_Service_Failed_Start error # 17442=Windows-Firewall_Failed_Notification error # 17443=Windows-Firewall_Driver_Started system # 17444=Windows-Firewall_Stopped restart # 17445=Windows-Firewall_Driver_Failure error # 17446=Windows-Firewall_Runtime_Failure error # 17447=Windows-Starting restart # 17448=Windows-Shutting_Down restart # 17449=Windows-Recovered restart # 17450=Windows-Network_Policy_Access_Granted login # 17451=Windows-Network_Policy_Denied_Access access-denied # 17452=Windows-Network_Policy_Discarded_Request access-denied # 17453=Windows-Network_Policy_Discarded_Acct_Request access-denied # 17454=Windows-Network_Policy_Quarantined_User access-denied # 17455=Windows-Network_Policy_Probation_User login # 17456=Windows-Network_Policy_Access_Granted login # 17457=Windows-Network_Policy_Account_Locked access-denied # 17458=Windows-Network_Policy_Account_Unlocked login # 17459=Windows-IPsec_Settings_Changed system # 17460=Windows-IPsec_Dropped_Inbound_Packet firewall # 17461=Windows-Permitted_Listening_Inbound_Connection connection # 17463=Windows-Indirect_Access_Requested system # 17464=Windows-Network_Share_Object_Checked system # 17465=Windows-Network_Share_Object_Added system # 17466=Windows-Credential_Validation_Failed login-failure # 17467=Windows-Successful_Network_Login login # 17468=Windows-Failed_Login login-failure # 17469=Windows-Login login # 17470=Windows-Network_Share_Access_Failed system # 17471=Windows-Successful_Network_Login login # 17472=Windows-Failed_Login login-failure # 17473=Windows-Kerberos_PreAuthentication_Failure login-failure # 17474=Windows-Operation_Performed_On_Object system # 17475=Windows-Operation_Performed_On_Object_Failed access-denied # 17476=Windows-Kerberos_Auth_Ticket_Request_Failed login-failure # 17477=Windows-Kerberos_Service_Ticket_Request_Failed system # 17478=Windows-Directory_Sync_Ended_Failed system # 17479=Windows-Active_Directory_Modified system # 17480=Windows-Cryptographic-Operation_Success system # 17481=Windows-Failed_Login login-failure # 17482=Windows-Integrity_Violation error # 17483=Windows-IPsec_Negotiation_Failed error # 17484=Windows-Workstation_Locked logout # 17585=Windows-Network_Share_Object_Check_Failed system # 17586=Windows-Password_Change_Attempt_Failed system # 17587=Windows-Audit_Log_Cleared system # 17588=Windows-Global_Group_Member_Removed system # 17589=Windows-IPsec_Policy_Apply_Failed system # 17590=Windows-Group_Type_Changed system # 17591=Windows-Event_Log_Full_Or_Unaccessable system # 17592=Windows-Password_Change_Attempt_Failed system # 17593=Windows-Requested_Handle_To_Object system # 17594=Windows-Requested_Handle_To_Object system # 17595=Windows-Attempted_Access_File_System system # 17596=Windows-Handle_Request_To_File_System system # 17597=Windows-IPsec_Service_Started system # 17598=Windows-Blocked_Incoming_Connection firewall # 17599=Windows-Filtering_Platform_Policy_Change system # 17600=Windows-System_Integrity_Corrupt_Hashes error # 17601=Windows-Login login # 17602=Windows-Failed_Login login-failure # 17603=Windows-IPsec_Negotiation_Failed error # 17604=Windows-Account_Management_Events application # 17605=Windows-DFSR_Replication_Prevented application # 17606=Windows-Audit_Events_Dropped error # 17607=Windows-Kerberos_Auth_Ticket_Request login # 17608=Windows-Kerberos_Service_Ticket_Request system # 17609=Windows-Kerberos_Service_Ticket_Renewed system # 17610=Windows-Computer_Account_Changed system # 17611=Windows-Computer_Account_Created system # 17612=Windows-Global_Group_Changed system # 17613=Windows-User_Added_Global_Group system # 17614=Windows-Universal_Group_Changed system # 17615=Windows-User_Added_Universal_Group system # 17616=Windows-Computer_Account_Deleted system # 17617=Windows-Master_Key_Recovery_Attempt system # # Plugins for file /usr/thunder/daemons/plugins/os_win2008_syslog_sec.prm # # 33000=Windows-Shadow_Copy_Created system # 33001=Windows-Handle_Requested system # 33002=Windows-Process_Exited process # 33003=Windows-Connection_Allowed connection # 33004=Windows-New_Process_Created process # 33005=Windows-Bind_Blocked access-denied # 33006=Windows-Successful_Login login # 33007=Windows-Privileges_Assigned login # 33008=Windows-Primary_Token_Assigned system # 33009=Windows-Privileged_Service_Called system # 33010=Windows-Attempted_Hard_Link_Creation system # 33011=Windows-Attempted_Handle_Duplication system # 33012=Windows-Handle_Closed system # 33013=Windows-Transaction_Changed system # 33014=Windows-Attempted_Access_Object system # 33015=Windows-Privileged_Service_Call_Failed access-denied # 33016=Windows-Handle_Request_Failed access-denied # 33017=Windows-Login login # 33018=Windows-Time_Changed system # 33019=Windows-Credential_Validation login # 33020=Windows-Firewall_Started system # 33021=Windows-Account_Logged_Off logout # 33022=Windows-Network_Share_Accessed system # 33024=Windows-Failed_Login login-failure # 33025=Windows-Filtering_Changed system # 33026=Windows-Hash_Invalid error # 33027=Windows-Scheduled_Task_Created system # 33028=Windows-Scheduled_Task_Deleted system # 33029=Windows-Process_Registered login # 33030=Windows-Provider_Context_Changed system # 33031=Windows-Callout_Changed system # 33032=Windows-Object_Deleted system # 33033=Windows-Kerberos_Loaded system # 33034=Windows-Audit_Policy_Created system # 33035=Windows-RPC_Detected_Integrity_Violation error # 33036=Windows-Registered_Security_Event system # 33037=Windows-Unregistered_Security_Event system # 33038=Windows-Firewall_Rule_Ignored error # 33039=Windows-Screen_Saver_Invoked system # 33040=Windows-Screen_Saver_Dismissed system # 33041=Windows-Audit_Settings_Changed system # 33042=Windows-User_Logoff logout # 33043=Windows-Incorrect_Parameter error # 33045=Windows-Firewall_Change system # 33046=Windows-Reconnected_Session connection # 33047=Windows-Disconnected_Session connection # 33049=Windows-Workstation_Unlocked system # 33050=Windows-User_Added_Global_Group system # 33051=Windows-User_Created system # 33052=Windows-User_Enabled system # 33053=Windows-User_Changed system # 33054=Windows-User_Added_Local_Group system # 33055=Windows-User_Removed_Local_Group system # 33056=Windows-User_Removed_Global_Group system # 33057=Windows-User_Deleted system # 33058=Windows-Domain_Policy_Changed system # 33059=Windows-Password_Changed system # 33060=Windows-Key_File_Operation system # 33061=Windows-Cryptographic-Operation_Failure system # 33062=Windows-Firewall_Rule_Added system # 33063=Windows-Service_Installed system # 33064=Windows-Local_Group_Created system # 33065=Windows-System_Security_Granted_Account system # 33066=Windows-User_Right_Assigned system # 33067=Windows-Local_Group_Changed system # 33068=Windows-Cryptographic-Test system # 33069=Windows-User_Locked_Out access-denied # 33070=Windows-Connection_Blocked firewall # 33071=Windows-Packet_Blocked firewall # 33072=Windows-Bind_Allowed connection # 33073=Windows-Global_Group_Deleted system # 33074=Windows-Global_Group_Created system # 33075=Windows-User_Account_Disabled system # 33076=Windows-Password_Changed system # 33077=Windows-Replay_Attack_Detected intrusion # 33078=Windows-Domain_Controller_Failed_Validation login-failure # 33079=Windows-Kerberos_Auth_Ticket_Request login # 33080=Windows-Kerberos_Service_Ticket_Request system # 33081=Windows-Kerberos_Service_Ticket_Renewed system # 33082=Windows-Computer_Account_Created system # 33083=Windows-Computer_Account_Changed system # 33084=Windows-Computer_Account_Deleted system # 33085=Windows-Account_Accessed system # 33087=Windows-Audit_Policy_Changed system # 33089=Windows-Filter_Present system # 33090=Windows-Firewall_Rule_Not_Applied error # 33091=Windows-Local_Group_Deleted system # 33092=Windows-Global_Group_Changed system # 33093=Windows-Universal_Group_Created system # 33094=Windows-Universal_Group_Changed system # 33095=Windows-Universal_Group_Member_Added system # 33096=Windows-Universal_Group_Member_Removed system # 33097=Windows-Universal_Group_Deleted system # 33098=Windows-SID_History_Added system # 33099=Windows-SID_History_Add_Failed error # 33100=Windows-User_Account_Unlocked system # 33101=Windows-ACL_Set_On_Admin_Groups system # 33102=Windows-Account_Name_Changed system # 33103=Windows-Active_Directory_Attributes_Replicated system # 33105=Windows-Replication_Failure_Begins system # 33106=Windows-Replication_Failure_Ends system # 33107=Windows-Directory_Service_Modified system # 33108=Windows-Directory_Service_Created system # 33109=Windows-Directory_Service_Undeleted system # 33110=Windows-Directory_Service_Moved system # 33111=Windows-Directory_Service_Deleted system # 33112=Windows-Directory_Sync_Begun system # 33113=Windows-Directory_Sync_Ended system # 33114=Windows-SIDS_Filtered system # 33115=Windows-Credentials_Disallowed access-denied # 33116=Windows-Wireless_Request connection # 33117=Windows-Wired_Request connection # 33118=Windows-File_Virtualized system # 33119=Windows-Blocked_Incoming_Connection firewall # 33120=Windows-Scheduled_Task_Enabled system # 33121=Windows-Scheduled_Task_Disabled system # 43122=Windows-Scheduled_Task_Updated system # 43123=Windows-Registry_Changed system # 43124=Windows-Registry_Key_Virtualized system # 43125=Windows-SACL_Policy_Changed system # 43126=Windows-CrashOnAuditFail_Changed system # 43127=Windows-Domain_New_Trust_Created system # 43128=Windows-Domain_Trust_Removed system # 43129=Windows-Kerberos_Policy_Changed system # 43130=Windows-Domain_Info_Modified system # 43131=Windows-Security_Granted_Or_Removed system # 43132=Windows-Namespace_Collision error # 43133=Windows-Trusted_Forest_Added system # 43134=Windows-Trusted_Forest_Removed system # 43135=Windows-Trusted_Forest_Modified system # 43136=Windows-User_Right_Removed system # 43137=Windows-Encryption_Policy_Changed system # 43138=Windows-Firewall_Policy_Active system # 43139=Windows-Firewall_Rule_Listed system # 43140=Windows-Firewall_Rule_Deleted system # 43141=Windows-Firewall_Default_Settings_Restored system # 43142=Windows-Firewall_Setting_Changed system # 43143=Windows-Firewall_Rule_Ignored error # 43144=Windows-Firewall_Rule_Parts_Ignored error # 43145=Windows-Firewall_Policy_Applied system # 43146=Windows-Firewall_Profile_Changed system # 43147=Windows-Firewall_Rule_Discarded system # 43148=Windows-Group_Policy_Applied system # 43149=Windows-Security_Policy_Errors error # 43150=Windows-Firewall_Stopped error # 43151=Windows-Firewall_Policy_Storage_Error error # 43152=Windows-Firewall_Policy_Parsing_Error error # 43153=Windows-Firewall_Service_Failed error # 43154=Windows-Firewall_Service_Failed_Start error # 43155=Windows-Firewall_Failed_Notification error # 43156=Windows-Firewall_Driver_Started system # 43157=Windows-Firewall_Stopped restart # 43158=Windows-Firewall_Driver_Failure error # 43159=Windows-Firewall_Runtime_Failure error # 43160=Windows-Starting restart # 43161=Windows-Shutting_Down restart # 43162=Windows-Recovered restart # 43163=Windows-Network_Policy_Access_Granted login # 43164=Windows-Network_Policy_Denied_Access access-denied # 43165=Windows-Network_Policy_Discarded_Request access-denied # 43166=Windows-Network_Policy_Discarded_Acct_Request access-denied # 43167=Windows-Network_Policy_Quarantined_User access-denied # 43168=Windows-Network_Policy_Probation_User login # 43169=Windows-Network_Policy_Access_Granted login # 43170=Windows-Network_Policy_Account_Locked access-denied # 43171=Windows-Network_Policy_Account_Unlocked login # 43172=Windows-IPsec_Settings_Changed system # 43173=Windows-IPsec_Dropped_Inbound_Packet firewall # 43174=Windows-Permitted_Listening_Inbound_Connection connection # 43176=Windows-Indirect_Access_Requested system # 43177=Windows-Network_Share_Object_Checked system # 43178=Windows-Network_Share_Object_Added system # 43179=Windows-Credential_Validation_Failed login-failure # 43180=Windows-Successful_Network_Login login # 43181=Windows-Failed_Login login-failure # 43182=Windows-Login login # 43183=Windows-Network_Share_Access_Failed system # 43184=Windows-Successful_Network_Login login # 43185=Windows-Failed_Login login-failure # 43186=Windows-Kerberos_PreAuthentication_Failure login-failure # 43187=Windows-Operation_Performed_On_Object system # 43188=Windows-Operation_Performed_On_Object_Failed access-denied # 43189=Windows-Kerberos_Auth_Ticket_Request_Failed login-failure # 43190=Windows-Kerberos_Service_Ticket_Request_Failed system # 43191=Windows-Directory_Sync_Ended_Failed system # 43192=Windows-Active_Directory_Modified system # 43193=Windows-Cryptographic-Operation_Success system # 43194=Windows-Failed_Login login-failure # 43195=Windows-Integrity_Violation error # 43196=Windows-IPsec_Negotiation_Failed error # 43197=Windows-Workstation_Locked logout # 43298=Windows-Network_Share_Object_Check_Failed system # 43299=Windows-Password_Change_Attempt_Failed system # 43300=Windows-Audit_Log_Cleared system # 43301=Windows-Global_Group_Member_Removed system # 43302=Windows-IPsec_Policy_Apply_Failed system # 43303=Windows-Group_Type_Changed system # 43304=Windows-Event_Log_Full_Or_Unaccessable system # 43305=Windows-Password_Change_Attempt_Failed system # 43306=Windows-Requested_Handle_To_Object system # 43307=Windows-Requested_Handle_To_Object system # 43308=Windows-Attempted_Access_File_System system # 43309=Windows-Handle_Request_To_File_System system # 43310=Windows-IPsec_Service_Started system # 43311=Windows-Blocked_Incoming_Connection firewall # 43312=Windows-Filtering_Platform_Policy_Change system # 43313=Windows-System_Integrity_Corrupt_Hashes error # 43314=Windows-Login login # 43315=Windows-Failed_Login login-failure # 43316=Windows-IPsec_Negotiation_Failed error # 43317=Windows-Account_Management_Events application # 43318=Windows-DFSR_Replication_Prevented application # 43319=Windows-Audit_Events_Dropped error # 43320=Windows-Kerberos_Auth_Ticket_Request login # 43321=Windows-Kerberos_Service_Ticket_Request system # 43322=Windows-Kerberos_Service_Ticket_Renewed system # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_app.prm # # 3000=Windows-Application_Hung process # 3001=Windows-Application_Hung process # 3002=Windows-Application_Fault process # 3003=Windows-Application_Removed system # 3004=Windows-Application_Failed_Install error # 3005=Windows-Application_Installed system # 3007=VNC-Logon_Failure login-failure # 3008=Windows-System_Security_Policy_Applied system # 3019=VNC-Logon login # 3020=VNC-Logoff logout # 3021=Windows-Application_Installed system # 3022=VNC-Blacklisted login-failure # 3023=Windows-LSASS_Process_Failure_With_System_Restart error # 3024=Windows-Process_Failure_With_System_Restart error # 3034=Windows-Group_Policy_Failed error # 3035=Windows-Cannot_Bind_To_Domain error # 3036=Windows-McLogEvent process # 3037=Windows-SharePoint_Login_Failed login-failure # 3038=Windows-SharePoint_Server_Not_Responding error # 3039=Windows-Security_Policy_Not_Propagated error # 3040=Windows-Security_Policy_Propagated_Warning system # 3041=Windows-Security_Successful_Certificate_Enrollment system # 3042=Windows-Security_Failed_Certificate_Enrollment error # 3043=Windows-License_Validated system # 3044=Windows-Created_Restore_Point system # 3045=Windows-Outlook_Messages system # 3046=Windows-Policy_Updated system # 3047=Windows-Not_Compatible error # 3048=Windows-UltraVnc_Invalid_Attempt login-failure # 3049=Windows-Search_Error error # 3050=Windows-LCE_Client_Installation_Failed error # 30500=Windows-Unhandled_Exception error # 30501=Windows-Application_Failure_Event process # 30502=Windows-Database_Engine_Event system # 30503=Windows-Application_Activation_Error error # 30504=Windows-Application_Error_Expanding_File error # 30506=Windows-Msexchange_Non_Delivery error # 30507=Windows-Msexchange_Delivery_Attempt application # 30508=Windows-Msexchange_Message_Delivered application # 30509=Windows-Msexchange_Message_Sent application # 30510=Windows-Msexchange_Duplicate_Message application # 30511=Windows-Xslogging_System_IO_IOException application # 30512=Windows-Xslogging_System_Event application # 30513=Windows-Pcanywhere_Remote_Logoff logout # 30514=Windows-Pcanywhere_Host_Started application # 30515=Windows-IRIS_Authentication_Successful login # 30516=Windows-IRIS_Signon_Successful login # 30517=Windows-IRIS_Signon_Failed login-failure # 30518=Windows-IRIS_Signoff_Completed logout # 30519=Windows-IRIS_Misc_Messages system # 30520=Windows-Remote_User_Login_Record login # 30521=Windows-Software_Installed system # 30522=Windows-LoadPerf_Service_Loaded system # 30523=Windows-LoadPerf_Service_Removed system # 30524=Windows-LoadPerf_Service_Already_In_Registry system # 30526=Windows-ASPNET_Start_Registering system # 30527=Windows-ASPNET_Finish_Registering system # 30528=Windows-ASPNET_Failed error # 30529=Windows-Beginning_Installer_Transaction system # 30530=Windows-Update_Installed system # 30531=Windows-Installer_Reconfigured_Product system # 30532=Windows-Update_Installed system # 30533=Windows-Ended_Installer_Transaction system # 30534=Windows-Initialized_Virtual_Machine application # 30535=Windows-ADWS_Error error # 30536=Windows-ERAS_Refresh_Computer system # 30537=Windows-ERAS_Refresh_Computer_Submitted system # 30538=Windows-ERAS_Refresh_Computer_Successful system # 30539=Windows-ERAS_Add_User system # 30540=Windows-ERAS_Recover_Password system # 30541=Windows-ERAS_Get_Super_Response system # 30542=Windows-SMVI_Failed login-failure # 30543=Windows-ERAS_WMI_Request_Failed error # 30544=Windows-Cannot_Send_Email_Alert error # 30545=Windows-Storage_Does_Not_Exist system # 30546=Windows-MSSQL_License_Limit_Exceeded error # 30547=Windows-MSSQL_Primary_File_Group_Full error # 30548=Windows-ERAS_Service_Started system # 30549=Windows-ERAS_WSKS_Disabled system # 30550=Windows-User_Profile_Registry_In_Use system # 30551=Windows-Update_Retrieval system # 30552=Windows-WMI_Events_Not_Delivered error # 30553=Windows-SQLServerAgent_Started system # 30554=Windows-Netwatch_Error error # 30555=Windows-Netwatch_Communication_Loss error # 30556=Windows-Netwatch_Not_Monitoring_Server error # 30557=Windows-Complus_Suppressing_Log_Entries system # 30558=Windows-SPP_Messages system # 30559=Windows-SPP_Re_Started system # 30560=Windows-SPP_Init_Status system # 30561=Windows-SPP_Excluded_Policies system # 30562=Windows-SPP_License_Status system # 30563=Windows-MSSQL_VM_DBS_Messages system # 30564=Windows-MSSQL_ERAS_Messages system # 30565=Windows-MSSQL_SOLARWINDS_Messages system # 30566=Windows-Desktop_Window_Manager_Messages system # 30567=Windows-MSDTC_Started system # 30568=Windows-VSS_Shutting_Down system # 30569=Windows-vSphere_Installation_Failed error # 30570=Windows-Goverlan_Access_Denied error # 30571=Windows-Firewall_Events_Lost firewall # 30572=Windows-Security_Licensing_SLC system # 30573=Windows-SkypeUpdate_Messages system # 30574=Windows-WMI_Started_Initialized system # 30576=Windows-Machine_Account_Not_Found error # 30577=Windows-Cert_Not_In_validity_Period error # 30578=Windows-Installer_Error error # 30579=Windows-Installer_File_Inuse system # 30580=Windows-Restart_Required system # 30581=Windows-Goverlan_User_Not_Logged_On system # 30582=Windows-UPHClean_Handles_Remapped system # 30583=Windows-ERAS_Client_Not_Reached system # 30584=Windows-ASPNET_IIS_Not_Installed system # 30585=Windows-SQLWRITER_Error error # 30586=Windows-SQLVDI_Error error # 30587=Windows-Certificate_Services_Messages application # 30588=Windows_Active_Directory_Domain_Service_Message application # 30589=Windows_CEIP_Message application # 30590=Windows_Security_License_Failed application # 30591=Windows-SQLServerAgent_Status_Failed error # 30592=Windows-SMVI_Failed login-failure # 30593=Windows-Networker_Messages application # 30594=Windows-Msexchange_Logon login # 30595=Windows-Msexchange_Logon login # 30596=Windows-ASPNET_Forms_Authentication_Failed error # 30597=Windows-BlackBerry_Collaboration_Service error # 30598=Windows-Folder_Redirection application # 30599=Windows-User_Login_Record login # 30600=Windows-Smart_Card_Error error # 30601=Windows-Mandiant_Tools application # 30602=Windows-Outlook_Add_Ins application # 30603=Windows-DrWatson_Message error # 30604=Windows-Cannot_Unload_Registry_File application # 30605=Windows-Saved_User_Registry application # 30606=Windows-Unloaded_User_Registry application # 30607=Windows-Description_For_Event_ID_Not_Found application # 30608=Windows-License_Status_Check_Complete application # 30609=Windows-Group_Policy_Failed error # 30610=Windows-FileMaker_Messages application # 30611=Windows-PHP_Messages application # 30612=Windows-Disk_Defragmenter_Stats application # 30613=Windows-SPP_Failed_Restart error # 30614=Windows-LiveUpdate_Messages system # 30615=Windows-Brother_BrLog_Error error # 30616=Windows-CAPI2_Error error # 30617=Windows-ATIe_Maximum_Sessions error # 30618=Windows-Backup_Database_Failed error # 30619=Windows-Device_Or_Program_Attention application # 30620=Windows-Winlogon_Subscriber_Unavailable error # 30621=Windows-User_Notification_Service_Started application # 30622=Windows-LMS_Started application # 30623=Windows-Event_System_Timeout application # 30624=Windows-Smart_Card_Login login # 30625=Windows-SecurityCenter_Started application # 30626=Windows-ActivClient_Messages application # 30627=Windows-Server_Resumed_Execution application # 30628=Windows-NET_Runtime_Deleted_Image application # 30629=Windows-Stagent_Service_Running application # 30630=Windows-Bonjour_Scheduling_Error error # 30631=Windows-Defrag_Completed system # 30632=Windows-Smart_Card_Logon login-failure # 30633=Windows-Search_Messages application # 30634=Windows-RoxWatch_Possible_Malware intrusion # 30635=Windows-ExtremeZ-IP_Messages application # 30636=Windows-Microsoft_Office_Alert application # 30637=Windows-Application_Removed system # 30638=Windows-Process_Terminated process # 30639=Windows-Applicaiton_MsiInstaller_Error error # 30640=Windows-SharePoint_Warning application # 30641=Windows-WMI_Has_Stopped application # 30642=Windows-Winlogon_Failed_Termination_Of_Proceses application # 30643=Windows-BCAAA_Error error # 30644=Windows-Crypt32_Failed_Extract error # 30645=Windows-Crypt32_Threshold application # 30646=Windows-Crypt32_Failed_Auto_Update error # 30647=Windows-IRIS_Backup system # 30648=Windows-IRIS_Updated_Registry system # 30652=Windows-SharePoint_Error error # 30653=Windows-SiteMinder_Messages application # 30654=Windows-SharePoint_Critical_Message application # 30655=Windows-LANrev_Error error # 30656=Windows-IIS_Error error # 30657=Windows-VSS_Unexpected_Error error # 30658=Windows-SPP_Activation_Response_Processed system # 30659=Windows-SPP_Activation_Request_Sent system # 30660=Windows-VSS_Timed_Out_Deleting_Files system # 30661=Windows-Attempted_To_Stop_Shutdown application # 30662=Windows-Search_Error error # 30663=Windows-Listener_Adapter_Connected application # 30664=Windows-Script_Timeout error # 30669=Windows-In_Notification_Period application # 30670=Windows-Restart_Required application # 30671=Windows-Starting_Ending_First_Session application # 30672=Windows-Restart_Deffered application # 30673=Windows-MS_DTC_Service_Stopping application # 30674=Windows-License_Acquisition_Failure error # 30675=Windows-License_Activation_Failure error # 30676=Windows-License_Acquisition_Failure error # 30677=Windows-MSDTC_Error_Attempting_Connection error # 30678=Windows-Event_System_Unable_To_Remove_Object error # 30679=Windows-MsexchangeTransport_Configuration_Updated application # 30680=Windows-Msexchange_ADAprocess_Server_Unavailable application # 30681=Windows-Msexchange_ADAprocess_Controller_Changed application # 30682=Windows-EapHost_Validation_Failed error # 30683=Windows-Aceclient_Authentication_Manager_Not_Responding error # 30684=Windows-Ipswitch_Email_Network_Succeeded application # 30685=Windows-Filtering_FIPFS application # 30686=Windows-WinRM_ACtivity_Transfer application # 30687=Windows-WSMan_Session_Option_Set application # 30688=Windows-WinRM_Client_Cannot_Connect error # 30689=Windows-WSMan_Created_Session application # 30690=Windows-IIS_W3SVC_WP_Worker_Process_Error error # 30691=Windows-WinRM_WSMan_API_Call application # 30692=Windows-PowerShell_Messages application # 30693=Windows-WSMan_Session_Closed application # 30694=Windows-WSMan_CreateShell_Failed error # 30695=Windows-Infrastructure_Error error # 30696=Windows-GroupPolicy_Messages application # 30697=Windows-WMI_Activity_Messages application # 30698=Windows-WinRM_Timeout error # 30699=Windows-RPC_Proxy_Loaded_In_IIS application # 30700=Windows-JET_Database_Corrupt error # 30701=Windows-WMI_Unknown_Error error # 30702=Windows-Group_Policy_Error error # 30703=Windows-Known_Folders_Error error # 30704=Windows-WinRM_WSMan_Initializing application # 30705=Windows-WinRM_WSMan_Operation_Completed application # 30706=Windows-WinRM_Response_For_Operation application # 30707=Windows-WinRM_Client_Request_For_Operation application # 30708=Windows-WinRM_Entering_Leaving_For_Operation application # 30709=Windows-WinRM_Sending_Request_For_Operation application # 30710=Windows-Diagnosis application # 30711=Windows-Resource_Exhaustion application # 30712=Windows-RPC_IN_DATA application # 30713=Windows-RPC_OUT_DATA application # 30714=Windows-PowerShell_Messages application # 30715=Windows-PowerShell_Messages application # 30716=Windows-WinRM_ACtivity application # 30717=Windows-WinRM_User_Authentication login # 30718=Windows-WinRM_HTTP_Status_Denied web-error # 30719=Windows-WinRM_HTTP_Status_OK web-access # 30720=Windows-WinRM_Shell_Output_Failed error # 30721=Windows-WinRM_Signal_Shell_Failed error # 30722=Windows-WinRM_Win_HTTP_Cannot_Connect error # 30723=Windows-WinRM_Delete_Shell_Failed error # 30724=Windows-WinRM_HTTP_Status_Service_Unavailable error # 30725=Windows-WinRM_Deinitialize_WSMan_API application # 30726=Windows-WinRM_Service_Start application # 30727=Windows-Forefront_Protection_Messages application # 30728=Windows-Bits_Messages application # 30729=Windows-Impact_Telemetry_Not_Running error # 30730=Windows-Update_Client_Change application # 30731=Windows-Restart_Manager_Messages application # 30732=Windows-FSCRealtimeScanner_Disabled application # 30733=Windows-FSCTransportScanner_Disabled_Enabled application # 30734=Windows-FSCRealtimeScanner_Enabled application # 30735=Windows-FSCScheduledScanner_Enabled application # 30736=Windows-FSCScheduledScanner_Disabled application # 30737=Windows-FSCController_Messages application # 30738=Windows-FSEIMC_Started_Stopped application # 30739=Windows-Program_Inventory application # 30740=Windows-Language_Pack_Cleanup application # 30741=Windows-ASP_NET_Request_Aborted error # 30742=Windows-Program_Updater_Statistics application # 30743=Windows-DB2_Monitor_Capacity_Reached application # 30744=Windows-Successfully_Applied_Security_Policy application # 30745=Windows-SMS_Network_Path_Not_Found error # 30746=Windows-SharePoint_Information application # 30747=Windows-SharePoint_Metadata_Service_Connected application # 30748=Windows-SharePoint_Database_Error error # 30749=Windows-Server_Database_Maint_Or_Reconfig application # 30750=Windows-Server_AppDomain_Unloaded application # 30751=Windows-Database_Engine_Event_Error system # 30752=Windows-Unable_Create_Shadow_Copy error # 30753=Windows-Report_Server_Error error # 30754=Windows-WSUS_Working_Correctly system # 30755=Windows-Forescout_HTTP_Upload_Started application # 30756=Windows-Forescout_Cannot_Locate_Resource error # 30757=Windows-Forescout_Vulnerabilities_Inspection_Started application # 30758=Windows-Forescout_HPS_No_Updates application # 30759=Windows-Forescout_Search_Finished application # 30760=Windows-Failed_Restore_Point_Creation error # 30761=Windows-WMI_RequiresEncryption_Flag application # 30762=Windows-SMS_Information_Messages application # 30763=Windows-FailoverClustering_Messages application # 30764=Windows-Server_ActiveSync application # 30765=Windows-Deployment_Provider application # 30766=Windows-SMBClient_Timed_Out error # 30767=Windows-SPP_Activation_Processed system # 30768=Windows-SQLServerAgent_Check_Service_Successful application # 30769=Windows-SQLAgent_SKOPUSSQLSERVER_IsAlive_Request application # 30770=Windows-SQLAgent_SKOPUSSQLSERVER_Check_Service_Successful application # 30771=Windows-SQLServerAgent_IsAlive_Request application # 30772=Windows-SMS_Error_Messages error # 30773=Windows-SMS_Warning_Messages application # 30774=Windows-CFFFilter_Error error # 30775=Windows-SMBWWitness_Information_Message application # 30776=Windows-SMBWWitnessClient_Error_Message error # 30777=Windows-ServiceModel_Error error # 30778=Windows-WinRM_Started_Create_Session application # 30779=Windows-WinRM_Began_An_Operation application # 30780=Windows-WinRM_Access_Error error # 30781=Windows-WinRM_Get_Failed error # 30782=Windows-WinRM_Handler_Closed_Session application # 30783=Windows-WinRM_Session_Completed_Successfully application # 30784=Windows-MultiMachine_Enumerate_Error error # 30785=Windows-MultiMachine_Data_Collection_Exception application # 30786=Windows-SMBWWitnessService_Error_Message error # 30787=Windows-SMBWWitnessClient_Unregister_Request application # 30788=Windows-Management_Provider_Messages application # 30789=Windows-MultiMachine_Invoke_Method_Started application # 30790=Windows-MultiMachine_Refresh_Method_Started application # 30791=Windows-MultiMachine_Creating_New_Session application # 30792=Windows-MultiMachine_Enumerate_Started application # 30793=Windows-MultiMachine_Invoke_Method_Error error # 30794=Windows-MultiMachine_Properties_Refresh_Started application # 30795=Windows-MultiMachine_WinRM_Check_Completed application # 30796=Windows-MultiMachine_Metadata_Failed_Retrieval application # 30797=Windows-MultiMachine_Properties_Refresh_Completed application # 30798=Windows-MultiMachine_WinRM_Check_Started application # 30799=Windows-MultiMachine_Refresh_Item_Completed application # 30800=Windows-MultiMachine_Invoke_Method_Data_Received application # 30801=Windows-MultiMachine_Cluster_Query_Message application # 30802=Windows-MultiMachine_Invoke_Method_Completed application # 30803=Windows-MultiMachine_Refresh_Session_completed application # 30804=Windows-SMBWWitnessClient_Messages application # 30805=Windows-SMBClient_Registration_Completed application # 30806=Windows-MSMQ_Could_Not_Resolve_Name application # 30807=Windows-SMBClient_Deregistration_Completed application # 30808=Windows-RemoteDesktopServices_RdpCoreTS connection # 30809=Windows-International_Critical error # 30810=Windows-Net_Runtime_Profiler_Loaded application # 30811=Windows-List_Of_GPOs application # 30812=Windows-Plugin_DSScheduler_Exception application # 30813=Windows-GroupPolicy_Deferred_Or_Completed application # 30814=Windows-ServiceModel_Messaging_Turned_On application # 30815=Windows-RemoteDesktopServices_RdpCoreTS application # 30816=Windows-Shell_Core application # 30817=Windows-WinINet_Config application # 30818=Windows-Immersive_Shell application # 30819=Windows-Remote_Desktop_Config_Time application # 30820=Windows-PnP_New_Device_Interface application # 30821=Windows-PnP_Device_Was_Configured application # 30822=Windows-PnP_Device_Unconfigured application # 30823=Windows-Device_Setup_Manager_Stopping application # 30824=Windows-Web_Event_Configuration_Error error # 30825=Windows-AppReadiness_Completed_Tasks application # 30826=Windows-Services_Session_Changed application # 30827=Windows-MultiMachine_Initialization_Task application # 30828=Windows-MultiMachine_Startup_Task application # 30829=Windows-MultiMachine_Plugin_Registration application # 30830=Windows-MultiMachine_Refresh_Task application # 30831=Windows-MultiMachine_Plugin_Load_Task application # 30832=Windows-Crypto_Master_Key_Created application # 30833=Windows-User_Regular_Profile system # 30834=Windows-Begin_End_Session_Arbitration application # 30835=Windows-Session_Disconnected application # 30836=Windows-PnP_Device_Started application # 30837=Windows-Packages_Will_Be_Installed_Removed application # 30838=Windows-Determining_Packages_To_Be_Installed application # 30839=Windows-AppReadiness_Status_Changed application # 30840=Windows-AppReadiness_Started_Processing_Tasks application # 30841=Windows-AppReadiness_System_Upgrade_Cleanup application # 30842=Windows-AppReadiness_Finished_Processing_Tasks application # 30843=Windows-Compatibility_Fix_Applied application # 30844=Windows-AppReadiness_Service_Started application # 30845=Windows-AppReadiness_User_Login_Started login # 30846=Windows-AppReadiness_User_Login_Succeeded login # 30847=Windows-AppReadiness_Mode_Changed application # 30848=Windows-AppReadiness_Started_Group application # 30849=Windows-AppReadiness_Finished_Group application # 30850=Windows-AppReadiness_Next_Task_Selected application # 30851=Windows-AppReadiness_Task_Finished application # 30853=Windows-MUI_Resource_Cache_Builder_Invoked application # 30854=Windows-MUI_Resource_Cache_Built application # 30855=Windows-Update_Client_Check_Failed error # 30856=Windows-Update_Client_Connectivity_Established application # 30857=Windows-Update_Client_Service_Stop_Request application # 30858=Windows-Update_Client_Downloaded application # 30859=Windows-Package_Change_Initiated application # 30860=Windows-Package_Changed application # 30861=Windows-Package_Change_Failed error # 30862=Windows-Third_Party_Root_Certificate_Update application # 30863=Windows-SiteMinder_Messages_Error error # 30864=Windows-SiteMinder_Messages_Warning error # 30865=Windows-Worker_Process_Shutdown system # 30866=Windows-Job_Agent_Execution_Error error # 30867=Windows-Service_Entered_Running_State system # 30868=Windows-Service_Entered_Stopped_State system # 30869=Windows-MSWinEventLOg_Information_Message application # 30870=Windows-WinHTTP_Web_Proxy_Sent_Start_Control system # 30871=Windows-System_Time_Changed system # 30873=Windows-Service_Will_Be_Shutdown system # 30874=Windows-Service_Suspended_Operation system # 30875=Windows-Network_Link_Disconnected network # 30876=Windows-Network_Link_Established network # 30877=Windows-Group_Policy_Registry_Space_On_Disk application # 30878=Windows-Network_Connection_Closed_By_Peer error # 30879=Windows-Unable_To_Connect_To_Automatic_Updates application # 30880=Windows-Trusted_Certificate_Authorities_Truncated application # 30881=Windows-Module_Failed_To_Delete_Log error # 30882=Windows-Module_Failed_To_Write_Events_To_Log error # 30883=Windows-Summary_Of_Disk_Space application # 30884=Windows-TaskScheduler_Behind_Deadline application # 30885=Windows-TaskScheduler_State_Changed detected-change # 30886=Windows-Time_Zone_Sync_Task application # 30887=Windows-Time_Zone_Sync_Task_Error error # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_sec.prm # # 3200=Windows-Logon login # 3201=Windows-Logon_Failure login-failure # 3202=Windows-Administrator_Logon_Failure login-failure # 3203=Windows-Successful_Logon login # 3204=Windows-Successful_Administrator_Logon login # 3205=Windows-Successful_Logoff logout # 3206=Windows-Pre-Authentication_Failed login-failure # 3207=Windows-Special_Privileges_Assigned system # 3208=Windows-Service_Ticket_Granted system # 3209=Windows-Account_Used_For_Login login # 3210=Windows-Authentication_Ticket_Granted system # 3211=Windows-Handle_Closed system # 3212=Windows-Trusted_Logon_Process login # 3214=Windows-Privileged_Service_Called system # 3216=Windows-Kerberos_Policy_Changed system # 3217=Windows-Security_Enabled_Global_Group_Member system # 3218=Windows-Ticket_Granted_Renewed system # 3219=Windows-Authentication_Ticket_Request_Failed login-failure # 3220=Windows-Service_Ticket_Request_Failed login-failure # 3222=Windows-Account_Logon_Failed login-failure # 3223=Windows-Successful_Network_Login login # 3224=Windows-User_Password_Set_Failed system # 3225=Windows-Successful_Network_Login login # 3226=Windows-IP_Conflict error # 3227=Windows-Time_Change system # 3228=Windows-User_Account_Deleted system # 3229=Windows-User_Account_Changed system # 3230=Windows-User_Account_Created system # 3231=Windows-User_Password_Set system # 3232=Windows-Audit_Policy_Changed system # 3233=Windows-Audit_Log_Cleared system # 3234=Windows-Account_Enabled system # 3236=Windows-Account_Currently_Disabled login-failure # 3238=Windows-User_Account_Disabled system # 3239=Windows-User_Passwd_Expired system # 3240=Windows-Account_Passwd_Expired system # 3241=Windows-Account_Passwd_Expired system # 3242=Windows-Successful_Access_Grant system # 3243=Windows-Directoryservice_Restore_Mode_Password_Changed system # 3244=Windows-Account_Name_Changed system # 3245=Windows-Security_Enabled_Global_Group_Changes system # 3246=Windows-Security_Enabled_Local_Group_Changes system # 3247=Windows-Security_Enabled_Universal_Group_Changes system # 3248=Windows-Account_Expired login-failure # 3249=Windows-Special_Privilege_New_Logon login # 3250=Windows-Logon_Failure_Invalid_Logon_Type login-failure # 3251=Windows-Service_Installation_Attempt error # 3252=Windows-Logon_Failure_Incorrect_Logon_Time login-failure # 3253=Windows-System_Access_Grant system # 3254=Windows-Domain_Security_Policy_Change system # 3255=Windows-Account_Priviledge_Change system # 3256=Windows-New_Process_Created process # 3257=Windows-Process_Exited process # 3258=Windows-Host_Shutdown restart # 3260=Windows-Successful_Network_Login login # 3261=Windows-Account_Locked login-failure # 3262=Windows-Logon_With_Credentials login # 3263=Windows-Session_Reconnected system # 3264=Windows-Process_Assigned_Primary_Token system # 3265=Windows-Privilege_Change system # 3266=Windows-Directory_Replication_Operation system # 3267=Windows-Directory_Replication_Operation system # 3268=Windows-Directory_Replication_Operation system # 3269=Windows-Logon-Error login-failure # 3271=Windows-Password_Checking system # 3272=Windows-New_Process_Accepting_Traffic system # 3274=Windows-Login_Failure_Bad_Password login-failure # 3275=Windows-Login_Failure_Bad_Account login-failure # 3276=Windows-Login_Failure_Restriction login-failure # 3277=Windows-Login_Failure_Illegal_Host login-failure # 3278=Windows-Login_Failure_Expired_Password login-failure # 3279=Windows-Login_Failure_Account_Locked login-failure # 3280=Windows-Login_Failure_Account_Expired login-failure # 3281=Windows-Login_Failure_Account_Locked login-failure # 3282=Windows-Login_Failure login-failure # 3283=Windows-Logout logout # 3285=Windows-Computer_Account_Changed system # 3286=Windows-Firewall_Application_Changed system # 3287=Windows-Firewall_Application_Could_Not_Be_Started error # 3288=Windows-Application_Listening_For_Traffic system # 3289=Windows-Login_Failed_Account_Disabled login-failure # 3290=Windows-Successful_Network_Login login # 3291=Windows-Privileged_Service_Failed error # 3292=Windows-IPsec_Failed error # 3293=Windows-Session_Disconnect system # 3294=Windows-Successful_Network_Login login # 3295=Windows-Successful_Batch_Logon login # 3296=Windows-Successful_Service_Logon login # 3297=Windows-Successful_Unlock login # 3298=Windows-Successful_Remote_Session_Login login # 3299=Windows-Successful_Cached_Login login # 3320=Windows-Authentication_Package_Loaded system # 3321=Windows-User_Audit_Policy_Refreshed system # 3322=Windows-Failed_Audit_Of_Master_Key system # 3326=Windows-Authentication_Ticket_Not_Granted system # 3327=Windows-Successful_RunAs_Command login # 3328=Windows-Account_Locked system # 3329=Windows-Port_Exception system # 3330=Windows-Task_Created_Or_Modified system # 3331=Windows-User_Not_Allowed_Login login-failure # 3332=Windows-Netlogon_Not_Active login-failure # 3333=Windows-Audit_Failure error # 3334=Windows-Unable_To_Log_Events error # 3335=Windows-User_Account_Privilege_Removed system # 3336=Windows-System_Security_Access_Removed system # 3337=Windows-Service_Ticket_Request_Fail access-denied # 3338=Windows-Pre-Authentication_Failed login-failure # 3339=Windows-Admin_ACLs_Set system # 3340=Windows-Successful_Network_Login login # 3341=Windows-User_Password_Set_Failed_Audit system # 3342=Windows-User_Account_Unlocked system # 3343=Windows-Logon-Error login-failure # 3344=Windows-Logon-Error login-failure # 3345=Windows-Mapping_Attempted system # 3346=Windows-Session_Reconnected system # 3347=Windows-Global_Group_Member_Removed system # 3348=Windows-New_Computer_Account_Created system # 3349=Windows-Global_Group_Changed system # 23350=Windows-Trusted_Domain_Information_Modified system # 23351=Windows-Group_Type_Changed system # 23352=Windows-Started system # 23353=Windows-Universal_Group_Created system # 23354=Windows-Logon_Failure login-failure # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_sys.prm # # 3103=Windows-Live_Updates_Ready system # 3104=Windows-Hotfix_Installed system # 3105=Windows-Browser_Failed_To_Retrieve error # 3106=Windows-Browser_Unable_To_Retrieve error # 3107=Windows-Print_Information system # 3108=Windows-Print_Warning error # 3109=Windows-Time_Sync system # 3110=Windows-Drive_Removed system # 3111=Windows-Timesync_Error error # 3112=Windows-Update_Successful system # 3113=Windows-Bad_Logon login-failure # 3114=Windows-Protocol_Error error # 3115=Windows-LSASRV_Authentication_Warning system # 3116=Windows-System_Restart restart # 3117=Windows-Service_Control_Manager_Error error # 3118=Windows-Service_Terminated error # 3119=Windows-Max_Concurrent_TCP_Sessions error # 3120=Windows-Print_Failure error # 3121=Windows-Illegal_Radius_Client access-denied # 3122=Windows-Print_Drivers_Added system # 3123=Windows-Printer_Removed system # 3124=Windows-Printer_Removed system # 3125=Windows-Unplanned_Shutdown restart # 3126=Windows-WINS_Corruption system # 3127=Windows-Updates_Ready system # 3128=Windows-Restart_Required restart # 3129=Windows-Disk_Full error # 3130=Windows-Access_Request_Discarded system # 3131=Windows-Domain_Controller_Not_Available error # 3132=Windows-DCOM_Unable_To_Logon error # 3133=Windows-Server_Failed_To_Load_Application error # 3134=Windows-Authentication_Protocol_Unavailable error # 3135=Windows-Attempted_Downgrade_Attack intrusion # 3136=Windows-Domain_Controller_Error error # 3137=Windows-Kerberos_Error error # 3138=Windows-Failed_To_Register_Host error # 3139=Windows-Failed_To_Accquire_Time error # 3140=Windows-Detected_Controller_Error error # 3141=Windows-Master_Browser_Election system # 3142=Windows-Generic_System_Error error # 3143=Windows-ServicePack_Log_Event system # 3144=Windows-LSA_Access_Attempt access-denied # 3147=Windows-Network_Adapter_Disconnected system # 3148=Windows-Time_Synchronizing system # 3149=Windows-Hardware_Failure error # 31510=Windows-Out-Of-Date_Firmware error # 31511=Windows-Request_Not_Decoded access-denied # 31512=Windows-Smart_Card_Reader_Error error # 31513=Windows-Failed_To_Flush_Data error # 31514=Windows-Failed_To_Register_Pointer error # 31515=Windows-Could_Not_Authenticate_Target_Name error # 31516=Windows-Unexpected_Shutdown restart # 31517=Windows-File_System_Corrupt error # 31518=Windows-Resumed_From_Sleep_Mode restart # 31519=Windows-Entering_Sleep_Mode restart # 31520=Windows-Printed_Document system # 31521=Windows-Schannel_Error error # 31522=Windows-Logon_Notification_Improvement_Program system # 31523=Windows-Group_Policy_Settings_Processed system # 31524=Windows-Printer_Driver_Error error # 31525=Windows-DNS_Servers_Timeout error # 31526=Windows-Bad_Block_Detected error # 31527=Windows-IAS_User_Granted_Access login # 31528=Windows-DCOM_CLSID_Unable_To_Launch access-denied # 31529=Windows-UpdateClient_Installation_Failure error # 31530=Windows-UpdateClient_Installation_Ready system # 31531=Windows-Forefront_Assessment_Applied system # 31532=Windows-Forefront_Signatures_Updated system # 31533=Windows-Forefront_Detected_Changes system # 31534=Windows-Restart_Shutdown restart # 31535=Windows-No_Credential system # 31536=Windows-User_Does_Not_Have_Remote_Access login-failure # 31537=Windows-User_Does_Not_Have_Permission_For_Dial_In login-failure # 31538=Windows-Update_Successful_Needs_Restart system # 31540=Windows-Service_Changed system # 31541=Windows-Service_Entered_Running_State system # 31542=Windows-Service_Start_Control system # 31543=Windows-RSM_Stopped system # 31544=Windows-WinHttpAutoProxySvc_Shutting_Down system # 31545=Windows-WinHttpAutoProxySvc_Suspended system # 31546=Windows-System_Uptime system # 31547=Windows-Browser_Service_Failed error # 31548=Windows-Service_Entered_Stopped_State system # 31549=Windows-TermService_Error error # 31550=Windows-Srv_Error error # 31551=Windows-Service_Timeout system # 31552=Windows-Service_Sent_Stop_Control system # 31553=Windows-Service_Installed system # 31554=Windows-Application_Timeout_Limit_Reached system # 31555=Windows-PowerPoint_Document_Deleted system # 31556=Windows-Browser_Failed_To_Retrieve_Servers system # 31557=Windows-Popup_Messages system # 31558=Windows-DistributedCOM_Errors error # 31559=Windows-Document_Deleted system # 31560=Windows-Logoff_Notification system # 31562=Windows-Authentication_Request_Failed system # 31563=Windows-Tcpip_Network_Adapter_Normal system # 31564=Windows-Printer_Not_Restored system # 31565=Windows-Device_Name_List_Invalid system # 31566=Windows-DCOM_Error_Starting_Command access-denied # 31567=Windows-Power_Supply_Failure system # 31568=Windows-Fan_Failure error # 31569=Windows-License_Warning system # 31570=Windows-License_Certificate_Expired system # 31571=Windows-Remote_Scheduler_Failed error # 31572=Windows-Redundancy_Lost system # 31574=Windows-Forefront_Assessment_Completed system # 31575=Windows-Forefront_Signatures_Reloaded system # 31576=Windows-Sesssion_Failed_To_Authenticate access-denied # 31577=Windows-IP_Addresses_Dont_Map system # 31578=Windows-No_Trust_Account error # 31579=Windows-PrintSpooler system # 31580=Windows-Service_Terminated_Specific error # 31581=Windows-DCOM_Started_Service system # 31582=Windows-DHCP_Client_Service_Stopped system # 31583=Windows-Event_log_Stopped system # 31584=Windows-Network_Error system # 31585=Windows-Time_Changed system # 31586=Windows-Service_Table_Full system # 31587=Windows-Service_Database_Locked system # 31588=Windows-Password_Expired_Attempted_Change system # 31589=Windows-Failed_To_Apply_Settings error # 31590=Windows-Shadow_Copy_Deleted system # 31591=Windows-Worker_Process_Requested_Recycle system # 31592=Windows-WinRM_Failed_To_Create_SPNs system # 31593=Windows-VirtualCenter_Server_Logon_Failure login-failure # 31594=Windows-iScsiPrt_Error error # 31595=Windows-Mfehidk_Warning application # 31596=Windows-User_Connection_Stats connection # 31597=Windows-User_Authenticated login # 31598=Windows-User_Assigned_Address login # 31599=Windows-Telephony_Failed error # 31600=Windows-Pull_Replication_Verification system # 31601=Windows-Wins_Pull_Error error # 31602=Windows-Wins_Consistency_Check system # 31603=Windows-Wins_Connection_Aborted error # 31604=Windows-Wins_Push_Error error # 31605=Windows-Wins_Consistency_Started_Completed system # 31606=Windows-Process_Terminated_Exceeded_Time system # 31607=Windows-Logon_Timeout login-failure # 31608=Windows-TermService_Exceeded_Logon_Attempts login-failure # 31609=Windows-Virtual_Disk_Service_Failure error # 31610=Windows-Removed_Malware system # 31611=Windows-UpdateClient_Cannot_Connect_To_Service system # 31612=Windows-USB_Driver_Error error # 31613=Windows-Driver_Service system # 31614=Windows-Install_Driver_File system # 31615=Windows-Time_Error error # 31616=Windows-Time_No_Valid_Response_Received system # 31617=Windows-Logon_Cache_Entry login # 31618=Windows-Disk_Error error # 31619=Windows-TPM_Failed error # 31620=Windows-TPM_Security_Device_Not_Found system # 31621=Windows-Smartcard_Reader_Message system # 31622=Windows-System_Filter_Loaded_Registered system # 31623=Windows-Compatibility_Assistant_Service system # 31624=Windows-Kernel_Error error # 31625=Windows-Connection_Link_Established connection # 31626=Windows-Connection_Link_Disconnected connection # 31627=Windows-Time_Not_Synchronizing system # 31628=Windows-Time_Unable_To_Set_Domain_Peer system # 31629=Windows-AntiMalware_Running system # 31630=Windows-Defender_Running system # 31631=Windows-Drivers_Installed_Or_Upgraded system # 31632=Windows-User_Attempted_Restart_Shutdown system # 31633=Windows-AntiMalware_Signature_Update system # 31634=Windows-Virtual_Disk_Service_Start_Stop application # 31635=Windows-Server_Administrator_Storage_Service system # 31636=Windows-iScsiPrt_Reconnected system # 31637=Windows-iScsiPrt_Logout_Message logout # 31638=Windows-User_Account_Locked login-failure # 31639=Windows-Adapter_Brought_Up system # 31640=Windows-WinRM_Is_Listening system # 31641=Windows-Tcpip_Failed_Outgoing_Connection system # 31642=Windows-Patrol_Read_Started_Stopped system # 31643=Windows-CommVault_Service_Changed system # 31644=Windows-Currently_Receiving_Valid_Time_Data system # 31645=Windows-SideBySide_Error error # 31646=Windows-DnsApi_Failed_To_Register_Host system # 31647=Windows-Servicing_Messages system # 31648=Windows-HttpEvent_Unable_To_Write_To_Log system # 31649=Windows-Power_Supply_Returned_To_Normal system # 31650=Windows-Redundancy_Regained system # 31651=Windows-NETLOGON_Unable_To_Connect_Domain error # 31652=Windows-Update_Agent_Unable_To_Connect error # 31653=Windows-Antimalware_Configuration_Change system # 31654=Windows-Antimalware_Scan_Started application # 31655=Windows-Antimalware_Scan_Finished application # 31656=Windows-Antimalware_Version_Updated application # 31657=Windows-Service_Publishing_To_Network application # 31658=Windows-Possible_Bad_Block error # 31659=Windows-Crash_Dump_Failed error # 31660=Windows-Rebooted_Cleanly restart # 31661=Windows-NtpCLient_Unable_To_Set_Peer system # 31662=Windows-Unable_To_Register_Address error # 31663=Windows-Could_Not_Bind error # 31664=Windows-Shadow_Copy_Aborted error # 31665=Windows-Unable_To_Find_Suitable_Certificate system # 31666=Windows-Defender_Detected_Changes system # 31667=Windows-Defender_Action_Taken intrusion # 31668=Windows-No_Server_Credential system # 31669=Windows-Joined_Domain system # 31670=Windows-ATI_Driver_Message system # 31671=Windows-Application_Exceeded_Time_Limit_During_Shutdown system # 31672=Windows-UserPnp_Changed_State system # 31673=Windows-Update_Of_Active_Directory_Failed error # 31674=Windows-Session_Setup_Not_Responsive error # 31675=Windows-DFS_Messages system # 31676=Windows-Time_Service_Advertising system # 31677=Windows-Wins_Could_Not_Initialize_Security error # 31678=Windows-Wins_Now_Operational system # 31679=Windows-SNMP_Started system # 31680=Windows-GroupPoliy_Unable_To_Apply_Settings system # 31681=Windows-HttpEvent_Disk_Full system # 31682=Windows-Tcpip_Address_Conflict error # 31683=Windows-Isatap_No_Longer_Active system # 31684=Windows-Service_Changed system # 31685=Windows-Update_Downloaded system # 31686=Windows-User_Authenticated login # 31687=Windows-User_Assigned_Address login # 31688=Windows-User_Connection_Stats connection # 31689=Windows-User_Disconnected logout # 31690=Windows-Master_Browser_Stopped system # 31691=Windows-LDAP_Authentication_Failed error # 31692=Windows-Router_Advertisement_Settings_Changed detected-change # 31693=Windows-NLB_Cluster_Load_Balancing_Traffic detected-change # 31694=Windows-Update_Detected system # 31695=Windows-NLB_Initiating_Convergence system # 31696=Windows-RDP_TCP_Received_Connection connection # 31697=Windows-NLB_Updated_Successfully system # 31698=Windows-NLB_Configuration_Update_Started system # 31699=Windows-NLB_Driver_Successfully_Attached system # 31700=Windows-NLB_Host_Stats_Updated system # 31701=Windows-NLB_Driver_Detached system # 31702=Windows-NLB_Host_Active_Member system # 31703=Windows-NLB_Host_No_Longer_Active_Member system # 31704=Windows-NLB_Registry_Parameters_Reloaded system # 31705=Windows-Network_Profile_Message system # 31706=Windows-Disable_Background_Hive_Success system # 31707=Windows-Forwarder_Policy_Changed detected-change # 31709=Windows-IPsec_Main_Mode_Failure error # 31710=Windows-IIS_Kill_Command_Received system # 31711=Windows-IIS_Reset_Error error # 31712=Windows-IIS_Stop_Command_Issued system # 31713=Windows-IIS_Start_Command_Issued system # 31714=Windows-Update_Found_Updates system # 31715=Windows-Automatic_Updates_Paused system # 31716=Windows-Remote_connect_Authentication_Success system # 31717=Windows-Remote_Desktop_Disconnected system # 31718=Windows-Remote_Desktop_Logout logout # 31719=Windows-Remote_Desktop_Login login # 31720=Windows-Remote_Desktop_Shell_Start system # 31721=Windows-User_Profile_Login_Notification system # 31722=Windows-User_Profile_Logout_Notification system # 31723=Windows-User_Profile_Registry_Loaded system # 31724=Windows-Iphlpsvc_Unable_To_Update_IP error # 31725=Windows-WHEA_Logger_Warning system # 31726=Windows-Hive_History_Cleared system # 31727=Windows-DHCP_Server_Percent_Full_Message system # 31728=Windows-NLB_Timer_Starvation_Messages system # 31729=Windows-Server_Nonpaged_Pool_Limit error # 31730=Windows-Group_Policy_PresentationFonts_Failed error # 31731=Windows-Group_Policy_Sofware_Install_Failed error # 31732=Windows-Group_Policy_Sofware_Install_Delayed system # 31733=Windows-Registery_Corrupt_Or_Low_Memory error # 31734=Windows-Controller_Addresses_Dont_Map system # 31735=Windows-SSL_Certificate_Settings_Deleted system # 31736=Windows-SSL_Certificate_Settings_Created system # 31737=Windows-Computer_Account_Password_Changed_By_System system # 31738=Windows-Computer_Account_Password_Changed_By_System error # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_syslog_app.prm # # 19000=Windows-Application_Hung process # 19001=Windows-Application_Hung process # 19002=Windows-Application_Fault process # 19003=Windows-Application_Removed system # 19004=Windows-Application_Failed_Install error # 19005=Windows-Application_Installed system # 19007=VNC-Logon_Failure login-failure # 19008=Windows-System_Security_Policy_Applied system # 19019=VNC-Logon login # 19020=VNC-Logoff logout # 19021=Windows-Application_Installed system # 19022=VNC-Blacklisted login-failure # 19023=Windows-LSASS_Process_Failure_With_System_Restart error # 19024=Windows-Process_Failure_With_System_Restart error # 19034=Windows-Group_Policy_Failed error # 19035=Windows-Cannot_Bind_To_Domain error # 19036=Windows-McLogEvent process # 19037=Windows-SharePoint_Login_Failed login-failure # 19038=Windows-SharePoint_Server_Not_Responding error # 19039=Windows-Security_Policy_Not_Propagated error # 19040=Windows-Security_Policy_Propagated_Warning system # 19041=Windows-Security_Successful_Certificate_Enrollment system # 19042=Windows-Security_Failed_Certificate_Enrollment error # 19043=Windows-License_Validated system # 19044=Windows-Created_Restore_Point system # 19045=Windows-Outlook_Messages system # 19046=Windows-Policy_Updated system # 19047=Windows-Not_Compatible error # 19048=Windows-UltraVnc_Invalid_Attempt login-failure # 19049=Windows-Search_Error error # 19050=Windows-LCE_Client_Installation_Failed error # 46500=Windows-Unhandled_Exception error # 46501=Windows-Application_Failure_Event process # 46502=Windows-Database_Engine_Event system # 46503=Windows-Application_Activation_Error error # 46504=Windows-Application_Error_Expanding_File error # 46506=Windows-Msexchange_Non_Delivery error # 46507=Windows-Msexchange_Delivery_Attempt application # 46508=Windows-Msexchange_Message_Delivered application # 46509=Windows-Msexchange_Message_Sent application # 46510=Windows-Msexchange_Duplicate_Message application # 46511=Windows-Xslogging_System_IO_IOException application # 46512=Windows-Xslogging_System_Event application # 46513=Windows-Pcanywhere_Remote_Logoff logout # 46514=Windows-Pcanywhere_Host_Started application # 46515=Windows-IRIS_Authentication_Successful login # 46516=Windows-IRIS_Signon_Successful login # 46517=Windows-IRIS_Signon_Failed login-failure # 46518=Windows-IRIS_Signoff_Completed logout # 46519=Windows-IRIS_Misc_Messages system # 46520=Windows-Remote_User_Login_Record login # 46521=Windows-Software_Installed system # 46522=Windows-LoadPerf_Service_Loaded system # 46523=Windows-LoadPerf_Service_Removed system # 46524=Windows-LoadPerf_Service_Already_In_Registry system # 46526=Windows-ASPNET_Start_Registering system # 46527=Windows-ASPNET_Finish_Registering system # 46528=Windows-ASPNET_Failed error # 46529=Windows-Beginning_Installer_Transaction system # 46530=Windows-Update_Installed system # 46531=Windows-Installer_Reconfigured_Product system # 46532=Windows-Update_Installed system # 46533=Windows-Ended_Installer_Transaction system # 46534=Windows-Initialized_Virtual_Machine application # 46535=Windows-ADWS_Error error # 46536=Windows-ERAS_Refresh_Computer system # 46537=Windows-ERAS_Refresh_Computer_Submitted system # 46538=Windows-ERAS_Refresh_Computer_Successful system # 46539=Windows-ERAS_Add_User system # 46540=Windows-ERAS_Recover_Password system # 46541=Windows-ERAS_Get_Super_Response system # 46542=Windows-SMVI_Failed login-failure # 46543=Windows-ERAS_WMI_Request_Failed error # 46544=Windows-Cannot_Send_Email_Alert error # 46545=Windows-Storage_Does_Not_Exist system # 46546=Windows-MSSQL_License_Limit_Exceeded error # 46547=Windows-MSSQL_Primary_File_Group_Full error # 46548=Windows-ERAS_Service_Started system # 46549=Windows-ERAS_WSKS_Disabled system # 46550=Windows-User_Profile_Registry_In_Use system # 46551=Windows-Update_Retrieval system # 46552=Windows-WMI_Events_Not_Delivered error # 46553=Windows-SQLServerAgent_Started system # 46554=Windows-Netwatch_Error error # 46555=Windows-Netwatch_Communication_Loss error # 46556=Windows-Netwatch_Not_Monitoring_Server error # 46557=Windows-Complus_Suppressing_Log_Entries system # 46558=Windows-SPP_Messages system # 46559=Windows-SPP_Re_Started system # 46560=Windows-SPP_Init_Status system # 46561=Windows-SPP_Excluded_Policies system # 46562=Windows-SPP_License_Status system # 46563=Windows-MSSQL_VM_DBS_Messages system # 46564=Windows-MSSQL_ERAS_Messages system # 46565=Windows-MSSQL_SOLARWINDS_Messages system # 46566=Windows-Desktop_Window_Manager_Messages system # 46567=Windows-MSDTC_Started system # 46568=Windows-VSS_Shutting_Down system # 46569=Windows-vSphere_Installation_Failed error # 46570=Windows-Goverlan_Access_Denied error # 46571=Windows-Firewall_Events_Lost system # 46572=Windows-Security_Licensing_SLC system # 46573=Windows-SkypeUpdate_Messages system # 46574=Windows-WMI_Started_Initialized system # 46576=Windows-Machine_Account_Not_Found error # 46577=Windows-Cert_Not_In_validity_Period error # 46578=Windows-Installer_Error error # 46579=Windows-Installer_File_Inuse system # 46580=Windows-Restart_Required system # 46581=Windows-Goverlan_User_Not_Logged_On system # 46582=Windows-UPHClean_Handles_Remapped system # 46583=Windows-ERAS_Client_Not_Reached system # 46584=Windows-ASPNET_IIS_Not_Installed system # 46585=Windows-SQLWRITER_Error error # 46586=Windows-SQLVDI_Error error # 46587=Windows-Certificate_Services_Messages application # 46588=Windows_Active_Directory_Domain_Service_Message application # 46589=Windows_CEIP_Message application # 46590=Windows_Security_License_Failed application # 46591=Windows-SQLServerAgent_Status_Failed error # 46592=Windows-SMVI_Failed login-failure # 46593=Windows-Networker_Messages application # 46594=Windows-Msexchange_Logon login # 46595=Windows-Msexchange_Logon login # 46596=Windows-ASPNET_Forms_Authentication_Failed error # 46597=Windows-BlackBerry_Collaboration_Service error # 46598=Windows-Folder_Redirection application # 46599=Windows-User_Login_Record login # 46600=Windows-Smart_Card_Error error # 46601=Windows-Mandiant_Tools application # 46602=Windows-Outlook_Add_Ins application # 46603=Windows-DrWatson_Message error # 46604=Windows-Cannot_Unload_Registry_File application # 46605=Windows-Saved_User_Registry application # 46606=Windows-Unloaded_User_Registry application # 46607=Windows-Description_For_Event_ID_Not_Found application # 46608=Windows-License_Status_Check_Complete application # 46609=Windows-Group_Policy_Failed error # 46610=Windows-FileMaker_Messages application # 46611=Windows-PHP_Messages application # 46612=Windows-Disk_Defragmenter_Stats application # 46613=Windows-SPP_Failed_Restart error # 46614=Windows-LiveUpdate_Messages system # 46615=Windows-Brother_BrLog_Error error # 46616=Windows-CAPI2_Error error # 46617=Windows-ATIe_Maximum_Sessions error # 46618=Windows-Backup_Database_Failed error # 46619=Windows-Device_Or_Program_Attention application # 46620=Windows-Winlogon_Subscriber_Unavailable error # 46621=Windows-User_Notification_Service_Started application # 46622=Windows-LMS_Started application # 46623=Windows-Event_System_Timeout application # 46624=Windows-Smart_Card_Login login # 46625=Windows-SecurityCenter_Started application # 46626=Windows-ActivClient_Messages application # 46627=Windows-Server_Resumed_Execution application # 46628=Windows-NET_Runtime_Deleted_Image application # 46629=Windows-Stagent_Service_Running application # 46630=Windows-Bonjour_Scheduling_Error error # 46631=Windows-Defrag_Completed system # 46632=Windows-Smart_Card_Logon login-failure # 46633=Windows-Search_Messages application # 46634=Windows-RoxWatch_Possible_Malware intrusion # 46635=Windows-ExtremeZ-IP_Messages application # 46636=Windows-Microsoft_Office_Alert application # 46637=Windows-Application_Removed system # 46638=Windows-Process_Terminated process # 46639=Windows-Applicaiton_MsiInstaller_Error error # 46640=Windows-SharePoint_Warning application # 46641=Windows-WMI_Has_Stopped application # 46642=Windows-Winlogon_Failed_Termination_Of_Proceses application # 46643=Windows-BCAAA_Error error # 46644=Windows-Crypt32_Failed_Extract error # 46645=Windows-Crypt32_Threshold application # 46646=Windows-Crypt32_Failed_Auto_Update error # 46647=Windows-IRIS_Backup system # 46648=Windows-IRIS_Updated_Registry system # 46652=Windows-SharePoint_Error error # 46653=Windows-SiteMinder_Messages application # 46654=Windows-SharePoint_Critical_Message application # 46655=Windows-LANrev_Error error # 46656=Windows-IIS_Error error # 46657=Windows-VSS_Unexpected_Error error # 46658=Windows-SPP_Activation_Response_Processed system # 46659=Windows-SPP_Activation_Request_Sent system # 46660=Windows-VSS_Timed_Out_Deleting_Files system # 46661=Windows-Attempted_To_Stop_Shutdown application # 46662=Windows-Search_Error error # 46663=Windows-Listener_Adapter_Connected application # 46664=Windows-Script_Timeout error # 46669=Windows-In_Notification_Period application # 46670=Windows-Restart_Required application # 46671=Windows-Starting_Ending_First_Session application # 46672=Windows-Restart_Deffered application # 46673=Windows-MS_DTC_Service_Stopping application # 46674=Windows-License_Acquisition_Failure error # 46675=Windows-License_Activation_Failure error # 46676=Windows-License_Acquisition_Failure error # 46677=Windows-MSDTC_Error_Attempting_Connection error # 46678=Windows-Event_System_Unable_To_Remove_Object error # 46679=Windows-MsexchangeTransport_Configuration_Updated application # 46680=Windows-Msexchange_ADAprocess_Server_Unavailable application # 46681=Windows-Msexchange_ADAprocess_Controller_Changed application # 46682=Windows-EapHost_Validation_Failed error # 46683=Windows-Aceclient_Authentication_Manager_Not_Responding error # 46684=Windows-Ipswitch_Email_Network_Succeeded application # 46685=Windows-Filtering_FIPFS application # 46686=Windows-WinRM_ACtivity_Transfer application # 46687=Windows-WSMan_Session_Option_Set application # 46688=Windows-WinRM_Client_Cannot_Connect error # 46689=Windows-WSMan_Created_Session application # 46690=Windows-IIS_W3SVC_WP_Worker_Process_Error error # 46691=Windows-WinRM_WSMan_API_Call application # 46692=Windows-PowerShell_Messages application # 46693=Windows-WSMan_Session_Closed application # 46694=Windows-WSMan_CreateShell_Failed error # 46695=Windows-Infrastructure_Error error # 46696=Windows-GroupPolicy_Messages application # 46697=Windows-WMI_Activity_Messages application # 46698=Windows-WinRM_Timeout error # 46699=Windows-RPC_Proxy_Loaded_In_IIS application # 46700=Windows-JET_Database_Corrupt system # 46701=Windows-WMI_Unknown_Error error # 46702=Windows-Group_Policy_Error error # 46703=Windows-Known_Folders_Error error # 46704=Windows-WinRM_WSMan_Initializing application # 46705=Windows-WinRM_WSMan_Operation_Completed application # 46706=Windows-WinRM_Response_For_Operation application # 46707=Windows-WinRM_Client_Request_For_Operation application # 46708=Windows-WinRM_Entering_Leaving_For_Operation application # 46709=Windows-WinRM_Sending_Request_For_Operation application # 46710=Windows-Diagnosis system # 46711=Windows-Resource_Exhaustion system # 46712=Windows-RPC_IN_DATA system # 46713=Windows-RPC_OUT_DATA system # 46714=Windows-PowerShell_Messages system # 46715=Windows-PowerShell_Messages system # 46716=Windows-WinRM_ACtivity application # 46717=Windows-WinRM_User_Authentication login # 46718=Windows-WinRM_HTTP_Status_Denied web-error # 46719=Windows-WinRM_HTTP_Status_OK web-access # 46720=Windows-WinRM_Shell_Output_Failed error # 46721=Windows-WinRM_Signal_Shell_Failed error # 46722=Windows-WinRM_Win_HTTP_Cannot_Connect error # 46723=Windows-WinRM_Delete_Shell_Failed error # 46724=Windows-WinRM_HTTP_Status_Service_Unavailable error # 46725=Windows-WinRM_Deinitialize_WSMan_API application # 46726=Windows-WinRM_Service_Start application # 46727=Windows-Forefront_Protection_Messages application # 46728=Windows-Bits_Messages application # 46729=Windows-Impact_Telemetry_Not_Running error # 46730=Windows-Update_Client_Change application # 46731=Windows-Restart_Manager_Messages application # 46732=Windows-FSCRealtimeScanner_Disabled application # 46733=Windows-FSCTransportScanner_Disabled_Enabled application # 46734=Windows-FSCRealtimeScanner_Enabled application # 46735=Windows-FSCScheduledScanner_Enabled application # 46736=Windows-FSCScheduledScanner_Disabled application # 46737=Windows-FSCController_Messages application # 46738=Windows-FSEIMC_Started_Stopped application # 46739=Windows-Program_Inventory application # 46740=Windows-Language_Pack_Cleanup application # 46741=Windows-ASP_NET_Request_Aborted error # 46742=Windows-Program_Updater_Statistics application # 46743=Windows-DB2_Monitor_Capacity_Reached application # 46744=Windows-Successfully_Applied_Security_Policy application # 46745=Windows-SMS_Network_Path_Not_Found error # 46746=Windows-SharePoint_Information application # 46747=Windows-SharePoint_Metadata_Service_Connected application # 46748=Windows-SharePoint_Database_Error error # 46749=Windows-Server_Database_Maint_Or_Reconfig application # 46750=Windows-Server_AppDomain_Unloaded application # 46751=Windows-Database_Engine_Event_Error system # 46752=Windows-Unable_Create_Shadow_Copy error # 46753=Windows-Report_Server_Error error # 46754=Windows-WSUS_Working_Correctly system # 46755=Windows-Forescout_HTTP_Upload_Started application # 46756=Windows-Forescout_Cannot_Locate_Resource error # 46757=Windows-Forescout_Vulnerabilities_Inspection_Started application # 46758=Windows-Forescout_HPS_No_Updates application # 46759=Windows-Forescout_Search_Finished application # 46760=Windows-Failed_Restore_Point_Creation error # 46761=Windows-WMI_RequiresEncryption_Flag application # 46762=Windows-SMS_Information_Messages application # 46763=Windows-FailoverClustering_Messages application # 46764=Windows-Server_ActiveSync application # 46765=Windows-Deployment_Provider application # 46766=Windows-SMBClient_Timed_Out error # 46767=Windows-SPP_Activation_Processed system # 46768=Windows-SQLServerAgent_Check_Service_Successful application # 46769=Windows-SQLAgent_SKOPUSSQLSERVER_IsAlive_Request application # 46770=Windows-SQLAgent_SKOPUSSQLSERVER_Check_Service_Successful application # 46771=Windows-SQLServerAgent_IsAlive_Request application # 46772=Windows-SMS_Error_Messages error # 46773=Windows-SMS_Warning_Messages application # 46774=Windows-CFFFilter_Error error # 46775=Windows-SMBWWitness_Information_Message application # 46776=Windows-SMBWWitnessClient_Error_Message error # 46777=Windows-ServiceModel_Error error # 46778=Windows-WinRM_Started_Create_Session application # 46779=Windows-WinRM_Began_An_Operation application # 46780=Windows-WinRM_Access_Error error # 46781=Windows-WinRM_Get_Failed error # 46782=Windows-WinRM_Handler_Closed_Session application # 46783=Windows-WinRM_Session_Completed_Successfully application # 46784=Windows-MultiMachine_Enumerate_Error error # 46785=Windows-MultiMachine_Data_Collection_Exception application # 46786=Windows-SMBWWitnessService_Error_Message error # 46787=Windows-SMBWWitnessClient_Unregister_Request application # 46788=Windows-Management_Provider_Messages application # 46789=Windows-MultiMachine_Invoke_Method_Started application # 46790=Windows-MultiMachine_Refresh_Method_Started application # 46791=Windows-MultiMachine_Creating_New_Session application # 46792=Windows-MultiMachine_Enumerate_Started application # 46793=Windows-MultiMachine_Invoke_Method_Error error # 46794=Windows-MultiMachine_Properties_Refresh_Started application # 46795=Windows-MultiMachine_WinRM_Check_Completed application # 46796=Windows-MultiMachine_Metadata_Failed_Retrieval application # 46797=Windows-MultiMachine_Properties_Refresh_Completed application # 46798=Windows-MultiMachine_WinRM_Check_Started application # 46799=Windows-MultiMachine_Refresh_Item_Completed application # 46800=Windows-MultiMachine_Invoke_Method_Data_Received application # 46801=Windows-MultiMachine_Cluster_Query_Message application # 46802=Windows-MultiMachine_Invoke_Method_Completed application # 46803=Windows-MultiMachine_Refresh_Session_completed application # 46804=Windows-SMBWWitnessClient_Messages application # 46805=Windows-SMBClient_Registration_Completed application # 46806=Windows-MSMQ_Could_Not_Resolve_Name application # 46807=Windows-SMBClient_Deregistration_Completed application # 46808=Windows-RemoteDesktopServices_RdpCoreTS connection # 46809=Windows-International_Critical error # 46810=Windows-Net_Runtime_Profiler_Loaded application # 46811=Windows-List_Of_GPOs application # 46812=Windows-Plugin_DSScheduler_Exception application # 46813=Windows-GroupPolicy_Deferred_Or_Completed application # 46814=Windows-ServiceModel_Messaging_Turned_On application # 46815=Windows-RemoteDesktopServices_RdpCoreTS application # 46816=Windows-Shell_Core application # 46817=Windows-WinINet_Config application # 46818=Windows-Immersive_Shell application # 46819=Windows-Remote_Desktop_Config_Time application # 46820=Windows-PnP_New_Device_Interface application # 46821=Windows-PnP_Device_Was_Configured application # 46822=Windows-PnP_Device_Unconfigured application # 46823=Windows-Device_Setup_Manager_Stopping application # 46824=Windows-Web_Event_Configuration_Error error # 46825=Windows-AppReadiness_Completed_Tasks application # 46826=Windows-Services_Session_Changed application # 46827=Windows-MultiMachine_Initialization_Task application # 46828=Windows-MultiMachine_Startup_Task application # 46829=Windows-MultiMachine_Plugin_Registration application # 46830=Windows-MultiMachine_Refresh_Task application # 46831=Windows-MultiMachine_Plugin_Load_Task application # 46832=Windows-Crypto_Master_Key_Created application # 46833=Windows-User_Regular_Profile system # 46834=Windows-Begin_End_Session_Arbitration application # 46835=Windows-Session_Disconnected application # 46836=Windows-PnP_Device_Started application # 46837=Windows-Packages_Will_Be_Installed_Removed application # 46838=Windows-Determining_Packages_To_Be_Installed application # 46839=Windows-AppReadiness_Status_Changed application # 46840=Windows-AppReadiness_Started_Processing_Tasks application # 46841=Windows-AppReadiness_System_Upgrade_Cleanup application # 46842=Windows-AppReadiness_Finished_Processing_Tasks application # 46843=Windows-Compatibility_Fix_Applied application # 46844=Windows-AppReadiness_Service_Started application # 46845=Windows-AppReadiness_User_Login_Started login # 46846=Windows-AppReadiness_User_Login_Succeeded login # 46847=Windows-AppReadiness_Mode_Changed application # 46848=Windows-AppReadiness_Started_Group application # 46849=Windows-AppReadiness_Finished_Group application # 46850=Windows-AppReadiness_Next_Task_Selected application # 46851=Windows-AppReadiness_Task_Finished application # 46853=Windows-MUI_Resource_Cache_Builder_Invoked system # 46854=Windows-MUI_Resource_Cache_Built system # 46855=Windows-Update_Client_Check_Failed system # 46856=Windows-Update_Client_Connectivity_Established system # 46857=Windows-Update_Client_Service_Stop_Request system # 46858=Windows-Update_Client_Downloaded system # 46859=Windows-Package_Change_Initiated system # 46860=Windows-Package_Changed system # 46861=Windows-Package_Change_Failed system # 46862=Windows-Third_Party_Root_Certificate_Update system # 46863=Windows-SiteMinder_Messages_Error error # 46864=Windows-SiteMinder_Messages_Warning error # 46865=Windows-Worker_Process_Shutdown system # 46866=Windows-Job_Agent_Execution_Error system # 46867=Windows-Service_Entered_Running_State system # 46868=Windows-Service_Entered_Stopped_State system # 46869=Windows-MSWinEventLOg_Information_Message system # 46870=Windows-WinHTTP_Web_Proxy_Sent_Start_Control system # 46871=Windows-System_Time_Changed system # 46873=Windows-Service_Will_Be_Shutdown system # 46874=Windows-Service_Suspended_Operation system # 46875=Windows-Network_Link_Disconnected system # 46876=Windows-Network_Link_Established system # 46877=Windows-Group_Policy_Registry_Space_On_Disk system # 46878=Windows-Network_Connection_Closed_By_Peer system # 46879=Windows-Unable_To_Connect_To_Automatic_Updates system # 46880=Windows-Trusted_Certificate_Authorities_Truncated system # 46881=Windows-Module_Failed_To_Delete_Log system # 46882=Windows-Module_Failed_To_Write_Events_To_Log system # 46883=Windows-Summary_Of_Disk_Space application # 46884=Windows-TaskScheduler_Behind_Deadline application # 46885=Windows-TaskScheduler_State_Changed detected-change # 46886=Windows-Time_Zone_Sync_Task application # 46887=Windows-Time_Zone_Sync_Task_Error error # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_syslog_sec.prm # # 800=Windows-Logon login # 801=Windows-Logon_Failure login-failure # 802=Windows-Administrator_Logon_Failure login-failure # 803=Windows-Successful_Logon login # 804=Windows-Successful_Administrator_Logon login # 805=Windows-Successful_Logoff logout # 806=Windows-Pre-Authentication_Failed login-failure # 807=Windows-Special_Privileges_Assigned system # 808=Windows-Service_Ticket_Granted system # 809=Windows-Account_Used_For_Login login # 810=Windows-Authentication_Ticket_Granted system # 811=Windows-Handle_Closed system # 812=Windows-Trusted_Logon_Process login # 814=Windows-Privileged_Service_Called system # 816=Windows-Kerberos_Policy_Changed system # 817=Windows-Security_Enabled_Global_Group_Member system # 818=Windows-Ticket_Granted_Renewed system # 819=Windows-Authentication_Ticket_Request_Failed login-failure # 820=Windows-Service_Ticket_Request_Failed login-failure # 822=Windows-Account_Logon_Failed login-failure # 823=Windows-Successful_Network_Login login # 824=Windows-User_Password_Set_Failed system # 825=Windows-Successful_Network_Login login # 826=Windows-IP_Conflict system # 827=Windows-Time_Change system # 828=Windows-User_Account_Deleted system # 829=Windows-User_Account_Changed system # 830=Windows-User_Account_Created system # 831=Windows-User_Password_Set system # 832=Windows-Audit_Policy_Changed system # 833=Windows-Audit_Log_Cleared system # 834=Windows-Account_Enabled system # 836=Windows-Account_Currently_Disabled login-failure # 838=Windows-User_Account_Disabled system # 839=Windows-User_Passwd_Expired system # 840=Windows-Account_Passwd_Expired system # 841=Windows-Account_Passwd_Expired system # 842=Windows-Successful_Access_Grant system # 843=Windows-Directoryservice_Restore_Mode_Password_Changed system # 844=Windows-Account_Name_Changed system # 845=Windows-Security_Enabled_Global_Group_Changes system # 846=Windows-Security_Enabled_Local_Group_Changes system # 847=Windows-Security_Enabled_Universal_Group_Changes system # 848=Windows-Account_Expired login-failure # 849=Windows-Special_Privilege_New_Logon login # 850=Windows-Logon_Failure_Invalid_Logon_Type login-failure # 851=Windows-Service_Installation_Attempt error # 852=Windows-Logon_Failure_Incorrect_Logon_Time login-failure # 853=Windows-System_Access_Grant system # 854=Windows-Domain_Security_Policy_Change system # 855=Windows-Account_Priviledge_Change system # 856=Windows-New_Process_Created process # 857=Windows-Process_Exited process # 858=Windows-Host_Shutdown restart # 860=Windows-Successful_Network_Login login # 861=Windows-Account_Locked login-failure # 862=Windows-Logon_With_Credentials login # 863=Windows-Session_Reconnected system # 864=Windows-Process_Assigned_Primary_Token system # 865=Windows-Privilege_Change system # 866=Windows-Directory_Replication_Operation system # 867=Windows-Directory_Replication_Operation system # 868=Windows-Directory_Replication_Operation system # 869=Windows-Logon-Error login-failure # 871=Windows-Password_Checking system # 872=Windows-New_Process_Accepting_Traffic system # 874=Windows-Login_Failure_Bad_Password login-failure # 875=Windows-Login_Failure_Bad_Account login-failure # 876=Windows-Login_Failure_Restriction login-failure # 877=Windows-Login_Failure_Illegal_Host login-failure # 878=Windows-Login_Failure_Expired_Password login-failure # 879=Windows-Login_Failure_Account_Locked login-failure # 880=Windows-Login_Failure_Account_Expired login-failure # 881=Windows-Login_Failure_Account_Locked login-failure # 882=Windows-Login_Failure login-failure # 883=Windows-Logout logout # 885=Windows-Computer_Account_Changed system # 886=Windows-Firewall_Application_Changed system # 887=Windows-Firewall_Application_Could_Not_Be_Started error # 888=Windows-Application_Listening_For_Traffic system # 889=Windows-Login_Failed_Account_Disabled login-failure # 890=Windows-Successful_Network_Login login # 891=Windows-Privileged_Service_Failed error # 892=Windows-IPsec_Failed error # 893=Windows-Session_Disconnect system # 894=Windows-Successful_Network_Login login # 895=Windows-Successful_Batch_Logon login # 896=Windows-Successful_Service_Logon login # 897=Windows-Successful_Unlock login # 898=Windows-Successful_Remote_Session_Login login # 899=Windows-Successful_Cached_Login login # 920=Windows-Authentication_Package_Loaded system # 921=Windows-User_Audit_Policy_Refreshed system # 922=Windows-Failed_Audit_Of_Master_Key system # 926=Windows-Authentication_Ticket_Not_Granted system # 927=Windows-Successful_RunAs_Command login # 928=Windows-Account_Locked system # 929=Windows-Port_Exception system # 930=Windows-Task_Created_Or_Modified system # 931=Windows-User_Not_Allowed_Login login-failure # 932=Windows-Netlogon_Not_Active login-failure # 933=Windows-Audit_Failure error # 934=Windows-Unable_To_Log_Events error # 935=Windows-User_Account_Privilege_Removed system # 936=Windows-System_Security_Access_Removed system # 937=Windows-Service_Ticket_Request_Fail access-denied # 938=Windows-Pre-Authentication_Failed login-failure # 939=Windows-Admin_ACLs_Set system # 940=Windows-Successful_Network_Login login # 941=Windows-User_Password_Set_Failed_Audit system # 942=Windows-User_Account_Unlocked system # 943=Windows-Logon-Error login-failure # 944=Windows-Logon-Error login-failure # 945=Windows-Mapping_Attempted system # 946=Windows-Session_Reconnected system # 947=Windows-Global_Group_Member_Removed system # 948=Windows-New_Computer_Account_Created system # 949=Windows-Global_Group_Changed system # 20950=Windows-Trusted_Domain_Information_Modified system # 20951=Windows-Group_Type_Changed system # 20952=Windows-Started system # 20953=Windows-Universal_Group_Created system # 20954=Windows-Logon_Failure login-failure # # Plugins for file /usr/thunder/daemons/plugins/os_win2k_syslog_sys.prm # # 703=Windows-Live_Updates_Ready system # 704=Windows-Hotfix_Installed system # 705=Windows-Browser_Failed_To_Retrieve error # 706=Windows-Browser_Unable_To_Retrieve error # 707=Windows-Print_Information system # 708=Windows-Print_Warning error # 709=Windows-Time_Sync system # 710=Windows-Drive_Removed system # 711=Windows-Timesync_Error system # 712=Windows-Update_Successful system # 713=Windows-Bad_Logon system # 714=Windows-Protocol_Error system # 715=Windows-LSASRV_Authentication_Warning system # 716=Windows-System_Restart restart # 717=Windows-Service_Control_Manager_Error error # 718=Windows-Service_Terminated system # 719=Windows-Max_Concurrent_TCP_Sessions error # 720=Windows-Print_Failure error # 721=Windows-Illegal_Radius_Client access-denied # 722=Windows-Print_Drivers_Added system # 723=Windows-Printer_Removed system # 724=Windows-Printer_Removed system # 725=Windows-Unplanned_Shutdown system # 726=Windows-WINS_Corruption system # 727=Windows-Updates_Ready system # 728=Windows-Restart_Required restart # 729=Windows-Disk_Full system # 730=Windows-Access_Request_Discarded system # 731=Windows-Domain_Controller_Not_Available system # 732=Windows-DCOM_Unable_To_Logon system # 733=Windows-Server_Failed_To_Load_Application system # 734=Windows-Authentication_Protocol_Unavailable system # 735=Windows-Attempted_Downgrade_Attack system # 736=Windows-Domain_Controller_Error error # 737=Windows-Kerberos_Error system # 738=Windows-Failed_To_Register_Host system # 739=Windows-Failed_To_Accquire_Time system # 740=Windows-Detected_Controller_Error system # 741=Windows-Master_Browser_Election system # 742=Windows-Generic_System_Error error # 743=Windows-ServicePack_Log_Event system # 744=Windows-LSA_Access_Attempt system # 747=Windows-Network_Adapter_Disconnected system # 748=Windows-Time_Synchronizing system # 749=Windows-Hardware_Failure system # 29110=Windows-Out-Of-Date_Firmware system # 29111=Windows-Request_Not_Decoded system # 29112=Windows-Smart_Card_Reader_Error system # 29113=Windows-Failed_To_Flush_Data system # 29114=Windows-Failed_To_Register_Pointer system # 29115=Windows-Could_Not_Authenticate_Target_Name system # 29116=Windows-Unexpected_Shutdown system # 29117=Windows-File_System_Corrupt system # 29118=Windows-Resumed_From_Sleep_Mode restart # 29119=Windows-Entering_Sleep_Mode restart # 29120=Windows-Printed_Document system # 29121=Windows-Schannel_Error system # 29122=Windows-Logon_Notification_Improvement_Program system # 29123=Windows-Group_Policy_Settings_Processed system # 29124=Windows-Printer_Driver_Error error # 29125=Windows-DNS_Servers_Timeout error # 29126=Windows-Bad_Block_Detected system # 29127=Windows-IAS_User_Granted_Access system # 29128=Windows-DCOM_CLSID_Unable_To_Launch system # 29129=Windows-UpdateClient_Installation_Failure error # 29130=Windows-UpdateClient_Installation_Ready system # 29131=Windows-Forefront_Assessment_Applied system # 29132=Windows-Forefront_Signatures_Updated system # 29133=Windows-Forefront_Detected_Changes system # 29134=Windows-Restart_Shutdown restart # 29135=Windows-No_Credential system # 29136=Windows-User_Does_Not_Have_Remote_Access login-failure # 29137=Windows-User_Does_Not_Have_Permission_For_Dial_In login-failure # 29138=Windows-Update_Successful_Needs_Restart system # 29140=Windows-Service_Changed system # 29141=Windows-Service_Entered_Running_State system # 29142=Windows-Service_Start_Control system # 29143=Windows-RSM_Stopped system # 29144=Windows-WinHttpAutoProxySvc_Shutting_Down system # 29145=Windows-WinHttpAutoProxySvc_Suspended system # 29146=Windows-System_Uptime system # 29147=Windows-Browser_Service_Failed error # 29148=Windows-Service_Entered_Stopped_State system # 29149=Windows-TermService_Error error # 29150=Windows-Srv_Error error # 29151=Windows-Service_Timeout system # 29152=Windows-Service_Sent_Stop_Control system # 29153=Windows-Service_Installed system # 29154=Windows-Application_Timeout_Limit_Reached system # 29155=Windows-PowerPoint_Document_Deleted system # 29156=Windows-Browser_Failed_To_Retrieve_Servers system # 29157=Windows-Popup_Messages system # 29158=Windows-DistributedCOM_Errors error # 29159=Windows-Document_Deleted system # 29160=Windows-Logoff_Notification system # 29162=Windows-Authentication_Request_Failed system # 29163=Windows-Tcpip_Network_Adapter_Normal system # 29164=Windows-Printer_Not_Restored system # 29165=Windows-Device_Name_List_Invalid system # 29166=Windows-DCOM_Error_Starting_Command system # 29167=Windows-Power_Supply_Failure system # 29168=Windows-Fan_Failure system # 29169=Windows-License_Warning system # 29170=Windows-License_Certificate_Expired system # 29171=Windows-Remote_Scheduler_Failed system # 29172=Windows-Redundancy_Lost system # 29174=Windows-Forefront_Assessment_Completed system # 29175=Windows-Forefront_Signatures_Reloaded system # 29176=Windows-Sesssion_Failed_To_Authenticate system # 29177=Windows-IP_Addresses_Dont_Map system # 29178=Windows-No_Trust_Account system # 29179=Windows-PrintSpooler system # 29180=Windows-Service_Terminated_Specific error # 29181=Windows-DCOM_Started_Service system # 29182=Windows-DHCP_Client_Service_Stopped system # 29183=Windows-Event_log_Stopped system # 29184=Windows-Network_Error system # 29185=Windows-Time_Changed system # 29186=Windows-Service_Table_Full system # 29187=Windows-Service_Database_Locked system # 29188=Windows-Password_Expired_Attempted_Change system # 29189=Windows-Failed_To_Apply_Settings system # 29190=Windows-Shadow_Copy_Deleted system # 29191=Windows-Worker_Process_Requested_Recycle system # 29192=Windows-WinRM_Failed_To_Create_SPNs system # 29193=Windows-VirtualCenter_Server_Logon_Failure system # 29194=Windows-iScsiPrt_Error system # 29195=Windows-Mfehidk_Warning system # 29196=Windows-User_Connection_Stats connection # 29197=Windows-User_Authenticated login # 29198=Windows-User_Assigned_Address login # 29199=Windows-Telephony_Failed error # 29200=Windows-Pull_Replication_Verification system # 29201=Windows-Wins_Pull_Error error # 29202=Windows-Wins_Consistency_Check system # 29203=Windows-Wins_Connection_Aborted error # 29204=Windows-Wins_Push_Error error # 29205=Windows-Wins_Consistency_Started_Completed system # 29206=Windows-Process_Terminated_Exceeded_Time system # 29207=Windows-Logon_Timeout system # 29208=Windows-TermService_Exceeded_Logon_Attempts login-failure # 29209=Windows-Virtual_Disk_Service_Failure system # 29210=Windows-Removed_Malware system # 29211=Windows-UpdateClient_Cannot_Connect_To_Service system # 29212=Windows-USB_Driver_Error system # 29213=Windows-Driver_Service system # 29214=Windows-Install_Driver_File system # 29215=Windows-Time_Error system # 29216=Windows-Time_No_Valid_Response_Received system # 29217=Windows-Logon_Cache_Entry system # 29218=Windows-Disk_Error system # 29219=Windows-TPM_Failed system # 29220=Windows-TPM_Security_Device_Not_Found system # 29221=Windows-Smartcard_Reader_Message system # 29222=Windows-System_Filter_Loaded_Registered system # 29223=Windows-Compatibility_Assistant_Service system # 29224=Windows-Kernel_Error system # 29225=Windows-Connection_Link_Established system # 29226=Windows-Connection_Link_Disconnected system # 29227=Windows-Time_Not_Synchronizing system # 29228=Windows-Time_Unable_To_Set_Domain_Peer system # 29229=Windows-AntiMalware_Running system # 29230=Windows-Defender_Running system # 29231=Windows-Drivers_Installed_Or_Upgraded system # 29232=Windows-User_Attempted_Restart_Shutdown system # 29233=Windows-AntiMalware_Signature_Update system # 29234=Windows-Virtual_Disk_Service_Start_Stop system # 29235=Windows-Server_Administrator_Storage_Service system # 29236=Windows-iScsiPrt_Reconnected system # 29237=Windows-iScsiPrt_Logout_Message system # 29238=Windows-User_Account_Locked system # 29239=Windows-Adapter_Brought_Up system # 29240=Windows-WinRM_Is_Listening system # 29241=Windows-Tcpip_Failed_Outgoing_Connection system # 29242=Windows-Patrol_Read_Started_Stopped system # 29243=Windows-CommVault_Service_Changed system # 29244=Windows-Currently_Receiving_Valid_Time_Data system # 29245=Windows-SideBySide_Error system # 29246=Windows-DnsApi_Failed_To_Register_Host system # 29247=Windows-Servicing_Messages system # 29248=Windows-HttpEvent_Unable_To_Write_To_Log system # 29249=Windows-Power_Supply_Returned_To_Normal system # 29250=Windows-Redundancy_Regained system # 29251=Windows-NETLOGON_Unable_To_Connect_Domain system # 29252=Windows-Update_Agent_Unable_To_Connect system # 29253=Windows-Antimalware_Configuration_Change system # 29254=Windows-Antimalware_Scan_Started system # 29255=Windows-Antimalware_Scan_Finished system # 29256=Windows-Antimalware_Version_Updated system # 29257=Windows-Service_Publishing_To_Network system # 29258=Windows-Possible_Bad_Block system # 29259=Windows-Crash_Dump_Failed system # 29260=Windows-Rebooted_Cleanly system # 29261=Windows-NtpCLient_Unable_To_Set_Peer system # 29262=Windows-Unable_To_Register_Address system # 29263=Windows-Could_Not_Bind system # 29264=Windows-Shadow_Copy_Aborted system # 29265=Windows-Unable_To_Find_Suitable_Certificate system # 29266=Windows-Defender_Detected_Changes system # 29267=Windows-Defender_Action_Taken system # 29268=Windows-No_Server_Credential system # 29269=Windows-Joined_Domain system # 29270=Windows-ATI_Driver_Message system # 29271=Windows-Application_Exceeded_Time_Limit_During_Shutdown system # 29272=Windows-UserPnp_Changed_State system # 29273=Windows-Update_Of_Active_Directory_Failed system # 29274=Windows-Session_Setup_Not_Responsive system # 29275=Windows-DFS_Messages system # 29276=Windows-Time_Service_Advertising system # 29277=Windows-Wins_Could_Not_Initialize_Security system # 29278=Windows-Wins_Now_Operational system # 29279=Windows-SNMP_Started system # 29280=Windows-GroupPoliy_Unable_To_Apply_Settings system # 29281=Windows-HttpEvent_Disk_Full system # 29282=Windows-Tcpip_Address_Conflict error # 29283=Windows-Isatap_No_Longer_Active system # 29284=Windows-Service_Changed system # 29285=Windows-Update_Downloaded system # 29286=Windows-User_Authenticated login # 29287=Windows-User_Assigned_Address login # 29288=Windows-User_Connection_Stats connection # 29289=Windows-User_Disconnected logout # 29290=Windows-Master_Browser_Stopped system # 29291=Windows-LDAP_Authentication_Failed error # 29292=Windows-Router_Advertisement_Settings_Changed detected-change # 29293=Windows-NLB_Cluster_Load_Balancing_Traffic detected-change # 29294=Windows-Update_Detected system # 29295=Windows-NLB_Initiating_Convergence system # 29296=Windows-RDP_TCP_Received_Connection connection # 29297=Windows-NLB_Updated_Successfully system # 29298=Windows-NLB_Configuration_Update_Started system # 29299=Windows-NLB_Driver_Successfully_Attached system # 29300=Windows-NLB_Host_Stats_Updated system # 29301=Windows-NLB_Driver_Detached system # 29302=Windows-NLB_Host_Active_Member system # 29303=Windows-NLB_Host_No_Longer_Active_Member system # 29304=Windows-NLB_Registry_Parameters_Reloaded system # 29305=Windows-Network_Profile_Message system # 29306=Windows-Disable_Background_Hive_Success system # 29307=Windows-Forwarder_Policy_Changed system # 29309=Windows-IPsec_Main_Mode_Failure system # 29310=Windows-IIS_Kill_Command_Received system # 29311=Windows-IIS_Reset_Error system # 29312=Windows-IIS_Stop_Command_Issued system # 29313=Windows-IIS_Start_Command_Issued system # 29314=Windows-Update_Found_Updates system # 29315=Windows-Automatic_Updates_Paused system # 29316=Windows-Remote_connect_Authentication_Success system # 29317=Windows-Remote_Desktop_Disconnected system # 29318=Windows-Remote_Desktop_Logout system # 29319=Windows-Remote_Desktop_Login system # 29320=Windows-Remote_Desktop_Shell_Start system # 29321=Windows-User_Profile_Login_Notification system # 29322=Windows-User_Profile_Logout_Notification system # 29323=Windows-User_Profile_Registry_Loaded system # 29324=Windows-Iphlpsvc_Unable_To_Update_IP system # 29325=Windows-WHEA_Logger_Warning system # 29326=Windows-Hive_History_Cleared system # 29327=Windows-DHCP_Server_Percent_Full_Message system # 29328=Windows-NLB_Timer_Starvation_Messages system # 29329=Windows-Server_Nonpaged_Pool_Limit system # 29330=Windows-Group_Policy_PresentationFonts_Failed system # 29331=Windows-Group_Policy_Sofware_Install_Failed system # 29332=Windows-Group_Policy_Sofware_Install_Delayed system # 29333=Windows-Registery_Corrupt_Or_Low_Memory system # 29334=Windows-Controller_Addresses_Dont_Map system # 29335=Windows-SSL_Certificate_Settings_Deleted system # 29336=Windows-SSL_Certificate_Settings_Created system # 29337=Windows-Computer_Account_Password_Changed_By_System system # # Plugins for file /usr/thunder/daemons/plugins/os_win_app_and_services.prm # # 11917=Windows-TaskScheduler_Info_Task_Engine_Shutdown system # 11918=Windows-TaskScheduler_Info_Task_Engine_Shutdown system # 11919=Windows-TaskScheduler_Info_Job_Registered system # 11920=Windows-TaskScheduler_Info_Process_Received_Start system # 11921=Windows-TaskScheduler_Info_Task_Start system # 11922=Windows-TaskScheduler_Info_Launched_Time_Triggered_Task system # 11923=Windows-TaskScheduler_Info_Task_Start system # 11924=Windows-TaskScheduler_Info_Launched_User_Locking_Computer system # 11925=Windows-TaskScheduler_Info_Task_Success system # 11926=Windows-TaskScheduler_Info_Job_Success system # 11927=Windows-TaskScheduler_Info_Session_Process_Started system # 11928=Windows-TaskScheduler_Info_Session_Main_Started system # 11929=Windows-TaskScheduler_Info_Task_Create system # 11930=Windows-TaskScheduler_Info_Session_Idle system # 11931=Windows-TaskScheduler_Info_User_Updated_Task system # 11932=Windows-TaskScheduler_Failed_to_Start_Task system # 11933=Windows-TaskScheduler_Failed_to_Start_Instance system # 11934=Windows-TaskScheduler_Failed_to_Logon system # 11935=Windows-TaskScheduler_Info_Launched_Event_Triggered_Instance system # 11936=Windows-TaskScheduler_Info_Launched_Registration_Triggered_Instance system # 11937=Windows-TaskScheduler_Info_Launched_for_User system # 11938=Windows-TaskScheduler_Failed_Unavailable_Network system # 11939=Windows-TaskScheduler_Failed_Launch_as_Scheduled system # 11940=Windows-TaskScheduler_Info_Launched_Idle_Condition system # 11941=Windows-TaskScheduler_Info_Launched_System_Startup system # 11942=Windows-TaskScheduler_Info_Launched_User_Logon system # 11943=Windows-TaskScheduler_Info_Launched_User_Console_Connection system # 11944=Windows-TaskScheduler_Info_Launched_User_Remote_Connection system # 11945=Windows-TaskScheduler_Info_Launched_User_Remote_Disconnection system # 11946=Windows-TaskScheduler_Info_Launched_User_Unlocking_Computer system # 11947=Windows-TaskScheduler_Failed_Execute_Task system # 11948=Windows-TaskScheduler_Failed_Shutdown_Race_Condition system # 11949=Windows-TaskScheduler_Failed_Time_Boundary system # 11950=Windows-TaskScheduler_Failed_Service_Busy system # 11951=Windows-TaskScheduler_Info_User_Disabled_Task system # 11952=Windows-TaskScheduler_Computer_Woken system # 11953=Windows-TaskScheduler_Failed_Trigger_Retrieval system # 11954=Windows-TaskScheduler_Failed_Pattern_Match system # 11955=Windows-TaskScheduler_Failed_Task_Not_Sent system # 11956=Windows-TaskScheduler_Failed_Task_Already_Running system # 11957=Windows-TaskScheduler_Queued_Waiting system # 11958=Windows-TaskScheduler_Failed_Running_on_Batteries system # 11959=Windows-TaskScheduler_Info_Launched_User_Console_Disconnection system # 11960=Windows-TaskScheduler_Failed_User_Not_Loggedin system # 11961=Windows-TaskScheduler_Info_User_Deleted_Task system # 11962=Windows-TaskScheduler_Terminated_Task system # 11963=Windows-TaskScheduler_Failed_Action system # 11964=Windows-TaskScheduler_Failed_Launch_Action system # 11965=Windows-TaskScheduler_Stopped_Running_Instance system # 11966=Windows-TaskScheduler_Stopped_on_Batteries system # 11967=Windows-TaskScheduler_Stopped_Instance_Computer_No_Longer_Idle system # 11968=Windows-TaskScheduler_Stopped_On_Timeout system # 11969=Windows-TaskScheduler_Stopped_On_Request system # 11970=Windows-TaskScheduler_Timeout_Wont_Work system # 11971=Windows-TaskScheduler_Info_Process_Received_Stop system # 11972=Windows-TaskScheduler_Failed_Session_Error system # 11973=Windows-TaskScheduler_Info_Session_Sent_Job system # 11974=Windows-TaskScheduler_Failed_Processing_Message system # 11975=Windows-TaskScheduler_Failed_Session_Manager_Connect system # 11976=Windows-TaskScheduler_Info_Session_Connected system # 11977=Windows-TaskScheduler_Failed_Jobs_Orphaned system # 11978=Windows-TaskScheduler_Failed_Session_Process_Launch system # 11979=Windows-TaskScheduler_Info_Session_WIN32_Obj_Created system # 11980=Windows-TaskScheduler_Info_Session_Channel_Ready system # 11981=Windows-TaskScheduler_Failed_Session_Process_Connect system # 11982=Windows-TaskScheduler_Failed_Session_Send_Failed system # 11983=Windows-TaskScheduler_Failed_Impersonation system # 11984=Windows-TaskScheduler_Info_Service_Started system # 11985=Windows-TaskScheduler_Failed_Service_Start system # 11986=Windows-TaskScheduler_Info_Service_Stop system # 11987=Windows-TaskScheduler_Failed_Service_Error system # 11988=Windows-TaskScheduler_Failed_Service_RPC_Init_Error system # 11989=Windows-TaskScheduler_Failed_Service_Init_COM system # 11990=Windows-TaskScheduler_Failed_Service_Cred_Store_Init system # 11991=Windows-TaskScheduler_Failed_Service_LSA_Init system # 11992=Windows-TaskScheduler_Failed_Service_Idle_Service_Init system # 11993=Windows-TaskScheduler_Failed_Service_Time_Change_Init system # 11994=Windows-TaskScheduler_Failed_Service_Set_Wakeup_Timer system # 11995=Windows-TaskScheduler_Info_Service_Time_Change_Signaled system # 11996=Windows-TaskScheduler_Failed_Service_Run_Boot_Jobs system # 11997=Windows-TaskScheduler_Failed_Task_Registered_Missing_Triggers system # 11998=Windows-TaskScheduler_Failed_Transaction_Rollback system # 11999=Windows-TaskScheduler_Failed_Task_Without_Credentials system # 12200=Windows-TaskScheduler_Info_Session_Launch system # 12201=Windows-TaskScheduler_Failed_Tast_Start_Machine_Not_Idle system # 12202=Windows-Wireless_Security_Successful system # 12203=Windows-Wireless_Authentication_Started system # 12204=Windows-Wireless_Authentication_Successful login # 12205=Windows-Wireless_Authentication_Restarted system # # Plugins for file /usr/thunder/daemons/plugins/os_win_audit.prm # # 3150=Windows-Indirect_Access_On_Object_Obtained system # 3151=Windows-Indirect_Access_On_Object_Duplicated system # 7331=Windows-Operation_On_Privileged_Object access-denied # 7335=Windows-Operation_On_Privileged_Object system # 7375=Windows-Object_Permissions_Changed system # 3213=Windows-Object_Open system # 3215=Windows-Privileged_Object_Operation system # 3259=Windows-Object_Access_Attempt system # 3270=Windows-Object_Operation system # 3273=Windows-Privileged_Object_Operation_Failure access-denied # 3284=Windows-Object_Open_Failure access-denied # 3325=Windows-Object_Deleted system # 3100=Windows-Object_Operation_Failed access-denied # # Plugins for file /usr/thunder/daemons/plugins/os_win_syslog_app_and_services.prm # # 22917=Windows-TaskScheduler_Info_Task_Engine_Shutdown system # 22918=Windows-TaskScheduler_Info_Task_Engine_Shutdown system # 22919=Windows-TaskScheduler_Info_Job_Registered system # 22920=Windows-TaskScheduler_Info_Process_Received_Start system # 22921=Windows-TaskScheduler_Info_Task_Start system # 22922=Windows-TaskScheduler_Info_Launched_Time_Triggered_Task system # 22923=Windows-TaskScheduler_Info_Task_Start system # 22924=Windows-TaskScheduler_Info_Launched_User_Locking_Computer system # 22925=Windows-TaskScheduler_Info_Task_Success system # 22926=Windows-TaskScheduler_Info_Job_Success system # 22927=Windows-TaskScheduler_Info_Session_Process_Started system # 22928=Windows-TaskScheduler_Info_Session_Main_Started system # 22929=Windows-TaskScheduler_Info_Task_Create system # 22930=Windows-TaskScheduler_Info_Session_Idle system # 22931=Windows-TaskScheduler_Info_User_Updated_Task system # 22932=Windows-TaskScheduler_Failed_to_Start_Task system # 22933=Windows-TaskScheduler_Failed_to_Start_Instance system # 22934=Windows-TaskScheduler_Failed_to_Logon system # 22935=Windows-TaskScheduler_Info_Launched_Event_Triggered_Instance system # 22936=Windows-TaskScheduler_Info_Launched_Registration_Triggered_Instance system # 22937=Windows-TaskScheduler_Info_Launched_for_User system # 22938=Windows-TaskScheduler_Failed_Unavailable_Network system # 22939=Windows-TaskScheduler_Failed_Launch_as_Scheduled system # 22940=Windows-TaskScheduler_Info_Launched_Idle_Condition system # 22941=Windows-TaskScheduler_Info_Launched_System_Startup system # 22942=Windows-TaskScheduler_Info_Launched_User_Logon system # 22943=Windows-TaskScheduler_Info_Launched_User_Console_Connection system # 22944=Windows-TaskScheduler_Info_Launched_User_Remote_Connection system # 22945=Windows-TaskScheduler_Info_Launched_User_Remote_Disconnection system # 22946=Windows-TaskScheduler_Info_Launched_User_Unlocking_Computer system # 22947=Windows-TaskScheduler_Failed_Execute_Task system # 22948=Windows-TaskScheduler_Failed_Shutdown_Race_Condition system # 22949=Windows-TaskScheduler_Failed_Time_Boundary system # 22950=Windows-TaskScheduler_Failed_Service_Busy system # 22951=Windows-TaskScheduler_Info_User_Disabled_Task system # 22952=Windows-TaskScheduler_Computer_Woken system # 22953=Windows-TaskScheduler_Failed_Trigger_Retrieval system # 22954=Windows-TaskScheduler_Failed_Pattern_Match system # 22955=Windows-TaskScheduler_Failed_Task_Not_Sent system # 22956=Windows-TaskScheduler_Failed_Task_Already_Running system # 22957=Windows-TaskScheduler_Queued_Waiting system # 22958=Windows-TaskScheduler_Failed_Running_on_Batteries system # 22959=Windows-TaskScheduler_Info_Launched_User_Console_Disconnection system # 22960=Windows-TaskScheduler_Failed_User_Not_Loggedin system # 22961=Windows-TaskScheduler_Info_User_Deleted_Task system # 22962=Windows-TaskScheduler_Terminated_Task system # 22963=Windows-TaskScheduler_Failed_Action system # 22964=Windows-TaskScheduler_Failed_Launch_Action system # 22965=Windows-TaskScheduler_Stopped_Running_Instance system # 22966=Windows-TaskScheduler_Stopped_on_Batteries system # 22967=Windows-TaskScheduler_Stopped_Instance_Computer_No_Longer_Idle system # 22968=Windows-TaskScheduler_Stopped_On_Timeout system # 22969=Windows-TaskScheduler_Stopped_On_Request system # 22970=Windows-TaskScheduler_Timeout_Wont_Work system # 22971=Windows-TaskScheduler_Info_Process_Received_Stop system # 22972=Windows-TaskScheduler_Failed_Session_Error system # 22973=Windows-TaskScheduler_Info_Session_Sent_Job system # 22974=Windows-TaskScheduler_Failed_Processing_Message system # 22975=Windows-TaskScheduler_Failed_Session_Manager_Connect system # 22976=Windows-TaskScheduler_Info_Session_Connected system # 22977=Windows-TaskScheduler_Failed_Jobs_Orphaned system # 22978=Windows-TaskScheduler_Failed_Session_Process_Launch system # 22979=Windows-TaskScheduler_Info_Session_WIN32_Obj_Created system # 22980=Windows-TaskScheduler_Info_Session_Channel_Ready system # 22981=Windows-TaskScheduler_Failed_Session_Process_Connect system # 22982=Windows-TaskScheduler_Failed_Session_Send_Failed system # 22983=Windows-TaskScheduler_Failed_Impersonation system # 22984=Windows-TaskScheduler_Info_Service_Started system # 22985=Windows-TaskScheduler_Failed_Service_Start system # 22986=Windows-TaskScheduler_Info_Service_Stop system # 22987=Windows-TaskScheduler_Failed_Service_Error system # 22988=Windows-TaskScheduler_Failed_Service_RPC_Init_Error system # 22989=Windows-TaskScheduler_Failed_Service_Init_COM system # 22990=Windows-TaskScheduler_Failed_Service_Cred_Store_Init system # 22991=Windows-TaskScheduler_Failed_Service_LSA_Init system # 22992=Windows-TaskScheduler_Failed_Service_Idle_Service_Init system # 22993=Windows-TaskScheduler_Failed_Service_Time_Change_Init system # 22994=Windows-TaskScheduler_Failed_Service_Set_Wakeup_Timer system # 22995=Windows-TaskScheduler_Info_Service_Time_Change_Signaled system # 22996=Windows-TaskScheduler_Failed_Service_Run_Boot_Jobs system # 22997=Windows-TaskScheduler_Failed_Task_Registered_Missing_Triggers system # 22998=Windows-TaskScheduler_Failed_Transaction_Rollback system # 22999=Windows-TaskScheduler_Failed_Task_Without_Credentials system # 23200=Windows-TaskScheduler_Info_Session_Launch system # 23201=Windows-TaskScheduler_Failed_Tast_Start_Machine_Not_Idle system # 23202=Windows-Wireless_Security_Successful system # 23203=Windows-Wireless_Authentication_Started system # 23204=Windows-Wireless_Authentication_Successful system # 23205=Windows-Wireless_Authentication_Restarted system # # Plugins for file /usr/thunder/daemons/plugins/pointsec.prm # # 9823=Pointsec-Encrytion_Status application # 9824=Pointsec-PC_Started application # 9825=Pointsec-Logon_Failed login-failure # 9826=Pointsec-Logon_Successful login # # Plugins for file /usr/thunder/daemons/plugins/prm_map.prm # # # Plugins for file /usr/thunder/daemons/plugins/PRM_Mappings.prm # # # Plugins for file /usr/thunder/daemons/plugins/puppet.prm # # 3400=Puppet-Master_Started application # 3401=Puppet-Forbidden_Request access-denied # 3402=Puppet-Client_Started application # 12539=Puppet-Catalog_Run application # 12540=Puppet-Catalog_Compile application # 12541=Puppet-Catalog_Run application # 12542=Puppet-Executing_Agent application # 12543=Puppet-Install_Failed error # 12544=Puppet-Environment_Mismatch application # 12545=Puppet-Retrieving_Plugin application # 12546=Puppet-Loading_Facts application # # Plugins for file /usr/thunder/daemons/plugins/radius_EIG.prm # # 1600=EntrustIG-Failed_Login login-failure # 1601=EntrustIG-Valid_Login login # # Plugins for file /usr/thunder/daemons/plugins/radius_IAS_server.prm # # 2860=Radius-Access_Granted login # # Plugins for file /usr/thunder/daemons/plugins/radius_SBR_server.prm # # 2865=Steel-Belted-Radius_Operational restart # 2866=Steel-Belted-Radius_SecurID_Disabled error # 2867=Steel-Belted-Radius_Logon_Failed login-failure # 2868=Steel-Belted-Radius_Conficting_Methods error # 2869=Steel-Belted-Radius_Invalid_Password login-failure # 2870=Steel-Belted-Radius_Password_Accepted login # 2871=Steel-Belted-Radius_Invalid_Credentials login-failure # 2872=Steel-Belted-Radius_Unknown_User login-failure # 2873=Steel-Belted-Radius_SecurID_Disabled error # 2874=Steel-Belted-Radius_Started restart # 2875=Steel-Belted-Radius_Stopped restart # 2876=Steel-Belted-Radius_Login login # # Plugins for file /usr/thunder/daemons/plugins/router_3com.prm # # 9766=3com-NTP-Logs application # 9767=3com-Ethernet_Port_Down application # 9768=3com-Ethernet_Port_Up application # 9769=3com-Ethernet_Link_Status_Up application # 9770=3com-Ethernet_Link_Status_Down application # 9771=3com-Link_Interface_Down application # 9772=3com-Link_Interface_Up application # 9773=3com-Retransmit application # # Plugins for file /usr/thunder/daemons/plugins/router_cisco.prm # # 1100=Cisco-Blocked_TCP firewall # 1101=Cisco-Blocked_UDP firewall # 1102=Cisco-Blocked_ICMP firewall # 1103=Cisco-Blocked_IP firewall # 1150=Cisco-Allowed_TCP connection # 1151=Cisco-Allowed_UDP connection # 1152=Cisco-Allowed_ICMP connection # 1153=Cisco-Allowed_GRE connection # 1154=Cisco-Limited_Or_Missed_Packets error # 1160=Cisco-Successful_Login login # 1161=Cisco-Failed_Login login-failure # 1162=Cisco-RSHELL_Connect_Attempt login-failure # 1163=Cisco-Line_Down system # 1164=Cisco-Line_Up system # 1165=Cisco-Configured_From_Console system # 1166=Cisco-SNMP_Authentication_Failure access-denied # 1167=Cisco-Statechange_From_Standby_To_Active system # 1168=Cisco-List_Permitted connection # 1169=Cisco-Unexpected_Outbound_IPSEC error # 1170=Cisco-Configured_By_SNMP system # 1171=Cisco-Config_Obtained_By_SNMP system # 1172=Cisco-Stop_TCP_Session connection # 1173=Cisco-Stop_UDP_Session connection # 1174=Cisco-Start_TCP_Session connection # 1175=Cisco-Start_UDP_Session connection # 1176=Cisco-Log_Summary system # 1177=Cisco-Passing_Packet connection # 1178=Cisco-Dropped_Session firewall # 1179=Cisco-BGP_Neighbor_Up system # 1180=Cisco-BGP_Neighbor_Down system # 1181=Cisco-BGP_Session_Changed system # # Plugins for file /usr/thunder/daemons/plugins/router_enterasys.prm # # 6900=Enterasys-Login login # 6901=Enterasys-Logout logout # 6902=Enterasys-User_Action system # 6903=Enterasys-User_Failed_Login login-failure # 6904=Enterasys-User_Initiated_Reset restart # # Plugins for file /usr/thunder/daemons/plugins/router_foundry.prm # # 9103=Foundry-Blocked_Connection firewall # 9100=Foundry-Power_Outage error # 9101=Foundry-Fan_Failure error # 9102=Foundry-Duplicate_IP error # 9104=Foundry-RIP_Denied firewall # 9105=Foundry-8021X_Security_Violation access-denied # 9106=Foundry-Fragmentation_DOS dos # 9107=Foundry-OSPF_Authentication_Failure access-denied # 9108=Foundry-OSPF_Bad_Packet system # 9109=Foundry-Bandwidth_DOS dos # 9115=Foundry-SNMP_Bad_Community_String intrusion # 9111=Foundry-User_Login_USER_EXEC_Mode login # 9112=Foundry-User_Login_PRIVILEGED_Mode login # 9113=Foundry-User_Log_Out_USER_EXEC_Mode logout # 9114=Foundry-User_Log_Out_PRIVILEGED_Mode logout # # Plugins for file /usr/thunder/daemons/plugins/router_huawei.prm # # 13650=Huawei-CPCAR_Dropped_TCP_Packet firewall # 13651=Huawei-CPCAR_Dropped_UDP_Packet firewall # 13652=Huawei-CPCAR_Dropped_ICMP_Packet firewall # 13653=Huawei-CPCAR_Dropped_Packet firewall # 13654=Huawei-CPU_Usage_Rising system # 13655=Huawei-CPU_Usage_Resumed system # 13656=Huawei-Failed_Login login-failure # 13657=Huawei-CPU_Usage_High system # 13658=Huawei-NTP_Length_Wrong error # 13659=Huawei-Command_Record system # 13660=Huawei-Failed_SSH_Login login-failure # # Plugins for file /usr/thunder/daemons/plugins/router_juno.prm # # 8570=Juniper-Blocked_TCP firewall # 8571=Juniper-Blocked_UDP firewall # 8572=Juniper-Blocked_ICMP firewall # 8573=Juniper-Allowed_TCP connection # 8574=Juniper-Allowed_UDP connection # 8575=Juniper-Allowed_ICMP connection # 8576=Juniper-Allowed_TCP_NAT connection # 8577=Juniper-Allowed_UDP_NAT connection # 8500=Juniper-Root_Access_Required access-denied # 8501=Juniper-Bad_Password login-failure # 8502=Juniper-Bad_Credentials login-failure # 8503=Juniper-Login_Failure login-failure # 8504=Juniper-Incorrect_Password login-failure # 8505=Juniper-Invalid_User login-failure # 8506=Juniper-Authentication_Failure login-failure # 8507=Juniper-Invalid_User login-failure # 8508=Juniper-Authentication_Failure login-failure # 8509=Juniper-Multiple_Login_Failures login-failure # 8510=Juniper-Forced_Password_Change login-failure # 8511=Juniper-Root_Login login # 8512=Juniper-Root_Acecss_Required access-denied # 8550=Juniper-Command_Execution_Error error # 8551=Juniper-Replay_Attack_Detected intrusion # 8552=Juniper-Command_Execution_Error access-denied # 8553=Juniper-System_Halt restart # # Plugins for file /usr/thunder/daemons/plugins/rsa.prm # # 13596=SecurID-Login login # 13597=SecurID-Login_Failure login-failure # 13598=SecurID-Auth_Failure_Bad_Pin_Good_Token login-failure # 13599=SecurID-Auth_Failure_Bad_Pin_Previous_Token login-failure # # Plugins for file /usr/thunder/daemons/plugins/samba.prm # # 500=Samba-Bad_User_Account login-failure # 501=Samba-Authentication_Failure login-failure # 502=Samba-Winbind_Authentication_Failed login-failure # 503=Samba-Authentication_Failure login-failure # 504=Samba-Bad_Service_Name error # 505=Samba-Error_NT_Status_Access_Denied access-denied # 506=Samba-Name_Daemon_Shutdown restart # 507=Samba-Master_Browser application # 508=Samba-User_Login login # 509=Samba-Connection_Reset_By_Peer error # 510=Samba-Denied_Connection access-denied # 511=Samba-Incorrect_Password_Length error # # Plugins for file /usr/thunder/daemons/plugins/scada_portaledge.prm # # 2950=Portaledge-Availability_Event intrusion # 2951=Portaledge-Enumeration_Event intrusion # 2952=Portaledge-Availability_Class_Event intrusion # 2953=Portaledge-Enumeration_Class_Event intrusion # 2954=Portaledge-Meta_Event intrusion # # Plugins for file /usr/thunder/daemons/plugins/sccm.prm # # 15166=SCCM-Component_SMS_Discovery_Agent_AD_Security_Group application # 15167=SCCM-Component_SMS_Discovery_Agent_AD_System application # 15168=SCCM-Component_SMS_Discovery_Agent_AD_User application # 15169=SCCM-Component_SMS_Manager_Certificate application # 15170=SCCM-Component_SMS_Manager_Config_Client application # 15171=SCCM-Component_SMS_Health_Client application # 15172=SCCM-Component_SMS_Monitor_Component application # 15173=SCCM-Component_SMS_Component_Status_Summarizer application # 15174=SCCM-Component_SMS_Monitor_Database_Notification application # 15175=SCCM-Component_SMS_Manager_Discovery_Data application # 15176=SCCM-Component_SMS_Manager_Endpoint_Protection application # 15177=SCCM-Component_SMS_Loader_Inventory_Data application # 15178=SCCM-Component_SMS_Manager_MP_Control application # 15179=SCCM-Component_SMS_Manager_MP_File_Dispatch application # 15180=SCCM-Component_SMS_Manager_Notification application # 15181=SCCM-Component_SMS_Server_Notification application # 15182=SCCM-Component_SMS_Manager_License application # 15183=SCCM-Component_SMS_Manager_Object_Replication application # 15184=SCCM-Component_SMS_Manager_Package_Transfer application # 15185=SCCM-Component_SMS_Rule_Engine application # 15186=SCCM-Component_SMS_Manager_MP_File_Dispatch_Connection_Successful connection # 15187=SCCM-Component_SMS_Manager_MP_File_Dispatch_Connection_Cancelled connection # 15188=SCCM-Logon_User_Successful login # 15189=SCCM-Rule_Apply_Success application # 15190=SCCM-Rule_Processing application # 15191=SCCM-Rule_Delete application # 15192=SCCM-Rule_Action_Enforcing_Failure error # 15193=SCCM-Autodeployment_Rule_Update_Criteria_Evaluate application # 15194=SCCM-Content_Update_Internet_Download application # 15195=SCCM-Update_Needed_Package_Download application # 15196=SCCM-Content_Rule_Criteria_Update_Matches application # 15197=SCCM-Content_Download_UpdateID application # 15198=SCCM-Content_Rule_Criteria_Update_Content_Match application # 15199=SCCM-Content_Already_Present_Download_Skip application # 15200=SCCM-Content_Already_Processed_Skipping application # 15201=SCCM-Content_Download_Package_ID application # 15202=SCCM-Update_Package_Now application # 15203=SCCM-Autodeployment_Download_Action_Completed application # 15204=SCCM-Updates_Evaluated_Are_Different application # 15205=SCCM-CreateClient_Failed error # 15206=SCCM-Client_Login_Failure login-failure # 15207=SCCM-Process_Creation_Event process # 15208=SCCM-Process_Termination_Event_Received process # 15209=SCCM-File_Deletion application # 15210=SCCM-Server_Connecting_To_IPv6_Address application # 15211=SCCM-Server_Connecting_To_IPv4_Address application # 15212=SCCM-Server_Connect_IPv6_Failure error # 15213=SCCM-Server_Connect_IPv4_Failure error # 15214=SCCM-BGB_Client_Signin_Failure error # 15215=SCCM-HINV_Retry application # 15216=SCCM-Logon_Successful login # 15217=SCCM-Logon_Started login # 15218=SCCM-User_Logged_In login # 15219=SCCM-System_Task_Invoked application # 15220=SCCM-Content_Lookup_MP_GetContentDPInfoProtected application # 15221=SCCM-StoredProcedure_MP_GetContentDPInfoUnprotected application # 15222=SCCM-StoredProcedure_MP_GetProxyMPListForSite application # 15223=SCCM-Event_Processing application # # Plugins for file /usr/thunder/daemons/plugins/services_unix.prm # # # Plugins for file /usr/thunder/daemons/plugins/snare_sec_os_win2k.prm # # # Plugins for file /usr/thunder/daemons/plugins/sniffer_reconnex.prm # # 6050=iGuard-ACT-DBF_Leaving_Network data-leak # 6051=iGuard-Audit_Examination_Reports data-leak # 6052=iGuard-Bank_Account_Info data-leak # 3053=iGuard-Board_Meeting_Minutes data-leak # 6054=iGuard-Company_Confidential_Info data-leak # 6055=iGuard-Compensation_Benefits data-leak # 6056=iGuard-Compliance_Reports data-leak # 6057=iGuard-Compress_Attachments data-leak # 6058=iGuard-Credit_Card_Number data-leak # 6059=iGuard-Credit_Report data-leak # 6060=iGuard-Drivers_License data-leak # 6061=iGuard-Email_testing data-leak # 6062=iGuard-Emplyer_ID_Number data-leak # 6063=iGuard-Financial_Reports data-leak # 6064=iGuard-Identify_Webmail_Owner data-leak # 6065=iGuard-Insider_Information_Watermark data-leak # 6066=iGuard-Internal_Memos data-leak # 6067=iGuard-Lawsuit_Legal_Matters data-leak # 6068=iGuard-Mergers_Acquisitions data-leak # 6069=iGuard-Peer_To_Peer_Monitor data-leak # 6070=iGuard-Personal_Info data-leak # 6071=iGuard-Profit_And_Loss_Statement data-leak # 6072=iGuard-Projected_Earnings data-leak # 6073=iGuard-Skintone_Image data-leak # 6074=iGuard-Social_Security_Number data-leak # 6075=iGuard-Suspicious_Activity data-leak # 6076=iGuard-Unauthorized_Desktop_Sharing data-leak # 6077=iGuard-Unencryped_Personal_Data data-leak # 6078=iGuard-UserID_And_Password data-leak # 6079=iGuard-Wire_Transfer data-leak # 6080=iGuard-Wireless_Activity data-leak # # Plugins for file /usr/thunder/daemons/plugins/snmp.prm # # 10849=SNMP-UDP_Connection connection # 10850=SNMP-Received_UDP_Packets application # 10851=SNMP-UDP_Connection connection # 10852=SNMP-EMANATE_Agent_Started restart # 10853=SNMP-NET-SNMP_Agent_Started restart # 10854=SNMP-NET-SNMP_Agent_Stopped restart # # Plugins for file /usr/thunder/daemons/plugins/solarwinds.prm # # 11484=SolarWinds-SAM_Service_Started application # 11485=SolarWinds-Collector_Plugin_Started application # 11486=SolarWinds-NPM_Service_Start application # 11487=SolarWinds-Startiing_Interfaces_Service application # 11488=SolarWinds-Unable_To_Create_DB_Connection error # 11489=SolarWinds-Error_SetupDBConnection error # 11490=SolarWinds-Error_Updating_Keep_Alive error # # Plugins for file /usr/thunder/daemons/plugins/spam_amavis.prm # # 1050=Amavis-Spam_Blocked spam # 1051=Amavis-Passed_Clean application # 1052=Amavis-Blocked_Spam spam # 1053=Amavis-Passed_Bad_Header_Quarantined spam # 1054=Amavis-Start restart # 1055=Amavis-Spam_Quarantine spam # # Plugins for file /usr/thunder/daemons/plugins/spam_barracuda.prm # # 3091=Barracuda-Spam_Blocked spam # 3092=Barracuda-Message_Rejected spam # 3093=Barracuda-Host_Rejected spam # 3094=Barracuda-Virus_Blocked virus # 3095=Barracuda-Sender_Rejected spam # 3096=Barracuda-Sender_Rejected spam # 3097=Barracuda-Recipient_Rejected spam # 3098=Barracuda-Spam_Blocked spam # 4251=Barracuda-Blocked_Warning firewall # 4252=Barracuda-Logged_Notify_Error firewall # 4253=Barracuda-Deny_Alert firewall # 4254=Barracuda-Blocked_Notification firewall # 4255=Barracuda-Logged_Warning firewall # 4256=Barracuda-Logged_Alert firewall # 4257=Barracuda-Server_Default_Protected_Valid connection # 4258=Barracuda-Internal_Default_Unprotected_Valid connection # 4259=Barracuda-Server_Default_Unprotected_Valid connection # 4260=Barracuda-Internal_Default_Protected_Valid connection # 4261=Barracuda-Internal_Default_Protected_Invalid firewall # 4262=Barracuda-Internal_Default_Passive_Valid connection # 4263=Barracuda-Server_Default_Passive_Valid connection # 4264=Barracuda-Internal_Default_Passive_Invalid firewall # 4265=Barracuda-SSL_Session_Timeout system # 4266=Barracuda-Server_Disabled system # 4267=Barracuda-Session_Timeout system # 4268=Barracuda-HTTP_Method_Not_Allowed firewall # 4269=Barracuda-Blocked_Warning firewall # 4270=Barracuda-Allowed_Message connection # 4271=Barracuda-Aborted_Message spam # 4272=Barracuda-Blocked_Message spam # 4273=Barracuda-Quarantined_Message spam # 4274=Barracuda-Tagged_Message spam # 42750=Barracuda-Deferred_Message spam # 42751=Barracuda-Per_User_Quarantined_Message spam # 42752=Barracuda-Whitelisted_Message application # 42753=Barracuda-Delivered_Message system # 42754=Barracuda-Rejected_Message spam # 42755=Barracuda-Deffered_Message spam # 42756=Barracuda-Expired_Message spam # 42757=Barracuda-Blocked_Message spam # 42758=Barracuda-Scanned_Blocked_Message system # 42760=Barracuda-Access_Denied_By_Policy access-denied # 42761=Barracuda-Blocked_Virus virus # 42762=Barracuda-Detected_Spyware virus # 42763=Barracuda-Allowed connection # 42764=Barracuda-Allowed_Monitored connection # 42767=Barracuda-Logon_Event login # 42768=Barracuda-Allowed application # 42769=Barracuda-File_On_Whitelist application # 42770=Barracuda-Per_User_Quarantined_Message virus # 42771=Barracuda-Tagged_Message application # 42772=Barracuda-Failed_Logon login-failure # 42773=Barracuda-Logon login # 42774=Barracuda-Notification_Messages application # 42775=Barracuda-Delivered_Message application # 42776=Barracuda-Logout logout # 42777=Barracuda-Deferred_Message application # 42778=Barracuda-Change_Message detected-change # 42779=Barracuda-Notification_Messages system # 42780=Barracuda-Quarantined_Message spam # # Plugins for file /usr/thunder/daemons/plugins/spam_mailscanner.prm # # 250=MailScanner-Spam_Blocked spam # 251=MailScanner-Virus_Found virus # 252=MailScanner-Virus_Found virus # 253=MailScanner-Virus_Found_and_Marked virus # 254=MailScanner-Phishing_Email spam # 255=MailScanner-Phishing_Email_Disarmed spam # 256=MailScanner-Trojan_Found virus # 257=MailScanner-Trojan_Or_Variant_Found virus # 258=MailScanner-IP_Based_Phishing spam # 259=MailScanner-Virus_Found virus # 260=MailScanner-Virus_Found_In_File virus # 261=MailScanner-Spam_Detection spam # 262=MailScanner-Version restart # 263=MailScanner-Malicious_Filename virus # 264=MailScanner-Malicious_Mail_Content spam # # Plugins for file /usr/thunder/daemons/plugins/sql_mssql.prm # # 3009=MSSQLSVR-Pause_Request restart # 3010=MSSQLSVR-Login_Succeeded login # 3011=MSSQLSVR-Login_Failed login-failure # 3013=MSSQLSVR-Stop_Request restart # 3015=MSSQLSVR-Login_Access_revoked login-failure # 3016=MSSQLSVR-Could_Not_Revoke_Login_Access error # 3017=MSSQLSVR-Login_Denied login-failure # 3018=MSSQLSVR-Shutdown restart # 28425=MSSQLSVR-Successful_Login login # 28426=MSSQLSVR-Trace_Toggled application # 28427=MSSQLSVR-Log_Backed_Up application # 28428=MSSQLSVR-CHECKDB application # 28429=MSSQLSVR-CHECKCATALOG application # 28430=MSSQLSVR-Database_Restored application # 28431=MSSQLSVR-Error error # 28432=MSSQLSVR-Database_Analysis_Completed application # 28433=MSSQLSVR-Login_Failed login-failure # 28434=MSSQLSVR-Login_Succeeded_For_Local_Machine login # 28435=MSSQLSVR-Database_Frozen error # 28436=MSSQLSVR-Database_Unfrozen application # 28437=MSSQLSVR-Database_Backedup application # 28438=MSSQLSVR-Login_Invalid error # 28439=MSSQLSVR-Payload_Not_Matched error # 28440=MSSQLSVR-Info_Message application # 28441=MSSQLSVR-Reconfigure_To_Install application # 28442=MSSQLSVR-SQLISPackage_Messages application # 28443=MSSQLSVR-EXPRESS_Start_Database application # 28444=MSSQLSVR-Operating_System_Error error # 28445=MSSQLSVR-Low_Disk_Space error # 28446=MSSQLSVR-Stopped_Listening error # 28447=MSSQCOMVAULT-Messages application # 28448=MSSQLSECRETSERVER-Messages application # 28449=MSSQLSVR-Backup_Deprecated application # 28470=MSSQLSVR-Successful_Login login # 28471=MSSQLSVR-Successful_Login login # 28472=MSSQLSVR-Setting_Database_Option application # 28473=MSSQLSVR-Certificate_Loaded application # 28474=MSSQLSVR-Filestream_Messages application # 28475=MSSQLSVR-Ready_For_Connections application # 28476=MSSQLSVR-Successfully_Registered_Service application # 28477=MSSQLSVR-Protocol_Transport_Disabled application # 28478=MSSQLSVR-Broker_Manager_Started application # 28479=MSSQLSVR-Local_Ready_For_Connection application # 28480=MSSQLSVR-Clearing_Temp_Database application # 28481=MSSQLSVR-Trace_Started application # 28482=MSSQLSVR-Resumed_Execution application # 28483=MSSQLSVR-Failed_Login login-failure # 28484=MSSQLSVR-Changes_Backed_Up application # 28485=MSSQLSVR-Create_Event application # 28486=MSSQLSVR-Alter_Event application # 28487=MSSQLSVR-Audit_Event_Enabled application # 28488=MSSQLSVR-Audit_Event_Added application # 28489=MSSQLSVR-Audit_Login_Timeout login-failure # 28490=MSSQLSVR-Audit_Event_Granted application # 28491=MSSQLSVR-Audit_Event_Executed application # 28492=MSSQLSVR-Audit_Event_Dropped application # 28493=MSSQLSVR-Audit_Event_Exec application # 14337=MSSQLSVR-Login_Failed login-failure # 14338=MSSQLSVR-Audit_Event_Disabled application # 14339=MSSQLSVR-Audit_Event_Destroyed application # 14340=MSSQLSVR-Audit_Event_Restore_Log application # 14341=MSSQLSVR-Audit_Event_Truncate_Table application # 14342=MSSQLSVR-Audit_Event_Server_Started application # 14343=MSSQLSVR-Audit_Event_Alter_Event_Session application # 14344=MSSQLSVR-Audit_Event_Create_Table application # # Plugins for file /usr/thunder/daemons/plugins/sql_mysql.prm # # 28450=MYSQL-Started restart # 28451=MYSQL-Ended restart # 28452=MYSQL-Shutdown_Complete restart # 28453=MYSQL-Fatal_Error_Cannot_Open_Privilege_Tables error # 28454=MYSQL-Ready_For_Connections restart # 28455=MYSQL-Error_Cannot_Drop_User error # 28456=MYSQL-Process_Already_Exists error # 28457=MYSQL-Total_Allocated_Space application # 28458=MYSQL-Total_Free_Space application # 28459=MYSQL-Aborted_Connection connection # 28460=MYSQL-Shutdown_Complete restart # 28461=MYSQL-Normal_Shutdown restart # 28462=MYSQL-Server_Started restart # 28463=MYSQL-Version application # 28464=MYSQL-Error_Sort_Aborted error # 28465=MYSQL-Error error # 28466=MYSQL-Error_Table_Marked_As_Crashed error # 28467=MYSQL-Error_Disk_Full error # 28468=MYSQL-Error_Reading_Table error # # Plugins for file /usr/thunder/daemons/plugins/sql_oracle.prm # # 2850=Oracle-Handshake_Error error # 2851=Oracle-Handshake_Unknown_Error error # 2852=Oracle-Handshake_SSL_Fatal_Alert error # 2853=Oracle-Error_Client error # 2854=Oracle-Invalid_System_Call error # 2855=Oracle-SSL_Handshake_Timed_Out error # 2856=Oracle-Failed_To_Call_Network_Routine error # 2857=Oracle-Failed_To_Receive_Message error # 2858=Oracle-Failed_To_Call_Destination error # 2859=Oracle-Connection_To_Child connection # 22860=Oracle-Audit_Action_Connection connection # 22861=Oracle-Audit_Action_Shutdown database # 22862=Oracle-Audit_Action_Startup database # 22863=Oracle-Audit_Action_Logoff logout # 22864=Oracle-Audit_Action_Logon login # 22865=Oracle-Audit_Sessionid database # 22866=Oracle-Audit_Entryid database # 22867=Oracle-Audit_Statement database # 22868=Oracle-Audit_Userid database # 22869=Oracle-Audit_Username database # 22870=Oracle-Audit_Userhost database # 22871=Oracle-Audit_Returncode database # 22872=Oracle-Audit_Objcreator database # 22873=Oracle-Audit_Owner database # 22874=Oracle-Audit_Objname database # 22875=Oracle-Audit_Objname database # 22876=Oracle-Audit_Obj_Privileges database # 22877=Oracle-Audit_Obj_Privilege database # 22878=Oracle-Audit_Authgrantee database # 22879=Oracle-Audit_Grantee database # 22881=Oracle-Audit_Newowner database # 22882=Oracle-Audit_Newowner database # 22883=Oracle-Audit_Newname database # 22884=Oracle-Audit_Newname database # 22885=Oracle-Audit_Sesactions database # 22886=Oracle-Audit_Sesactions database # 22887=Oracle-Audit_Logoffpread database # 22888=Oracle-Audit_Logoffpread database # 22889=Oracle-Audit_Logofflwrite database # 22890=Oracle-Audit_Logofflwrite database # 22891=Oracle-Audit_Commenttext database # 22892=Oracle-Audit_Commenttext database # 22893=Oracle-Audit_Osuserid database # 22894=Oracle-Audit_Osusername database # 22895=Oracle-Audit_Privused database # 22896=Oracle-Audit_Privused database # 22897=Oracle-Audit_Seslabel database # 22898=Oracle-Audit_Clientid database # 22899=Oracle-Audit_Sestid database # 22900=Oracle-Audit_Spare2 database # 22901=Oracle-Audit_Terminal database # 22902=Oracle-Audit_Sysoptions database # 22903=Oracle-Audit_Action_Connection connection # 22904=Oracle-Audit_Action_Shutdown database # 22905=Oracle-Audit_Action_Startup database # 22906=Oracle-Audit_Action_Logoff logout # 22907=Oracle-Audit_Action_Logon login # 22908=Oracle-Audit_Sessionid database # 22909=Oracle-Audit_Entryid database # 22910=Oracle-Audit_Statement database # 22911=Oracle-Audit_Userid database # 22912=Oracle-Audit_Username database # 22913=Oracle-Audit_Userhost database # 22914=Oracle-Audit_Returncode database # 22915=Oracle-Audit_Objcreator database # 22916=Oracle-Audit_Owner database # 21917=Oracle-Audit_Objname database # 21918=Oracle-Audit_Objname database # 21919=Oracle-Audit_Obj_Privileges database # 21920=Oracle-Audit_Obj_Privilege database # 21921=Oracle-Audit_Authgrantee database # 21922=Oracle-Audit_Grantee database # 21923=Oracle-Audit_Newowner database # 21924=Oracle-Audit_Newowner database # 21925=Oracle-Audit_Newname database # 21926=Oracle-Audit_Newname database # 21927=Oracle-Audit_Sesactions database # 21928=Oracle-Audit_Sesactions database # 21929=Oracle-Audit_Logoffpread database # 21930=Oracle-Audit_Logoffpread database # 21931=Oracle-Audit_Logofflwrite database # 21932=Oracle-Audit_Logofflwrite database # 21933=Oracle-Audit_Commenttext database # 21934=Oracle-Audit_Commenttext database # 21935=Oracle-Audit_Osuserid database # 21936=Oracle-Audit_Osusername database # 21937=Oracle-Audit_Privused database # 21938=Oracle-Audit_Privused database # 21939=Oracle-Audit_Seslabel database # 21940=Oracle-Audit_Clientid database # 21941=Oracle-Audit_Sestid database # 21942=Oracle-Audit_Spare2 database # 21943=Oracle-Audit_Terminal database # 21944=Oracle-Audit_Sysoptions database # # Plugins for file /usr/thunder/daemons/plugins/sql_postgres.prm # # 2820=PostgreSQL-Connection_Received connection # 2821=PostgreSQL-Connection_Rejected firewall # 2822=PostgreSQL-Database_Start restart # 2823=PostgreSQL-Connection_Authorized login # 2824=PostgreSQL-Connection_Terminated error # 13825=PostgreSQL-Authentication_Failure login-failure # 13826=PostgreSQL-Relation_Does_Not_Exist error # 13827=PostgreSQL-Syntax_Error error # 13828=PostgreSQL-SELECT-Activity database # 13829=PostgreSQL-INSERT-Activity database # 13830=PostgreSQL-Activity database # # Plugins for file /usr/thunder/daemons/plugins/ssh_dropbear.prm # # 3850=Dropbear-Exited_Normally logout # 3851=Dropbear-Child_Connection connection # 3852=Dropbear-Bad_Password login-failure # 3853=Dropbear-Password_Succeeded login # 3854=Dropbear-Error_Setting_Terminal_Attributes error # # Plugins for file /usr/thunder/daemons/plugins/ssh_freessh.prm # # 18011=FreeSSH-Server_Stopped restart # 18012=FreeSSH-Server_Started restart # 18013=FreeSSH-Server_Address_Already_In_Use error # 18014=FreeSSH-Server_Connection_Attempt connection # 18015=FreeSSH_Login login # 18016=FreeSSH-Server_Disconnected_User system # 18017=FreeSSH-Server_Failed_Login login-failure # 18018=FreeSSH-Server_User_Unknown login-failure # 18019=FreeSSH-Server_Disconnected_IP system # # Plugins for file /usr/thunder/daemons/plugins/ssh_openssh.prm # # 1800=SSH-Accepted_Public_Key login # 1801=SSH-Potential_Overflow_Attack intrusion # 1802=SSH-Potential_Overflow_Attack intrusion # 1803=SSH-Load_Host_Key_Failure error # 1804=SSH-Rexec_Deprecated_Option error # 1805=SSH-Authentication_Failure_Username_Change login-failure # 1806=SSH-Failed_Password login-failure # 1807=SSH-Warning_Client_Address_Get error # 1808=SSH-Ident_String_Write_Failure error # 1809=SSH-Missing_Ident_String error # 1810=SSH-Bad_Protocol_ID intrusion # 1811=SSH_Fatal_Error error # 1812=SSH-Accepted_Public_Key login # 1813=SSH-Connection connection # 1815=SSH-Multiple_Authentication_Failures login-failure # 1816=SSH-Listening_On_Port application # 1817=SSH-Authentication-Failure login-failure # 1818=SSH-Accepted_Password login # 1819=SSH-Accepted_Password login # 1821=SSH-Failed_Password login-failure # 1820=SSH-Invalid_User login-failure # 1822=SSH-Illegal_User login-failure # 1823=SSH-Wrong_Version intrusion # 1824=SSH-Possible_Breakin_Attempt intrusion # 1825=SSH-User_Shell_Not_Valid login-failure # 1826=SSH-Login_Failure login-failure # 1827=SSH-Authentication-Failure login-failure # 1828=SSH-Login_Failure_Invalid_User login-failure # 1830=SSH-Login_Failure login-failure # 1832=SSH-Failed_Login_For_Restricted_User login-failure # 1833=SSH-SFTP_Subsystem_Request connection # 1834=SSH-Account_Has_Expired login-failure # 1836=SSH-Connection_Closed connection # 1837=SSH-User_Not_Allowed login-failure # 1838=SSH-Login_Keyboard_Interactive login # 1839=SSH-Invalid_Empty_UserName login-failure # 1840=SSH-Disconnection logout # 1841=SSH-Daemon_Terminating restart # 1842=SSH-Received_Blacklisted_Public_Key intrusion # 1843=SSH-Wrong_Version intrusion # 1844=SSH-Connection_Closed connection # 1845=SSH-Bad_Username login-failure # 1846=SSH-Invalid_User login-failure # 1847=SSH-Netconf_Subsystem_Request connection # 1848=SSH-Netconf_Subsystem_Request_Failure connection # 1849=SSH-No_Identification_String error # 1850=SSH-Public_Key_Exchange_Postponed system # 1851=SSH-Bad_Address_Possible_Breakin_Attempt intrusion # 1852=SSH-Refused_Connection_From intrusion # 1853=SSH-Check_Unknown_User login-failure # 1854=SSH-Accepted_Password login # 1855=SSH-Fatal_Timeout error # 1856=SSH-Failed_Kerberos error # 1857=SSH-Authentication_Failure login-failure # 1858=SSH-Cannot_Bind_Address error # 1859=SSH-Address_In_Use error # 1860=SSH-Illegal_User login-failure # 1861=SSH-Invalid_Argument error # 1862=SSH-Fatal_Session_Request error # 1863=SSH-Connection_Aborted error # 1864=SSH-Restarting restart # 1865=SSH-Invalid_User login-failure # 1866=SSH-Failed_Publickey login-failure # 1867=SSH-Illegal_User login-failure # 1868=SSH-Account_Not_Present login-failure # 1869=SSH-Authentication_Failed login-failure # 1870=SSH-Authentication_Failure_Limit login-failure # 1871=SSH-Too_Few_Replies login-failure # 1872=SSH-Unable_To_Read_Key error # 1873=SSH-Failed_Password_Illegal_User login-failure # 1874=SSH-Illegal_Blank_User login-failure # 1875=SSH-No_Shadow_Information error # 1876=SSH-Autossh_Messages application # 1877=SSH-Authentication-Failure login-failure # 1878=SSH-Authentication-Failure login-failure # 1879=SSH-Session_Closed application # 1880=SSH-WinSSHD_Connection_Accepted connection # 1881=SSH-WinSSHD_Client_Disconnected connection # 1882=SSH-Invalid_User login-failure # 1883=SSH-Authentication_Failure login-failure # 1884=SSH-Packet_Integrity_Error error # 1885=SSH-Password_Change_Not_Supported application # 1886=SSH-Dispatch_Protocol_Error error # 1887=SSH-Terminating_Connection connection # 1888=SSH-User_Disconnected_Application connection # 1889=SSH-Refused_Connection_From intrusion # 1890=SSH-Cannot_Display_Messages error # 1891=SSH-Open_Failed error # 1892=SSH-Password_Returned application # 1893=SSH-Getting_Password application # 1894=SSH-Wrong_Password login-failure # 1895=SSH-Incorrect_Password login-failure # 1896=SSH-Internal_Module_Error error # 1897=SSH-Account_Locked_Out login-failure # 1898=SSH-Resource_Temporarily_Unavailable error # 1899=SSH-Disconnection-Channel-Nonexistent error # # Plugins for file /usr/thunder/daemons/plugins/switch_cisco.prm # # 7441=Cisco-Duplicate_Address error # 7442=Cisco-Fan_Ok system # 7443=Cisco-Fan_Failed error # 7444=Cisco-Security_Violation access-denied # 7445=Cisco-Storm_Control_Packets_Drop system # 7446=Cisco-Native_Vlan_Mismatch error # 7447=Cisco-Duplex_Mismatch error # 7448=Cisco-Changed_State system # 7449=Cisco-Link_Flapping error # 7450=Cisco-MAC_Flapping error # 7451=Cisco-Controller_Firmware_Not_Running error # 7452=Cisco-Mac_Verify_Failed error # 7454=Cisco-Link_Errors error # 7455=Cisco-Psecure_Violation error # 7457=Cisco-Vlan_Mismatch error # 7459=Cisco-Faulty_Power_Supply error # 7460=Cisco-VTP_Code_Unusual_Diagnostic error # 7461=Cisco-Blocked_Transmit_Queue system # 7462=Cisco-No_SNMPTrap_IP error # 7463=Cisco-Relearning_Addresses system # 7464=Cisco-Attempt_Recover_Psecure_Violation system # 7465=Cisco-Address_Flapping error # 7466=Cisco-BPDU_Disabling_Port error # 7467=Cisco-Bpduguard_Error error # 7468=Cisco-Bpduguard_Recover system # 7469=Cisco-Host_Flapping_Between_Ports error # 7470=Cisco-Neighbor_Is_Down error # 7471=Cisco-Duplex_Mismatch error # 7472=Cisco-Config_Resolve_Failure error # 7473=Cisco-Unauthorized_SNMP_Access access-denied # 7474=Cisco-Neighbor_Up_Down system # 7475=Cisco-Tunnel_Up_Down system # 7476=Cisco-Excessive_Errors_Interface error # 7477=Cisco-Invalid_Security_Parameter error # 7478=Cisco-Designated_Router_Change error # 7479=Cisco-Neighbor_Up_Down system # 7480=Cisco-Bad_Authentication access-denied # 7481=Cisco-Native_Vlan_Mismatch error # 7482=Cisco-MAC_Flapping error # 17485=Cisco-Crypto_Replay_Failed error # 17487=Cisco-Config_From_Console system # 17488=Cisco-Security_Violation access-denied # 17489=Cisco-Power_Granted system # 17490=Cisco-PD_Removed system # 17491=Cisco-Fan_Low_Rpm_Service_Recommended system # 17492=Cisco-Late_Collision_Error error # 17493=Cisco-Speed_Changed detected-change # 17494=Cisco-Flow_Control_Changed detected-change # 17495=Cisco-Duplex_Mode_Changed detected-change # 17496=Cisco-Port_Is_Operational application # 17497=Cisco-Interface_Down error # 17498=Cisco-Individual_Port_Down application # 17499=Cisco-Interface_Up application # 17500=Cisco-Security_Violation application # 17501=Cisco-Flow_Control_State_Changed detected-change # 17502=Cisco-Port_Suspended application # 17503=Cisco-Source_No_IP_Address application # 17550=Cisco-DHCPACK_Did_Not_Find_Destination_Port application # 17551=Cisco-Duplex_Mismatch error # 17552=Cisco-SSH_Bad_Message_Type error # 17553=Cisco-DHCP_Snooping_Deny intrusion # # Plugins for file /usr/thunder/daemons/plugins/switch_cisco4400.prm # # 4850=Cisco-Switch_In_Init_State system # 4851=Cisco-Switch_Retries_Exceeded error # 4852=Cisco-Switch_Disconnecting_Mobile system # 4853=Cisco-Switch_Max_Retransmission_Exceeded error # 4854=Cisco-Switch_Authentication_Aborted error # 4855=Cisco-Switch_Unable_To_Send_Message error # 4856=Cisco-Switch_Poisoned_ARP_Detected intrusion # 4857=Cisco-Switch_Orphan_Packet_IP_Changed system # 4859=Cisco-Switch_Unable_To_Send_AAA_Message error # 4860=Cisco-Switch_Invalid_Replay_Counter error # 4861=Cisco-Switch_Entry_Not_In_Database error # 4862=Cisco-Switch_Not_Advertising_Per_Policy system # 4863=Cisco-Switch_RSN_WARP_IE_Failed error # 4864=Cisco-Switch_Client_Not_Found error # 4865=Cisco-Switch_Replay_Error error # 4866=Cisco-Switch_Delete_User_Failed error # 4867=Cisco-Switch_Invalid_ARP_Timeout_Address error # 4868=Cisco-Switch_Delete_ARP_Entry_Failed error # 4869=Cisco-Switch_Invalid_WPA_Key_State system # 4870=Cisco-Switch_Received_Mobility_Response system # 4871=Cisco-Switch_Parse_Error_Packet_Dropped error # 4872=Cisco-Switch_Not_UDP_Dropping_Packet error # 4873=Cisco-Switch_Rejecting_Association_Attempt error # 4874=Cisco-Switch_Dropping_Primary_Discovery system # 4875=Cisco-Switch_DHCP_SNOOPING_DROP system # 4876=Cisco-Switch_DHCP_SNOOPING system # 4877=Cisco-Switch_DHCP_SNOOPING_ERROR error # 4878=Cisco-Switch_License_Request_Failed error # 4879=Cisco-Switch_Unable_To_Alloc_Entry error # 14880=Cisco-Switch_Replay_Error error # 14881=Cisco-Switch_TCAM_Threshold_Exceeded error # # Plugins for file /usr/thunder/daemons/plugins/switch_cisco_ace.prm # # 7409=CiscoACE-Health_Probe_Failed error # 7410=CiscoACE-Health_Probe_Failed error # 7411=CiscoACE-Arp_Collision system # 7412=CiscoACE-Blocked_Reverse_Path_Check intrusion # 7413=CiscoACE-Built_TCP_Connection connection # 7414=CiscoACE-Teardown_TCP_Connection connection # 7415=CiscoACE-Blocked_ICMP firewall # 7416=CiscoACE-Built_TCP_Connection connection # 7417=CiscoACE-Teardown_TCP_Connection connection # 7418=CiscoACE-Changed_State system # 7419=CiscoACE-Server_Back_In_Service system # 7420=CiscoACE-Built_ICMP_Connection connection # 7421=CiscoACE-Built_ICMP_Connection connection # 7422=CiscoACE-Health_Probe_Failed error # 7423=CiscoACE-Server_Failed_Over_Backup system # 7424=CiscoACE-Changed_State system # 7425=CiscoACE-Built_UDP_Connection connection # 7426=CiscoACE-Built_UDP_Connection connection # 7427=CiscoACE-Command_Executed system # 7428=CiscoACE-Health_Probe_Failed error # 7429=CiscoACE-Teardown_ICMP connection # 7430=CiscoACE-Teardown_ICMP connection # # Plugins for file /usr/thunder/daemons/plugins/switch_cisco_meraki.prm # # # Plugins for file /usr/thunder/daemons/plugins/switch_cisco_nexus.prm # # 14950=Cisco-Nexus_Could_Not_Load_Host_Key error # 14951=Cisco-Nexus_Interface_Admin_Down application # 14952=Cisco-Nexus_User_Failed_Authentication login-failure # 14953=Cisco-Nexus_Syslog_Configured application # 14954=Cisco-Nexus_Interface_Admin_Up application # 14955=Cisco-Nexus_Accounting_Install_Failed error # 14956=Cisco-Nexus_Accounting_Message application # 14957=Cisco-Nexus_Accounting_Message application # 14958=Cisco-Nexus_System_Msg_Start application # 14959=Cisco-Nexus_Interface_Down_Config_Change application # 14960=Cisco-Nexus_Password_Changed application # 14961=Cisco-Nexus_Server_Added application # 14962=Cisco-Nexus_New_User_Added application # 14963=Cisco-Nexus_New_User_Added application # 14964=Cisco-Nexus_User_Deleted application # 14965=Cisco-Nexus_Server_Removed application # 14966=Cisco-Nexus_User_Deleted application # 14967=Cisco-Nexus_Server_Added application # 14968=Cisco-Nexus_Interface_Up application # # Plugins for file /usr/thunder/daemons/plugins/switch_dell.prm # # 2000=DellSwitch-Rejected_Telnet_Attempt access-denied # 2001=DellSwitch-Admin_Logout logout # 2002=DellSwitch-Admin_Login login # 2003=DellSwitch-SNMP_Probe access-denied # 2004=DellSwitch-Admin_Login login # 2005=DellSwitch-System_Config_Copied system # # Plugins for file /usr/thunder/daemons/plugins/switch_enterasys.prm # # 6910=Enterasys-Socket_Close system # 6911=Enterasys-Interface_Up system # 6912=Enterasys-Reset_Unit system # 6913=Enterasys-User_Failed_Login login-failure # 6914=Enterasys-Interface_Down system # 6915=Enterasys-User_Mgr_Disconnecting system # # Plugins for file /usr/thunder/daemons/plugins/switch_extreme.prm # # 1000=Extreme-Switch-Admin_Login_Telnet login # 1001=Extreme-Switch-Admin_Logout_Telnet logout # 1002=Extreme-Switch-Link_Down error # 1003=Extreme-Switch-Login_Failure_SSH login-failure # 1004=Extreme-Switch-Login_Failure_SNMP login-failure # 1005=Extreme-Switch-User_Login_SSH login # 1006=Extreme-Switch-Password_Authentication_Used system # 1007=Extreme-Switch-No_Valid_Key error # 1008=Extreme-Switch-User_Logout_SSH logout # 1010=Extreme-Switch-Admin_Configuration_Change detected-change # 1011=Extreme-Switch-Close_Telnet_Sessions system # # Plugins for file /usr/thunder/daemons/plugins/switch_fastiron.prm # # 4632=FastIron-Switch_Interface_Down error # 4633=FastIron-Switch_PortDown error # 4634=FastIron-Switch_Interface_Up system # 4635=FastIron-Switch_Listening system # 4636=FastIron-Switch_Learning system # 4637=FastIron-Switch_Forwarding system # 4638=FastIron-Switch_SNMP_Access_Rejected access-denied # # Plugins for file /usr/thunder/daemons/plugins/switch_generic.prm # # 3700=Switch-Link_Down system # 3701=Switch-Link_Up system # 3702=Catalyst-Line_Down system # 3703=Catalyst-Line_Up system # 3704=Catalyst-Fan_Error error # 3705=Catalyst-Faulty_Fan error # 3706=Catalyst-High_Temperature error # # Plugins for file /usr/thunder/daemons/plugins/switch_hpcomware.prm # # 15350=HP-Switch_AAA_Request_Received system # 15351=HP-Switch_User_Added_To_AAA_Blacklist application # 15352=HP-Switch_AAA_Request_Accepted system # 15353=HP-Switch_User_Failed_Login login-failure # 15354=HP-Switch_User_Failed_Login login-failure # 15355=HP-Switch_User_Logout logout # 15356=HP-Switch_User_Closed_Connection logout # 15357=HP-Switch_Command_Issued application # 15358=HP-Switch_FIBER_SFPMODULE_NOWINVALID error # 15359=HP-Switch_User_Login login # 15360=HP-Switch_User_Login login # 15361=HP-Switch_User_Logout logout # 15362=HP-Switch_Ping_Statistics application # 15363=HP-Switch_Link_Down application # 15364=HP-Switch_Line_Protocol_Down application # 15365=HP-Switch_Configuration_Changed application # 15366=HP-Switch_Configuration_Saved application # 15367=HP-Switch_User_Failed_Login_Authentication_Timeout login-failure # 15368=HP-Switch_Command_Issued application # 15369=HP-Switch_Password_Changed_First_Login login # 15370=HP-Switch_User_Failed_Login_IP_Restriction access-denied # # Plugins for file /usr/thunder/daemons/plugins/tacacs.prm # # 9664=Tacacs_Login login # 9665=Tacacs_Login_Failed login-failure # 9666=Tacacs_Login_Failed login-failure # 9667=Tacacs_Illegal_Version error # 9668=Tacacs_Query_Authorization_Accepted login # 9669=Tacacs_Login_Failed login-failure # 9670=Tacacs_Connect connection # 9671=Tacacs_Query_Login_Accepted login # # Plugins for file /usr/thunder/daemons/plugins/tenable_lce.prm # # 4200=LCE-Agent_Heartbeat lce # 4201=LCE-Agent_Statistics lce # 4202=LCE-Daemon_Started restart # 4203=LCE-Silo_Rolling application # 4204=LCE-Silo_Roll_Finished application # 4205=LCE-Update_Of_PRM_and_TASL application # 4206=LCE-Plugins_Are_Up_To_Date application # 4207=LCE-Client_Login_Failure access-denied # 4208=LCE-Serious_Error_Recovery lce # 4209=LCE-Query_Queued lce # 4210=LCE-Query_Started lce # 4211=LCE-Query_Finished lce # 4212=LCE-Rolled_Silo lce # 4213=LCE-Plugin_Feed_Subscription_Expired error # # Plugins for file /usr/thunder/daemons/plugins/tenable_lce_client.prm # # 209=Windows-LCE_Client_Deleted_File_On_Size lce # 210=Windows-LCE_Client_Started restart # 211=Windows-LCE_Client_Configuration_Error error # 212=Windows-LCE_Client_Stopped restart # 213=Windows-LCE_Client_Service_Started restart # 214=Windows-LCE_Client_Failed_State_Change error # 215=Windows-LCE_Client_Failed_To_Open_File error # 216=Windows-LCE_Client_Detected_Attached_Drive usb # 217=Windows-LCE_Client_Detected_Removed_Drive usb # 218=Windows-LCE_Client_Disk_Space lce # 219=Windows-LCE_Client_Physical_Memory lce # 220=Windows-LCE_Client_CPU_Usage lce # 221=LCE-Monitored_File_Modified detected-change # 222=LCE-Monitored_File_Removed detected-change # 223=LCE-Monitored_File_Re-added detected-change # 224=LCE-Monitored_File_Re-added_Changed detected-change # 225=LCE-Monitored_Config_File_Modified detected-change # 226=LCE-WMI-Monitor_Error error # 227=LCE-WMI-Monitor_Error error # 228=LCE-New_File_Added_To_Directory detected-change # 229=LCE-Managed_Client_Downloaded_File lce # 230=Windows-LCE_Client_Detected_Attached_USB_Device usb # 231=Windows-LCE_Client_Detected_Removed_USB_Device usb # 232=LCE_Client_Detected_Custom_Malware virus # 233=LCE_Client_Detected_Malware virus # 234=LCE_Client_Detected_Unknown_Process process # 235=LCE_Client_Resumed_Monitoring system # 236=LCE_Client_Detected_Binary_Data system # 237=LCE_Client_Tail_File_Moved error # # Plugins for file /usr/thunder/daemons/plugins/tenable_lightning_console.prm # # # Plugins for file /usr/thunder/daemons/plugins/tenable_lightning_logs.prm # # # Plugins for file /usr/thunder/daemons/plugins/tenable_nessus.prm # # 2900=Nessus-Connection connection # 2901=Nessus-Bad_Login_Attempt login-failure # 2903=Nessus-Scan_Started application # 2904=Nessus-Scan_Finished application # 2905=Nessus-Version application # 2906=Nessus-Web_Server_Running restart # 2907=Nessus-Scan_Starting application # 2908=Nessus-Host_Scan_Start application # 2909=Nessus-Scan_Time application # 2910=Nessus-Successful_Web_Login login # 2911=Nessus-Restarting restart # 2912=Nessus-Scanner_Not_Registered error # 2913=Nessus-Update_Plugins_Started application # 2914=Nessus-Reloader_Started application # 2915=Nessus-Stopping_Scan application # 2916=Nessus-Pausing_Scan application # 2917=Nessus-Resuming_Scan application # 2918=Nessus-NTP_Support_Disabled application # 2919=Nessus-Too_Many_Users error # 12920=Nessus-Scan_Delayed application # 12921=Nessus-Failed_Web_Login login-failure # 12922=Nessus-Plugins_Reloaded application # 12923=Nessus-Partial_Audit_Trail_Enabled application # 12924=Nessus-Update_Plugins_Finished application # 12925=Nessus-Full_Audit_Trail_Enabled application # 12926=Nessus-Time_Spent_Forwarding_Data application # 12927=Nessus-Admin_Privileges_Revoked application # 12928=Nessus-User_Password_Changed application # 12929=Nessus-CPU_Overloaded error # 12930=Nessus-Failed_Login login-failure # 12931=Nessus-User_Logged_Out logout # 12932=Nessus-Invalid_File_Attempt access-denied # 12933=Nessus-Invalid_Attempt_To_Obtain_Users access-denied # 12934=Nessus-Changed_Password application # 12935=Nessus-Attempted_Password_Change access-denied # 12936=Nessus-Attempted_User_Delete access-denied # 12937=Nessus-Attempted_User_Edit access-denied # 12938=Nessus-Editing_User application # 12939=Nessus-Invalid_Attempt_To_Add_User access-denied # 12970=Nessus-Added_User application # 12971=Nessus-Too_Many_Login_Attempts login-failure # 12972=Nessus-User_Unlocked application # 12973=Nessus-Successful_Login login # 12975=Nessus-Login_Failed_Account_Locked access-denied # 12976=Nessus-Invalid_User_Name login-failure # 12977=Nessus-Invalid_Download_Attempt_Of_Plugins access-denied # 12978=Nessus-Invalid_Update_Attempt_Of_Plugins access-denied # 12979=Nessus-User_Deleted application # 12980=Nessus-Host_Testing_Finished application # 12981=Nessus-Remote_Host_Dead application # 12982=Nessus-Client_Attempted_To_Raise_Checks application # 12983=Nessus-Scan_Done application # 12984=Nessus-Task_Finished application # 12985=Nessus-Finished_Reloading_Nessusd application # 12986=Nessus-Reloading_Web_Server application # 12987=Nessus-Crash_Occurred error # 13600=Nessus-Already_Scanning_Host application # 13601=Nessus-Client_Attempted_To_Raise_Hosts application # 13602=Nessus-Host_Testing_Finished application # 13603=Nessus-Stopped_Logging application # 13604=Nessus-Linux_Memory_Policy_Set application # 13605=Nessus-Ready application # 13606=Nessus-Configuration_Reloaded application # 13607=Nessus-Partial_Audit_Trail_Enabled application # 13608=Nessus-Stopping application # 13609=Nessus-Debug_Output_Log application # 13610=Nessus-RAM_Status application # 13611=Nessus-Host_Scan_Start application # 13612=Nessus-Remote_Host_Dead application # 13613=Nessus-Not_Scanning_Address application # 13614=Nessus-File_Upload application # 13615=Nessus-Component_Update_Start application # 13616=Nessus-Component_Update_Continuing application # 13617=Nessus-Plugin_Update_Start application # 13618=Nessus-Plugin_Update_Stop application # 13619=Nessus-Global_DB_Create application # 13620=Nessus-Global_DB_Upgrade application # 13621=Nessus-Global_DB_Upgrade_Complete application # 13622=Nessus-Starting_Scan_Local application # 13623=Nessus-Agent_Plugin_Info application # 13624=Nessus-Scanner_Plugin_Info application # 13625=Nessus-Agent_Plugin_Info application # 13626=Nessus-Scanner_Plugin_Info application # 13627=Nessus-Plugin_Feed_Registered application # 13628=Nessus-Failed_Login login-failure # 13629=Nessus-Starting_Scan_Remote application # 13630=Nessus-Result_Email_Sent application # 13631=Nessus-Converting_Installation application # 13632=Nessus-Added_User application # 13633=Nessus-Failed_Login login-failure # 13634=Nessus-Successful_Login login # 13635=Nessus-Successful_Login login # 13636=Nessus-User_Logged_Out logout # 13637=Nessus-Untar_Plugins_Started application # 13638=Nessus-Untar_Plugins_Finished application # 13639=Nessus-Control_Message_Sent application # 13640=Nessus-User_Reset_Called application # # Plugins for file /usr/thunder/daemons/plugins/tenable_nessus_windows.prm # # 2920=Nessus-Scan_Started application # 2921=Nessus-Scan_Finished application # 2922=Nessus-Successful_Login login # 2924=Nessus-User_Added application # 2925=Nessus-Empty_String_Received error # 2926=Nessus-User_Granted_Admin_Privileges application # 2927=Nessus-Host_Testing_Finished application # 2928=Nessus-Partial_Audit_Trail_Enabled application # 2929=Nessus-Thread_Pool_Set application # 2930=Nessus-User_Deleted application # 2931=Nessus-Component_Update_Finished application # 2932=Nessus-User_Deleted application # 2933=Nessus-Starting_Scan_Remote application # 2934=Nessus-Plugin_Update_Downloading application # 2935=Nessus-Plugin_Update_Complete application # 2936=Nessus-Agent_DB_Installed application # 2937=Nessus-Warning_Request_Timeout application # 2938=Nessus-File_Upload application # # Plugins for file /usr/thunder/daemons/plugins/tenable_netflow_monitor.prm # # 1551=TFM-TCP_Session_Whole network # 1552=TFM-TCP_Session_Partial network # 1553=TFM-UDP_Activity network # 1554=TFM-ICMP_Activity network # 1555=TFM-IGMP_Activity network # 1556=TFM-TCP_Session_Whole_1-10MB network # 1557=TFM-TCP_Session_Whole_10-100MB network # 1558=TFM-TCP_Session_Whole_100-1000MB network # 1559=TFM-TCP_Session_Whole_1GB network # 1560=TFM-TCP_Session_Whole_Long network # 1561=TFM-TCP_Session_Partial_Long network # # Plugins for file /usr/thunder/daemons/plugins/tenable_network_monitor.prm # # 1450=TNM-TCP_Session_Started network # 1451=TNM-TCP_Session_Completed network # 1452=TNM-TCP_Session_Timedout network # 1453=TNM-UDP_Activity network # 1454=TNM-ICMP_Activity network # 1455=TNM-IGMP_Activity network # 1456=TNM-TCP_Session_Whole_1-10MB network # 1457=TNM-TCP_Session_Whole_10-100MB network # 1458=TNM-TCP_Session_Whole_100-1024MB network # 1459=TNM-TCP_Session_Whole_1GB network # 1462=TNM-Long_TCP_Session_5_Minutes network # 1463=TNM-Long_TCP_Session_15_Minutes network # 1464=TNM-Long_TCP_Session_30_Minutes network # 1465=TNM-Long_TCP_Session_45_Minutes network # 1466=TNM-Long_TCP_Session_60_Minutes network # 1467=TNM-Long_TCP_Session_Many_Hours network # 1468=TNM-Long_TCP_Session_1_Day network # 1469=TNM-Long_TCP_Session_Many_Days network # 1470=TNM-TCP_Session_Short network # 1471=TNM-TCP_Session_NoData network # # Plugins for file /usr/thunder/daemons/plugins/tenable_newt.prm # # # Plugins for file /usr/thunder/daemons/plugins/tenable_pvs.prm # # 4639=PVS-MAC_Addition network # 4640=PVS-FTP_NON_STANDARD_PORT network # 4641=PVS-CITRIX_Client_Connection network # 4700=PVS-Malicious_Website intrusion # 4701=PVS-DNS_Tunnel_Activity network # 4702=PVS-XMPP_Activity network # 4703=PVS-OpenVPN_Client_Connection connection # 4704=PVS-SCADA_Invalid_ICCP_Activity network # 4705=PVS-SCADA_RealWin_Login login # 4706=PVS-VoIP_Session network # 4707=PVS-BitTorrent_Activity network # 4708=PVS-Facebook_Application_Detection social-networks # 4709=PVS-Potential_Shell_Compromise intrusion # 4710=PVS-SCADA_Rockwell_Activity network # 4712=PVS-Tracked_Session intrusion # 4713=PVS-YouTube_Usage_Detection social-networks # 4714=PVS-Twitter_Usage_Detection social-networks # 4715=PVS-Backdoor_Activity intrusion # 4716=PVS-Botnet_Detection intrusion # 4717=PVS-SMB_Client_ISO_File_Download file-access # 4718=PVS-Successful_Attack intrusion # 4719=PVS-Suspicious_File_Transfer intrusion # 4720=PVS-SMTP_Proxy network # 4721=PVS-SPAM_Mass_Mailing spam # 4722=PVS-Windows_Error_Message error # 4723=PVS-Potential_SPAM_Server spam # 4724=PVS-FTP_File_ISO_Request file-access # 4725=PVS-FTP_File_ZIP_Request file-access # 4726=PVS-FTP_File_EXE_Request file-access # 4727=PVS-FTP_File_RPM_Request file-access # 4728=PVS-Pinterest_Activity social-networks # 4729=PVS-SSL_Session network # 4730=PVS-BigFix_Client_Patch_Update detected-change # 4731=PVS-Webserver_With_Pornography web-access # 4732=PVS-Web_4xx_Error web-error # 4733=PVS-Potential_Client_Download_of_Malicious_EXE intrusion # 4734=PVS-Potential_Serving_of_Malicious_EXE intrusion # 4735=PVS-New_WebSite_Detected detected-change # 4736=PVS-RBL_Blocked_Spam_Email spam # 4737=PVS-RDP_User_List network # 4738=PVS-HTTP_Hosted_Files network # 4739=PVS-Database_Login login # 4740=PVS-SCADA_DNPv3_Activity intrusion # 4742=PVS-SCADA_ICCP_Activity intrusion # 4743=PVS-SCADA_GED20_Activity intrusion # 4744=PVS-Database_Login_Failure login-failure # 4745=PVS-ActiveSync_Login network # 4747=PVS-New_Server_Trust_Relationship detected-change # 4748=PVS-SSL_Session_Cloud_Data network # 4749=PVS-SSL_Session_Anon_Proxy network # 4750=PVS-New_Host_Alert detected-change # 4751=PVS-New_Internet_Activity detected-change # 4752=PVS-New_Port_Browsing detected-change # 4753=PVS-New_Open_Port detected-change # 4754=PVS-New_Trust_Relationship detected-change # 4755=PVS-SSL_Session_Social_Access network # 4756=PVS-SSL_Session_Media_Access network # 4758=PVS-Apple_App_Store_Access web-access # 4759=PVS-SSL_Session_Web_Conference network # 4770=PVS-FTP_File_Served file-access # 4771=PVS-Low_Vulnerability vulnerability # 4772=PVS-Medium_Vulnerability vulnerability # 4773=PVS-High_Vulnerability vulnerability # 4774=PVS-Web_5xx_Error web-error # 4775=PVS-SSL_Malware_Session intrusion # 4776=PVS-Web_5xx web-error # 4777=PVS-SMB_Client_MSI_File_Download file-access # 4778=PVS-SMB_Client_DLL_File_Download file-access # 4779=PVS-FTP_File_Request file-access # 4780=PVS-PGP_Detection network # 4781=PVS-Facebook_Usage_Detection social-networks # 4782=PVS-POP_Session_Detection network # 4783=PVS-SMTP_Return_Address network # 4784=PVS-Myspace_Login_Detection social-networks # 4785=PVS-Gmail_Login_Detection web-access # 4786=PVS-MSN_Messenger_Login_Detection network # 4787=PVS-Yahoo_Messenger_Login_Detection network # 4788=PVS-AOL_Messenger_Login_Detection network # 4789=PVS-Shutdown_Failed restart # 4790=PVS-Proxy_Shutdown_Succeeded restart # 4791=PVS-Accepts_External_Connections detected-change # 4792=PVS-Shutdown_Succeeded restart # 4793=PVS-POP_Session_Detection network # 4794=PVS-Web_4xx web-error # 4795=PVS-SMTP_User_Return_Address network # 4796=PVS-AOL_Messenger_Login_Detection network # 4797=PVS-MSN_Messenger_Login_Detection network # 4798=PVS-Invalid_Key error # 4799=PVS-Invalid_Time_In_Key error # 4800=PVS-Key_Expired error # 4801=PVS-WhatIsMyIP_Activity intrusion # 4802=PVS-SMB_Client_File_Download file-access # 4803=PVS-SMB_Client_EXE_File_Download file-access # 4804=PVS-SMB_Client_INI_File_Download file-access # 4805=PVS-DNS_Client_Query dns # 4806=PVS-Internal_Interactive_Session network # 4807=PVS-Outbound_Interactive_Session network # 4808=PVS-Inbound_Interactive_Session network # 4809=PVS-Internal_Encrypted_Session network # 4810=PVS-Outbound_Encrypted_Session network # 4811=PVS-Inbound_Encrypted_Session network # 4812=PVS-ViewState_Detection_and_Decode vulnerability # 4813=PVS-FTP_File_Download file-access # 4814=PVS-FTP_UserID_Enumeration network # 4815=PVS-POP_UserID_Enumeration network # 4816=PVS-IMAP_UserID_Enumeration network # 4817=PVS-SMTP_UserID_Enumeration network # 4818=PVS-Default_Credentials_Detected vulnerability # 4819=PVS-DNSChanger_Malware virus # 4820=PVS-DNS_Resolution_Reporting dns # 4821=PVS-DNS_Client_Failed_Query dns # 4822=PVS-Microsoft_Group_Policy_Server_Detection network # 4823=PVS-Microsoft_Group_Policy_Client_Download_Detection file-access # 4825=PVS-MySQL_Server_Failed_Login login-failure # 1950=PVS-Web_Request web-access # 1951=PVS-Web_File_XML_Request web-access # 1952=PVS-Proxy_Connection connection # 1953=PVS-Web_Content_ASP_Request web-access # 1954=PVS-Proxy_Login_Failure login-failure # 1955=PVS-Web_Video_AVI_Request web-access # 1956=PVS-Web_Image_BMP_Request web-access # 1957=PVS-Web_Content_CGI_Request web-access # 1959=PVS-Web_Disk_DMG_Request web-access # 1960=PVS-Web_Office_DOC_Request web-access # 1961=PVS-Web_Office_DOCX_Request web-access # 1963=PVS-Web_Image_GIF_Request web-access # 1964=PVS-Web_Executable_EXE_Request web-access # 1965=PVS-Web_Video_FLV_Request web-access # 1966=PVS-Web_File_GZ_Request web-access # 1967=PVS-Web_Content_HTM_Request web-access # 1968=PVS-Web_Content_HTML_Request web-access # 1969=PVS-Web_Disk_ISO_Request web-access # 1970=PVS-Web_Executable_JAVA_Request web-access # 1971=PVS-Web_Image_JPEG_Request web-access # 1972=PVS-Web_Image_JPG_Request web-access # 1973=PVS-Web_Executable_JS_Request web-access # 1974=PVS-Web_Video_MPG_Request web-access # 1975=PVS-Web_Video_MPEG_Request web-access # 1976=PVS-Web_Audio_MPA_Request web-access # 1977=PVS-Web_Audio_M4A_Request web-access # 1978=PVS-Web_Audio_MP3_Request web-access # 1979=PVS-Web_Media_MP4_Request web-access # 1980=PVS-Web_Video_MOV_Request web-access # 1981=PVS-Web_Executable_MSI_Request web-access # 1982=PVS-Web_Office_PDF_Request web-access # 1983=PVS-Web_Content_PHP_Request web-access # 1984=PVS-Web_Executable_PKG_Request web-access # 1985=PVS-Web_Image_PNG_Request web-access # 1986=PVS-Web_Office_PPS_Request web-access # 1987=PVS-Web_Office_PPT_Request web-access # 1988=PVS-Web_Audio_RAM_Request web-access # 1989=PVS-Web_Audio_RA_Request web-access # 1990=PVS-Web_File_RAR_Request web-access # 1991=PVS-Web_Executable_RPM_Request web-access # 1992=PVS-Web_Media_RM_Request web-access # 1993=PVS-Web_Content_RSS_Request web-access # 1994=PVS-Web_Media_SWF_Request web-access # 1996=PVS-Web_File_TORRENT_Request web-access # 1999=PVS-Web_Disk_VCD_Request web-access # 1751=PVS-Web_Audio_WAV_Request web-access # 1752=PVS-Web_Audio_WMA_Request web-access # 1753=PVS-Web_Video_WMV_Request web-access # 1754=PVS-Web_Office_XLSX_Request web-access # 1756=PVS-Web_File_ZIP_Request web-access # 1757=PVS-Web_Office_PPTX_Request web-access # 1758=PVS-Web_Office_TXT_Request web-access # 1760=PVS-Web_Office_RTF_Request web-access # 1761=PVS-SMB_Client_DOC_Download file-access # 1762=PVS-SMB_Client_DOCX_Download file-access # 1763=PVS-SMB_Client_XLS_Download file-access # 1764=PVS-SMB_Client_XLSX_Download file-access # 1765=PVS-SMB_Client_PPT_Download file-access # 1766=PVS-SMB_Client_PPTX_Download file-access # 1767=PVS-SMB_Client_PPS_Download file-access # 1768=PVS-SMB_Client_TXT_Download file-access # 1769=PVS-SMB_Client_RTF_Download file-access # 1770=PVS-SMB_Client_PDF_Download file-access # 1771=PVS-SMB_Client_PST_Download file-access # 1779=PVS-SMB_Client_CSV_Download file-access # 1780=PVS-SMB_Client_SQL_Download file-access # 1781=PVS-IP_Protocol_Tracking network # 1782=PVS-SSL_Expired_Certificate_Detection network # 1785=PVS-Web_Media_XAP_Request web-access # 1786=PVS-Web_Query_Request web-access # 1787=PVS-Web_Query_Baidu_Search web-access # 1788=PVS-Web_Query_Google_Search web-access # 1789=PVS-Web_Query_Yahoo_Search web-access # 1790=PVS-Web_Query_Bing_Search web-access # 1791=PVS-Web_Query_Wikipedia_Search web-access # 1792=PVS-Web_Query_Ask web-access # 1793=PVS-Email_Attachment_Detection file-access # 1794=PVS-Dropbox_Detected file-access # 4827=PVS-Email_Attachment_EXE_Detected file-access # 4829=PVS-Email_Attachment_DOC_Detected file-access # 4830=PVS-Email_Attachment_DOCX_Detected file-access # 4834=PVS-FTP_Server_Session_Started network # 4835=PVS-Email_Attachment_MSI_Detected file-access # 4837=PVS-mDNS_Lookup dns # 4838=PVS-Email_Attachment_PDF_Detected file-access # 4839=PVS-Email_Attachment_PPS_Detected file-access # 4840=PVS-Email_Attachment_PST_Detected file-access # 4841=PVS-Email_Attachment_PPT_Detected file-access # 4842=PVS-Email_Attachment_PPTX_Detected file-access # 4843=PVS-Email_Attachment_RTF_Detected file-access # 4844=PVS-Email_Attachment_XLS_Detected file-access # 4845=PVS-Email_Attachment_XLSX_Detected file-access # 4846=PVS-Email_Attachment_VCF_Detected file-access # 4847=PVS-Email_Attachment_ZIP_Detected file-access # 4848=PVS-Credit_Card_Client_Data_Leakage_Detected data-leak # 4849=PVS-Social_Security_Number_Client_Data_Leakage_Detected data-leak # 4880=PVS-Facebook_ID_Detected social-networks # 4881=PVS-Credit_Card_Server_Data_Leakage_Detected data-leak # 4882=PVS-Social_Security_Number_Server_Data_Leakage_Detected data-leak # 4883=PVS-Facebook_Status_Update_Detected social-networks # 4884=PVS-CPE_Data_Detected network # 4885=PVS-SSH_Server_Session_Start network # 4886=PVS-SSH_Session_Start network # 4887=PVS-VNC_Session_Started network # 4888=PVS-Windows_RDP_Session_Started network # 4889=PVS-SSL_Session_Starting network # 4890=PVS-LinkedIn_Read_Email social-networks # 4891=PVS-LinkedIn_Create_Message social-networks # 4892=PVS-LinkedIn_User_Name social-networks # 4893=PVS-LinkedIn_Status_Update social-networks # 4894=PVS-LinkedIn_Profile_Update social-networks # 4895=PVS-Xbox_Live_Login web-access # 4896=PVS-Non_HTTP_Traffic_Over_Port_80 network # 4897=PVS-MetaSploit_Exploited_Machine_Detection intrusion # 4898=PVS-MetaSploit_Exploited_Machine_Detection intrusion # 4899=PVS-MetaSploit_Server_Detection intrusion # 4921=PVS-Hulu_Start_Video_Session_Detected web-access # 4922=PVS-XM_Radio_Usage_Detected web-access # 4923=PVS-Box_File_Share_Detection web-access # 4924=PVS-Box_File_Share_Detection web-access # 4925=PVS-Hotmail_User_ID_Detection web-access # 4926=PVS-BitTorrent_Protocol_Detection network # 4927=PVS-DNS_Top_Level_Domain_Queries dns # 4928=PVS-FTP_Client_Session_Started network # 4929=PVS-New_Web_Agent detected-change # 4930=PVS-DLL_File_Downloaded web-access # 4931=PVS-DLL_File_Downloaded web-access # 4932=PVS-DLL_File_Downloaded web-access # 4933=PVS-DLL_File_Downloaded web-access # 4934=PVS-Facebook_Profile_Edit social-networks # 4935=PVS-Tumblr_Photo_Uploaded web-access # 4936=PVS-Tumblr_Blog_Uploaded web-access # 4937=PVS-Iheartradio_Stream_Accessed web-access # 4938=PVS-NetFlix_Client_Detected web-access # 4939=PVS-NetFlix_User_Detected web-access # 4940=PVS-AIM_User_Detected login # 4941=PVS-Vulnerable_ActiveX_Component_Detected vulnerability # 4942=PVS-HTTP_Plaintext_Authentication web-access # 4943=PVS-GoToMyPC_Detected web-access # 4944=PVS-World_of_Warcraft_Battle web-access # 4945=PVS-PS3_Network_Login_Detected web-access # 4946=PVS-VNC_Client_Connection_Started network # 4947=PVS-Android_Market_Connection_Started web-access # 4948=PVS-PCAnywhere_Detected network # 4949=PVS-SSH_Server_Detected network # 4950=PVS-SSH_Client_Login_Detected login # 4951=PVS-Google_Music_Upload_Detected web-access # 4952=PVS-Google_Music_Upload_Detected web-access # 4953=PVS-FTP_File_Upload_Detected file-access # 4954=SSL_Cert_Summary network # 4955=PVS-New_DNS_Server_In_Use detected-change # 4956=PVS-Telnet_Account_Detected network # 4957=PVS-Hulu_Username_Detected web-access # 4958=PVS-Apple_iTunes_Detected web-access # 4959=PVS-LinkedIn_User_Name social-networks # 4960=PVS-LinkedIn_Message_Created social-networks # 4961=PVS-Facebook_Link_Detected social-networks # 4962=PVS-NetBios_Domain_Detected network # 4963=PVS-ActiveX_Dangerous_CLSIDs intrusion # 4964=PVS-WinErr_Outbound_Message error # 4965=PVS-WinErr_Messages_OS_Detected error # 4966=PVS-Email_Address_Detected network # 4967=PVS-Iheartradio_Stream_Accessed web-access # 4968=PVS-Successful_Finger_Attack intrusion # 4969=PVS-Windows_Command_Shell_As_Service intrusion # 4970=PVS-eBay_Auction web-access # 4971=PVS-Orkut_Activity social-networks # 4972=PVS-DNS_Client_Flame_Infection intrusion # 4973=PVS-HTTP_Plaintext_Authentication web-access # 4974=PVS-Facebook_Viddy_Usage social-networks # 4975=PVS-Android_App_Download web-access # 4976=PVS-New_Host_Alert detected-change # 4977=PVS-DNS_Client_Query dns # 4978=PVS-Credit_Card_Client_Data_Leakage_Detected data-leak # 4979=PVS-Social_Security_Number_Client_Data_Leakage_Detected data-leak # 4980=PVS-Credit_Card_Server_Data_Leakage_Detected data-leak # 4981=PVS-Client_Exe_Download_Detection file-access # 4982=PVS-Web_Server_Detection network # 4983=PVS-SSL_Server_Certificate_Exchange network # 4984=PVS-Red_Hat_Server_Subscription network # 4985=PVS-Red_Hat_Server_Download network # 4986=PVS-Red_Hat_Packages_Marked_For_Removal detected-change # 4987=PVS-Red_Hat_Packages_Marked_For_Installation detected-change # 4988=PVS-Red_Hat_Satellite_Client_Communication network # 4989=PVS-Web_Office_XLS_Request web-access # 4990=PVS-Database_Command_Issued database # 4991=PVS-Database_Command_Issued database # 4992=PVS-SSL_Session_Sensitive_Data network # 4993=PVS-Radius_Server_Failed_Login_Detection login-failure # 4994=PVS-mDNS_Client_Response_Detection dns # 4995=PVS-Windows_Client_Software_Download file-access # 4996=PVS-User_Authentication_Detected network # 4997=PVS-Internal_Client_Trust_Connection connection # 4998=PVS-Internal_Server_Trust_Connection connection # 4999=PVS-Credit_Card_Client_Data_Leakage_Detected_Luhn data-leak # 15000=PVS-Microsoft_Executable_Being_Served network # 15001=PVS-Outbound_External_Connections detected-change # 15002=PVS-Hulu_Username_Detected web-access # 15003=PVS-Instagram_Upload_Detected web-access # 15004=PVS-New_IPv6_Host_Alert detected-change # 15005=PVS-Apple_Jailbroken_Device_Detection_via_HTTPS network # 15006=PVS-Yahoo_Search web-access # 15007=PVS-Google_Search web-access # 15008=PVS-Bing_Search web-access # 15009=PVS-Microsoft_Metadata_Service web-access # 15010=PVS-SNMP_Client_Processes process # 15011=PVS-SSL_ECom_Session network # 15012=PVS-Flickr_Image_View_Detection social-networks # 15013=PVS-Flickr_Search_Detection social-networks # 15014=PVS-Schneider_Electric_Accutech_Failed_Authentication access-denied # 15015=PVS-Schneider_Electric_Accutech_Successful_Authentication login # 15016=PVS-ISAKMP_Client_Detection network # 15017=PVS-ISAKMP_Server_Detection network # 15018=PVS-Encapsulating_Security_Payload_Setup network # 15019=PVS-Magnet_Link_Detection network # 15020=PVS-Non_SSL_Traffic_Over_Port_443 network # 15021=PVS-Non_SSH_Over_Port_22 network # 15022=PVS-Non_FTP_Over_Port_21 network # 15023=PVS-MSN_UserID_Enumeration network # 15024=PVS-DNP3_TCP_Cold_Restart network # 15025=PVS-DNP3_TCP_Disable_Unsolicited_Messages network # 15026=PVS-DNP3_TCP_Stop_Application network # 15027=PVS-DNP3_TCP_Warm_Restart network # 15028=PVS-SCADA_MODBUS_Return_Query_Data network # 15029=PVS-SCADA_MODBUS_Restart_Communications network # 15030=PVS-SCADA_MODBUS_Force_Listen_Mode network # 15031=PVS-SCADA_MODBUS_Clear_Counters_Diagnostic_Registers network # 15032=PVS-SCADA_MODBUS_Report_Server_ID network # 15033=PVS-SCADA_MODBUS_CANopen_Protocol network # 15034=PVS-SCADA_MODBUS_Device_Identification network # 15035=PVS-DNSSEC_Client_Query dns # 15036=PVS-SSL_Certificate_Info network # 15037=PVS-RDP_Session_Started network # 15038=PVS-SSL_Error_Code_Client error # 15039=PVS-SSL_Error_Code_Server error # 15040=PVS-H248_1_User_Detection web-access # 15041=PVS-UserID_And_Password_Passed_In_Plaintext login # 15042=PVS-TCP_Session network # 15043=PVS-UserID_And_Password_Passed_In_Plaintext login # 15044=PVS-ActiveX_Control_Detection network # 15045=PVS-NTP_Client_Connection_Detection connection # 15046=PVS-Apple_Software_Listing network # 15047=PVS-Non_DNS_Traffic_Over_Port_53 network # 15048=PVS-DNS_Text_Type_Record_Detection network # 15049=PVS-DNS_TCP_Connection_Detection network # # Plugins for file /usr/thunder/daemons/plugins/tenable_pvs_admin.prm # # 9165=PVS-Admin_SSL_Accept_Error error # 9166=PVS-Admin_Printing_Reports application # 9167=PVS-Admin_Requested_Protocol_Version application # 9168=PVS-Admin_Svr_Init_Failed error # 9169=PVS-Admin_Not_Talking_NTP error # 9170=PVS-Admin_MD5_Checksum application # 9171=PVS-Admin_Receive_Or_Close_File application # 9172=PVS-Admin_Unloading_PASL_Scripts application # 9173=PVS-Admin_Reinitializing_Sessions application # 9174=PVS-Admin_Reloading_Plugins application # 9175=PVS-Admin_Plugin_Reload_Needed application # 9176=PVS-Admin_MAX_Thread_Number error # 9177=PVS-Successful_Login login # 9178=PVS-User_Logged_Out logout # 9179=PVS-Failed_Login login-failure # 9180=PVS-User_Locked_Too_Many_Attempts login-failure # # Plugins for file /usr/thunder/daemons/plugins/tenable_sc3_console.prm # # # Plugins for file /usr/thunder/daemons/plugins/tenable_sc3_logs.prm # # # Plugins for file /usr/thunder/daemons/plugins/tenable_sc4_logs.prm # # 8270=SC4-Not_Connected error # 8271=SC4-Connection_Unavailable_Nessus_PVS error # 8272=SC4-Login login # 8273=SC4-Logout logout # 8274=SC4-Repository_Modified application # 8275=SC4-LCE_Modified application # 8276=SC4-Repository_Changed application # 8277=SC4-Failed_Attempt_To_Create_Role error # 8278=SC4-Created_User application # 8279=SC4-Deleted_User application # 8280=SC4-Modified_User application # 8281=SC4-Critical_Error error # 8282=SC4-Invalid_Logon_Attempt login-failure # 8283=SC4-Scan_Proxy_Starting restart # 8284=SC4-LCE_Deleted application # 8285=SC4-LCE_Created application # 8286=SC4-Organization_Created application # 8287=SC4-Access_To_Repository_Granted application # 8289=SC4-Asset_Created application # 8290=SC4-Asset_Modified application # 8291=SC4-Database_Error error # 8292=SC4-Visibility_Changed application # 8293=SC4-Organization_Asset_Modified application # 8294=SC4-Asset_Deleted application # 8295=SC4-Repository_Created application # 8296=SC4-Repository_Added_To_Org application # 8297=SC4-Organization_Created_By_Admin application # 8298=SC4-User_Creation_Failure error # 8299=SC4-Invalid_Application_Configuration error # 8300=SC4-Organization_Name_Change application # 8301=SC4-Organization_Modified application # 8302=SC4-Signature_Missmatch error # 8303=SC4-Plugin_Update_Failed error # 8304=SC4-Asset_Field_Changed application # 8305=SC4-Asset_Share_Removed application # 8306=SC4-SSL_Connection_Error error # 8307=SC4-Not_Connected error # 8308=SC4-Finished_Upload_To_Nessus application # 8309=SC4-Started_Upload_To_Nessus application # 8310=SC4-Uploading_Files_To_Nessus application # 8311=SC4-Scan_Launched application # 8312=SC4-Receiving_File application # 8313=SC4-Successfully_Retrieved_File application # 8314=SC4-Passive_Plugins_Updated application # 8315=SC4-Restarted_Nessus_Daemon_Successfully application # 8316=SC4-Import_Beginning_PVS application # 8317=SC4-Import_Successful_PVS application # 8318=SC4-Scan_Proxy_Ready application # 8319=SC4-Nessus_Scanner_Plugins_Updated application # 8320=SC4-Passive_Scanner_Plugins_Updated application # 8321=SC4-Warning_Message error # 8322=SC4-Scan_Job_Ended application # 8323=SC4-DoScan_Warning_Message error # 8324=SC4-Critical_System_Error error # 8325=SC4-Refresh_Scanner_Status application # 8326=SC4-Nightly_Cleanup application # 8327=SC4-Passive_Plugin_Update application # 8328=SC4-Passive_Plugin_Update_Stats application # 8329=SC4-Zone_Created application # 8330=SC4-Passive_Scanner_Created application # 8331=SC4-Scanner_Created application # 8332=SC4-Plugin_Update_Stats application # 8333=SC4-Repository_Added_To_Organization application # 8334=SC4-Critical_Message error # 8335=SC4-Scan_Warning error # 8336=SC4-PVS_Plugin_Update application # 8337=SC4-Java_Missing error # 8338=SC4-Database_Or_Disk_Full error # 8339=SC4-Updating_Plugins_Scanner application # 8340=SC4-Import_From_Passive_Scanner application # 8341=SC4-Fetched_Result_File application # 8342=SC4-Import_Successful_For_Scan application # 8343=SC4-Scan_Ended application # 8344=SC4-Scan_Started application # 8345=SC4-LCE_Status_Fetched_Result_File application # 8346=SC4-Successful_Import_Of_Results_File application # 8347=SC4-Scan_Created application # 8348=SC4-Credential_Creation_Failure error # 8349=SC4-Credential_Created application # 8350=SC4-Scan_Job_Acquired_Scan application # 8351=SC4-Report_Job_Started application # 8352=SC4-Report_Job_Acquired_Report application # 8353=SC4-Report_Job_Has_Ended application # 8354=SC4-Database_Error error # 8355=SC4-Expire_Accepted_Risk application # 8356=SC4-Scanner_Details_Error error # 8357=SC4-No_Usable_Scanners_In_Zone application # 8358=SC4-Report_Created application # 8359=SC4-Database_Locked error # 8360=SC4-synchronize_Of_Repository_Started application # 8361=SC4-Synchronize_Of_Repository_Failed error # 8362=SC4-Failure_To_Create_Policy error # 8363=SC4-Ignoring_Preference_In_Plugin application # 8364=SC4-Synchronize_Of_Repository_Finished application # 8365=SC4-Scan_Stopping application # 8366=SC4-Scan_Database_Error error # 8367=SC4-Organization_Field_Changed application # 8368=SC4-No_Valid_Recipients_Found application # 8369=SC4-Sending_Signal_To_Scan application # 8370=SC4-Scan_Job_Stop_Action_Discard application # 8371=SC4-Scanner_Field_Has_Changed application # 8372=SC4-Iplist_Has_Changed application # 8373=SC4-Deleted_Opganization_SSH_Credentials application # 8374=SC4-Mobile_Scan_Updating_Repository application # 8375=SC4-Repository_Trending_Snapshots_Completed application # 8376=SC4-ImportMobile_Job_Starting application # 8377=SC4-ImportMobile_Job_Completed application # 8378=SC4-Signatures_Pushed application # 8379=SC4-Feed_Update_Started application # 8380=SC4-Unable_To_Add_Policy_To_Scanner error # 8381=SC4-Pushed_Correlated_From_Repository application # 8382=SC4-Feed_Update_Ended application # 8383=SC4-LCE_Plugin_Update_Ended application # 8384=SC4-Scan_Stop_Import application # 8385=SC4-Plugin_Update_Ended application # 8386=SC4-LCE_Plugin_Update_Started application # 8387=SC4-Plugin_Update_Started application # 8388=SC4-Attempted_To_Create_Report error # 8389=SC4-Error_Adding_Email_Target error # # Plugins for file /usr/thunder/daemons/plugins/tenable_stats.prm # # 11000=Statistics-Connection_Reception_Minor_Anomaly stats # 11001=Statistics-Connection_Reception_Large_Anomaly stats # 11002=Statistics-Connection_Reception_Medium_Anomaly stats # 11003=Statistics-Connection_Reception_Anomaly stats # 11004=Statistics-DNS_Minor_Anomaly stats # 11005=Statistics-DNS_Anomaly stats # 11006=Statistics-DNS_Medium_Anomaly stats # 11007=Statistics-DNS_Large_Anomaly stats # 11008=Statistics-Database_Minor_Anomaly stats # 11009=Statistics-Database_Anomaly stats # 11010=Statistics-Database_Medium_Anomaly stats # 11011=Statistics-Database_Large_Anomaly stats # 11012=Statistics-Restart_Minor_Anomaly stats # 11013=Statistics-Restart_Anomaly stats # 11014=Statistics-Restart_Medium_Anomaly stats # 11015=Statistics-Restart_Large_Anomaly stats # 11020=Statistics-Threatlist_Minor_Anomaly stats # 11021=Statistics-Threatlist_Anomaly stats # 11022=Statistics-Threatlist_Medium_Anomaly stats # 11023=Statistics-Threatlist_Large_Anomaly stats # 11036=Statistics-Vulnerability_Minor_Anomaly stats # 11037=Statistics-Vulnerability_Anomaly stats # 11038=Statistics-Vulnerability_Medium_Anomaly stats # 11039=Statistics-Vulnerability_Large_Anomaly stats # 11044=Statistics-Virus_Minor_Anomaly stats # 11045=Statistics-Virus_Anomaly stats # 11046=Statistics-Virus_Medium_Anomaly stats # 11047=Statistics-Virus_Large_Anomaly stats # 11048=Statistics-Firewall_Minor_Anomaly stats # 11049=Statistics-Firewall_Anomaly stats # 11050=Statistics-Firewall_Medium_Anomaly stats # 11051=Statistics-Firewall_Large_Anomaly stats # 11052=Statistics-Scanning_Minor_Anomaly stats # 11053=Statistics-Scanning_Anomaly stats # 11054=Statistics-Scanning_Medium_Anomaly stats # 11055=Statistics-Scanning_Large_Anomaly stats # 11084=Statistics-SPAM_Minor_Anomaly stats # 11085=Statistics-SPAM_Anomaly stats # 11086=Statistics-SPAM_Medium_Anomaly stats # 11087=Statistics-SPAM_Large_Anomaly stats # 11088=Statistics-Application_Minor_Anomaly stats # 11089=Statistics-Application_Anomaly stats # 11090=Statistics-Application_Medium_Anomaly stats # 11091=Statistics-Application_Large_Anomaly stats # 11099=Statistics-Nessus_Large_Anomaly stats # 11100=Statistics-System_Minor_Anomaly stats # 11101=Statistics-System_Anomaly stats # 11102=Statistics-System_Medium_Anomaly stats # 11103=Statistics-System_Large_Anomaly stats # 11112=Statistics-Connection_Minor_Anomaly stats # 11113=Statistics-Connection_Anomaly stats # 11114=Statistics-Connection_Medium_Anomaly stats # 11115=Statistics-Connection_Large_Anomaly stats # 11116=Statistics-Compliance_Minor_Anomaly stats # 11117=Statistics-Compliance_Anomaly stats # 11118=Statistics-Compliance_Medium_Anomaly stats # 11119=Statistics-Compliance_Large_Anomaly stats # 11124=Statistics-Honeypot_Minor_Anomaly stats # 11125=Statistics-Honeypot_Anomaly stats # 11126=Statistics-Honeypot_Medium_Anomaly stats # 11127=Statistics-Honeypot_Large_Anomaly stats # 11132=Statistics-Logout_Minor_Anomaly stats # 11133=Statistics-Logout_Anomaly stats # 11134=Statistics-Logout_Medium_Anomaly stats # 11135=Statistics-Logout_Large_Anomaly stats # 11144=Statistics-Error_Minor_Anomaly stats # 11145=Statistics-Error_Anomaly stats # 11146=Statistics-Error_Medium_Anomaly stats # 11147=Statistics-Error_Large_Anomaly stats # 11148=Statistics-Network_Minor_Anomaly stats # 11149=Statistics-Network_Anomaly stats # 11150=Statistics-Network_Medium_Anomaly stats # 11151=Statistics-Network_Large_Anomaly stats # 11152=Statistics-Login_Failure_Minor_Anomaly stats # 11153=Statistics-Login_Failure_Anomaly stats # 11154=Statistics-Login_Failure_Medium_Anomaly stats # 11155=Statistics-Login_Failure_Large_Anomaly stats # 11156=Statistics-LCE-Agent_Minor_Anomaly stats # 11157=Statistics-LCE-Agent_Anomaly stats # 11158=Statistics-LCE-Agent_Medium_Anomaly stats # 11159=Statistics-LCE-Agent_Large_Anomaly stats # 11160=Statistics-Login_Minor_Anomaly stats # 11161=Statistics-Login_Anomaly stats # 11162=Statistics-Login_Medium_Anomaly stats # 11163=Statistics-Login_Large_Anomaly stats # 11164=Statistics-Intrusion_Minor_Anomaly stats # 11165=Statistics-Intrusion_Anomaly stats # 11166=Statistics-Intrusion_Medium_Anomaly stats # 11167=Statistics-Intrusion_Large_Anomaly stats # 11168=Statistics-Detected_Change_Minor_Anomaly stats # 11169=Statistics-Detected_Change_Anomaly stats # 11170=Statistics-Detected_Change_Medium_Anomaly stats # 11171=Statistics-Detected_Change_Large_Anomaly stats # 11172=Statistics-DHCP_Minor_Anomaly stats # 11173=Statistics-DHCP_Anomaly stats # 11174=Statistics-DHCP_Medium_Anomaly stats # 11175=Statistics-DHCP_Large_Anomaly stats # 11176=Statistics-Web_Access_Minor_Anomaly stats # 11177=Statistics-Web_Access_Anomaly stats # 11178=Statistics-Web_Access_Medium_Anomaly stats # 11179=Statistics-Web_Access_Large_Anomaly stats # 11184=Statistics-Access_Denied_Minor_Anomaly stats # 11185=Statistics-Access_Denied_Anomaly stats # 11186=Statistics-Access_Denied_Medium_Anomaly stats # 11187=Statistics-Access_Denied_Large_Anomaly stats # 11188=Statistics-File_Access_Minor_Anomaly stats # 11189=Statistics-File_Access_Anomaly stats # 11190=Statistics-File_Access_Medium_Anomaly stats # 11191=Statistics-File_Access_Large_Anomaly stats # 11192=Statistics-USB_Minor_Anomaly stats # 11193=Statistics-USB_Anomaly stats # 11194=Statistics-USB_Medium_Anomaly stats # 11195=Statistics-USB_Large_Anomaly stats # 11196=Statistics-Process_Minor_Anomaly stats # 11197=Statistics-Process_Anomaly stats # 11198=Statistics-Process_Medium_Anomaly stats # 11199=Statistics-Process_Large_Anomaly stats # 11200=Statistics-Web_Error_Minor_Anomaly stats # 11201=Statistics-Web_Error_Anomaly stats # 11202=Statistics-Web_Error_Medium_Anomaly stats # 11203=Statistics-Web_Error_Large_Anomaly stats # 11204=Statistics-Continuous_Minor_Anomaly stats # 11205=Statistics-Continuous_Anomaly stats # 11206=Statistics-Continuous_Medium_Anomaly stats # 11207=Statistics-Continuous_Large_Anomaly stats # 11208=Statistics-Social_Networks_Minor_Anomaly stats # 11209=Statistics-Social_Networks_Anomaly stats # 11210=Statistics-Social_Networks_Medium_Anomaly stats # 11211=Statistics-Social_Networks_Large_Anomaly stats # 11212=Statistics-PVS-Network_Minor_Anomaly stats # 11213=Statistics-PVS-Network_Anomaly stats # 11214=Statistics-PVS-Network_Medium_Anomaly stats # 11215=Statistics-PVS-Network_Large_Anomaly stats # 11216=Statistics-NeverBeforeSeen_Minor_Anomaly stats # 11217=Statistics-NeverBeforeSeen_Anomaly stats # 11218=Statistics-NeverBeforeSeen_Medium_Anomaly stats # 11219=Statistics-NeverBeforeSeen_Large_Anomaly stats # 11220=Statistics-Internal_Connection_Minor_Anomaly stats # 11221=Statistics-Internal_Connection_Anomaly stats # 11222=Statistics-Internal_Connection_Medium_Anomaly stats # 11223=Statistics-Internal_Connection_Large_Anomaly stats # 11224=Statistics-Connection_Initiation_Minor_Anomaly stats # 11225=Statistics-Connection_Initiation_Anomaly stats # 11226=Statistics-Connection_Initiation_Medium_Anomaly stats # 11227=Statistics-Connection_Initiation_Large_Anomaly stats # 11228=Statistics-Outbound_Connection_Minor_Anomaly stats # 11229=Statistics-Outbound_Connection_Anomaly stats # 11230=Statistics-Outbound_Connection_Medium_Anomaly stats # 11231=Statistics-Outbound_Connection_Large_Anomaly stats # 11232=Statistics-Inbound_Connection_Minor_Anomaly stats # 11233=Statistics-Inbound_Connection_Anomaly stats # 11234=Statistics-Inbound_Connection_Medium_Anomaly stats # 11235=Statistics-Inbound_Connection_Large_Anomaly stats # 11236=Statistics-Unnormalized_Minor_Anomaly stats # 11237=Statistics-Unnormalized_Anomaly stats # 11238=Statistics-Unnormalized_Medium_Anomaly stats # 11239=Statistics-Unnormalized_Large_Anomaly stats # 11240=Statistics-Unnormalized_Minor_Anomaly stats # 11241=Statistics-Unnormalized_Anomaly stats # 11242=Statistics-Unnormalized_Medium_Anomaly stats # 11243=Statistics-Unnormalized_Large_Anomaly stats # # Plugins for file /usr/thunder/daemons/plugins/threat_ms_applocker.prm # # 14680=AppLocker-Policy_Conversion_Error error # 14681=AppLocker-Policy_Applied application # 14682=AppLocker-Allowed application # 14683=AppLocker-Allowed_Not_Prevented application # 14684=AppLocker-Prevented access-denied # 14685=AppLocker-Disabled application # 14686=AppLocker-App_Allowed application # 14687=AppLocker-App_Audited application # 14688=AppLocker-App_Disabled application # 14689=AppLocker-App_Install_Allowed application # 14690=AppLocker-App_Install_Audited application # 14691=AppLocker-App_Install_Disabled application # 14692=AppLocker-Rule_Not_Configured application # # Plugins for file /usr/thunder/daemons/plugins/threat_ms_emet.prm # # 14750=Windows-EMET_Configuraton_Certificate application # 14751=Windows-EMET_Configuraton_System application # 14752=Windows-EMET_Configuraton_Application application # 14753=Windows-EMET_Exe_Removed_From_Application_List application # 14754=Windows-EMET_Exe_Added_To_Application_List application # 14755=Windows-EMET_Detected_Mitigation access-denied # 14756=Windows-EMET_Cannot_Restart application # 14757=Windows-EMET_Warning_Certificate application # # Plugins for file /usr/thunder/daemons/plugins/threat_ms_sysmon.prm # # 14780=Sysmon-Process_Created process # 14781=Sysmon-File_Creation_Time_Changed system # 14782=Sysmon-UDP_Connection connection # 14783=Sysmon-TCP_Connection connection # 14784=Sysmon-Service_State_Changed system # 14785=Sysmon-Process_Terminated system # 14786=Sysmon-Driver_Loaded system # 14787=Sysmon-Image_Loaded system # 14788=Sysmon-Error error # 14789=Sysmon-Create_Remote_Thread_Detected process # 14790=Sysmon-TCP_Connection connection # # Plugins for file /usr/thunder/daemons/plugins/thunder_compromise.prm # # # Plugins for file /usr/thunder/daemons/plugins/thunder_generic.prm # # # Plugins for file /usr/thunder/daemons/plugins/thunder_network.prm # # # Plugins for file /usr/thunder/daemons/plugins/thunder_spikes.prm # # # Plugins for file /usr/thunder/daemons/plugins/thycotic.prm # # 12305=Thycotic-Event_Due_To_Expire system # 12306=Thycotic-Heartbeat system # 12307=Thycotic-Information_Message system # 12308=Thycotic-User_Login login # 12309=Thycotic-User_Logout logout # 12310=Thycotic-Event_Expired system # 12311=Thycotic-View application # 12312=Thycotic-User_Login_Failed login-failure # 12313=Thycotic-Scan_Failed error # 12314=Thycotic-Windows_Discovery_Failed access-denied # 12315=Thycotic-User_Login_Failed login-failure # 12316=Thycotic-Pool_Discovery_Failed access-denied # 12317=Thycotic-User_Login_Failed login-failure # 12318=Thycotic-Scheduled_Task_Discovery_Failed access-denied # 12319=Thycotic-User_Credentials_Cannot_Be_Used access-denied # 12320=Thycotic-Background_Thread_Terminating application # 12321=Thycotic-Expired_Secret_Monitor application # 12322=Thycotic-CheckOut_Monitor_Exception application # 12323=Thycotic-Invalid_Operation_Exception error # 12324=Thycotic-Password_Copied application # 12325=Thycotic-Password_Displayed application # 12326=Thycotic-Launch application # 12327=Thycotic-User_Login login # 12328=Thycotic-User_Logout logout # 12329=Thycotic-Edit application # 12330=Thycotic-Viewed_Edit application # 12331=Thycotic-Removed_From_Role application # 12332=Thycotic-Invalid_Viewstate error # 12333=Thycotic-Permissions_Edited application # 12334=Thycotic-User_added_To_Group application # 12335=Thycotic-Create application # 12336=Thycotic-Copy application # 12337=Thycotic-Delete application # 12338=Thycotic-View application # 12339=Thycotic-Heartbeat_Failure error # 12340=Thycotic-Pool_Discovery_Error error # 12341=Thycotic-Discovery_Scheduled_Task_Error error # 12342=Thycotic-Discovery_Windows_Services_Error error # # Plugins for file /usr/thunder/daemons/plugins/tlsproxy.prm # # 14515=Tlsproxy_Closing_Server_Socket application # 14516=Tlsproxy_Closing_Client_Socket application # 14517=Tlsproxy_SSL_Error error # # Plugins for file /usr/thunder/daemons/plugins/ups.prm # # 131=UPS-On_Battery_Power system # 132=UPS-Battery_Power_Low system # 133=UPS-Battery_Is_Charging system # 134=UPS-System_No_Longer_On_Backup_Battery system # 135=UPS-Battery_Too_Low_To_Support_load system # 136=UPS-Switced_To_Battery_Backup system # 137=UPS-Low_Battery_Resolved system # 138=UPS-Output_Power_Turned_On system # 139=UPS-Output_Power_Turned_Off system # 140=UPS-Batteries_Discharged system # 141=UPS-Returned_From_Backup_Power system # 142=UPS-Returned_From_Low_Battery system # 143=UPS-Backup_To_Battery_Power system # 144=UPS-Backup_To_AC_Utility_Power system # 12590=UPS-Backup_To_Battery_Power_Overvoltage system # 12591=UPS-Backup_To_Battery_Power_Undervoltage system # 12592=UPS-Backup_To_Battery_Power_Electrical_Noise system # 12593=UPS-PowerEvent_Handled_By_Service system # # Plugins for file /usr/thunder/daemons/plugins/virus_clamav.prm # # 300=ClamAV-Virus_Detected virus # 301=ClamAV-Phishing_Attempt_Detected spam # 302=ClamAV-Trojan_Detected virus # 303=ClamAV-Exploit_Detected virus # 304=ClamAV-Worm_Detected virus # 305=ClamAV-Adware_Detected spam # 307=ClamAV-Spam_Detected spam # 308=ClamAV-Phishing_Attempt_Detected spam # 309=ClamAV-New_Signatures application # 320=ClamAV-Engine_Outdated error # 321=ClamAV-Engine_Outdated error # 322=ClamAV-New_Signatures application # # Plugins for file /usr/thunder/daemons/plugins/virus_countertack.prm # # 14160=CounterTack_Process_Create application # 14161=CounterTack_Thread_Create application # 14162=CounterTack_Memory_Protect application # 14163=CounterTack_Process_Terminate application # 14164=CounterTack_Registry_Read application # 14165=CounterTack_File_Create application # 14166=CounterTack_Registry_Overwrite application # 14167=CounterTack_File_Write application # 14168=CounterTack_Registry_Create application # 14169=CounterTack_Thread_Resume application # 14170=CounterTack_File_Delete application # 14171=CounterTack_File_Read application # # Plugins for file /usr/thunder/daemons/plugins/virus_eTrust.prm # # 3080=eTrust-Virus_Warning virus # 3081=eTrust-Virus_Information application # 3082=eTrust-Virus_Detected virus # # Plugins for file /usr/thunder/daemons/plugins/virus_mcafee.prm # # 5470=McAfee-Blocked_By_Anti_Virus_Standard_Protection virus # 5471=McAfee-Blocked_By_Common_Standard_Protection virus # 5472=McAfee-Blocked_By_Common_Maximum_Protection virus # 5473=McAfee-Blocked_By_Anti-Virus_Maximum_Protection virus # 5474=McAfee-Warn_Mode_Would_Be_Blocked virus # 5475=McAfee-File_Was_Infected virus # 5476=McAfee-File_Is_Infected virus # 5477=McAfee-Blocked_By_Port firewall # 5478=McAfee-Blocked_By_Buffer_Overflow intrusion # 5479=McAfee-Scan_Version application # 5490=McAfee-Connect_407 web-access # 5491=McAfee-Connect_200 web-access # 5492=McAfee-Get_200 web-access # 5493=McAfee-Get_407 web-access # 5494=McAfee-Post_200 web-access # 5495=McAfee-Connect_200_Minimal_Risk web-access # 5496=McAfee-Connect_200_Unverified web-access # 5497=McAfee-Get_200_Unverified web-access # 5498=McAfee-Get_200_Minimal_Risk web-access # 5499=McAfee-Post_200_Unverified web-access # 5500=McAfee-Post_200_Minimal_Risk web-access # # Plugins for file /usr/thunder/daemons/plugins/virus_mcafee_alt.prm # # 8120=McAfee-Blocked_By_Access_Protection_Rule firewall # 8121=McAfee-Blocked_By_Port_Rule_Warn firewall # # Plugins for file /usr/thunder/daemons/plugins/virus_sophos.prm # # 1650=Sophos-Suspicious_Email_Extension virus # 1651=Sophos-Email_Quarantined virus # 1652=Sophos-Restricted_Attachment_Type virus # 1653=Sophos-Encrypted_Attachment application # 1654=Sophos-Suspicious_File virus # 1655=Sophos-Adware_PUA virus # 1656=Sophos-Adware_PUA_Blocked virus # 1657=Sophos-Viruses_Spyware_Cleaned virus # 1658=Sophos-Viruses_Spyware_Blocked virus # 1659=Sophos-Viruses_Spyware_No_Action virus # 1660=Sophos-Adware_PUA_Cleaned virus # 1661=Sophos-Adware_PUA_No_Action virus # 1662=Sophos-Suspicious_Behavior_Resolved virus # 1663=Sophos-Virus_Spyware_Not_Present virus # 1664=Sophos-Suspicious_Behavior_Not_Cleanable virus # 1665=Sophos-Adware_PUA_Resolved_Acknowledged virus # 1666=Sophos-Viruses_Spyware_Resolved_Acknowledged virus # 1667=Sophos-Viruses_Spyware_Resolved_Cleared virus # 1668=Sophos-Viruses_Spyware_Blocked virus # 1669=Sophos-Viruses_Spyware_Resolved_Acknowledged virus # 1670=Sophos-Viruses_Spyware_Partly_Removed_Restart virus # 1671=Sophos-Viruses_Spyware_Deleted virus # 1672=Sophos-Viruses_Spyware_Unknown virus # 1673=Sophos-Suspicious_Behavior_Resolved virus # 1674=Sophos-Adware_PUA_Not_Present virus # 1675=Sophos-Adware_PUA_Authorized virus # 1679=Sophos-Suspicious_Behavior_Not_Present virus # 1680=Sophos-Adware_PUA_No_Action virus # 1681=Sophos-Viruses_Spyware virus # 1682=Sophos-On_Access_Scanner_Blocked access-denied # 1683=Sophos-Scanning_Cleaned_Up_Files virus # 1684=Sophos-Scanning_Stopped error # 1685=Sophos-Viruses_Spyware_Removed virus # 1686=Sophos-Scanning_Could_Not_Access_File error # 1687=Sophos-Scanning_Interface_Error error # 1688=Sophos-Scanning_Interface_Error error # 1689=Sophos-Web_Filtering_Blocked virus # 1690=Sophos-Web_Browser_Cleaned_Up_Item virus # 1691=Sophos-Application_Control_Access_No_Action application # 14900=Sophos-Device_Control_Alert_Only application # 14901=Sophos-Firewall_Blocked_Incoming_TCP firewall # 14902=Sophos-Firewall_Blocked_Incoming_UDP firewall # 14903=Sophos-Firewall_Blocked_Outgoing_UDP firewall # 14904=Sophos-Firewall_Blocked_Outgoing_TCP firewall # 14905=Sophos-Tamper_Protection_Successful_Authentication application # 14906=Sophos-Threat_Instance_Detected_Virus_Spyware application # 14907=Sophos-Web_Access_Blocked web-error # 14908=Sophos-Web_Access_Warning web-error # 14909=Sophos-Web_Access_No_Action web-error # # Plugins for file /usr/thunder/daemons/plugins/virus_symantec.prm # # 3061=Symantec-Virus_Errors error # 3062=Symantec-Virus_Information application # 3063=Symantec-Virus_Central_Quarantine virus # 3065=Symantec-IcePack_ShutDown restart # 3066=Symantec-IcePack_Started restart # 3067=Symantec-Disk_Space_Warning error # 3068=Symantec-Central_Quarantine_Started restart # 3069=Symantec-IcePack_Stopped restart # 3070=Symantec-Quarantine_Service_Stopped restart # 3071=Symantec-Virus_Cleaned_By_Deletion virus # 3072=Symantec-Virus_Warning virus # # Plugins for file /usr/thunder/daemons/plugins/virus_symantec_endpoint.prm # # 7956=Symantec-Endpoint_File_Not_Found error # 7957=Symantec-Endpoint_Computer_Moved detected-change # 7958=Symantec-Endpoint_Computer_Deleted detected-change # 7959=Symantec-Endpoint_Logon login # 7960=Symantec-Endpoint_Logout logout # 7961=Symantec-Endpoint_Policy_Edited detected-change # 7962=Symantec-Endpoint_Policy_Added detected-change # 7963=Symantec-Endpoint_Policy_Deleted detected-change # 7964=Symantec-Endpoint_Logon_Failed login-failure # 7965=Symantec-Endpoint_Unexpected_Error error # 7966=Symantec-Endpoint_LDAP_Error error # 7967=Symantec-Endpoint_Exported_Package application # 7968=Symantec-Endpoint_Heuristic_Risk_Sample virus # 7969=Symantec-Endpoint_Allow_Rule_Executed application # 7970=Symantec-Endpoint_Link_Failed_Server_Contact application # 7972=Symantec-Endpoint_Inbound_Traffic_Allowed connection # 7973=Symantec-Endpoint_Inbound_Traffic_Allowed connection # 7974=Symantec-Endpoint_Outbound_Traffic_Allowed connection # 7975=Symantec-Endpoint_Outbound_Traffic_Allowed connection # 7976=Symantec-Endpoint_Content_Downloaded application # 7977=Symantec-Endpoint_Client_Log_Received application # 7978=Symantec-Endpoint_Client_Reconnected application # 7979=Symantec-Endpoint_Intrusion_Prevention_Disabled application # 7980=Symantec-Endpoint_Download_Failed error # 7981=Symantec-Endpoint_Not_Protected_Driver_Unloaded application # 7982=Symantec-Endpoint_Unable_To_Download_Policy application # 7983=Symantec-Endpoint_Restored_Disabled application # 7984=Symantec-Endpoint_Whitelist_Update_Failed error # 7985=Symantec-Endpoint_Communication_Failure error # 7986=Symantec-Endpoint_Definition_Failure error # 7987=Symantec-Endpoint_Submit_To_Symantec_Failed error # 7988=Symantec-Endpoint_LiveUpdate_Failure error # 7989=Symantec-Endpoint_Scan_Stats application # 7990=Symantec-Endpoint_Virus_Found virus # 7991=Symantec-Endpoint_Security_Risk_Found virus # 7992=Symantec-Endpoint_Client_Registered application # 7993=Symantec-Endpoint_Policy_Downloaded application # 7994=Symantec-Endpoint_User_Blocked firewall # 7995=Symantec-Endpoint_Package_Failed_Unzip error # 7996=Symantec-Endpoint_Security_Risk_Details_Pending virus # 7997=Symantec-Endpoint_Security_Risk_Quarantined virus # 7998=Symantec-Endpoint_Security_Risk_Left_Alone virus # 7999=Symantec-Endpoint_Security_Risk_Access_Denied virus # 28000=Symantec-Endpoint_Security_Risk_Moved_Back virus # 28001=Symantec-Endpoint_Security_Risk_Cleaned_By_Deletion virus # 28002=Symantec-Endpoint_Security_Risk_All_Actions_Failed virus # 28003=Symantec-Endpoint_Security_Risk_Partially_Repaired virus # 28004=Symantec-Endpoint_Security_Risk_No_Repair_Available virus # 28005=Symantec-Endpoint_Security_Risk_Deleted virus # 28006=Symantec-Endpoint_Virus_Deleted virus # 28007=Symantec-Endpoint_Virus_Quarantined virus # 28008=Symantec-Endpoint_Virus_Details_Pending virus # 28009=Symantec-Endpoint_Virus_Left_Alone virus # 28010=Symantec-Endpoint_Virus_Access_Denied virus # 28011=Symantec-Endpoint_Virus_Moved_Back virus # 28012=Symantec-Endpoint_Virus_Cleaned_By_Deletion virus # 28013=Symantec-Endpoint_Virus_All_Actions_Failed virus # 28014=Symantec-Endpoint_Virus_Partially_Repaired virus # 28015=Symantec-Endpoint_Virus_No_Repair_Available virus # 28016=Symantec-Endpoint_Inbound_Traffic_Blocked firewall # 28017=Symantec-Endpoint_Outbound_Traffic_Blocked firewall # 28018=Symantec-Endpoint_Outbound_Traffic_Blocked firewall # 28019=Symantec-Smc_Connected_To_Protection_Manager application # 28020=Symantec-Smc_Disconnected_To_Protection_Manager application # 28021=Symantec-Revocation_Data_Successfully_Installed application # 28022=Symantec-New_Content_Update_Successful application # 28023=Symantec-LiveUpdate_Skipped application # 28024=Symantec-Information_Submitted_To_Symantec application # 28025=Symantec-No_Updates_Found application # 28026=Symantec-Logs_Swept application # 28027=Symantec-Protection_Already_Has_Policy application # 28028=Symantec-Updates_Successful application # 28029=Symantec-User_Attempt_Client_Termination application # 28030=Symantec-Managemnt_Client_Started_Stopped application # 28031=Symantec-Threat_and_Prevention_Products_Enabled application # 28032=Symantec-Endpoint_Protection_Services_Startup application # 28033=Symantec-Endpoint_Protection_Services_Shutdown application # 28034=Symantec-New_Virus_Definitions_Loaded application # 28035=Symantec-Endpoint_Protection_Version_Information application # 28036=Symantec-Endpoint_Protection_File_Blocked firewall # 28037=Symantec-Application_Device_Control_Ready application # 28038=Symantec-LiveUpdate_Messages application # 28039=Symantec-Client_Downloaded_Issued_Command application # 28040=Symantec-Luall_Messages application # 28041=Symantec-Browser_Intrusion_Prevention_Malfunctioning error # 28042=Symantec-Reputation_Check_Timed_Out error # 28043=Symantec-IPS_Inbound_TCP_Attack_Blocked intrusion # 28044=Symantec-IPS_Outbound_TCP_Attack_Blocked intrusion # 28045=Symantec-IPS_Inbound_Non_TCP_Attack_Blocked intrusion # # Plugins for file /usr/thunder/daemons/plugins/virus_trendmicro.prm # # 3051=TrendMicro-Virus_Detected virus # 3052=TrendMicro-Outbreak_Detected virus # 23053=TrendMicro-Virus_Malware virus # 23054=TrendMicro-Virus_Malware_Scan_Failure virus # 3962=TrendMicroDeepDiscovery-MySQL_login login # 3963=TrendMicroDeepDiscovery-Multiple_Login_Failures login-failure # 3964=TrendMicroDeepDiscovery-DNS_Response_Malware virus # 3965=TrendMicroDeepDiscovery-Application_Protocol application # 3966=TrendMicroDeepDiscovery-Suspicious_URL web-access # # Plugins for file /usr/thunder/daemons/plugins/virus_windefender.prm # # 310=Windows-Defender_Has_Detected_Changes detected-change # 311=Windows-Defender_Has_Taken_Action virus # 312=Windows-Defender_Engine_Updated application # 313=Windows-Defender_Signatures_Updated application # 314=Windows-Defender_Scan_Started application # 315=Windows-Defender_Scan_Finished application # # Plugins for file /usr/thunder/daemons/plugins/vmware.prm # # 13850=VMWARE-Machine_Added application # 13851=VMWARE-Machine_Powered_On application # 13852=VMWARE-Machine_Removed_From_Inventory application # 13853=VMWARE-Login login # 13854=VMWARE-Login login # 13855=VMWARE-Defragmentation_Started application # 13856=VMWARE-Defragmentation_Completed application # 13857=VMWARE-VMTools_Started application # 13858=VMWARE-VMUpgradeHelper application # 13859=VMWARE-Freeze_Started application # 13860=VMWARE-VMotioned application # 13861=VMWARE-ESXi_VM_Removed application # 13862=VMWARE-ESXi_State_Transition application # 13863=VMWARE-ESXi_PowerOn_request application # 13864=VMWARE-ESXi_PowerOff_request application # 13865=VMWARE-ESXi_Destroy_VM_Complete application # 13866=VMWARE-ESXi_Firewall_Change detected-change # 13867=VMWARE-ESXi_Shell_Commands_Entered application # 13868=VMWARE-ESXi_Server_Version application # 13869=VMWARE-VMTools_Message application # 13870=VMWARE-Failed_Login login-failure # 13871=VShieldEdge-Blocked_UDP_Connection firewall # 13872=VShieldEdge-Allowed_UDP_Connection connection # 13873=VShieldEdge-Allowed_ICMP_Connection connection # 13874=VShieldEdge-Blocked_ICMP_Connection firewall # 13875=VShieldEdge-Blocked_TCP_Connection firewall # 13876=VShieldEdge-Allowed_TCP_Connection connection # 13877=VShieldEdge-Failed_Login login-failure # # Plugins for file /usr/thunder/daemons/plugins/voip_asterisk.prm # # 11540=Asterisk-Username_Mismatch login-failure # 11541=Asterisk-Wrong_Password login-failure # 11542=Asterisk-Notice error # 11543=Asterisk-Error error # 11544=Asterisk-Warning error # 11545=Asterisk-Authentication_Failure login-failure # # Plugins for file /usr/thunder/daemons/plugins/vpn_cisco_client.prm # # 9720=Cisco-VPN_Client_Debug_Messages system # 9722=Cisco-VPN_Client_Error error # 9723=Cisco-VPN_Client_GUI_Started application # 9724=Cisco-VPN_Message_Translation_Catalog application # 9725=Cisco-VPN_Service_Available application # 9726=Cisco-VPN_Event_Detection_Implemented application # 9727=Cisco-VPN_Settings application # 9728=Cisco-VPN_Network_Type_Undefined application # 9729=Cisco-VPN_TLV_Error_No_Attribute application # 9730=Cisco-VPN_API_Initializing application # 9731=Cisco-VPN_Master_Agent_Connection_Started application # 9732=Cisco-VPN_Client_Attached application # 9733=Cisco-VPN_Line_Disconnected application # 9734=Cisco-VPN_Preferences_Updated application # 9735=Cisco-VPN_Parsed_File_Newer application # 9736=Cisco-VPN_Client_Error error # 9737=Cisco-VPN_Profile_Added application # 9738=Cisco-VPN_Network_Interface_Down application # 9739=Cisco-VPN_Network_Interface_Detected application # 9740=Cisco-VPN_Clients_Address_Set application # 9741=Cisco-VPN_Secure_Gateway_Accessible application # 9742=Cisco-VPN_No_Network_Interface application # 9743=Cisco-VPN_Current_Settings application # 9744=Cisco-VPN_Vpngina_Messages application # 9745=Cisco-VPN_Client_Started application # 9746=Cisco-VPN_Client_Connection_Established application # 9747=Cisco-VPN_Network_Accessible application # 9748=Cisco-VPN_AlwaysOn_Preferences application # 9749=Cisco-VPN_No_Secure_Gateway_Hosts application # 9750=Cisco-VPN_Client_Statistics application # 9751=Cisco-VPN_Client_Ready_To_Connect application # 9752=Cisco-VPN_Client_Shutdown application # 9753=Cisco-VPN_Client_Exiting application # 9754=Cisco-VPN_Error_Message error # 9755=Cisco-VPN_Error_Message error # 9756=Cisco-VPN_No_VPN_Config error # 9757=Cisco-VPN_Acwebsecagent_Message application # 9758=Cisco-VPN_No_Secure_Gateway_Found application # 9759=Cisco-VPN_Getting_Ipv4_Route_Table application # 9760=Cisco-VPN_Getting_IP_Address_Interface_lIST application # 9761=Cisco-VPN_No_Interface_Available application # 9762=Cisco-VPN_Incomplete_Probe_Count application # 9763=Cisco-VPN_Network_Accessible application # 9764=Cisco-VPN_Public_Address_Set application # # Plugins for file /usr/thunder/daemons/plugins/vpn_cisco_concentrator.prm # # 2101=Cisco-VPN_Concentrator_IKE_Peer system # 2102=Cisco-VPN_Concentrator_Dropping_Packet firewall # 2103=Cisco-VPN_Concentrator_User_Authenticated login # 2104=Cisco-VPN_Concentrator_User_Client_Type connection # 2105=Cisco-VPN_Concentrator_User_Connected connection # 2106=Cisco-VPN_Concentrator_Phase_1_Completed system # 2107=Cisco-VPN_Concentrator_Received_Remote_Proxy system # 2108=Cisco-VPN_Concentrator_Received_Local_IP_Proxy system # 2109=Cisco-VPN_Concentrator_IKE_Remote_Peer system # 2110=Cisco-VPN_Concentrator_Overriding_Initiator_Duration system # 2111=Cisco-VPN_Concentrator_Negotiation_Complete login # 2112=Cisco-VPN_Concentrator_Phase_2_Complete system # 2113=Cisco-VPN_Concentrator_Time_Sync_Failure error # 2114=Cisco-VPN_Concentrator_Connection_Terminated system # 2115=Cisco-VPN_Concentrator_IKE_Delete system # 2116=Cisco-VPN_Concentrator_Disconnect_Session logout # 2117=Cisco-VPN_Concentrator_IKE_Lost_Contact error # 2118=Cisco-VPN_Concentrator_Auth_Rejected login-failure # 2119=Cisco-VPN_Concentrator_Failed_Admin_Login login-failure # 2120=Cisco-VPN_Concentrator_Admin_Login login # 2121=Cisco-VPN_Concentrator_Negotiation_Complete system # 2122=Cisco-VPN_Concentrator_Phase_2_Complete system # 2123=Cisco-VPN_Concentrator_No_Centry_IPSec error # 2124=Cisco-VPN_Concentrator_Rekeying system # 2125=Cisco-VPN_Concentrator_Phase_1_Completed system # 2126=Cisco-VPN_Concentrator_Received_Remote_Proxy system # 2127=Cisco-VPN_Concentrator_Received_Local_Proxy system # 2128=Cisco-VPN_Concentrator_IKE_Remote_Peer system # # Plugins for file /usr/thunder/daemons/plugins/vpn_citrix_access.prm # # 7545=Citrix_Access-TCP_Conn_Terminate application # 7546=Citrix_Access-CMD_Executed system # 7547=Citrix_Access-SSL_Handshake_Success connection # 7548=Citrix_Access-Extracted_Groups system # 7549=Citrix_Access-Login login # 7550=Citrix_Access-HTTP_Request system # 7551=Citrix_Access-TCP_Connstat connection # 7552=Citrix_Access-ICA_Start system # 7553=Citrix_Access-ICA_End_Connstat system # 7554=Citrix_Access-Logout logout # 7555=Citrix_Access-HTTP_Request system # 7556=Citrix_Access-Save_Config system # 7557=Citrix_Access-Other_Conn_Delink system # 7558=Citrix_Access-SSL_Handshake_Failure error # 7559=Citrix_Access-Device_Down error # 7560=Citrix_Access-CMD_Executed system # 7561=Citrix_Access-HTTP_Request system # 7562=Citrix_Access-SNMP_Alarm_Started system # 7563=Citrix_Access-SNMP_Alarm_Ended system # 7564=Citrix_Access-Netscaler_Started restart # 7565=Citrix_Access-CPU_Started restart # 7566=Citrix_Access-Device_Out_Of_Service error # 7567=Citrix_Access-Device_Up system # 7568=Citrix_Access-Network_Interface_Started restart # 7569=Citrix_Access-Network_Interface_Stopped system # 7570=Citrix_Access-Network_Interface_Hung error # 7571=Citrix_Access-Network_Interface_Reset system # 7572=Citrix_Access-Network_Interface_Migrate system # 7573=Citrix_Access-Netscaler_Stopped restart # 7574=Citrix_Access-Bad_Memory_Freed error # 7575=Citrix_Access-Duplicate_Memory_Freed error # 7576=Citrix_Access-Wrong_Pool_Memory_Freed error # 7577=Citrix_Access-HA_Propagation_Succeeded system # 7578=Citrix_Access-HA_Propagation_Failed error # 7579=Citrix_Access-HA_State_Changed system # 7580=Citrix_Access-Cache_Flush_Start system # 7581=Citrix_Access-Cache_Flush_Stop system # 7582=Citrix_Access-Monitor_Threshold_Reached error # 7583=Citrix_Access-Monitor_Down error # 7584=Citrix_Access-Monitor_Up system # 7585=Citrix_Access-Netscaler_Reading_Config restart # 7586=Citrix_Access-Netscaler_Ended_Reading_Config restart # 7587=Citrix_Access-Low_Throughput_Thru_NIC error # 7588=Citrix_Access-Normal_Throughput_Thru_NIC system # 7589=Citrix_Access-Pittboss_System_Restart restart # 7590=Citrix_Access-Pittboss_Process_Restart restart # 7591=Citrix_Access-SSL_Cert_Expiring_Soon error # 7592=Citrix_Access-Session_Timeout system # 7593=Citrix_Access-Non_HTTP_Denied firewall # 7594=Citrix_Access-HTTP_Denied firewall # 7595=Citrix_Access-License_Limit error # 7596=Citrix_Access-Security_Check_Fails error # 7597=Citrix_Access-Security_False error # 7598=Citrix-Access-AAA_Login_Failed login-failure # 7599=Citrix_Access-LACP_Event error # 7600=Citrix_Access-VPN_Login_Failure login-failure # 7601=Citrix_Access-VPN_Login login # 7602=Citrix_Access-Conn_Delink system # 7603=Citrix_Access-Udp_Flow_Stat system # 7604=Citrix_Access-Extracted_Groups system # # Plugins for file /usr/thunder/daemons/plugins/vpn_juno.prm # # 10515=Juniper-VPN_Access_Log_Nearly_Full system # 10516=Juniper-VPN_Client_Trying_To_Connect error # 10517=Juniper-VPN_Log_Nearly_Full system # 10519=Juniper-VPN_Session_Started connection # 10520=Juniper-VPN_Host_Checker system # 10521=Juniper-VPN_Key_Exchange system # 10522=Juniper-VPN_Logout logout # 10523=Juniper-VPN_Closed_Connection connection # 10524=Juniper-VPN_Session_Ended connection # 10525=Juniper-VPN_Radius_Accounting_Failed error # 10526=Juniper-VPN_Primary_Auth_Success login # 10527=Juniper-VPN_Secondary_Auth_Success login # 10528=Juniper-VPN_Host_Checker_Passed system # 10529=Juniper-VPN_Remote_Address_Change detected-change # 10580=Juniper-VPN_Login_Succeeded login # 10581=Juniper-VPN_Connection connection # 10582=Juniper-VPN_Network_Connection connection # # Plugins for file /usr/thunder/daemons/plugins/vpn_netmotion_mobility.prm # # 12705=NetMotion-Mobility-Session_User_Authentication_Mode_POP_Only login # 12706=NetMotion-Mobility-Roaming_Event_POP_Address_Change detected-change # 12707=NetMotion-Mobility-Client_Policy_Is_Current system # 12708=NetMotion-Mobility-NAC_Send_Attempt system # 12709=NetMotion-Mobility-Client_RPC_Session connection # 12710=NetMotion-Mobility-Client_RPC_Session_Termination_Same_Device connection # 12711=NetMotion-Mobility-Client_RPC_Session_Termination_Inactivity_Timeout connection # 12712=NetMotion-Mobility-Client_RPC_Session_Shutdown_Or_Restart restart # 12713=NetMotion-Mobility-Client_RPC_Session_User_Disconnect connection # 12714=NetMotion-Mobility-Client_Not_Receiving_Packets system # 12715=NetMotion-Mobility-Client_Receiving_Packets system # 12716=NetMotion-Mobility-Binding_For_Device system # 12717=NetMotion-Mobility-Client_Provided_Cipher system # 12718=NetMotion-Mobility-Legacy_Client_Encryption_Support system # 12719=NetMotion-Mobility-Selected_Client_Cipher_Suites system # # Plugins for file /usr/thunder/daemons/plugins/vpn_openvpn.prm # # 12251=OpenVPN-Connection_Reset connection # 12252=OpenVPN-Connection_Established connection # 12253=OpenVPN-Peer_Connection_Initiated connection # 12254=OpenVPN-Restart_Tunnel system # 12255=OpenVPN-Tunnel_IP_Changed detected-change # 12256=OpenVPN-Soft_Reset system # 12257=OpenVPN-Verify_OK system # 12258=OpenVPN-Plugin_Function_POST system # 12259=OpenVPN-Plugin_Function_Failed error # 12260=OpenVPN-Auth_Success login # 12261=OpenVPN-Data_Encrypt_Cipher system # 12262=OpenVPN-Data_Decrypt_Cipher system # 12263=OpenVPN-Data_Encrypt_Hash system # 12264=OpenVPN-Data_Decrypt_Hash system # 12265=OpenVPN-Data_MTU_Params system # 12266=OpenVPN-Control_Cipher system # 12267=OpenVPN-Control_MTU_Params system # 12268=OpenVPN-Auth_Failed login-failure # 12269=OpenVPN-Control_Push system # 12270=OpenVPN-Delayed_Exit system # 12271=OpenVPN-Control_Message_Sent system # 12272=OpenVPN-Sigterm_Received system # 12273=OpenVPN-Reusing_Context system # 12274=OpenVPN-Remote_Options_String system # 12275=OpenVPN-TLS_Initial_Packet connection # 12276=OpenVPN-Local_Options_Hash system # 12277=OpenVPN-Local_Options_String system # 12278=OpenVPN-LZO_Compression system # 12279=OpenVPN-Multi_Create system # 12280=OpenVPN-Remote_Options_Hash system # 12281=OpenVPN-Multi_Learn system # 12282=OpenVPN-Multi_Primary_IP system # # Plugins for file /usr/thunder/daemons/plugins/web_apache.prm # # 2800=Apache-Access_Denied web-error # 2801=Apache-Invalid_Characters web-error # 2802=Apache-Pausing_Potential_Scanner web-error # 2803=Apache-Refused_Proxy_Attempt web-error # 2804=Apache-Known_Web_probe web-error # 2805=Apache-Invalid_Method web-error # 2806=Apache-Bad_RSA_Certificate web-error # 2807=Apache-Directory_Index_Forbidden web-error # 2808=Apache-Invalid_URI web-error # 2809=Apache-URI_To_Long web-error # 2810=Apache-GET_CGI_Request_PageNotFound web-error # 2811=Apache-Proxy_Request_Failed web-error # 2813=Apache-Script_Not_Found web-error # 2814=Apache-PHP_Undefined_Var web-error # 2817=Apache-PHP_Undefined_Constant web-error # 2818=Apache-PHP_Undefined_Offset web-error # 2819=Apache-PHP_Upload_Max_Filesize_Exceeded web-error # 12820=Apache-PHP_fread_Warning web-error # 12821=Apache-SSI_Config_Warning web-error # 12822=Apache-Script_Not_Found web-error # 12823=Apache-PHP_Undefined_Index web-error # 12824=Apache-Attempt_To_Invoke_Directory_As_Script web-error # 12825=Apache-Client_Denied_By_Server web-error # 12827=Apache-Permission_Denied web-error # 12828=Apache-Premature_End_Of_Script web-error # 12829=Apache-No_Such_File_Or_Directory web-error # 12830=Apache-Malformed_Host_Header web-error # 12831=Apache-Script_With_Unquoted_String web-error # 12832=Apache-Possible_Script_Typo web-error # 12833=Apache-Closed_Script_Filehandle web-error # 12834=Apache-DES_MD5_Connection web-access # 12835=Apache-DHE_RSA_Connection web-access # 12836=Apache-MD5_Connection web-access # 12837=Apache-AES_SHA_Connection web-access # 12839=Apache-Erroneous_Characters_After_Protocol web-error # 12841=Apache-PHP_Undefined_Index web-error # 12842=Apache-PHP_Illegal_Offset web-error # 12843=Apache-Permission_Denied web-error # 12844=Apache-Alert_ASCII_NUL web-error # 12845=Apache-Alert_Forbidden_Variable web-error # 12846=Apache-Error_File_Not_Found web-error # 12847=Apache-Valid_Web_GET_Request web-access # 12848=Apache-Valid_Web_POST_Request web-access # 12849=Apache-GET_Redirect web-access # 12850=Apache-POST_Redirect web-access # 12851=Apache-GET_Client_Request_Error web-error # 12852=Apache-POST_Client_Request_Error web-error # 12853=Apache-GET_Server_Error web-error # 12854=Apache-POST_Server_Error web-error # 12855=Apache-File_Name_Too_Long web-error # 12856=Apache-Valid_Web_GET_Request web-access # 12857=Apache-Valid_Web_POST_Request web-access # 12858=Apache-GET_Redirect web-access # 12859=Apache-POST_Redirect web-access # 12860=Apache-GET_Client_Request_Error web-error # 12861=Apache-POST_Client_Request_Error web-error # 12862=Apache-GET_Server_Error web-error # 12863=Apache-POST_Server_Error web-error # 12864=Apache-Web_Server_Resuming application # 12865=Apache-DH_Export_Connection web-access # 12866=Apache-Content_ASP_Request web-access # 12867=Apache-Video_AVI_Request web-access # 12868=Apache-Image_BMP_Request web-access # 12869=Apache-Content_CGI_Request web-access # 12870=Apache-Content_CSS_Request web-access # 12872=Apache-Office_DOC_DOCX_Request web-access # 12874=Apache-Image_GIF_Request web-access # 12875=Apache-Executable_EXE_Request web-access # 12876=Apache-Video_FLV_Request web-access # 12877=Apache-File_GZ_Request web-access # 12878=Apache-Content_HTM_HTML_Request web-access # 12880=Apache-Executable_JAVA_Request web-access # 12881=Apache-Image_JPEG_Request web-access # 12882=Apache-Image_JPG_Request web-access # 12883=Apache-Executable_JS_Request web-access # 12884=Apache-Video_MPG_Request web-access # 12885=Apache-Video_MPEG_Request web-access # 12886=Apache-Audio_MPA_Request web-access # 12887=Apache-Audio_M4A_Request web-access # 12888=Apache-Audio_MP3_Request web-access # 12889=Apache-Media_MP4_Request web-access # 12890=Apache-Video_MOV_Request web-access # 12892=Apache-Office_PDF_Request web-access # 12893=Apache-Content_PHP_Request web-access # 12894=Apache-Executable_PKG_Request web-access # 12895=Apache-Image_PNG_Request web-access # 12896=Apache-Office_PPS_Request web-access # 12897=Apache_Office_PPT_PPTX_Request web-access # 12898=Apache-Audio_RA_Request web-access # 12899=Apache-Audio_RAM_Request web-access # 12900=Apache-File_RAR_Request web-access # 12901=Apache-Executable_RPM_Request web-access # 12902=Apache-Media_RM_Request web-access # 12903=Apache-Content_RSS_Request web-access # 12904=Apache-Media_SWF_Request web-access # 12905=Apache-File_TAR_Request web-access # 12907=Apache-File_TGZ_Request web-access # 12908=Apache-File_TAR_GZ_Request web-access # 12910=Apache-Audio_WAV_Request web-access # 12911=Apache-Audio_WMA_Request web-access # 12912=Apache-Video_WMV_Request web-access # 12914=Apache-Office_TXT_Request web-access # 12916=Apache-Office_RTF_Request web-access # 12917=Apache-File_XML_Request web-access # 12942=Apache-Office_XLS_XLSX_Request web-access # 12944=Apache-File_ZIP_Request web-access # 12945=Apache-Invalid_Content_Length web-error # 12946=Apache-Attempt_To_Serve_Directory web-error # 12947=Apache-Invalid_ExecCGI_Request web-error # 12948=Apache-302_Head web-access # 12949=Apache-AES256_Connection web-access # 12950=Apache-302_Connect web-access # 12951=Apache-SHA_Connection web-access # 12952=Apache-SHA_Connection web-access # 12953=Apache-200_Head web-access # 12954=Apache-Error_Reading_Headers web-error # 12955=Apache-Options web-access # 12956=Apache-Propfind web-access # 12957=Apache-Valid_Web_Search web-access # 12958=Apache-Valid_Web_GET_Request web-access # 12959=Apache-GET_Client_Request_Error web-access # # Plugins for file /usr/thunder/daemons/plugins/web_bluecoat_admin.prm # # 4400=BluecoatAdmin-Connect_Error error # 4411=BluecoatAdmin-Connect_Error error # 4412=BluecoatAdmin-Connection login # 4413=BluecoatAdmin-Connect_Error error # 4414=BluecoatAdmin-Upload_Complete system # 4415=BluecoatAdmin-Connect_Error error # 4416=BluecoatAdmin-Connection login # 4417=BluecoatAdmin-Connection_Failed error # 4418=BluecoatAdmin-Failed_Password login-failure # 4419=BluecoatAdmin-Login login # 4420=BluecoatAdmin-Failed_Login login-failure # 4421=BluecoatAdmin-Login login # 4422=BluecoatAdmin-Password_Enable_Failed login-failure # 4423=BluecoatAdmin-Authentication_Canceled login-failure # 4424=BluecoatAdmin-Configuration_Change system # 4425=BluecoatAdmin-Proxy_Bypassed system # 4426=BluecoatAdmin-Download_Failed error # 4427=BluecoatAdmin-Connection login # 4428=BluecoatAdmin-Write_Connection_Closed error # 4429=BluecoatAdmin-Connection_Closed logout # 4430=BluecoatAdmin-SSL_Error error # 4431=BluecoatAdmin-ReadWrite_Mode system # 4432=BluecoatAdmin-Proxy_Restored system # 4433=BluecoatAdmin-Failed_Proxy error # 4434=BluecoatAdmin-NTP_Time_Acceptable system # 4435=BluecoatAdmin-NTP_Update_Error error # 4436=BluecoatAdmin-Console_Login_Failure login-failure # 4437=BluecoatAdmin-Invalid_User login-failure # 4438=BluecoatAdmin-Snapshot system # 4439=BluecoatAdmin-Download_Complete system # 4440=BluecoatAdmin-Null_Character_Found system # 4441=BluecoatAdmin-No_Identification_String system # 4442=BluecoatAdmin-Invalid_User login-failure # 4443=BluecoatAdmin-Failed_Login login-failure # 4444=BluecoatAdmin-Open_Transparent_Set system # 4445=BluecoatAdmin-Protocol_Versions_Differ_SSH system # 4446=BluecoatAdmin-FTP_Connection connection # 4447=BluecoatAdmin-FTP_Connection_Ready application # 4448=BluecoatAdmin-FTP_File_Transfer file-access # 4449=BluecoatAdmin-FTP_PASS application # 4450=BluecoatAdmin-FTP_Password_Needed login # 4451=BluecoatAdmin-FTP_User_Logged_In login # 4452=BluecoatAdmin-FTP_CWD application # 4453=BluecoatAdmin-FTP_Directory_Changed application # 4454=BluecoatAdmin-FTP_TYPE_I_Command application # 4455=BluecoatAdmin-FTP_Command_TYPE_Okay application # 4456=BluecoatAdmin-FTP_PASV_Command application # 4457=BluecoatAdmin-FTP_Enters_Passive_Mode application # 4458=BluecoatAdmin-FTP_Creating_Data_Socket file-access # 4459=BluecoatAdmin-FTP_STOR_SG application # 4460=BluecoatAdmin-FTP_File_Status_Okay application # 4461=BluecoatAdmin-FTP_Transfer_Complete file-access # 4462=BluecoatAdmin-FTP_QUIT application # 4463=BluecoatAdmin-FTP_Goodbye application # 4464=BluecoatAdmin-FTP_Last_Remote_Filename file-access # 4465=BluecoatAdmin-FTP_Upload_Completed file-access # 4466=BluecoatAdmin-NULL_Character_Found application # 4467=Bluecoat-SGOS_Version application # 4468=BluecoatAdmin-FTP_Authentication_Failed login-failure # 4469=BluecoatAdmin-FTP_Error_Sending_PASS error # 4470=BluecoatAdmin-FTP_Transfer_Stats application # 4471=BluecoatAdmin-FTP_Connection_Closed connection # 4472=BluecoatAdmin-Cache_Hit web-access # 4473=BluecoatAdmin_TCP_NC_MISS web-access # 4474=BluecoatAdmin-Proxy_Denied web-error # 4475=BluecoatAdmin-Cache_Hit web-access # 4476=BluecoatAdmin_TCP_NC_MISS web-access # 4477=BluecoatAdmin_TCP_ERR_MISS web-access # 4478=Bluecoat-Director_Querying_Content application # 4479=Bluecoat-Director_Configuration_Notice application # 4480=Bluecoat-Director_Runner_Notice application # 4481=Bluecoat-Director_Heartbeat_Notice application # 4482=Bluecoat-Health_Check_Ok application # 4483=Bluecoat-Health_Check_Failed error # 4484=Bluecoat-Connected_Closed connection # 4485=Bluecoat-Could_Not_Send_Logout_Message error # 4486=Bluecoat-Health_Check_Warning error # 4487=Bluecoat-State_Changed detected-change # 4488=Bluecoat-WebPulse_Enable_Disabled detected-change # 4489=Bluecoat-Management_Console application # 4490=Bluecoat-NTP_Query application # 4491=Bluecoat-Snapshot application # 4492=Bluecoat-Error error # 4493=Bluecoat-Health_Check_Unknown application # 4494=Bluecoat-Health_Check_Ok application # 4495=Bluecoat-Director_Configuration_Backup application # # Plugins for file /usr/thunder/daemons/plugins/web_f5_ltm.prm # # 700=F5-LTM_Client-Connection connection # 701=F5-LTM_Server-Connection connection # 702=F5-LTM_Web-Connection connection # # Plugins for file /usr/thunder/daemons/plugins/web_http.prm # # 9300=HTTP-GET_Redirection_Error web-error # 9301=HTTP-POST_Redirection_Error web-error # 9302=HTTP-GET_Client_Error web-error # 9303=HTTP-POST_Client_Error web-error # 9304=HTTP-GET_Server_Error web-error # 9305=HTTP-POST_Server_Error web-error # # Plugins for file /usr/thunder/daemons/plugins/web_iis.prm # # 7622=IIS-Search_Request web-access # 7623=IIS-Bproppatch_Request web-access # 7624=IIS-Bmove_Request web-access # 7625=IIS-Propfind_Request web-access # 7626=IIS-Poll_Request web-access # 7627=IIS-Subscribe_Request web-access # 7629=IIS-Proppatch_Request web-access # 7630=IIS-Delete_Request web-access # 7631=IIS-Options_Request web-access # 7632=IIS-Head_Request web-access # 7633=IIS-Bdelete_Request web-access # 7634=IIS-Move_Request web-access # 7635=IIS-Copy_Request web-access # 7636=IIS-Bpropfind_Request web-access # 7703=IIS-GET_Request web-access # 7704=IIS-POST_Request web-access # 17622=IIS-Search_Request web-access # 17623=IIS-Bproppatch_Request web-access # 17624=IIS-Bmove_Request web-access # 17625=IIS-Propfind_Request web-access # 17626=IIS-Poll_Request web-access # 17627=IIS-Subscribe_Request web-access # 17629=IIS-Proppatch_Request web-access # 17630=IIS-Delete_Request web-access # 17631=IIS-Options_Request web-access # 17632=IIS-Head_Request web-access # 17633=IIS-Bdelete_Request web-access # 17634=IIS-Move_Request web-access # 17635=IIS-Copy_Request web-access # 17636=IIS-Bpropfind_Request web-access # 17703=IIS-GET_Request web-access # 17704=IIS-POST_Request web-access # # Plugins for file /usr/thunder/daemons/plugins/web_iis_snare.prm # # 4341=IIS-Get_Request web-access # 4342=IIS-Search_Request web-access # 4343=IIS-Bproppatch_Request web-access # 4344=IIS-Bmove_Request web-access # 4345=IIS-Propfind_Request web-access # 4346=IIS-Poll_Request web-access # 4347=IIS-Subscribe_Request web-access # 4348=IIS-Post_Request web-access # 4349=IIS-Proppatch_Request web-access # 4350=IIS-Delete_Request web-access # 4351=IIS-Options_Request web-access # 4352=IIS-Head_Request web-access # 4353=IIS-Bdelete_Request web-access # 4354=IIS-Move_Request web-access # 4355=IIS-Copy_Request web-access # 4356=IIS-Bpropfind_Request web-access # 4357=IIS-Bad_Post_Request web-error # 4358=IIS-Bad_Get_Request web-error # 4359=IIS-Get_Request_Error web-error # 4360=IIS-Bad_Post_Request web-error # 4361=IIS-Get_Request_Error web-error # # Plugins for file /usr/thunder/daemons/plugins/web_mcafee.prm # # 14051=McAfee-Accessed_URL web-access # # Plugins for file /usr/thunder/daemons/plugins/web_ncsa_common_access_log_format.prm # # 4000=Web_GET_OK web-access # 4001=Web_GET_Accepted web-access # 4002=Web_GET_PartialInfo web-access # 4003=Web_GET_NoResponse web-access # 4004=Web_GET_BadRequest web-error # 4005=Web_GET_UnauthorizedRequest web-error # 4006=Web_GET_PaymentRequired web-access # 4007=Web_GET_Forbidden web-error # 4008=Web_GET_PageNotFound web-error # 4009=Web_GET_ServerError web-error # 4010=Web_GET_ServerErrorNotImplemented web-error # 4011=Web_GET_ServerOverload web-access # 4012=Web_GET_GTWY_Timeout web-access # 4013=Web_POST_OK web-access # 4014=Web_POST_Accepted web-access # 4015=Web_POST_PartialInfo web-access # 4016=Web_POST_NoResponse web-access # 4017=Web_POST_BadRequest web-error # 4018=Web_POST_UnauthorizedRequest web-error # 4019=Web_POST_PaymentRequired web-error # 4020=Web_POST_Forbidden web-error # 4021=Web_POST_PageNotFound web-error # 4022=Web_POST_ServerError web-error # 4023=Web_POST_ServerErrorNotImplemented web-error # 4024=Web_POST_ServerOverload web-access # 4025=Web_POST_GTWY_Timeout web-access # 4026=Web_HEAD_OK web-access # 4027=Web_HEAD_Accepted web-access # 4028=Web_HEAD_PartialInfo web-access # 4029=Web_HEAD_NoResponse web-access # 4030=Web_HEAD_BadRequest web-access # 4031=Web_HEAD_UnauthorizedRequest web-error # 4032=Web_HEAD_PaymentRequired web-error # 4033=Web_HEAD_Forbidden web-error # 4034=Web_HEAD_PageNotFound web-error # 4035=Web_HEAD_ServerError web-error # 4036=Web_HEAD_ServerErrorNotImplemented web-error # 4037=Web_HEAD_ServerOverload web-access # 4038=Web_HEAD_GTWY_Timeout web-access # 4039=Web_POST_Created web-access # 4040=Web_GET_Misc web-access # 4041=Web_POST_Misc web-access # 4042=Web_HEAD_Misc web-access # 4043=Web_CONNECT_407 web-access # 4044=Web_CONNECT_200 web-access # 4045=Web_CONNECT_403 web-access # 4046=Web_PUT_Accepted web-access # # Plugins for file /usr/thunder/daemons/plugins/web_oracle_http_server.prm # # 3550=OracleHS-HandShake_Error web-error # 3551=OracleHS-Connection_Error web-error # 3552=OracleHS-General_Error error # 3553=OracleDB-Invalid_Identifier error # 3554=OracleDB-Account_Locked error # # Plugins for file /usr/thunder/daemons/plugins/web_php_errors.prm # # 2550=PHP-Generic_Warning_Message error # 2551=PHP-Generic_Notice_Message error # 2552=PHP-Generic_Fatal_Error_Message error # # Plugins for file /usr/thunder/daemons/plugins/web_php_suhosin.prm # # 5529=Suhosin-NULL_ASCII_Characters web-error # 5530=Suhosin-Max_Execution_Depth web-error # 5531=Suhosin-Forbidden_Variable web-error # 5532=Suhosin-Memory_Increase web-error # 5533=Suhosin-Variable_Size_Limit_Exceeded web-error # 5534=Suhosin-Variable_Size_Limit_Exceeded web-error # 5535=Suhosin-File_Is_Unauthorized_URL web-error # 5536=Suhosin-Buffer_Overflow_Detected web-error # 5537=Suhosin-Corupt_Linked_List web-error # 5538=Suhosin-Filename_Too_Long web-error # 5539=Suhosin-Alert web-error # # Plugins for file /usr/thunder/daemons/plugins/web_squid.prm # # 2825=Squid-Cache_Miss web-access # 2826=Squid-Cache_Hit web-access # 2827=Squid-Proxy_Denied web-error # 2828=Squid-Refresh_Miss web-access # 2829=Squid-Denied web-error # 2830=Squid-Read_Error error # 2831=Squid_HTTP_Invalid_Header web-error # 2832=Squid-Refresh_Miss web-access # 2833=Squid-TCP_Miss web-access # 2834=Squid-Refresh_Hit web-access # 2835=Squid-TCP_IMS_Hit web-access # 2837=Squid-TCP_Miss web-access # 2838=Squid-TCP_Miss web-access # 2839=Squid-TCP_Miss web-access # 2840=Squid-TCP_Miss web-access # 2841=Squid-TCP_Miss web-access # 2842=Squid-Negative-Hit web-access # 2843=Squid-TCP_Miss web-access # 2844=Squid-TCP_Miss web-access # 2845=Squid-TCP_Miss web-access # 2846=Squid-Error error # 2847=Squid-Refresh_Miss_SSL web-access # 2848=Squid-TCP_Miss_SSL web-access # 2849=Squid-Refresh_Miss web-access # 28501=Squid-Refresh_Miss web-access # # Plugins for file /usr/thunder/daemons/plugins/web_suricata.prm # # # Plugins for file /usr/thunder/daemons/plugins/web_w3c_extended_log_format.prm # # 4051=Web_GET_Accepted web-access # 4052=Web_GET_PartialInfo web-access # 4053=Web_GET_NoResponse web-error # 4054=Web_GET_BadRequest web-error # 4055=Web_GET_UnauthorizedRequest web-error # 4056=Web_GET_PaymentRequired web-error # 4057=Web_GET_Forbidden web-error # 4058=Web_GET_NotFound web-error # 4059=Web_GET_ServerError web-error # 4060=Web_GET_ServerErrorNotImplemented web-error # 4061=Web_GET_ServerOverload web-access # 4062=Web_GET_GTWY_Timeout web-access # 4063=Web_POST_OK web-access # 4064=Web_POST_Accepted web-access # 4065=Web_POST_PartialInfo web-access # 4066=Web_POST_NoResponse web-access # 4067=Web_POST_BadRequest web-error # 4068=Web_POST_UnauthorizedRequest web-error # 4069=Web_POST_PaymentRequired web-error # 4070=Web_POST_Forbidden web-error # 4071=Web_POST_NotFound web-error # 4072=Web_POST_ServerError web-error # 4073=Web_POST_ServerErrorNotImplemented web-error # 4074=Web_POST_ServerOverload web-access # 4075=Web_POST_GTWY_Timeout web-access # 4076=Web_HEAD_OK web-access # 4077=Web_HEAD_Accepted web-access # 4078=Web_HEAD_PartialInfo web-access # 4079=Web_HEAD_NoResponse web-access # 4080=Web_HEAD_BadRequest web-error # 4081=Web_HEAD_UnauthorizedRequest web-error # 4082=Web_HEAD_PaymentRequired web-error # 4083=Web_HEAD_Forbidden web-error # 4084=Web_HEAD_NotFound web-error # 4085=Web_HEAD_ServerError web-error # 4086=Web_HEAD_ServerErrorNotImplemented web-error # 4087=Web_HEAD_ServerOverload web-access # 4088=Web_HEAD_GTWY_Timeout web-error # 4089=Web_GET_Misc web-access # 4090=Web_POST_Misc web-access # 4091=Web_HEAD_Misc web-access # 4050=Web_GET_Ok web-access # 4094=Web-Content_ASP_Request web-access # 4095=Web-Video_AVI_Request web-access # 4096=Web-Image_BMP_Request web-access # 4097=Web-Content_CGI_Request web-access # 4098=Web-Content_CSS_Request web-access # 4100=Web-Office_DOC_Request web-access # 4101=Web-Office_DOCX_Request web-access # 4103=Web-Image_GIF_Request web-access # 4104=Web-Executable_EXE_Request web-access # 4105=Web-Video_FLV_Request web-access # 4106=Web-File_GZ_Request web-access # 4107=Web-Content_HTM_Request web-access # 4108=Web-Content_HTML_Request web-access # 4110=Web-Executable_JAVA_Request web-access # 4111=Web-Image_JPEG_Request web-access # 4112=Web-Image_JPG_Request web-access # 4113=Web-Executable_JS_Request web-access # 4114=Web-Video_MPG_Request web-access # 4115=Web-Video_MPEG_Request web-access # 4116=Web-Audio_MPA_Request web-access # 4117=Web-Audio_M4A_Request web-access # 4118=Web-Audio_MP3_Request web-access # 4119=Web-Media_MP4_Request web-access # 4120=Web-Video_MOV_Request web-access # 4122=Web-Office_PDF_Request web-access # 4123=Web-Content_PHP_Request web-access # 4125=Web-Image_PNG_Request web-access # 4126=Web-Office_PPS_Request web-access # 4127=Web-Office_PPT_Request web-access # 4128=Web-Audio_RAM_Request web-access # 4129=Web-Audio_RA_Request web-access # 4130=Web-File_RAR_Request web-access # 4131=Web-Executable_RPM_Request web-access # 4132=Web-Media_RM_Request web-access # 4133=Web-Content_RSS_Request web-access # 4134=Web-Media_SWF_Request web-access # 4135=Web-File_TAR_Request web-access # 4137=Web-File_TGZ_Request web-access # 4138=Web-File_TAR_GZ_Request web-access # 41410=Web-Audio_WAV_Request web-access # 41411=Web-Audio_WMA_Request web-access # 41412=Web-Video_WMV_Request web-access # 41413=Web-Office_PPTX_Request web-access # 41414=Web-Office_TXT_Request web-access # 41417=Web-File_XML_Request web-access # 41418=Web-Office_XLSX_Request web-access # 41419=Web-File_ZIP_Request web-access # 41423=Web-Office_XLS_Request web-access # # Plugins for file /usr/thunder/daemons/plugins/web_weblabyrinth.prm # # 10570=WebLabyrinth-New_Host_Logged honeypot # 10571=WebLabyrinth-Webcrawler_Ensnared honeypot # # Plugins for file /usr/thunder/daemons/plugins/web_wordpress.prm # # 11595=Wordpress-Configuration_Change system # 11596=Wordpress-Comment_Not_Approved system # 11597=Wordpress-Plugin_Deactivated system # 11598=Wordpress-Initialized_successfully system # 11599=Wordpress-Successful_Login login # 11600=Wordpress-Successful_Logout logout # 11601=Wordpress-Authentication_Failure login-failure # 11602=Wordpress-Plugin_Activated system # 11603=Wordpress-Plugin_Deactivated system # 11604=Wordpress-Plugin_Activated system # 11605=Wordpress-Notice error # 11606=Wordpress-Warning error # 11607=Wordpress-Info error # # Plugins for file /usr/thunder/daemons/plugins/wsus.prm # # 8181=WSUS-High_Update_Error_Rate application # 8182=WSUS-Missing_Clients application # # Plugins for file /usr/thunder/daemons/plugins/xceedium_gatekeeper.prm # # 12370=Xceedium-Gatekeeper_Logon login # 12371=Xceedium-Gatekeeper_Transaction_Alert intrusion # 12372=Xceedium-Gatekeeper_Bad_UserID_Or_Password login-failure # 12373=Xceedium-Gatekeeper_Login_Local login # 12374=Xceedium-Gatekeeper_Unauthorized_Access intrusion # 12375=Xceedium-Gatekeeper_Bad_User_ID login-failure # 12376=Xceedium-Gatekeeper_User_Invalid login-failure # 12377=Xceedium-Gatekeeper_User_Unexisting login-failure # 12378=Xceedium-Gatekeeper_Bad_User_ID login-failure # # Plugins for file /usr/thunder/daemons/plugins/xpient_cc.prm # # 6954=Xpient-Transaction_Amount_Logged application # 6955=Xpient-CreditCard_Logged application # CUSTOMER RESERVED IDs # 25000 - 27999 # 120000 - 149999 # # List of IDs with user tags # # id=1032 event=BlueSocket-User_Login type=login # id=12000 event=CiscoACS-Passed_Authentication type=login # id=12642 event=CiscoISE-Passed_Authentication type=login # id=12643 event=CiscoISE-Passed_Authentication type=login # id=12645 event=CiscoISE-Passed_Guest_Authentication type=login # id=12650 event=CiscoISE-Radius_Accounting_Request type=system # id=11428 event=Bit9-Baseline_Drift_Report_Generated type=application # id=11431 event=Bit9-Console_User_Login type=login # id=11444 event=Bit9-Console_User_Logout type=logout # id=11446 event=Bit9-Agent_Changed_Enforcement_Level type=detected-change # id=11447 event=Bit9-Console_User_Deleted type=application # id=11452 event=Bit9-Console_User_Created type=application # id=11453 event=Bit9-Console_User_Modified type=application # id=13505 event=XenCenter-Xapi_Login type=login # id=13506 event=XenCenter-Xapi_Slave_Session_Login type=login # id=11852 event=Honeycomb_Successful_File_Create type=file-access # id=11853 event=Honeycomb_Unsuccessful_File_Move type=file-access # id=11854 event=Honeycomb_Successful_File_Move type=file-access # id=11855 event=Honeycomb_Successful_File_Ownerchange type=detected-change # id=11856 event=Honeycomb_Successful_File_Rename type=detected-change # id=11857 event=Honeycomb_Successful_File_Delete type=detected-change # id=11858 event=Honeycomb_Unsuccessful_File_Rename type=detected-change # id=11859 event=Honeycomb_Successful_File_Security type=file-access # id=11860 event=Honeycomb_Successful_File_Create type=detected-change # id=11861 event=Honeycomb_Successful_File_Modify type=detected-change # id=11862 event=Honeycomb_Unsuccessful_File_Delete type=access-denied # id=11863 event=Honeycomb_Unsuccessful_File_Modify type=access-denied # id=11864 event=Honeycomb_Successful_File_Open type=file-access # id=11865 event=Honeycomb_Unsuccessful_File_Open type=access-denied # id=11866 event=Honeycomb_Successful_File_Attribute_Changed type=detected-change # id=11867 event=Honeycomb_Unsuccessful_File_Attribute_Changed type=access-denied # id=1291 event=Checkpoint-User_Authentication_Successful type=login # id=1292 event=Checkpoint-User_Session_Expired type=logout # id=1297 event=Checkpoint-Application_Control_Allow type=web-access # id=1299 event=Checkpoint-SmartDefense_Monitor type=firewall # id=15512 event=Checkpoint-User_Role_Change type=system # id=13022 event=CiscoASA-User_Log_Out type=logout # id=13024 event=CiscoASA-User_Log_In type=login # id=13025 event=CiscoASA-User_Privilege_Change type=system # id=13026 event=CiscoASA-Admin_Permitted type=login # id=13027 event=CiscoASA-Admin_Permitted_Console type=login # id=13030 event=CiscoASA-PPP_User_AAA_Status type=login # id=13031 event=CiscoASA-SSH_Disconnect type=logout # id=13035 event=CiscoASA-User_Authorization_Allowed type=login # id=13036 event=CiscoASA-User_Authorization_Allowed type=login # id=13108 event=CiscoASA-AAA_Logon_Successful type=login # id=13109 event=CiscoASA-AAA_WebVPN_Session_Started type=login # id=13110 event=CiscoASA-AAA_Port_Forwarding_Started type=connection # id=13111 event=CiscoASA-AAA_WebVPN_Session_Terminated type=logout # id=13112 event=CiscoASA-AAA_Logon_Successful type=login # id=13115 event=CiscoASA-Session_Timeout type=logout # id=13116 event=CiscoASA-Session_Disconnected type=logout # id=13169 event=CiscoASA-User_Executed_Cmd type=system # id=13170 event=CiscoASA-Login_Permitted type=login # id=13179 event=CiscoASA-AAA_Successful_Operation type=system # id=13305 event=CiscoASA-AAA_Retrieved_Default_Policy type=system # id=13306 event=CiscoASA-DAP_IPSec_Connection type=connection # id=13307 event=CiscoASA-Unsupported_Transaction type=error # id=13308 event=CiscoASA-Client_Type type=system # id=13312 event=CiscoASA-Assigned_Private_IP_Address type=system # id=13349 event=CiscoASA-WebVPN_Created type=login # id=13353 event=CiscoASA-Large_Packet_Transmitted type=firewall # id=13354 event=CiscoASA-WebVPN_Session_Terminated type=firewall # id=13357 event=CiscoASA-WebVPN_Deleted type=firewall # id=13358 event=CiscoASA-DaP_User type=firewall # id=13359 event=CiscoASA-WebVPN_UDP_Connection type=connection # id=13360 event=CiscoASA-WebVPN_UDP_Connection_No_Compresion type=connection # id=13364 event=CiscoASA-WebVPN_User_Disconnect type=connection # id=13365 event=CiscoASA-WebVPN_User_Disconnected_Without_Compression type=connection # id=13366 event=CiscoASA-WebVPN_User_DPD_Failure type=connection # id=13371 event=CiscoASA-AAA_Group_Policy_Set type=system # id=13372 event=CiscoASA-AAA_Group_Policy_Retrieved type=system # id=13377 event=CiscoASA-Anyconnect_Lost_Connection type=error # id=13378 event=CiscoASA-Assigned_To_Session type=system # id=13381 event=CiscoASA-Recovering_From_error type=error # id=13382 event=CiscoASA-No_Existing_Connection type=connection # id=13384 event=CiscoASA-No_IPv6_Address_Available type=system # id=13385 event=CiscoASA-Session_Resumed type=connection # id=13413 event=CiscoASA-WebVPN_Access_Granted type=login # id=13414 event=CiscoASA-IPSEC_Packet_Failed_Anti_Replay type=error # id=13426 event=CiscoASA-New_TCP_SVC_Connection type=connection # id=13427 event=CiscoASA-Stale_SVC_Connection_CLosed type=connection # id=13432 event=CiscoASA-AAA_Challenged_Received type=system # id=13433 event=CiscoASA-AAA_Unable_To_Complete_Request type=system # id=13434 event=CiscoASA-AAA_Server_Not_Accessible type=system # id=13438 event=CiscoASA-Forcing_iPhone_To_Host_Mask type=system # id=13442 event=CiscoASA-Configuration_Change type=system # id=13447 event=CiscoASA-Large_Packet_Received type=firewall # id=13448 event=CiscoASA-Configuration_Change type=system # id=13449 event=CiscoASA-AnyConnect_Parent_Started type=system # id=13450 event=CiscoASA-New_UDP_SVC_Connection type=connection # id=13460 event=CiscoASA-SSH_Disconnect_Error type=logout # id=14284 event=CiscoMerakiMX-VPN_Disconnect_Event type=connection # id=14285 event=CiscoMerakiMX-VPN_Connect_Event type=connection # id=8651 event=CiscoPIX-Admin_Permited type=login # id=8652 event=CiscoPIX-Admin_Permited_Console type=login # id=8655 event=CiscoPIX-PPP_User_AAA_Status type=login # id=8656 event=CiscoPIX-SSH_Disconnect type=logout # id=8660 event=CiscoPIX-User_Authorization_Allowed type=login # id=8661 event=CiscoPIX-User_Authorization_Allowed type=login # id=8678 event=CiscoPIX-Config_Modification type=system # id=15326 event=CiscoPIX-Command_Executed type=system # id=8862 event=CiscoFWSM-AAA_User_Accounting_Successful type=login # id=19272 event=Cyberoam-Blocked type=firewall # id=19274 event=Cyberoam-Blocked type=firewall # id=19275 event=Cyberoam-Blocked type=firewall # id=4155 event=F5BigIP-User_Audit type=system # id=10656 event=FIOS_Wireless-Login type=login # id=10657 event=FIOS_Wireless-Configuration_Change type=system # id=10448 event=Fortigate-Tunnel_Up type=connection # id=10449 event=Fortigate-Successful_VPN_Login type=login # id=10450 event=Fortigate-Tunnel_Down type=connection # id=10487 event=Fortigate-Certificate_Generated type=detected-change # id=10490 event=Fortigate-Edit_Policy type=detected-change # id=10491 event=Fortigate-File_Downloaded type=file-access # id=10492 event=Fortigate-User_Timed_Out type=logout # id=10493 event=Fortigate-User_Login type=login # id=10494 event=Fortigate-User_Logout type=logout # id=10495 event=Fortigate-User_Login type=login # id=10711 event=FortiWeb-User_Logout type=logout # id=10713 event=FortiWeb-User_Login type=login # id=20715 event=FortiWeb-Admin_Messages type=application # id=14580 event=Gnatbox-Remote_Admin_Login type=login # id=105020 event=Juniper-User_Authenticated type=login # id=105021 event=Juniper-Login_Event type=login # id=105039 event=Juniper-Login_Event type=login # id=105040 event=Juniper-Logout_Event type=logout # id=105041 event=Juniper-Database_Logout_Event type=logout # id=105042 event=Juniper-New_Config_Audit type=system # id=105043 event=Juniper-JUNOS_Script_Command_Issued type=process # id=12529 event=Windows-Firewall_Rule_Added type=system # id=12530 event=Windows-Firewall_Rule_Changed type=system # id=12531 event=Windows-Firewall_Rule_Deleted type=system # id=12532 event=Windows-Firewall_Rule_Listed type=system # id=12536 event=Windows-Firewall_Failed_Notification type=error # id=12537 event=Windows-Firewall_Default_Settings_Restored type=system # id=12538 event=Windows-Firewall_Rule_Deleted type=system # id=19544 event=Netscreen-Login type=login # id=19545 event=Netscreen-Logout type=logout # id=19547 event=Netscreen-Login type=login # id=19548 event=Netscreen-Login type=login # id=19549 event=Netscreen-Login type=login # id=29550 event=Netscreen-Logout type=logout # id=29554 event=Netscreen-User_Logged_Out type=logout # id=29557 event=Netscreen-File_Transferred type=file-access # id=29567 event=Netscreen-Web_Login_Failed type=web-access # id=29568 event=Netscreen-User_To_Be_Unlocked type=application # id=29569 event=Netscreen-User_Re-Enabled type=application # id=29578 event=Netscreen-Forced_Logout type=logout # id=2200 event=Paloalto-Allow_TCP_Start type=connection # id=2201 event=Paloalto-Allow_TCP_End type=connection # id=2202 event=Paloalto-Allow_UDP_Start type=connection # id=2203 event=Paloalto-Allow_UDP_End type=connection # id=2204 event=Paloalto-Allow_ICMP_Start type=connection # id=2205 event=Paloalto-Allow_ICMP_End type=connection # id=40000 event=Paloalto-Deny_TCP type=firewall # id=40001 event=Paloalto-Deny_UDP type=firewall # id=40002 event=Paloalto-Deny_ICMP type=firewall # id=40013 event=Paloalto-Deny_TCP type=firewall # id=40014 event=Paloalto-Deny_UDP type=firewall # id=40015 event=Paloalto-Deny_ICMP type=firewall # id=40022 event=Paloalto-Login type=login # id=40023 event=Paloalto-VPN_Authentication_Successful type=login # id=9812 event=Sidewinder-Firewall_Relayed_Email type=connection # id=9836 event=Sidewinder-Firewall_Relayed_Email type=connection # id=7498 event=Sonicwall-User_Auto_Logout type=logout # id=7499 event=Sonicwall-SSL_Connection_Failed type=error # id=7500 event=Sonicwall-NetExtender_Disconnected type=application # id=7501 event=Sonicwall-User_Logged_Out type=logout # id=7502 event=Sonicwall-User_Logged_In type=login # id=7503 event=Sonicwall-NetExtender type=login # id=7504 event=Sonicwall-HTTPS_Connection type=connection # id=7505 event=Sonicwall-User_SSO_Policy type=application # id=7506 event=Sonicwall-Bookmarks type=application # id=7507 event=Sonicwall-HTTP_Connection type=connection # id=7508 event=Sonicwall-NetExtender_Connected type=application # id=7509 event=Sonicwall-SSO_Not_Enabled_For_Bookmark type=application # id=7512 event=Sonicwall-NetExtender_Connection_Request type=application # id=7513 event=Sonicwall-SSO_Not_Enabled_For_URL type=application # id=7516 event=Sonicwall-Alert_Proxy_Access_Key_Exchange type=application # id=7517 event=Sonicwall-Alert_Protocols_DNS type=application # id=7518 event=Sonicwall-Alert_Protocols_SMTP type=application # id=7519 event=Sonicwall-Alert_Protocols_SSL type=application # id=7520 event=Sonicwall-Alert_Protocols_STUN type=application # id=7521 event=Sonicwall-Alert_Protocols_CIFS type=application # id=7522 event=Sonicwall-Alert_Protocols_SNMP type=application # id=7523 event=Sonicwall-Alert_Protocols_HTTP type=application # id=7524 event=Sonicwall-Alert_Web_Browser type=application # id=7525 event=Sonicwall-Alert_Filetype_Detection type=application # id=7526 event=Sonicwall-Alert_Download_Apps type=application # id=7527 event=Sonicwall-Alert_Misc_Apps type=application # id=7528 event=Sonicwall-Alert_Social_Networking type=application # id=7529 event=Sonicwall-Alert_App_Update type=application # id=7530 event=Sonicwall-Alert_Protocols_SSH type=application # id=7531 event=Sonicwall-Alert_Proxy_Access type=application # id=7532 event=Sonicwall-Alert_Browsing_Privacy type=application # id=7533 event=Sonicwall-Alert_Backup_Apps type=application # id=7534 event=Sonicwall-Alert_Infrastructure type=application # id=7535 event=Sonicwall-Alert_Business_Apps type=application # id=7536 event=Sonicwall-Alert_Multimedia type=application # id=7537 event=Sonicwall-Alert_Webmail type=application # id=7538 event=Sonicwall-Alert_Database_Apps type=application # id=7539 event=Sonicwall-Alert_VoIP_Apps type=application # id=7540 event=Sonicwall-Alert_Protocols_ICMP type=application # id=7541 event=Sonicwall-Alert_Protocols_IMAP type=application # id=7542 event=Sonicwall-Alert_Protocols_FTP type=application # id=7543 event=Sonicwall-Alert_Protocols_Websocket type=application # id=7544 event=Sonicwall-IPS_ICMP_Ping type=intrusion # id=17545 event=Sonicwall-IPS_Info type=intrusion # id=17546 event=Sonicwall-IPS_ICMP_Destination_Unreachable type=intrusion # id=17547 event=Sonicwall-Category_Info_Technology_Computers type=application # id=17548 event=Sonicwall-Category_Search_Engines_Portals type=application # id=17549 event=Sonicwall-Category_Business_Economy type=application # id=37550 event=Sonicwall-Category_Online_Brokerage_Trading type=application # id=37551 event=Sonicwall-Category_Not_Rated type=application # id=18552 event=Sonicwall-Category_Administrative_Custom_List type=application # id=18553 event=Sonicwall-Category_Government type=application # id=18554 event=Sonicwall-Category_Shopping type=application # id=18555 event=Sonicwall-Category_Online_Banking type=application # id=18556 event=Sonicwall-Category_Real_Estate type=application # id=18557 event=Sonicwall-Category_Reference type=application # id=18558 event=Sonicwall-Category_Education type=application # id=18559 event=Sonicwall-Category_Advertisement type=application # id=18560 event=Sonicwall-Category_Travel type=application # id=18561 event=Sonicwall-Category_Political_Advocacy_Groups type=application # id=18562 event=Sonicwall-Category_Multimedia type=application # id=18563 event=Sonicwall-Category_News_Media type=application # id=18564 event=Sonicwall-Category_Social_Networking type=application # id=18565 event=Sonicwall-Category_Arts_Entertainment type=application # id=18566 event=Sonicwall-Category_Job_Search type=application # id=18567 event=Sonicwall-Check_System_Is_Up type=error # id=18569 event=Sonicwall-Possible_SYN_Flood type=intrusion # id=18570 event=Sonicwall-Blocked_IP_Spoof type=firewall # id=18572 event=Sonicwall-Connections_High_For_User type=network # id=18573 event=Sonicwall-Login_Allowed type=login # id=18575 event=Sonicwall-LDAP_Search_For_User type=application # id=18576 event=Sonicwall-User_Logoff type=logout # id=6213 event=WatchGuard-User_Authenticated type=login # id=6214 event=WatchGuard-VPN_User_Logged_Out type=logout # id=6216 event=WatchGuard-Configuration_Change type=system # id=6221 event=WatchGuard-Admin_User_Authenticated type=login # id=6222 event=WatchGuard-Management_User_Login type=login # id=6223 event=WatchGuard-Management_User_Logout type=logout # id=6232 event=WatchGuard-Modified_Policy type=system # id=6233 event=WatchGuard-Modified_Alias type=system # id=6234 event=WatchGuard-Modified_Ports type=system # id=43 event=FTP-User_Login type=login # id=16030 event=FTP-Login_Request type=login # id=6312 event=ProFTP-Successful_Login type=login # id=6313 event=ProFTP-Authenticated_Login type=login # id=8023 event=VSFTPD-Session_Opened type=connection # id=8024 event=VSFTPD-Session_Closed type=connection # id=8025 event=VSFTPD-Error_Retrieving_Information type=error # id=85 event=Tripwire-Deletion_Detected type=application # id=86 event=Tripwire-Creation_Detected type=application # id=87 event=Tripwire-Modification_Detected type=application # id=88 event=Tripwire-Set_Security_Detected type=application # id=89 event=Tripwire-Rename_To_Detected type=application # id=90 event=Tripwire-Create_Key_Detected type=application # id=91 event=Tripwire-Error_Detected type=error # id=92 event=Tripwire-Rename_From_Detected type=application # id=93 event=Tripwire-Change_Report_Started type=application # id=94 event=Tripwire-Change_Report_Completed type=application # id=95 event=Tripwire-Archived_Change_Report type=application # id=96 event=Tripwire-Modified_Change_Report type=application # id=97 event=Tripwire-User_Login type=login # id=98 event=Tripwire-Clear_Unlinked_Groups_Completed type=application # id=99 event=Tripwire-Clear_Unlinked_Groups_Started type=application # id=100 event=Tripwire-Change_Add type=detected-change # id=101 event=Tripwire-Change_Remove type=detected-change # id=20005 event=New_User type=detected-change # id=20105 event=VPN_Login_From_Unusual_Source type=login # id=22031 event=New_User_Source type=detected-change # id=3450 event=Dovecot-IMAP-User_Login type=login # id=3451 event=Dovecot-POP-User_Login type=login # id=8084 event=MSExchange-Sync_Folder_Items type=application # id=8085 event=MSExchange-Get_Item type=application # id=8086 event=MSExchange-Create_Item type=application # id=8087 event=MSExchange-Get_Events type=application # id=8088 event=MSExchange-Get_User_Settings_Response type=application # id=8089 event=MSExchange-Subscription_Not_Found type=error # id=8090 event=MSExchange-Find_Folder type=application # id=8091 event=MSExchange-Subscribe type=application # id=8092 event=MSExchange-Cmd_Ping type=application # id=8093 event=MSExchange-Syncing_Folder type=application # id=8094 event=MSExchange-Get_Folder type=application # id=8095 event=MSExchange-Cmd_Sync type=application # id=8096 event=MSExchange-Update_Item type=application # id=8097 event=MSExchange-Copy_Item type=application # id=8098 event=MSExchange-Delete_Item type=application # id=8099 event=MSExchange-Update_Folder type=application # id=8100 event=MSExchange-Convert_Id type=application # id=8101 event=MSExchange-Get_Mail_Tips type=application # id=8102 event=MSExchange-Get_Service_Configuration type=application # id=8103 event=MSExchange-Get_User_Availability type=application # id=8104 event=MSExchange-Cmd_Folder_Sync type=application # id=81381 event=MSExchange-Update_Item type=application # id=81382 event=MSExchange-Get_Events type=application # id=81383 event=MSExchange-Sync_Folder_Items type=application # id=81384 event=MSExchange-Create_Item type=application # id=81385 event=MSExchange-Get_Item type=application # id=81386 event=MSExchange-Move_Item type=application # id=81387 event=MSExchange-Get_Item type=application # id=81388 event=MSExchange-Update_Item type=application # id=81390 event=MSExchange-Get_User type=application # id=81391 event=MSExchange-Get_Folder type=application # id=81392 event=MSExchange-Sync_Folder_Hierarchy type=application # id=81393 event=MSExchange-Find_Folder type=application # id=81394 event=MSExchange-Get_Service_Configuration type=application # id=81395 event=MSExchange-Get_Mail_Tips type=application # id=81396 event=MSExchange-Sync_Folder_Items type=application # id=81397 event=MSExchange-Get_Room_Lists type=application # id=81398 event=MSExchange-Get_Folder type=application # id=81399 event=MSExchange-Resolve_Names type=application # id=81400 event=MSExchange-Find_Folder type=application # id=81401 event=MSExchange-Sync_Folder_Items type=application # id=81402 event=MSExchange-Apply_Conversation_Action type=application # id=81403 event=MSExchange-Sync_Folder_Hiearchy type=application # id=5450 event=IMAP-User_Login type=login # id=5453 event=IMAP-User_Login type=login # id=9928 event=Postfix-SASL_Login type=login # id=3803 event=QPopper-Login type=login # id=1708 event=IMAP-Login type=login # id=13762 event=AhnLab-MDS-Administrator_Login type=login # id=14101 event=Microsoft-MalwareProtection_Scan_Started type=application # id=14102 event=Microsoft-MalwareProtection_Scan_Completed type=application # id=14103 event=Microsoft-MalwareProtection_Scan_Cancelled type=application # id=14104 event=Microsoft-MalwareProtection_Scan_Failed type=error # id=14105 event=Microsoft-MalwareProtection_Scan_Malware_Detected type=virus # id=14106 event=Microsoft-MalwareProtection_Scan_Malware_Action_Taken type=virus # id=14107 event=Microsoft-MalwareProtection_Malware_Action_Failed type=error # id=14108 event=Microsoft-MalwareProtection_Quarantine_Restore type=application # id=14109 event=Microsoft-MalwareProtection_Quarantine_Restore_Failed type=error # id=14110 event=Microsoft-MalwareProtection_Quarantine_Delete type=application # id=14111 event=Microsoft-MalwareProtection_Quarantine_Delete_Failed type=application # id=14112 event=Microsoft-MalwareProtection_History_Delete type=application # id=14113 event=Microsoft-MalwareProtection_History_Delete_Failed type=error # id=14114 event=Microsoft-MalwareProtection_Behavior_Detected type=virus # id=13927 event=Microsoft-MalwareProtection-Malware_Detection type=virus # id=14115 event=Microsoft-MalwareProtection_Action_Non-Critical_Failed type=error # id=14116 event=Microsoft-MalwareProtection_Action_Critical_Failed type=virus # id=14119 event=Microsoft-MalwareProtection_Signature_Update_Failed type=error # id=14120 event=Microsoft-MalwareProtection_Engine_Updated type=application # id=14121 event=Microsoft-MalwareProtection_Engine_Update_Failed type=error # id=14126 event=Microsoft-MalwareProtection_RTP_Started type=application # id=14127 event=Microsoft-MalwareProtection_RTP_Stopped type=application # id=14128 event=Microsoft-MalwareProtection_RTP_Agent_Failure type=error # id=14129 event=Microsoft-MalwareProtection_RTP_Checkpoint_Failure type=error # id=14130 event=Microsoft-MalwareProtection_RTP_Malware_Detected type=virus # id=14131 event=Microsoft-MalwareProtection_RTP_Malware_Action_Taken type=virus # id=14132 event=Microsoft-MalwareProtection_RTP_Malware_Action_Failed type=error # id=15581 event=Cisco-IMS_Credential_Read_Success type=application # id=15582 event=Cisco-IMS_User_Successfully_Authenticated type=login # id=15583 event=Cisco-CTIManager_Failed_To_Start type=error # id=14526 event=MobileIron_ActiveSync_Error type=error # id=14527 event=MobileIron_ActiveSync_Timed_Out type=error # id=14528 event=MobileIron_ActiveSync_Service_Unavailable type=error # id=14529 event=MobileIron_Login type=login # id=14530 event=MobileIron_ActiveSync_Move_Status type=error # id=4611 event=Cisco-NAC_Out_Of_Band_User_Login type=login # id=4614 event=Cisco-NAC_Login_Temporary type=login # id=14200 event=StealthWatch-Spam type=spam # id=14201 event=StealthWatch-Out_Of_Profile type=intrusion # id=14202 event=StealthWatch-High_Concern_Index type=intrusion # id=14203 event=StealthWatch-Suspect_UDP_Activity type=intrusion # id=14204 event=StealthWatch-New_Flows type=detected-change # id=14205 event=StealthWatch-High_File_Sharing_Index type=intrusion # id=14206 event=StealthWatch-Mail_Rejects_Index type=spam # id=14207 event=StealthWatch-Suspect_Long_Flow type=intrusion # id=14208 event=StealthWatch-NAT_IP type=error # id=14209 event=StealthWatch-High_Total_Traffic type=intrusion # id=14210 event=StealthWatch-High_Target_Index type=intrusion # id=14211 event=StealthWatch-SYNs_Received type=dos # id=14212 event=StealthWatch-High_Volume_Email type=spam # id=14213 event=StealthWatch-Port_Flood type=dos # id=14214 event=StealthWatch-Multiple_Operating_Systems type=vulnerability # id=14215 event=StealthWatch-Unknown_Operating_System type=vulnerability # id=14216 event=StealthWatch-System_High_Traffic_In type=intrusion # id=14217 event=StealthWatch-Bad_Host type=intrusion # id=14218 event=StealthWatch-SYN_Flood type=dos # id=14219 event=StealthWatch-ICMP_Flood type=dos # id=18000 event=ForeScout-CounterAct_Compliant type=application # id=18001 event=ForeScout-CounterAct_Non_Compliant type=application # id=5834 event=TippingPoint-Logout type=logout # id=5835 event=TippingPoint-Login type=login # id=5836 event=TippingPoint-Idle_Timeout type=connection # id=3750 event=ObserveIT-High_Alert_Opened_Window type=application # id=3751 event=ObserveIT-Medium_Alert_Opened_Window type=application # id=3754 event=ObserveIT-Alert_Desktop type=application # id=3755 event=ObserveIT-Medium_Alert_LogMeIn type=application # id=3756 event=ObserveIT-Medium_Alert_Security_Warning type=application # id=3757 event=ObserveIT-High_Alert_New_Virtual_Device type=application # id=3758 event=ObserveIT-Medium_Alert_Download type=application # id=1300 event=Linux-User_Added type=system # id=1320 event=Linux-User_Added type=system # id=1326 event=Linux-User_Added type=system # id=1378 event=Linux-PAM_Session_Opened type=login # id=1379 event=Linux-PAM_Session_Closed type=logout # id=1387 event=Linux-PAM-KRB5_Authentication_Succeeds type=login # id=7005 event=Linux-Audit_Credential_Refresh type=process # id=7006 event=Linux-Audit_Credential_Reset type=process # id=7008 event=Linux-Audit_User_Authorized type=login # id=7009 event=Linux-Audit_Credential_Set type=process # id=7013 event=Linux-Audit_User_Authenticated type=login # id=7018 event=Linux-Audit_Credential_Refresh type=process # id=7019 event=Linux-Audit_Credential_Reset type=process # id=7021 event=Linux-Audit_User_Authorized type=login # id=7022 event=Linux-Audit_Credential_Set type=process # id=7023 event=Linux-Audit_User_Session_Started type=login # id=7024 event=Linux-Audit_User_Authenticated type=login # id=12455 event=OSX-Login type=login # id=1404 event=Unix-Successful_Sudo type=login # id=11752 event=Unix-Successful_Sudo_as_Root type=login # id=10074 event=Unix-Audit_Login type=login # id=10075 event=Unix-Audit_User_Authentication type=login # id=10081 event=Unix-Audit_Add_User_To_Group type=detected-change # id=10082 event=Unix-Audit_Ssauthint type=login # id=10084 event=Unix-Audit_Password_Modified type=detected-change # id=7287 event=Windows-Shadow_Copy_Created type=system # id=7288 event=Windows-Handle_Requested type=system # id=7289 event=Windows-Process_Exited type=process # id=7291 event=Windows-New_Process_Created type=process # id=7293 event=Windows-Successful_Login type=login # id=7294 event=Windows-Privileges_Assigned type=login # id=7295 event=Windows-Primary_Token_Assigned type=system # id=7296 event=Windows-Privileged_Service_Called type=system # id=7297 event=Windows-Attempted_Hard_Link_Creation type=system # id=7298 event=Windows-Attempted_Handle_Duplication type=system # id=7299 event=Windows-Handle_Closed type=system # id=7300 event=Windows-Transaction_Changed type=system # id=7301 event=Windows-Attempted_Access_Object type=system # id=7302 event=Windows-Privileged_Service_Call_Failed type=access-denied # id=7303 event=Windows-Handle_Request_Failed type=access-denied # id=7304 event=Windows-Login type=login # id=7305 event=Windows-Time_Changed type=system # id=7306 event=Windows-Credential_Validation type=login # id=7308 event=Windows-Account_Logged_Off type=logout # id=7309 event=Windows-Network_Share_Accessed type=system # id=7312 event=Windows-Filtering_Changed type=system # id=7314 event=Windows-Scheduled_Task_Created type=system # id=7315 event=Windows-Scheduled_Task_Deleted type=system # id=7316 event=Windows-Process_Registered type=login # id=7317 event=Windows-Provider_Context_Changed type=system # id=7318 event=Windows-Callout_Changed type=system # id=7319 event=Windows-Object_Deleted type=system # id=7323 event=Windows-Registered_Security_Event type=system # id=7324 event=Windows-Unregistered_Security_Event type=system # id=7326 event=Windows-Screen_Saver_Invoked type=system # id=7327 event=Windows-Screen_Saver_Dismissed type=system # id=7328 event=Windows-Audit_Settings_Changed type=system # id=7329 event=Windows-User_Logoff type=logout # id=7333 event=Windows-Reconnected_Session type=connection # id=7334 event=Windows-Disconnected_Session type=connection # id=7336 event=Windows-Workstation_Unlocked type=system # id=7337 event=Windows-User_Added_Global_Group type=system # id=7338 event=Windows-User_Created type=system # id=7339 event=Windows-User_Enabled type=system # id=7340 event=Windows-User_Changed type=system # id=7341 event=Windows-User_Added_Local_Group type=system # id=7342 event=Windows-User_Removed_Local_Group type=system # id=7343 event=Windows-User_Removed_Global_Group type=system # id=7344 event=Windows-User_Deleted type=system # id=7345 event=Windows-Domain_Policy_Changed type=system # id=7346 event=Windows-Password_Changed type=system # id=7347 event=Windows-Key_File_Operation type=system # id=7348 event=Windows-Cryptographic-Operation_Failure type=system # id=7350 event=Windows-Service_Installed type=system # id=7351 event=Windows-Local_Group_Created type=system # id=7352 event=Windows-System_Security_Granted_Account type=system # id=7353 event=Windows-User_Right_Assigned type=system # id=7354 event=Windows-Local_Group_Changed type=system # id=7355 event=Windows-Cryptographic-Test type=system # id=7356 event=Windows-User_Locked_Out type=access-denied # id=7360 event=Windows-Global_Group_Deleted type=system # id=7361 event=Windows-Global_Group_Created type=system # id=7362 event=Windows-User_Account_Disabled type=system # id=7363 event=Windows-Password_Changed type=system # id=7364 event=Windows-Replay_Attack_Detected type=intrusion # id=7366 event=Windows-Kerberos_Auth_Ticket_Request type=login # id=7367 event=Windows-Kerberos_Service_Ticket_Request type=system # id=7368 event=Windows-Kerberos_Service_Ticket_Renewed type=system # id=7369 event=Windows-Computer_Account_Created type=system # id=7370 event=Windows-Computer_Account_Changed type=system # id=7371 event=Windows-Computer_Account_Deleted type=system # id=7372 event=Windows-Account_Accessed type=system # id=7374 event=Windows-Audit_Policy_Changed type=system # id=7387 event=Windows-User_Account_Unlocked type=system # id=17418 event=Windows-Security_Granted_Or_Removed type=system # id=17464 event=Windows-Network_Share_Object_Checked type=system # id=17465 event=Windows-Network_Share_Object_Added type=system # id=17467 event=Windows-Successful_Network_Login type=login # id=17469 event=Windows-Login type=login # id=17470 event=Windows-Network_Share_Access_Failed type=system # id=17471 event=Windows-Successful_Network_Login type=login # id=17474 event=Windows-Operation_Performed_On_Object type=system # id=17475 event=Windows-Operation_Performed_On_Object_Failed type=access-denied # id=17477 event=Windows-Kerberos_Service_Ticket_Request_Failed type=system # id=17480 event=Windows-Cryptographic-Operation_Success type=system # id=17484 event=Windows-Workstation_Locked type=logout # id=17585 event=Windows-Network_Share_Object_Check_Failed type=system # id=17586 event=Windows-Password_Change_Attempt_Failed type=system # id=17592 event=Windows-Password_Change_Attempt_Failed type=system # id=17593 event=Windows-Requested_Handle_To_Object type=system # id=17594 event=Windows-Requested_Handle_To_Object type=system # id=17599 event=Windows-Filtering_Platform_Policy_Change type=system # id=17601 event=Windows-Login type=login # id=17604 event=Windows-Account_Management_Events type=application # id=17607 event=Windows-Kerberos_Auth_Ticket_Request type=login # id=17608 event=Windows-Kerberos_Service_Ticket_Request type=system # id=17609 event=Windows-Kerberos_Service_Ticket_Renewed type=system # id=17610 event=Windows-Computer_Account_Changed type=system # id=17611 event=Windows-Computer_Account_Created type=system # id=17613 event=Windows-User_Added_Global_Group type=system # id=17615 event=Windows-User_Added_Universal_Group type=system # id=17616 event=Windows-Computer_Account_Deleted type=system # id=17617 event=Windows-Master_Key_Recovery_Attempt type=system # id=30515 event=Windows-IRIS_Authentication_Successful type=login # id=30516 event=Windows-IRIS_Signon_Successful type=login # id=30518 event=Windows-IRIS_Signoff_Completed type=logout # id=30520 event=Windows-Remote_User_Login_Record type=login # id=30594 event=Windows-Msexchange_Logon type=login # id=30595 event=Windows-Msexchange_Logon type=login # id=30599 event=Windows-User_Login_Record type=login # id=30624 event=Windows-Smart_Card_Login type=login # id=30845 event=Windows-AppReadiness_User_Login_Started type=login # id=30846 event=Windows-AppReadiness_User_Login_Succeeded type=login # id=3200 event=Windows-Logon type=login # id=3203 event=Windows-Successful_Logon type=login # id=3204 event=Windows-Successful_Administrator_Logon type=login # id=3209 event=Windows-Account_Used_For_Login type=login # id=3210 event=Windows-Authentication_Ticket_Granted type=system # id=3225 event=Windows-Successful_Network_Login type=login # id=3229 event=Windows-User_Account_Changed type=system # id=3230 event=Windows-User_Account_Created type=system # id=3231 event=Windows-User_Password_Set type=system # id=3238 event=Windows-User_Account_Disabled type=system # id=3242 event=Windows-Successful_Access_Grant type=system # id=3249 event=Windows-Special_Privilege_New_Logon type=login # id=3260 event=Windows-Successful_Network_Login type=login # id=3262 event=Windows-Logon_With_Credentials type=login # id=3294 event=Windows-Successful_Network_Login type=login # id=3295 event=Windows-Successful_Batch_Logon type=login # id=3296 event=Windows-Successful_Service_Logon type=login # id=3297 event=Windows-Successful_Unlock type=login # id=3298 event=Windows-Successful_Remote_Session_Login type=login # id=3299 event=Windows-Successful_Cached_Login type=login # id=3326 event=Windows-Authentication_Ticket_Not_Granted type=system # id=3327 event=Windows-Successful_RunAs_Command type=login # id=3328 event=Windows-Account_Locked type=system # id=3337 event=Windows-Service_Ticket_Request_Fail type=access-denied # id=3339 event=Windows-Admin_ACLs_Set type=system # id=3340 event=Windows-Successful_Network_Login type=login # id=3341 event=Windows-User_Password_Set_Failed_Audit type=system # id=3342 event=Windows-User_Account_Unlocked type=system # id=31527 event=Windows-IAS_User_Granted_Access type=login # id=31534 event=Windows-Restart_Shutdown type=restart # id=31596 event=Windows-User_Connection_Stats type=connection # id=31597 event=Windows-User_Authenticated type=login # id=31598 event=Windows-User_Assigned_Address type=login # id=31686 event=Windows-User_Authenticated type=login # id=31687 event=Windows-User_Assigned_Address type=login # id=31688 event=Windows-User_Connection_Stats type=connection # id=31718 event=Windows-Remote_Desktop_Logout type=logout # id=31719 event=Windows-Remote_Desktop_Login type=login # id=31720 event=Windows-Remote_Desktop_Shell_Start type=system # id=9826 event=Pointsec-Logon_Successful type=login # id=2860 event=Radius-Access_Granted type=login # id=2870 event=Steel-Belted-Radius_Password_Accepted type=login # id=13659 event=Huawei-Command_Record type=system # id=13596 event=SecurID-Login type=login # id=15188 event=SCCM-Logon_User_Successful type=login # id=15218 event=SCCM-User_Logged_In type=login # id=42760 event=Barracuda-Access_Denied_By_Policy type=access-denied # id=42761 event=Barracuda-Blocked_Virus type=virus # id=42762 event=Barracuda-Detected_Spyware type=virus # id=42763 event=Barracuda-Allowed type=connection # id=42764 event=Barracuda-Allowed_Monitored type=connection # id=42767 event=Barracuda-Logon_Event type=login # id=42768 event=Barracuda-Allowed type=application # id=42769 event=Barracuda-File_On_Whitelist type=application # id=42770 event=Barracuda-Per_User_Quarantined_Message type=virus # id=42771 event=Barracuda-Tagged_Message type=application # id=42773 event=Barracuda-Logon type=login # id=42776 event=Barracuda-Logout type=logout # id=42780 event=Barracuda-Quarantined_Message type=spam # id=28425 event=MSSQLSVR-Successful_Login type=login # id=28426 event=MSSQLSVR-Trace_Toggled type=application # id=28429 event=MSSQLSVR-CHECKCATALOG type=application # id=28434 event=MSSQLSVR-Login_Succeeded_For_Local_Machine type=login # id=28470 event=MSSQLSVR-Successful_Login type=login # id=28471 event=MSSQLSVR-Successful_Login type=login # id=14343 event=MSSQLSVR-Audit_Event_Alter_Event_Session type=application # id=22860 event=Oracle-Audit_Action_Connection type=connection # id=22861 event=Oracle-Audit_Action_Shutdown type=database # id=22862 event=Oracle-Audit_Action_Startup type=database # id=22863 event=Oracle-Audit_Action_Logoff type=logout # id=22864 event=Oracle-Audit_Action_Logon type=login # id=3853 event=Dropbear-Password_Succeeded type=login # id=18015 event=FreeSSH_Login type=login # id=18016 event=FreeSSH-Server_Disconnected_User type=system # id=1800 event=SSH-Accepted_Public_Key type=login # id=1838 event=SSH-Login_Keyboard_Interactive type=login # id=1879 event=SSH-Session_Closed type=application # id=14953 event=Cisco-Nexus_Syslog_Configured type=application # id=14960 event=Cisco-Nexus_Password_Changed type=application # id=14962 event=Cisco-Nexus_New_User_Added type=application # id=14963 event=Cisco-Nexus_New_User_Added type=application # id=14964 event=Cisco-Nexus_User_Deleted type=application # id=14966 event=Cisco-Nexus_User_Deleted type=application # id=1005 event=Extreme-Switch-User_Login_SSH type=login # id=1006 event=Extreme-Switch-Password_Authentication_Used type=system # id=1007 event=Extreme-Switch-No_Valid_Key type=error # id=1010 event=Extreme-Switch-Admin_Configuration_Change type=detected-change # id=15350 event=HP-Switch_AAA_Request_Received type=system # id=15351 event=HP-Switch_User_Added_To_AAA_Blacklist type=application # id=15352 event=HP-Switch_AAA_Request_Accepted type=system # id=15355 event=HP-Switch_User_Logout type=logout # id=15356 event=HP-Switch_User_Closed_Connection type=logout # id=15357 event=HP-Switch_Command_Issued type=application # id=15359 event=HP-Switch_User_Login type=login # id=15360 event=HP-Switch_User_Login type=login # id=15361 event=HP-Switch_User_Logout type=logout # id=15368 event=HP-Switch_Command_Issued type=application # id=15369 event=HP-Switch_Password_Changed_First_Login type=login # id=9664 event=Tacacs_Login type=login # id=9668 event=Tacacs_Query_Authorization_Accepted type=login # id=9671 event=Tacacs_Query_Login_Accepted type=login # id=2903 event=Nessus-Scan_Started type=application # id=2904 event=Nessus-Scan_Finished type=application # id=2907 event=Nessus-Scan_Starting type=application # id=2908 event=Nessus-Host_Scan_Start type=application # id=2910 event=Nessus-Successful_Web_Login type=login # id=12927 event=Nessus-Admin_Privileges_Revoked type=application # id=12928 event=Nessus-User_Password_Changed type=application # id=12931 event=Nessus-User_Logged_Out type=logout # id=12932 event=Nessus-Invalid_File_Attempt type=access-denied # id=12933 event=Nessus-Invalid_Attempt_To_Obtain_Users type=access-denied # id=12934 event=Nessus-Changed_Password type=application # id=12935 event=Nessus-Attempted_Password_Change type=access-denied # id=12936 event=Nessus-Attempted_User_Delete type=access-denied # id=12937 event=Nessus-Attempted_User_Edit type=access-denied # id=12938 event=Nessus-Editing_User type=application # id=12939 event=Nessus-Invalid_Attempt_To_Add_User type=access-denied # id=12970 event=Nessus-Added_User type=application # id=12972 event=Nessus-User_Unlocked type=application # id=12973 event=Nessus-Successful_Login type=login # id=12975 event=Nessus-Login_Failed_Account_Locked type=access-denied # id=12977 event=Nessus-Invalid_Download_Attempt_Of_Plugins type=access-denied # id=12978 event=Nessus-Invalid_Update_Attempt_Of_Plugins type=access-denied # id=12979 event=Nessus-User_Deleted type=application # id=12981 event=Nessus-Remote_Host_Dead type=application # id=13611 event=Nessus-Host_Scan_Start type=application # id=13612 event=Nessus-Remote_Host_Dead type=application # id=13613 event=Nessus-Not_Scanning_Address type=application # id=13622 event=Nessus-Starting_Scan_Local type=application # id=13629 event=Nessus-Starting_Scan_Remote type=application # id=13632 event=Nessus-Added_User type=application # id=13634 event=Nessus-Successful_Login type=login # id=13636 event=Nessus-User_Logged_Out type=logout # id=13637 event=Nessus-Untar_Plugins_Started type=application # id=13638 event=Nessus-Untar_Plugins_Finished type=application # id=13639 event=Nessus-Control_Message_Sent type=application # id=13640 event=Nessus-User_Reset_Called type=application # id=2921 event=Nessus-Scan_Finished type=application # id=2922 event=Nessus-Successful_Login type=login # id=2924 event=Nessus-User_Added type=application # id=2926 event=Nessus-User_Granted_Admin_Privileges type=application # id=2932 event=Nessus-User_Deleted type=application # id=4816 event=PVS-IMAP_UserID_Enumeration type=network # id=4937 event=PVS-Iheartradio_Stream_Accessed type=web-access # id=4940 event=PVS-AIM_User_Detected type=login # id=4957 event=PVS-Hulu_Username_Detected type=web-access # id=15041 event=PVS-UserID_And_Password_Passed_In_Plaintext type=login # id=15043 event=PVS-UserID_And_Password_Passed_In_Plaintext type=login # id=9177 event=PVS-Successful_Login type=login # id=9178 event=PVS-User_Logged_Out type=logout # id=8272 event=SC4-Login type=login # id=8273 event=SC4-Logout type=logout # id=8274 event=SC4-Repository_Modified type=application # id=8275 event=SC4-LCE_Modified type=application # id=8277 event=SC4-Failed_Attempt_To_Create_Role type=error # id=8278 event=SC4-Created_User type=application # id=8279 event=SC4-Deleted_User type=application # id=8280 event=SC4-Modified_User type=application # id=8284 event=SC4-LCE_Deleted type=application # id=8285 event=SC4-LCE_Created type=application # id=8287 event=SC4-Access_To_Repository_Granted type=application # id=8293 event=SC4-Organization_Asset_Modified type=application # id=8294 event=SC4-Asset_Deleted type=application # id=8295 event=SC4-Repository_Created type=application # id=8297 event=SC4-Organization_Created_By_Admin type=application # id=8298 event=SC4-User_Creation_Failure type=error # id=8301 event=SC4-Organization_Modified type=application # id=8388 event=SC4-Attempted_To_Create_Report type=error # id=8389 event=SC4-Error_Adding_Email_Target type=error # id=12308 event=Thycotic-User_Login type=login # id=12309 event=Thycotic-User_Logout type=logout # id=12311 event=Thycotic-View type=application # id=12324 event=Thycotic-Password_Copied type=application # id=12325 event=Thycotic-Password_Displayed type=application # id=12326 event=Thycotic-Launch type=application # id=12327 event=Thycotic-User_Login type=login # id=12328 event=Thycotic-User_Logout type=logout # id=12329 event=Thycotic-Edit type=application # id=12330 event=Thycotic-Viewed_Edit type=application # id=12331 event=Thycotic-Removed_From_Role type=application # id=12333 event=Thycotic-Permissions_Edited type=application # id=12334 event=Thycotic-User_added_To_Group type=application # id=12335 event=Thycotic-Create type=application # id=12336 event=Thycotic-Copy type=application # id=12337 event=Thycotic-Delete type=application # id=12338 event=Thycotic-View type=application # id=1656 event=Sophos-Adware_PUA_Blocked type=virus # id=1657 event=Sophos-Viruses_Spyware_Cleaned type=virus # id=1658 event=Sophos-Viruses_Spyware_Blocked type=virus # id=1659 event=Sophos-Viruses_Spyware_No_Action type=virus # id=1660 event=Sophos-Adware_PUA_Cleaned type=virus # id=1661 event=Sophos-Adware_PUA_No_Action type=virus # id=1663 event=Sophos-Virus_Spyware_Not_Present type=virus # id=1664 event=Sophos-Suspicious_Behavior_Not_Cleanable type=virus # id=1667 event=Sophos-Viruses_Spyware_Resolved_Cleared type=virus # id=1668 event=Sophos-Viruses_Spyware_Blocked type=virus # id=1670 event=Sophos-Viruses_Spyware_Partly_Removed_Restart type=virus # id=1671 event=Sophos-Viruses_Spyware_Deleted type=virus # id=1672 event=Sophos-Viruses_Spyware_Unknown type=virus # id=1674 event=Sophos-Adware_PUA_Not_Present type=virus # id=1675 event=Sophos-Adware_PUA_Authorized type=virus # id=1679 event=Sophos-Suspicious_Behavior_Not_Present type=virus # id=1680 event=Sophos-Adware_PUA_No_Action type=virus # id=1689 event=Sophos-Web_Filtering_Blocked type=virus # id=1690 event=Sophos-Web_Browser_Cleaned_Up_Item type=virus # id=1691 event=Sophos-Application_Control_Access_No_Action type=application # id=14900 event=Sophos-Device_Control_Alert_Only type=application # id=14901 event=Sophos-Firewall_Blocked_Incoming_TCP type=firewall # id=14902 event=Sophos-Firewall_Blocked_Incoming_UDP type=firewall # id=14903 event=Sophos-Firewall_Blocked_Outgoing_UDP type=firewall # id=14904 event=Sophos-Firewall_Blocked_Outgoing_TCP type=firewall # id=14905 event=Sophos-Tamper_Protection_Successful_Authentication type=application # id=14907 event=Sophos-Web_Access_Blocked type=web-error # id=14908 event=Sophos-Web_Access_Warning type=web-error # id=14909 event=Sophos-Web_Access_No_Action type=web-error # id=7959 event=Symantec-Endpoint_Logon type=login # id=7960 event=Symantec-Endpoint_Logout type=logout # id=7968 event=Symantec-Endpoint_Heuristic_Risk_Sample type=virus # id=7969 event=Symantec-Endpoint_Allow_Rule_Executed type=application # id=7973 event=Symantec-Endpoint_Inbound_Traffic_Allowed type=connection # id=7974 event=Symantec-Endpoint_Outbound_Traffic_Allowed type=connection # id=7990 event=Symantec-Endpoint_Virus_Found type=virus # id=7991 event=Symantec-Endpoint_Security_Risk_Found type=virus # id=7996 event=Symantec-Endpoint_Security_Risk_Details_Pending type=virus # id=7997 event=Symantec-Endpoint_Security_Risk_Quarantined type=virus # id=7998 event=Symantec-Endpoint_Security_Risk_Left_Alone type=virus # id=7999 event=Symantec-Endpoint_Security_Risk_Access_Denied type=virus # id=28000 event=Symantec-Endpoint_Security_Risk_Moved_Back type=virus # id=28001 event=Symantec-Endpoint_Security_Risk_Cleaned_By_Deletion type=virus # id=28002 event=Symantec-Endpoint_Security_Risk_All_Actions_Failed type=virus # id=28003 event=Symantec-Endpoint_Security_Risk_Partially_Repaired type=virus # id=28004 event=Symantec-Endpoint_Security_Risk_No_Repair_Available type=virus # id=28005 event=Symantec-Endpoint_Security_Risk_Deleted type=virus # id=28006 event=Symantec-Endpoint_Virus_Deleted type=virus # id=28007 event=Symantec-Endpoint_Virus_Quarantined type=virus # id=28008 event=Symantec-Endpoint_Virus_Details_Pending type=virus # id=28009 event=Symantec-Endpoint_Virus_Left_Alone type=virus # id=28010 event=Symantec-Endpoint_Virus_Access_Denied type=virus # id=28011 event=Symantec-Endpoint_Virus_Moved_Back type=virus # id=28012 event=Symantec-Endpoint_Virus_Cleaned_By_Deletion type=virus # id=28013 event=Symantec-Endpoint_Virus_All_Actions_Failed type=virus # id=28014 event=Symantec-Endpoint_Virus_Partially_Repaired type=virus # id=28015 event=Symantec-Endpoint_Virus_No_Repair_Available type=virus # id=28016 event=Symantec-Endpoint_Inbound_Traffic_Blocked type=firewall # id=28017 event=Symantec-Endpoint_Outbound_Traffic_Blocked type=firewall # id=28036 event=Symantec-Endpoint_Protection_File_Blocked type=firewall # id=28043 event=Symantec-IPS_Inbound_TCP_Attack_Blocked type=intrusion # id=28044 event=Symantec-IPS_Outbound_TCP_Attack_Blocked type=intrusion # id=28045 event=Symantec-IPS_Inbound_Non_TCP_Attack_Blocked type=intrusion # id=13853 event=VMWARE-Login type=login # id=13854 event=VMWARE-Login type=login # id=2103 event=Cisco-VPN_Concentrator_User_Authenticated type=login # id=2104 event=Cisco-VPN_Concentrator_User_Client_Type type=connection # id=2105 event=Cisco-VPN_Concentrator_User_Connected type=connection # id=2106 event=Cisco-VPN_Concentrator_Phase_1_Completed type=system # id=2107 event=Cisco-VPN_Concentrator_Received_Remote_Proxy type=system # id=2108 event=Cisco-VPN_Concentrator_Received_Local_IP_Proxy type=system # id=2109 event=Cisco-VPN_Concentrator_IKE_Remote_Peer type=system # id=2110 event=Cisco-VPN_Concentrator_Overriding_Initiator_Duration type=system # id=2111 event=Cisco-VPN_Concentrator_Negotiation_Complete type=login # id=2112 event=Cisco-VPN_Concentrator_Phase_2_Complete type=system # id=2114 event=Cisco-VPN_Concentrator_Connection_Terminated type=system # id=2115 event=Cisco-VPN_Concentrator_IKE_Delete type=system # id=2116 event=Cisco-VPN_Concentrator_Disconnect_Session type=logout # id=2117 event=Cisco-VPN_Concentrator_IKE_Lost_Contact type=error # id=7549 event=Citrix_Access-Login type=login # id=7550 event=Citrix_Access-HTTP_Request type=system # id=7551 event=Citrix_Access-TCP_Connstat type=connection # id=7554 event=Citrix_Access-Logout type=logout # id=7555 event=Citrix_Access-HTTP_Request type=system # id=7561 event=Citrix_Access-HTTP_Request type=system # id=7592 event=Citrix_Access-Session_Timeout type=system # id=7593 event=Citrix_Access-Non_HTTP_Denied type=firewall # id=7594 event=Citrix_Access-HTTP_Denied type=firewall # id=7596 event=Citrix_Access-Security_Check_Fails type=error # id=7597 event=Citrix_Access-Security_False type=error # id=7601 event=Citrix_Access-VPN_Login type=login # id=7603 event=Citrix_Access-Udp_Flow_Stat type=system # id=10520 event=Juniper-VPN_Host_Checker type=system # id=10526 event=Juniper-VPN_Primary_Auth_Success type=login # id=10527 event=Juniper-VPN_Secondary_Auth_Success type=login # id=10528 event=Juniper-VPN_Host_Checker_Passed type=system # id=10529 event=Juniper-VPN_Remote_Address_Change type=detected-change # id=10580 event=Juniper-VPN_Login_Succeeded type=login # id=12705 event=NetMotion-Mobility-Session_User_Authentication_Mode_POP_Only type=login # id=12706 event=NetMotion-Mobility-Roaming_Event_POP_Address_Change type=detected-change # id=12707 event=NetMotion-Mobility-Client_Policy_Is_Current type=system # id=12708 event=NetMotion-Mobility-NAC_Send_Attempt type=system # id=12253 event=OpenVPN-Peer_Connection_Initiated type=connection # id=12260 event=OpenVPN-Auth_Success type=login # id=12856 event=Apache-Valid_Web_GET_Request type=web-access # id=12857 event=Apache-Valid_Web_POST_Request type=web-access # id=12858 event=Apache-GET_Redirect type=web-access # id=12859 event=Apache-POST_Redirect type=web-access # id=12860 event=Apache-GET_Client_Request_Error type=web-error # id=12861 event=Apache-POST_Client_Request_Error type=web-error # id=12862 event=Apache-GET_Server_Error type=web-error # id=12863 event=Apache-POST_Server_Error type=web-error # id=12958 event=Apache-Valid_Web_GET_Request type=web-access # id=12959 event=Apache-GET_Client_Request_Error type=web-access # id=7622 event=IIS-Search_Request type=web-access # id=7623 event=IIS-Bproppatch_Request type=web-access # id=7624 event=IIS-Bmove_Request type=web-access # id=7625 event=IIS-Propfind_Request type=web-access # id=7626 event=IIS-Poll_Request type=web-access # id=7627 event=IIS-Subscribe_Request type=web-access # id=7629 event=IIS-Proppatch_Request type=web-access # id=7630 event=IIS-Delete_Request type=web-access # id=7631 event=IIS-Options_Request type=web-access # id=7632 event=IIS-Head_Request type=web-access # id=7633 event=IIS-Bdelete_Request type=web-access # id=7634 event=IIS-Move_Request type=web-access # id=7635 event=IIS-Copy_Request type=web-access # id=7636 event=IIS-Bpropfind_Request type=web-access # id=7703 event=IIS-GET_Request type=web-access # id=7704 event=IIS-POST_Request type=web-access # id=14051 event=McAfee-Accessed_URL type=web-access # id=11599 event=Wordpress-Successful_Login type=login # id=11600 event=Wordpress-Successful_Logout type=logout # id=12370 event=Xceedium-Gatekeeper_Logon type=login # id=12371 event=Xceedium-Gatekeeper_Transaction_Alert type=intrusion # id=12373 event=Xceedium-Gatekeeper_Login_Local type=login # id=12374 event=Xceedium-Gatekeeper_Unauthorized_Access type=intrusion #