Skip to content

Security | *

Security | ACL | ACL Deny

Variables

Name Type Description Required
name str ACL Name
proto str Protocol
src_interface interface_name Source Interface
src_ip ip_address Source IP
src_port int Source port
src_mac mac Source MAC
dst_interface interface_name Destination Interface
dst_ip ip_address Destination IP
dst_port int Destination port
count int Packets count
flags str Flags

Security | ACL | ACL Permit

Variables

Name Type Description Required
name str ACL Name
proto str Protocol
src_interface interface_name Source Interface
src_ip ip_address Source IP
src_port int Source port
src_mac mac Source MAC
dst_interface interface_name Destination Interface
dst_ip ip_address Destination IP
dst_port int Destination port
count int Packets count
flags str Flags

Security | Abduct | Cable Abduct

Probable Causes

Multiple access links goes down almost in same time

Recommended Actions

Check electrics and send security team to catch the thief

Related Alarms

Alarm Class Role Description
Security | Abduct | Cable Abduct opening event dispose

Security | Access | Case Close

Variables

Name Type Description Required
name str Name

Related Alarms

Alarm Class Role Description
Security | Access | Case Open closing event dispose

Security | Access | Case Open

Variables

Name Type Description Required
name str Name

Related Alarms

Alarm Class Role Description
Security | Access | Case Open opening event dispose

Security | Access | Door Close

Variables

Name Type Description Required
name str Name

Related Alarms

Alarm Class Role Description
Security | Access | Door Open closing event dispose

Security | Access | Door Open

Variables

Name Type Description Required
name str Name

Related Alarms

Alarm Class Role Description
Security | Access | Door Open opening event dispose

Security | Accounting | WebVPN | Assigned

Variables

Name Type Description Required
group str Group WebVPN
user str User
src_ip ip_address User outside IP
dst_ip ipv4_address User inside IP
dst_ipv6 ipv6_address User inside ipv6

Security | Accounting | WebVPN | Disconnected

Symptoms

No specific symptoms

Probable Causes

Session terminated

Recommended Actions

No reaction needed

Variables

Name Type Description Required
group str Group WebVPN
user str Username
ip ip_address IP
type str Session type
duration int Duration
bytes_xmt int Bytes xmt
bytes_rcv int Bytes rcv
reason str Reason

Security | Attack | Attack

Symptoms

Unsolicitized traffic from source

Probable Causes

Virus/Botnet activity or malicious actions

Recommended Actions

Negotiate the source if it is your customer, or ignore

Variables

Name Type Description Required
name str Attack name
interface interface_name Interface
src_ip ip_address Source IP
src_mac mac Source MAC
vlan int Vlan ID

Related Alarms

Alarm Class Role Description
Security | Attack | Attack opening event dispose

Security | Attack | Blat Attack

Variables

Name Type Description Required
interface interface_name Interface
src_ip ip_address Source IP

Related Alarms

Alarm Class Role Description
Security | Attack | Blat Attack opening event dispose

Security | Attack | IP Spoofing

Variables

Name Type Description Required
interface interface_name Interface
src_ip ip_address Source IP
src_mac mac Source MAC

Related Alarms

Alarm Class Role Description
Security | Attack | IP Spoofing opening event dispose

Security | Attack | Land Attack

Variables

Name Type Description Required
interface interface_name Interface
src_ip ip_address Source IP

Related Alarms

Alarm Class Role Description
Security | Attack | Land Attack opening event dispose

Security | Attack | Ping Of Death

Variables

Name Type Description Required
interface interface_name Interface
src_ip ip_address Source IP
src_mac mac Source MAC

Related Alarms

Alarm Class Role Description
Security | Attack | Ping Of Death opening event dispose

Security | Attack | Smurf Attack

Variables

Name Type Description Required
interface interface_name Interface
src_ip ip_address Source IP

Related Alarms

Alarm Class Role Description
Security | Attack | Smurf Attack opening event dispose

Security | Attack | TCP SYNFIN Scan

Variables

Name Type Description Required
interface interface_name Interface
src_ip ip_address Source IP

Related Alarms

Alarm Class Role Description
Security | Attack | TCP SYNFIN Scan opening event dispose

Security | Attack | Teardrop Attack

Variables

Name Type Description Required
interface interface_name Interface
src_ip ip_address Source IP
src_mac mac Source MAC

Related Alarms

Alarm Class Role Description
Security | Attack | Teardrop Attack opening event dispose

Security | Audit | Clearing Counters

Variables

Name Type Description Required
interface interface_name Interface name
user str User
ip ip_address User IP

Security | Audit | Command

Symptoms

No specific symptoms

Probable Causes

Command executed by user logged by audit system

Recommended Actions

No reaction needed

Variables

Name Type Description Required
user str User
ip ip_address User IP
command str Command

Security | Audit | Cron

Symptoms

No specific symptoms

Probable Causes

Command executed by cron

Recommended Actions

No reaction needed

Variables

Name Type Description Required
user str User
command str Command

Security | Authentication | 802.1x failed

Variables

Name Type Description Required
user str user name

Security | Authentication | Authentication Failed

Symptoms

No specific symptoms

Recommended Actions

No reaction needed

Variables

Name Type Description Required
user str User
ip ip_address User address

Security | Authentication | Login

Symptoms

No specific symptoms

Probable Causes

User successfully logged in

Recommended Actions

No reaction needed

Variables

Name Type Description Required
user str User
ip ip_address User address

Security | Authentication | Login Failed

Symptoms

No specific symptoms

Probable Causes

User failed to log in. Username or password mismatch

Recommended Actions

No reaction needed

Variables

Name Type Description Required
user str User
ip ip_address User address

Security | Authentication | Logout

Symptoms

No specific symptoms

Probable Causes

User successfully logged out. Session terminated

Recommended Actions

No reaction needed

Variables

Name Type Description Required
user str User
ip ip_address User address

Security | Authentication | Privilege Level Change Fail

Symptoms

No specific symptoms

Probable Causes

User privilege level changed

Recommended Actions

No reaction needed

Variables

Name Type Description Required
user str User
ip ip_address User address
from_priv str Old privilegies
to_priv str Current privilegies

Security | Authentication | Privilege Level Changed

Symptoms

No specific symptoms

Probable Causes

User privilege level changed

Recommended Actions

No reaction needed

Variables

Name Type Description Required
user str User
ip ip_address User address
from_priv str Old privilegies
to_priv str Current privilegies

Security | Authentication | RADIUS server failed

Variables

Name Type Description Required
ip ip_address RADIUS server address

Related Alarms

Alarm Class Role Description
Security | Authentication | RADIUS server failed opening event dispose

Security | Authentication | RADIUS server recovered

Variables

Name Type Description Required
ip ip_address RADIUS server address

Related Alarms

Alarm Class Role Description
Security | Authentication | RADIUS server failed closing event dispose

Security | Authentication | Rejected

Symptoms

No specific symptoms

Probable Causes

User successfully logged out. Session terminated

Recommended Actions

No reaction needed

Variables

Name Type Description Required
reason str Reason
server ip_address Server
user str User
src_ip ip_address Outside user ip

Security | Authentication | SNMP Authentication Failure

Symptoms

NOC, NMS and monitoring systems cannot interact with the box over SNMP protocol

Probable Causes

SNMP server is misconfigured, community mismatch, misconfigured ACL or brute-force attack in progress

Recommended Actions

Check SNMP configuration

Variables

Name Type Description Required
ip ip_address Request source address
community str Request SNMP community

Security | Authentication | TACACS+ server failed

Variables

Name Type Description Required
ip ip_address TACACS+ server address

Related Alarms

Alarm Class Role Description
Security | Authentication | TACACS+ server failed opening event dispose

Security | Authentication | TACACS+ server recovered

Variables

Name Type Description Required
ip ip_address TACACS+ server address

Related Alarms

Alarm Class Role Description
Security | Authentication | TACACS+ server failed closing event dispose