Security | *
Security | ACL | ACL Deny
Variables
Name |
Type |
Description |
Required |
name |
str |
ACL Name |
|
proto |
str |
Protocol |
|
src_interface |
interface_name |
Source Interface |
|
src_ip |
ip_address |
Source IP |
|
src_port |
int |
Source port |
|
src_mac |
mac |
Source MAC |
|
dst_interface |
interface_name |
Destination Interface |
|
dst_ip |
ip_address |
Destination IP |
|
dst_port |
int |
Destination port |
|
count |
int |
Packets count |
|
flags |
str |
Flags |
|
Security | ACL | ACL Permit
Variables
Name |
Type |
Description |
Required |
name |
str |
ACL Name |
|
proto |
str |
Protocol |
|
src_interface |
interface_name |
Source Interface |
|
src_ip |
ip_address |
Source IP |
|
src_port |
int |
Source port |
|
src_mac |
mac |
Source MAC |
|
dst_interface |
interface_name |
Destination Interface |
|
dst_ip |
ip_address |
Destination IP |
|
dst_port |
int |
Destination port |
|
count |
int |
Packets count |
|
flags |
str |
Flags |
|
Security | Abduct | Cable Abduct
Probable Causes
Multiple access links goes down almost in same time
Recommended Actions
Check electrics and send security team to catch the thief
Related Alarms
Security | Access | Case Close
Variables
Name |
Type |
Description |
Required |
name |
str |
Name |
|
Related Alarms
Security | Access | Case Open
Variables
Name |
Type |
Description |
Required |
name |
str |
Name |
|
Related Alarms
Security | Access | Door Close
Variables
Name |
Type |
Description |
Required |
name |
str |
Name |
|
Related Alarms
Security | Access | Door Open
Variables
Name |
Type |
Description |
Required |
name |
str |
Name |
|
Related Alarms
Security | Accounting | WebVPN | Assigned
Variables
Name |
Type |
Description |
Required |
group |
str |
Group WebVPN |
|
user |
str |
User |
|
src_ip |
ip_address |
User outside IP |
|
dst_ip |
ipv4_address |
User inside IP |
|
dst_ipv6 |
ipv6_address |
User inside ipv6 |
|
Security | Accounting | WebVPN | Disconnected
Symptoms
No specific symptoms
Probable Causes
Session terminated
Recommended Actions
No reaction needed
Variables
Name |
Type |
Description |
Required |
group |
str |
Group WebVPN |
|
user |
str |
Username |
|
ip |
ip_address |
IP |
|
type |
str |
Session type |
|
duration |
int |
Duration |
|
bytes_xmt |
int |
Bytes xmt |
|
bytes_rcv |
int |
Bytes rcv |
|
reason |
str |
Reason |
|
Security | Attack | Attack
Symptoms
Unsolicitized traffic from source
Probable Causes
Virus/Botnet activity or malicious actions
Recommended Actions
Negotiate the source if it is your customer, or ignore
Variables
Name |
Type |
Description |
Required |
name |
str |
Attack name |
|
interface |
interface_name |
Interface |
|
src_ip |
ip_address |
Source IP |
|
src_mac |
mac |
Source MAC |
|
vlan |
int |
Vlan ID |
|
Related Alarms
Security | Attack | Blat Attack
Variables
Name |
Type |
Description |
Required |
interface |
interface_name |
Interface |
|
src_ip |
ip_address |
Source IP |
|
Related Alarms
Security | Attack | IP Spoofing
Variables
Name |
Type |
Description |
Required |
interface |
interface_name |
Interface |
|
src_ip |
ip_address |
Source IP |
|
src_mac |
mac |
Source MAC |
|
Related Alarms
Security | Attack | Land Attack
Variables
Name |
Type |
Description |
Required |
interface |
interface_name |
Interface |
|
src_ip |
ip_address |
Source IP |
|
Related Alarms
Security | Attack | Ping Of Death
Variables
Name |
Type |
Description |
Required |
interface |
interface_name |
Interface |
|
src_ip |
ip_address |
Source IP |
|
src_mac |
mac |
Source MAC |
|
Related Alarms
Security | Attack | Smurf Attack
Variables
Name |
Type |
Description |
Required |
interface |
interface_name |
Interface |
|
src_ip |
ip_address |
Source IP |
|
Related Alarms
Security | Attack | TCP SYNFIN Scan
Variables
Name |
Type |
Description |
Required |
interface |
interface_name |
Interface |
|
src_ip |
ip_address |
Source IP |
|
Related Alarms
Security | Attack | Teardrop Attack
Variables
Name |
Type |
Description |
Required |
interface |
interface_name |
Interface |
|
src_ip |
ip_address |
Source IP |
|
src_mac |
mac |
Source MAC |
|
Related Alarms
Security | Audit | Clearing Counters
Variables
Name |
Type |
Description |
Required |
interface |
interface_name |
Interface name |
|
user |
str |
User |
|
ip |
ip_address |
User IP |
|
Security | Audit | Command
Symptoms
No specific symptoms
Probable Causes
Command executed by user logged by audit system
Recommended Actions
No reaction needed
Variables
Name |
Type |
Description |
Required |
user |
str |
User |
|
ip |
ip_address |
User IP |
|
command |
str |
Command |
|
Security | Audit | Cron
Symptoms
No specific symptoms
Probable Causes
Command executed by cron
Recommended Actions
No reaction needed
Variables
Name |
Type |
Description |
Required |
user |
str |
User |
|
command |
str |
Command |
|
Security | Authentication | 802.1x failed
Variables
Name |
Type |
Description |
Required |
user |
str |
user name |
|
Security | Authentication | Authentication Failed
Symptoms
No specific symptoms
Recommended Actions
No reaction needed
Variables
Name |
Type |
Description |
Required |
user |
str |
User |
|
ip |
ip_address |
User address |
|
Security | Authentication | Login
Symptoms
No specific symptoms
Probable Causes
User successfully logged in
Recommended Actions
No reaction needed
Variables
Name |
Type |
Description |
Required |
user |
str |
User |
|
ip |
ip_address |
User address |
|
Security | Authentication | Login Failed
Symptoms
No specific symptoms
Probable Causes
User failed to log in. Username or password mismatch
Recommended Actions
No reaction needed
Variables
Name |
Type |
Description |
Required |
user |
str |
User |
|
ip |
ip_address |
User address |
|
Security | Authentication | Logout
Symptoms
No specific symptoms
Probable Causes
User successfully logged out. Session terminated
Recommended Actions
No reaction needed
Variables
Name |
Type |
Description |
Required |
user |
str |
User |
|
ip |
ip_address |
User address |
|
Security | Authentication | Privilege Level Change Fail
Symptoms
No specific symptoms
Probable Causes
User privilege level changed
Recommended Actions
No reaction needed
Variables
Name |
Type |
Description |
Required |
user |
str |
User |
|
ip |
ip_address |
User address |
|
from_priv |
str |
Old privilegies |
|
to_priv |
str |
Current privilegies |
|
Security | Authentication | Privilege Level Changed
Symptoms
No specific symptoms
Probable Causes
User privilege level changed
Recommended Actions
No reaction needed
Variables
Name |
Type |
Description |
Required |
user |
str |
User |
|
ip |
ip_address |
User address |
|
from_priv |
str |
Old privilegies |
|
to_priv |
str |
Current privilegies |
|
Security | Authentication | RADIUS server failed
Variables
Name |
Type |
Description |
Required |
ip |
ip_address |
RADIUS server address |
|
Related Alarms
Security | Authentication | RADIUS server recovered
Variables
Name |
Type |
Description |
Required |
ip |
ip_address |
RADIUS server address |
|
Related Alarms
Security | Authentication | Rejected
Symptoms
No specific symptoms
Probable Causes
User successfully logged out. Session terminated
Recommended Actions
No reaction needed
Variables
Name |
Type |
Description |
Required |
reason |
str |
Reason |
|
server |
ip_address |
Server |
|
user |
str |
User |
|
src_ip |
ip_address |
Outside user ip |
|
Security | Authentication | SNMP Authentication Failure
Symptoms
NOC, NMS and monitoring systems cannot interact with the box over SNMP protocol
Probable Causes
SNMP server is misconfigured, community mismatch, misconfigured ACL or brute-force attack in progress
Recommended Actions
Check SNMP configuration
Variables
Name |
Type |
Description |
Required |
ip |
ip_address |
Request source address |
|
community |
str |
Request SNMP community |
|
Security | Authentication | TACACS+ server failed
Variables
Name |
Type |
Description |
Required |
ip |
ip_address |
TACACS+ server address |
|
Related Alarms
Security | Authentication | TACACS+ server recovered
Variables
Name |
Type |
Description |
Required |
ip |
ip_address |
TACACS+ server address |
|
Related Alarms