Stealthwatch System v6.9.0 Internal Alarm IDs

Similar documents
Cisco Stealthwatch. Internal Alarm IDs 7.0

Security Events and Alarm Categories (for Stealthwatch System v6.9.0)

External Lookup (for Stealthwatch System v6.10.0)

Cisco CSPC 2.7x. Configure CSPC Appliance via CLI. Feb 2018

Flow Sensor and Load Balancer Integration Guide. (for Stealthwatch System v6.9.2)

Downloading and Licensing. (for Stealthwatch System v6.9.1)

Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x)

Creating and Installing SSL Certificates (for Stealthwatch System v6.10)

Proxy Log Configuration

Proxy Log Configuration

Application Launcher User Guide

Cisco TelePresence FindMe Cisco TMSPE version 1.2

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.5

Cisco Proximity Desktop

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at

Cisco Meeting App. What's new in Cisco Meeting App Version December 17

Cisco Jabber IM for iphone Frequently Asked Questions

Troubleshooting guide

Cisco Meeting App. Release Notes. WebRTC. Version number September 27, Cisco Systems, Inc.

Cisco CSPC 2.7.x. Quick Start Guide. Feb CSPC Quick Start Guide

Validating Service Provisioning

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 5.7. User Guide July 2018

Cisco Meeting App. Cisco Meeting App (OS X) Release Notes. October 24, Cisco Systems, Inc.

Migration and Upgrade: Frequently Asked Questions

Cisco Meeting App. Cisco Meeting App (Windows) Release Notes. March 08, Cisco Systems, Inc.

CPS UDC MoP for Session Migration, Release

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.6

Method of Procedure for HNB Gateway Configuration on Redundant Serving Nodes

NetFlow Configuration Guide

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 5.0

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 3.1

Cisco Unified Communications Self Care Portal User Guide, Release

TechNote on Handling TLS Support with UCCX

Wireless Clients and Users Monitoring Overview

Cisco FindIT Plugin for Kaseya Quick Start Guide

Cisco UCS Performance Manager Release Notes

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.2

Cisco Meeting App. Cisco Meeting App (OS X) Release Notes. July 21, 2017

SAML SSO Okta Identity Provider 2

Cisco IOS Optimized Edge Routing Command Reference

Cisco Nexus 1000V for KVM Interface Configuration Guide, Release 5.x

Recovery Guide for Cisco Digital Media Suite 5.4 Appliances

Cisco Unified Communications Self Care Portal User Guide, Release 11.5(1)

Cisco Meeting Server. Cisco Meeting Server Release 2.0+ Multi-tenancy considerations. December 20, Cisco Systems, Inc.

Cisco Nexus 3000 Series NX-OS Verified Scalability Guide, Release 7.0(3)I7(2)

Cisco Unified Communications Manager Device Package 8.6(2)( ) Release Notes

Cisco Expressway with Jabber Guest

Media Services Proxy Command Reference

Cisco UCS Director F5 BIG-IP Management Guide, Release 5.0

Cisco StadiumVision Management Dashboard Monitored Services Guide

Cisco Meeting Management

Cisco Meeting Server. Load Balancing Calls Across Cisco Meeting Servers. White Paper. 22 January Cisco Systems, Inc.

Cisco Jabber for Android 10.5 Quick Start Guide

Cisco Prime Home Device Driver Mapping Tool July 2013

Cisco Meeting Management

Cisco Meeting Management

Cisco IOS Flexible NetFlow Command Reference

Software Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)

Cisco TelePresence Management Suite 15.5

Security Configuration Guide: Denial of Service Attack Prevention, Cisco IOS Release 15M&T

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Cisco TelePresence Management Suite 15.4

Installation and Configuration Guide for Visual Voic Release 8.5

VCS BSS/OSS Adaptor (BOA) 17.2 Release Notes

IP Addressing: Fragmentation and Reassembly Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)

Flexible Netflow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Cisco Meeting App. Cisco Meeting App (ios) Release Notes. October 06, 2017

Cisco TelePresence Management Suite

Cisco TelePresence Supervisor MSE 8050

Cisco Expressway ENUM Dialing

HTTP Errors User Guide

CPS UDC SNMP and Alarms Guide, Release

Cisco Terminal Services (TS) Agent Guide, Version 1.0

Cisco Unified Contact Center Express Historical Reporting Guide, Release 10.6(1)

Cisco Expressway Web Proxy for Cisco Meeting Server

IP Routing: ODR Configuration Guide, Cisco IOS Release 15M&T

Cisco TelePresence TelePresence Server MSE 8710

Cisco ASR 9000 Series Aggregation Services Router Netflow Command Reference, Release 4.3.x

Cisco TelePresence MCU MSE 8510

Cisco Meeting App. Cisco Meeting App (Windows) Release Notes. March 08, Cisco Systems, Inc.

Cisco TelePresence Management Suite Provisioning Extension 1.6

Cisco CIMC Firmware Update Utility User Guide

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6

Cisco Jabber Video for ipad Frequently Asked Questions

Cisco UC Integration for Microsoft Lync 9.7(4) User Guide

Cisco Evolved Programmable Network System Test Topology Reference Guide, Release 5.0

IP Addressing: Fragmentation and Reassembly Configuration Guide

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

Cisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007

Cisco Unified Contact Center Express Historical Reporting Guide, Release 10.5(1)

Cisco Connected Grid Design Suite (CGDS) - Substation Workbench Designer User Guide

Cisco UCS Performance Manager Release Notes

Cisco UCS Performance Manager Release Notes

Cisco IOS Shell Command Reference

Troubleshooting Procedures for Cisco TelePresence Video Communication Server

Cisco TEO Adapter Guide for

Videoscape Distribution Suite Software Installation Guide

Cisco Meeting App. User Guide. Version December Cisco Systems, Inc.

IP Switching Configuring Fast Switching Configuration Guide Cisco IOS Release 15SY

Transcription:

Stealthwatch System v6.9.0 Internal Alarm IDs

Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED "AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE- NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies are considered un-controlled copies and the original on-line version should be referred to for latest version. Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. 2

Stealthwatch System v6.9.0 Internal Alarm IDs Note: Some previously used alarms are now obsolete and no longer listed in this file. 1 Host Lock Violation 5 SYN Flood 6 UDP Flood 7 ICMP Flood 8 Packet Flood 9 High Volume Email 10 Mail Relay 11 Spam Source 12 Mail Rejects 13 Watch Port Active 14 New Host Active 15 High Target Index 16 High Total Traffic 17 Max Flows Initiated 18 New Flows Initiated 19 SYNs Received 20 High File Sharing Index 24 Suspect UDP Activity 25 MAC Address Violation 26 Half Open Attack 28 Touched 29 Low Traffic 30 High Traffic 31 Watch Host Active 32 High Concern Index 33 Suspect Long Flow 34 Trapped Host 35 Worm Activity 3

36 Worm Propagation 37 Max Flows Served 38 New Flows Served 39 Beaconing Host 40 Data Loss 41 Bot Infected Host - Attempted C&C Activity (Partial Match) 42 Bot Infected Host - Successful C&C Activity (Full Match) 43 Bot Command & Control Server (Controlled) 44 Slow Connection Flood 45 Data Exfiltration 46 Command and Control 47 Policy Violation 48 Suspect Quiet Long Flow 49 UDP Received 50 ICMP Received 51 Recon 52 Data Hoarding 53 High DDoS Target Index 54 High DDoS Source Index 55 Port Scan 56 Exploitation 57 Anomaly 58 Brute Force Login 59 Talks to Phantoms 60 High SMB Peers 61 SSH Reverse Shell 62 Fake Application Detected 63 Scanner Talking 257 Ping 258 ICMP TimeOut 259 TimeOut UDP 260 TimeOut TCP 4

261 Reset UDP 262 Reset TCP 263 Bad Flag All 264 Bad Flag SYN FYN 265 Bad Flag Reserved (Sflow Only) 266 Bad Flag RST 267 Bad Flag ACK 268 Bad Flag URG 269 Bad Flag No Flag 271 Stealth Scan UDP 272 Stealth Scan TCP 273 SRC=DES 276 Addr Scan TCP 277 Ping Scan 278 Ping Oversized Packet 281 Frag Pkt Too Short 282 Frag Pkt Too Long 283 Frag Different Sizes 286 Addr Scan UDP 289 ICMP Net Unreachable 290 ICMP Host Unreachable 291 ICMP Protocol Unreachable 292 ICMP Port Unreachable 293 ICMP Frag Needed 294 ICMP SRC Route Failed 295 ICMP Dest Network Unknown 296 ICMP Dest Host Unknown 297 ICMP Src Host isolated 298 ICMP Dest Net Admin 299 ICMP Dst Host Admin 300 ICMP Net Unreachable TOS 301 ICMP Host Unreachable TOS 5

302 ICMP Comm Admin 303 ICMP Host Precedence 304 ICMP Precedence Cutoff 310 Flow Denied 315 Suspect Data Hoarding 316 Target Data Hoarding 317 Connection From TOR Attempted 318 Connection From TOR Successful 319 Inside TOR Exit Detected 513 Connection To TOR Attempted 514 Connection To TOR Successful 515 Inside TOR Entry Detected 516 Connection To Bogon Address Successful 517 Connection From Bogon Address Successful 518 Connection To Bogon Address Attempted 519 Connection From Bogon Address Attempted 4010 Flow Collector Flow Data Lost 4020 Interface Utilization Exceeded Inbound 4030 Interface Utilization Exceeded Outbound 5010 FlowSensor VE Configuration Error 5011 FlowSensor Traffic Lost 5012 FlowSensor RAID Failure 5013 FlowSensor RAID Rebuilding 5998 FlowSensor Time Mismatch 5999 FlowSensor Management Channel Down 6010 New VM 6020 V-Motion 7001 Relationship High Total Traffic 7002 Relationship High Traffic 7003 Relationship Low Traffic 7004 Relationship Max Flows 7005 Relationship New Flows 6

7006 Relationship Round Trip Time 7007 Relationship Server Response Time 7008 Relationship TCP Retransmission Ratio 7009 Relationship SYN Flood 7010 Relationship UDP Flood 7011 Relationship ICMP Flood 9021 Flow Collector Data Deleted 9022 Flow Collector Database Unavailable 9023 Flow Collector Database Channel Down 9040 Flow Collector Log Retention Reduced 9050 Flow Collector Exporter Count Exceeded 9051 Flow Collector FlowSensor VE Count Exceeded 9052 Flow Collector Flow Rate Exceeded 9053 Flow Collector Interfaces Count Exceeded 9100 Flow Collector RAID Failure 9102 Flow Collector RAID Rebuilding 9998 Flow Collector Performance Degraded 9999 Flow Collector Stopped 60000 Flow Collector Time Mismatch 60001 Cisco ISE Management Channel Down 60002 Flow Collector Management Channel Down 60003 SMC RAID Failure 60005 SMC RAID Rebuilding 60007 SMC Disk Space Low 60008 SMC Duplicate Primary 60013 License Corrupted 60014 Unlicensed Feature 60015 SLIC Channel Down 60024 Unlicensed FPS (Flows per Second) Feature 600016 Identity Channel Down 600017 SMC Failover Channel Down 600018 License Term less than 90 days 7

600019 License Term less than 60 days 600020 License Term less than 30 days 600021 License Term less than 14 days 600022 License Term less than 3 days 8

SW_6_9_0_Internal_Alarm_IDs_DV_1_3

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback