| 9170001 |
WindowsPerformance Meters CPU Mem Event |
A new event is generated containing details of how much the Windows CPU and RAM memory is used in percent. |
Monitor the performance of a WindowsOS computer |
| 9170002 |
WindowsPerformance Meters Logical Drive Event |
A new event is generated containing details of how much a certain a Windows Logical Drive is used. |
Monitor the resources of a WindowsOS computer |
| 9175001 |
DataAcquisitionMetering Event |
A new event is generated containing details of resources and performance of the system on which DataAquisition CQ is installed |
Monitors resources and performance of the system on which DataAquisition CQ is installed |
| 56789 |
Self Audit |
A new event is generated containing details of CQ Web Application Audit. |
Web Application Audit |
| 580466301 |
An object was moved from SourceFile to Destination |
A new event is generated containing details of the file name and path before and after the move. |
To identify, in Microsoft Windows environments, the moved files with the location before and after the move. |
| 580466302 |
An object was deleted |
A new event is generated containing details of the name and path of the deleted file. |
To identify, in Microsoft Windows environments, deleted files/objects with the location and name of the file/object. |
| 580466303 |
A new file was createad or modified |
A new event is generated containing details about the name and path of the created/modified file. |
To identify, in Microsoft Windows environments, newly created or modified files with the location and file name. |
| 580466304 |
A new folder was created |
A new event is generated containing details about the name and path of the created folder. |
To identify, in Microsoft Windows environments, newly created folders with location and folder name. |
| 580466305 |
An object was renamed SourceFile to DestinationFile |
A new event is generated containing details of the object name and path before and after renaming. |
To identify, in Microsoft Windows environments, renamed objects with the location and name of the object before and after renaming. |
| 580466306 |
An object was accessed |
A new event is generated containing details of the name and path of the accessed object. |
To identify, in Microsoft Windows environments, the accessed objects by mentioning the location and the name of the object. |
| 9160000 |
VPN |
Creates events on Forensics Field |
|
| 63805 |
NetFlow v5 |
A new event is generated containing details of traffic information and communication between IPs |
Monitor V5 events |
| 63809 |
NetFlow V9 |
A new event is generated containing details of traffic information and communication between IPs |
Monitor V9 events |
| 63810 |
IPFIX or NetFlow V10 |
A new event is generated containing details of traffic information with a new version of Netflow |
Monitor V10/IPFIX events |
| 63900 |
BiFlow Events |
A new event is generated containing details of Bidirectional Netflow |
Combine events by format protocol, SrcIP, SrcPort, DestIP, DestPort |
| 9150001 |
Windows Success Interactive Logon Activity |
A new event is generated containing details of the user and the new station on which he has interactively logged in. |
To identify, in Microsoft Windows enviroment, a new interactive login of a user on a station other than those in the login history. |
| 9150002 |
Windows Success Network Logon Activity |
A new event is generated containing details of the user and the network IP on which he logged in. |
To identify, in Microsoft Windows enviroment, a new network login compared to the historical ones ( connection to a shared folder on a computer from the network). |
| 9150003 |
Windows Success Batch Logon Activity |
A new event is generated containing details of the user and the network IP on which he logged in. |
To identify, in Microsoft Windows enviroment, a new batch logon against those in history (e.g. a schedule task). |
| 9150004 |
Windows Success Service Logon Activity |
A new event is generated containing details of the service and the IP in the network that was logged in. |
To identify, in Microsoft Windows environment, a new service logon compared to the historical ones (e.g. Service startup). |
| 9150005 |
Windows Success Network Cleartext Logon Activity |
A new event is generated containing details of the user and the IP in the network to which he logged in. |
A new event is generated containing details of the user and the IP in the network to which he logged in. |
| 9150006 |
Windows Success Remote Interactive Logon Activity |
A new event is generated containing details of the user and network IP that logged in. |
To identify, in Microsoft Windows environment, a new remote interactive login in addition to the ones in the history |
| 9150007 |
Windows Success Cached Interactive Logon Activity |
A new event is generated containing details of the user and network IP that logged in. |
To identify, in Microsoft Windows environment, a cached login after a break period of at least 3 months. |
| 9150011 |
Windows Failed Interactive Logon Activity |
A new event is generated containing details of the user and IP in the network that was logged in. |
To identify, in Microsoft Windows environment, a failed interactive authentication on a station other than those in the history. |
| 9150012 |
Windows Failed Network Logon Activity |
A new event is generated containing details of the user and IP from the network that was logged in. |
To identify, in Microsoft Windows environment, a new failed network authentication against the historical one . |
| 9150051 |
Windows Success Service Activity Service |
A new event is generated containing details of the machine in the network that has logged in and the new service registered. |
To identify, in Microsoft Windows environment, authentications for new network services. |
| 9150052 |
Windows Success Service Activity Service User |
A new event is generated containing details of the network machine logged on, the newly registered service/user combination. |
To identify, in Microsoft Windows environment, new network logins versus those in the history, of type service run under a user. |
| 9150053 |
Windows Success Service Activity Service Computer |
A new event is generated containing details of the networked machine that has been logged on, the newly registered service/user combination. |
To identify, in Microsoft Windows environment, new network logins versus those in the history, as a service running on a machine. |
| 9150061 |
Windows Failed Service Activity Service |
A new event is generated containing details of the machine in the network on which authentication failed and the new service registered. |
To identify, in Microsoft Windows environment, failed authentications for new network services. |
| 9150062 |
Windows Failed Service Activity Service User |
A new event is generated containing details of the machine in the network that has logged in, the newly registered service/user combination. |
To identify, in Microsoft Windows enviroment, new failed network logins versus those in the history, of the service type run under a user. |
| 9150063 |
Windows Failed Service Activity Service Computer |
A new event is generated containing details of the network machine that was logged on, the new service/user combination registered |
To identify, in Microsoft Windows environment, new failed network logins versus those in the history, of the service type run on a machine. |
| 9150101 |
Linux Success Sshd Logon Activity |
A new event is generated containing details of the user and the Linux machine on which SSH was logged in. |
To identify, in Linux environments, new SSH logins versus historical ones. |
| 9150102 |
Linux Success Sudo Logon Activity |
A new event is generated containing details of the user and the Linux machine on which SUDO has logged in. |
To identify, in Linux environments, new SUDO logins versus historical ones. |
| 9150103 |
Linux Success Su Logon Activity |
A new event is generated containing details of the user and the Linux machine on which the SU has logged in. |
To identify, in Linux environments, new SU logins versus historical ones, organized by computer. |
| 9150104 |
Linux Success Systemd Logon Activity |
A new event is generated containing details of the user and the IP on which the SU logged in. |
To identify, in Linux environments, new SU logins against historical ones, organized by source IP. |
| 9150151 |
Linux Failed Logon Activity SSH |
A new event is generated containing details of the user and Linux machine on which the SSH login failed. |
To identify, in Linux environments, new failed SSH logins versus historical ones. |
| 9150201 |
VPN Success Logon Activity by Country |
A new event is generated containing details of the user and the country from where the VPN login was performed. |
Monitors whether a new username/geolocation combination has successfully logged into the organization on the VPN against history. |
| 9150202 |
VPN Success Logon Activity by ClientIP |
A new event is generated containing details of the user and the IP from where the VPN login was performed. |
Monitors whether a new username/geolocation combination has successfully logged into the organization on the VPN against history. |
| 9150013 |
Windows Failed Batch Logon Activity |
A new event is generated containing details of the user and the network IP on which he login failed. |
To identify, in the Microsoft Windows enviroment, a failed batch logon against those in history (e.g. a schedule task). |
| 9150014 |
Windows Failed Service Logon Activity |
A new event is generated containing details of the service and the IP in the network that was login failed. |
To identify, in Microsoft Windows environment, a failed service logon compared to the historical ones (e.g. Service startup). |
| 9150015 |
Windows Failed Network Cleartext Logon Activity |
A new event is generated containing details of the user and the IP in the network to which he login failed. |
To identify, in Microsoft Windows environment, a new failed Cleartext authentication type compared to the historical one |
| 9150016 |
Windows Failed Remote Interactive Logon Activity |
A new event is generated containing details of the user and network IP that login failed. |
To identify, in Microsoft Windows environment, a new failed remote interactive login in addition to the ones in the history |
| 9150017 |
Windows Failed Cached Interactive Logon Activity |
A new event is generated containing details of the user and network IP that login failed. |
To identify, in Microsoft Windows environment, a failed cached login after a break period of at least 3 months. |