What are the custom events generated by EventTracker?
The following Events are generated for Event source = EventTracker
| Event ID | Event Description |
|---|---|
| 2001 | The EventTracker Manager service was started. |
| 2002 | EventTracker Agent on %1 is running and okay. |
| 2003 | Accepted EventTracker Viewer connection from %1. |
| 2004 | The EventTracker Viewer from %1 was disconnected. |
| 2005 | The EventTracker Manager Console was started. |
| 2006 | EventTracker Agent on %1 was not running. Restarted successfully. |
| 2007 | EventTracker Agent on %1 is not running. Failed to restart. |
| 2008 | Detected system %1 is not reachable. No reply received on ping poll. |
| 2009 | Detected system %1 is reachable. Reply received on ping poll. |
| 2010 | Number of events in the database exceeded %1. Please purge the database or you may see slow performance of EventTracker software. |
| 2011 | System %1 may be generating high number of events. Please filter unnecessary events emitted from this system. |
| 2012 | Scheduled Report: %1 was generated and emailed successfully. |
| 2013 | Scheduled Report: %1 was not generated. Please cross-check configuration. |
| 2014 | Archival of old events done successfully. Status %1. |
| 2015 | Archival of old events failed. Status %1. |
| 2016 | Archive CAB integrity check failed. CAB Name:%1 MDB Name:%2 |
| 2017 | Archive CAB integrity check successful. CAB Name: %1 MDB Name: %2 |
| 2018 | Archive CAB extraction failed. Unable to proceed with verification. CAB Name:%1 MDB Name:%2 |
| 2019 | Archive CAB extraction success. CAB Name: %1 MDB Name: %2 |
| 2020 | Archive CAB integrity check process started. |
| 2021 | Archive CAB integrity check process completed. Total CABs Processed:%1 CABs Passed:%2 CABs Failed:%3 |
| 2022 | Knowledge base file for suspicious network activity downloaded succesfully. |
| 2023 | Failed to download knowledge base file file for suspicious network activity, due to %1. |
| 2024 | System running out of disk space to process Scheduled Reports. |
| 2025 | Collection Point Success: Issdbv3 successfully sent to Collection Master at: suppserver. |
| 2026 | Collection Point Error: Unable to Connect to Collection Master at: %1. Error code : 10061 OR Collection Point Error: Network Connection lost with Collection Master Ip Address %1. Error code : 0 |
| 2027 | Collection Master Success: Alerts Cache DB successfully received from %1 OR Collection Point Error: Network Connection lost with Collection Master Ip Address %1. Error code : 0 |
| 2028 | Collection Master Error: Unable to connect CollectionPointInfo.mdb Datbase. OR Collection Master Error: Socket API : send failed. Error code : 10054. OR Collection Master Error: SQL Statement %1 Error code : 0 |
| 2029 | Notification: Report file deletion. Following file ‘report file’ created on ‘date’ will be deleted on ‘date’ so, please take back up of the file if required. ‘Full path of report file’ |
| 2030 | Could not find Event Tracker Receiver configuration file Retrieved from the previous version. |
| 2031 | Could not find EventTracker Receiver configuration file and any of its previous versions Using default configurations |
| 2032 | EventTracker configurations modified on for the sections. |
| 2033 | Type: Backup/Restore Status: Success/Failed/Interrupted Log: Xml Format (with each backup/restore element status). |
| 2036 | Scheduled Report: %1. Error Code:%2 The table could not be found. EventTracker will automatically retry to generate this report. |
| 2037 | Detected out of ordinary activity: Event ID: %1 Number of activities in 24 hours: %2 Normal average: %3 Variation in%: %4 |
| 2038 | Detected out of ordinary activity: Event ID: %1 Number of activities in 24 hours: %2 Normal average: %3 Variation in%: %4 |
| 2039 | Successfully purged the old data. Purge Frequency in days: %1 Purged the data till: %2 |
| 2040 | New activity found: Event ID: %1 System: %2 Time:%3 |
| 2041 | This Event is logged when report breaking starts due to large data. Description : Queue Id: %1 Reort Title: Logs-Detail Original Queue Type: Queued/Schedule Original Start Time: %2 Original End Time: %3 Truncate End Time: %4 |
| 2042 | Agent Configuration update attempted on %1 User: Domain/Username Status: Failed/Success Reason: Descriptive msg for failure with error codes etc (applicable only for failures) |
| 2043 | No events received from %1 in last 24 hours |
| 2044 | SNMP Get failed for the server %1 |
| 2044 | SNMP Get Succeeded for the server <IP Address> |
| 2045 | Vulnerability parser source: QualysParser.exe Found host name=%1,IPAddress=%2, FQDN=%4, NetBIOS Name=, DNS name=, Vulnerability value=%5 and StartTime=%6 |
| 2046 | Agent DLA file receive attempt Agent: %1 File: %2 Status: %3 |
| 2047 | Configuration Assessment (SCAP) attempt Agent: %1 (In case of failure in forming the input file, all machine names will come here) BenchmarkTitle: %2 Status: Success/Failed Reason: Descriptive message for failure with error codes etc |
| 2048 | Direct log archiver (success/failed) purged the following log files: Folder Name: %1 Files: <list of files > Configured days: %3 |
| 2049 | Failed to import the SCAP content from . User: %1 ERROR – description of error |
| 2050 | EventTracker patch applied |
| 2050 | EventTracker patch applied |
| 2051 | Failed to commit CAB file on EventVault. File Name: %1 Storage Path: %2 Error Code: %3 Description: %4 |
| 2052 | Generated by receiver when alert suppression occurs |
| 2053 | scheduled Discovery Invoked. |
| 2054 | Scheduled Discovery Completed. |
| 2055 | Used for correlator script. |
| 2056 | Generated with EventTracker backup status |
| 2057 | Generated with EventTracker restore status |
| 2060 | Script file execution failed. |
| 2059 | Usage data submission requested. |
| 2061 | Scheduled report generated successfully |
| 2062 | Behavior lagging |
| 2063 | Agent Heath check |
| 2064 | License about to expire. |
| 2065 | EventTracker detected 212 non reporting systems with High asset value. 1) POPEYE (2015-12-09 16:40:29) 2) CASPER (2015-12-09 16:40:29) |
| 2066 | Collection Point Success: Successfully uploaded reports package to Collection Master. Collection Master: <Collection Master> Package Name: <Package Name> Reason: Success Report Details: Title: <Title> Type: Detail File Name: <File Name> Generated On: 2016-04-20 20:31:06 Size (KB): 38189 Status: Success |
| 2066 | Failed to upload reports package to Collection Master. Collection Master: <Collection Master IP Address> Package Name: <Package Name> Reason: Unable to create report files packet. Report Details: Title: <Title> Type: Detail File Name: <File Name> Generated On: 2016-04-20 20:31:06 Size (KB): 48 Status: Failed |
| 2067 | Collection Master Success: Successfully received reports package from Collection Point. Collection Point: <Collection Point> Package Name: lt;Package Name> Reason: Success Report files in package: All error events _CP-CM^679^1461054600.pdf Logs – Summary_CP_CM^688^1461054600.pdf Logs – Detail_xlxs^697^1461054600.xlsx Security Logon failure events^665^1461054600.pdf Disk Space Status^667^1461058200.pdf |
| 2067 | Failed to receive reports package from Collection Point. Collection Point: <Collection Point> Package Name: lt;Package Name> Reason: Unable to create database |
| 2068 | Unknown MD5 hash detected based on change audit event |
| 2069 | Unsafe MD5 hash detected based on change audit event. |
| 2070 | An unexecuted unsafe MD5 hash has been detected. Hash: <Hash> System: <System> Time: 2017-01-11 14:54:37 User: lt;User> Image File Name: lt;Image File Name> Source Event: Id: 3400 Source: EventTracker Description: File Added: <File Path> Curr Snapshot Time: 3/15/2017 10:04:31 AM Curr Size: 3253392 (Bytes) Curr Creation Time: 3/14/2017 8:04:00 PM Curr File Version: <Curr File Version> Curr Checksum (SHA1): <Curr Checksum (SHA1)> Curr Checksum (MD5): <Curr Checksum (MD5)> Curr Description: <Curr Description> Curr Product Name: <Curr Product Name> Curr Product Version: <Curr Product Version> Curr Signer: <Curr Signer> Curr Counter Signer: <Curr Counter Signer> Curr Signed On: 1/24/2017 3:20:03 AM Prev Snapshot Time: 3/14/2017 5:54:51 PM Change Type: Unauthorized |
| 2071 | An UnExecuted unknown MD5 hash has been detected. Hash: <Hash> System: <System> Time: 2017-03-14 17:02:31 User: <User> Image File Name: <Image File Name> File Name: <File Name> File Version: <File Version> File Description: <File Description> File Size: <File Size> Last Modified Time: 2017-03-14T11:32:30Z Product Name: <Product Name> Product Version: <Product Version> Signer: <Signer> Counter Signer: <Counter Signer> Counter Signed On: 9/2/2016 3:16:20 PM |
| 2074 | A new process is found by EventTracker EDR. New activity found: Hash: <Hash> Rule Name: EventTracker_EDR_Found_New_Hash System: <System> Time: 2019-02-08 02:46:40 Source Event: Id: 3517 Source: EventTracker Description: Image loaded by a process. Process Name: <Process Name> Process Image File Name: <Process Image File Name> Account Name: <Account Name> Account Domain: <Account Domain> Process ID: <rocess ID> System Name: <System Name> Image Name: <Image Name> Image File Name: <Image File Name> File Version: <File Version> File Description: <File Description> Product Name: <Product Name> Product Version: <Product Version> File Size: <File Size> Last Modified Time: 2018-03-22T13:01:02Z Signed: Yes Signer: <Signer> Signed On: 0000-00-00T00:00:00Z Counter Signed: No Counter Signer: Hash (MD5): <Hash> Status: SAFE Status Reference: VirusTotal Virustotal Link: Not Available |
| 2075 | A new process is found by EventTracker EDR. New activity found: Hash: <Hash> Rule Name: EventTracker_EDR_Found_New_Hash System: <System> Time: 2019-02-08 02:46:40 Source Event: Id: 3517 Source: EventTracker Description: Image loaded by a process. Process Name: <Process Name> Process Image File Name: <Process Image File Name> Account Name: <Account Name> Account Domain: <Account Domain> Process ID: <Process ID> System Name: <System Name> Image Name: <Image Name> Image File Name: <Image File Name> File Version: <File Version> File Description: <File Description> Product Name: <Product Name> Product Version: <Product Version> File Size: <File Size> Last Modified Time: 2018-03-22T13:01:02Z Signed: Yes Signer: <Signer> Signed On: 0000-00-00T00:00:00Z Counter Signed: No Counter Signer: Hash (MD5): <Hash> Status: UNKNOWN Status Reference: VirusTotal Virustotal Link: Not Available |
| 2076 | A new process, which is not available in safe list, has been terminated by EventTracker. Hash (MD5): <Hash> Process Name: <Process Name> Image File Name: <Image File Name> Account Name: <Account Name> Account Domain: <Account Domain> Process ID: <rocess ID> Creator Process ID: <Creator Process ID> Creator Process Name: <Creator Process Name> Creator Image File Name: <Creator Image File Name> System Name: <System Name> FFile Version: <File Version> File Description: Run-Time ID: 48 Product Name: <Product Name> Product Version: <Product Version> Signed: No Signer: N/A Signed On: N/A Counter Signed: No Counter Signer: N/A Counter Signed On: N/A Session ID: 5 Process Command Line: <Process Command Line> Status: SAFE/UNSAFE/UNKNOWN Status Reference: VirusTotal/NSRL/NA Virustotal Link: |
| 2077 | No alert received from system systemname in last 7 Days. System Details: System Name: <System Name> IP Address: <IP Address> Asset Value: Low System Type: <System Type> Syslog Relay: <Syslog Relay> Agent Type:<Agent Type> Port: <Port> Group(s): Default, <Group> Last event received time: 2019-04-05 13:31:45 |
| 2078 | No alert received from group domainname in last 7 Days. |
| 2080 | Description: { Hash status check against VirusTotal failed. Hash: <Hash> File Name: <File Name> Error: You don’t have access to the service. Make sure your API key is working correctly } |
| 2100 | A category group was created in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value> Parent: <Value> |
| 2101 | A category group was modified in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :<browser from which app is run> Configuration Information Old value Name : <Value> New value Name : <Value> |
| 2102 | A category group was deleted in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value> |
| 2103 | A category group was moved in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value> Old value Parent: <Value> New value Parent : <Value> |
| 2104 | A category was created in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value> Parent: <Value> Description: <Value> Event Details: Rule <1> <event information here. > |
| 2105 | A category was modified in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value> Parent: <Value> Old value Description: <Value> Event Details: Rule <1> <event information here.> New value Description: <Value> Event Details: Rule <1> <event information here. > |
| 2106 | A category was deleted in the EventTracker application User Information Account Name : <read from session> Account Domain: <Current Domain> Network Information Client Address: <IP Address> Client Browser :< browser from which app is run> Configuration Information Name : <Value> |
| 2111 | A behavior rule was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Rule Name: <Rule Name> Show For:<Value> Breakup Column Name: <Value> Breakup Display Name: <Value> Breakup Seperator: <Value> Breakup Terminator: <Value> Process Rule <Rule Number> Process Column Name: <Value> Process Display Name:<Value> Seperator: <Value> Terminator: <Value> Event Rule <Rule Number> Log Type: <Value> Event Type: <Value> Category: <Value> Event ID:<Value> Source: <Value> User: <Value> Description: <Value> Description Exception:<Value> |
| 2112 | A BehaviorRule was InActivated in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value Rule Name: <Value> Active: <Value> New value Rule Name: <Value> Active: <Value> |
| 2113 | Modified the behavior settings configuration information in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value User Event Threshold : <Value> Purge user data older than : <Value> Behaviour Event Threshold : <Value> Behaviour Correlation Threshold : <Value> Behaviour Learning Period Value : <Value> Top activities displayed : <Value> Enterprise activity interval : <Value> DNS Url : <Value> ProcessLib : <Value> Monitor enterprise activity : Yes/No Select Purge user data older than : <Value> User Behaviour Correlation Monitoring : Yes/No Behaviour Learning Period : <Value> Select DNS : <Value> Select Process : <Value> New value User Event Threshold : <Value> Purge user data older than : <Value> Behaviour Event Threshold : <Value> Behaviour Correlation Threshold : <Value> Behaviour Learning Period Value : <Value> Top activities displayed : <Value> Enterprise activity interval : <Value> DNS Url : <Value> ProcessLib : <Value> Monitor enterprise activity : Yes/No Select Purge user data older than : <Value> User Behaviour Correlation Monitoring : Yes/No Behaviour Learning Period : <Value> Select DNS : <Value> Select Process : <Value> |
| 2114 | IP lookup reputation website added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Display Name:<Value> Url:<Value> |
| 2115 | IP lookup reputation website updated. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Display Name:<Value> Url:<Value> |
| 2116 | IP lookup reputation website deleted. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Display Name:<Value> Url:<Value> |
| 2117 | IP lookup reputation website Deactivated. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Display Name: <Value> Url: <Value> |
| 2118 | A behavior rule was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Rule Name: <Value> |
| 2119 | Existing baseline of behavior learning reset User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Behaviour baseline: Reset |
| 2121 | Weightage was added for a <category/Event Type/Log Type/Keyword/Event ID/Event Source/User> in EventTracker application User Information: Account Name: <Value> Account Domain: <Value>Network Information: Client Address: <Value> Client Browser Version: <Value>Configuration Information Name : <Value> Weightage: <Value> |
| 2122 | Weightage was modified for a <category/Event Type/Log Type/Keyword/Event ID/Event Source/User> in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Old Value Name : <Value> Weightage: <Value> New Value Name : <Value> Weightage:<Value> |
| 2123 | Weightage was deleted for a <Keyword/Event ID/Event Source/User> in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Weightage: <Value> |
| 2131 | Modified the EventVault configuration information in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value ArchiveFrequency: <Value> ArchivePath: <Value> ArchivePurgeFrequency: <Value> New value ArchiveFrequency: <Value> ArchivePath: <Value> ArchivePurgeFrequency: <Value> |
| 2136 | A eventvault explorer configuration was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old configuration: SQL Server Enterprise: <Value> Max history count: <Value> New configuration: SQL Server Enterprise: <Value> Max history count: <Value> |
| 2137 | Persisted data was purged from EventTracker. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Report name: <Value> Purge From Datetime: <Value> Purge To Datetime: <Value> |
| 2141 | A Collection Master was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: New value Destination Name:<Value> PortNo:<Value> Description: Active: <Value> QueueCabs: <Value> Encrypt Data: <Value> |
| 2142 | A Collection Master was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value: Destination Name: <Value> PortNo: <Value> Description:: Active: <Value> Encrypt Data: <Value> New value Destination Name:<Value> PortNo:<Value> Description: Active: <Value> QueueCabs: <Value> Encrypt Data: <Value> |
| 2143 | A Collection Master was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Collection Master:<Value> |
| 2147 | Collection Point deleted successfully. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Collection Point Name: <Value> Collection Point Display Name: <Value> |
| 2148 | A Collection Master CAB was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Cab Name:<Value> |
| 2149 | A collection point configured for elasticsearch Site name: <Site name> Status: Connected/Not-connected Added by: <Account Name> |
| 2150 | A collection point removed from elasticsearch Site name: <Site name> Removed by: <Account Name> |
| 2151 | A Behavior filter list was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: New value Behavior Type:<Value> Behavior Filter:<Value> |
| 2152 | A Behavior filter list was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value Behavior Type:<Value> Behavior Filter:<Value> New value Behavior Type:<Value> Behavior Filter:<Value> |
| 2153 | A Behavior filter list was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Behavior Type:<Value> Behavior filter:<Value> |
| 2161 | A new entry has been added in Dla configuration by the EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Configuration name: <Value> Field seperator: <Value> Logfile extension: <Value> Logfile folder: <Value> Log type: <Value> |
| 2162 | An entry has been modified in Dla configuration by the EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Configuration name Old value: <Value> New value: <Value> |
| 2163 | Dla entry(s) has been deleted in Manager configuration by EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Configuration name: <Value> Field seperator: <Value> Logfile extension: <Value> Logfile folder: <Value> Log type: <Value> |
| 2164 | Port information was added in Netflow Receiver by EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Port number: <Value> Drop rate: <Value> Decode packet: <Value> Record binary: <Value> |
| 2165 | Port information was modified in Netflow Receiver by EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old Value Port number: <Value> Drop rate: <Value> Decode packet: <Value> Record binary: <Value> New Value Port number: <Value> Drop rate: <Value> Decode packet: <Value> Record binary: <Value> |
| 2166 | Port was deleted from Netflow Receiver in EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Deleted Port details Port number: <Value> Drop Rate: <Value> Decode Packet: <Value> Record Binary: <Value> |
| 2167 | Syslog port has been added in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: A new syslog port is added Receiver port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> |
| 2168 | Syslog port has been modified in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Old value Receiver port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> New value Receiver port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> Archive purge frequency: <Value> |
| 2169 | Syslog port has been deleted in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Deleted syslog port details Receiver port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> Archive purge frequency: <Value> |
| 2170 | VCP port has been added in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: A new VCP port is added Port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> Archive purge frequency: <Value> |
| 2171 | VCP port has been added in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: A new VCP port is added Port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> Archive purge frequency: <Value> |
| 2172 | VCP port has been deleted in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Deleted VCP port details Port number: <Value> Description: <Value> Cache path: <Value> Override archive purge frequency: <Value> Archive purge frequency: <Value> |
| 2173 | Manager configuration information has been modified in EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Netflow receiver Old value: <Value> New value: <Value> |
| 2174 | Email configuration has been modified in EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: SMTP Server Old value: <Value> New value: <Value> |
| 2181 | Report settings have been modified in EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information: Report header Old value: <Value> New value: <Value> |
| 2191 | A system group was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Description: <Value> Group with Systems based on <System Type:/IP Subnet:/Selected Systems:> <values here> |
| 2192 | A system group was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> |
| 2193 | A system group was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Old value Description: <Value> Systems: <Value> New value Description: <Value> Systems: <Value> |
| 2194 | A system was assigned an asset value in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Old value Asset value: <Value> New value Asset value: <Value> |
| 2196 | A system was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> |
| 2197 | A system’s agent components were removed in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> |
| 2198 | Systems were moved in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Systems: <Systems> Old value: Group: Default New value: Group: <Group Name> |
| 2221 | A generated Config Assessment policy was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Name: MS-SCM win 8 Domain |
| 2231 | A scheduled Change Audit policy was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Title: <Title> Policy Name: <Policy Name> Systems: <Systems> Start from: 7/22/2015 2:51:22 AM Frequency: Daily |
| 2232 | A scheduled Change Audit policy was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Old value Title: <Title> Policy Name: <Policy Name> Systems: <Systems> Start from: 7/22/2015 2:51:22 AM Frequency: Daily New value Title: <Title> Policy Name: <Policy Name> Systems: <Systems> Start from: 7/22/2015 2:51:22 AM Frequency: Daily |
| 2233 | A scheduled Change Audit policy was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Name: SampleCriticPol |
| 2209 | An incident was acknowledged in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Incident Name: <Value> Event ID:<Value> Event Time:<Value> Event Source:<Value> Log Type:<Value> Event Type: <Value> User:<Value> Description:<Value> Risk Value:<Value> Risk Description:<Value> |
| 2210 | An incident was un-acknowledged in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Incident Name: <Value> Event ID:<Value> Event Time:<Value> Event Source:<Value> Log Type:<Value> Event Type: <Value> User:<Value> Description:<Value> Risk Value:<Value> Risk Description:<Value> |
| 2211 | An Alert was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value>Network Information: Client Address: <Value> Client Browser Version: <Value>Configuration Information Name : <Value> Thread level: <Value> Threshold level: <Value> Status: <Active/Inactive>Event Details: Rule <Number> <event information here. Repeat for as many entered.>Event Filters: Rule <Number> <event information here. Repeat for as many entered.>Custom Details: <custom information here>Groups/Systems: <Groups/systems selected here> Actions: E-mail <details here> RSS: <details here> Beep: <details here> Net Message: <details here> SNMP: <details here> Syslog: <details here> Agent Remedial Action: <details here> Console Remedial Action: <details here> |
| 2212 | An alert was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> |
| 2213 | An alert was <Activated/Inactivated> in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Status: Active/Inactive |
| 2214 | An action was modified for an alert in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Old Value Actions: <E-mail:/RSS:/Beep:Net Message:/SNMP:/Syslog:/Agent Remedial Action:/Console Remedial Action:> <details here> New value <E-mail:/RSS:/Beep:Net Message:/SNMP:/Syslog:/Agent Remedial Action:/Console Remedial Action:> <details here> |
| 2215 | An alert was <Activated/Inactivated> in the EventTracker application An Alert was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Old Value Name : <Value> Thread level: <Value> Threshold level: <Value> Status: <Active/Inactive> Event Details: Rule <Number> <event information here. Repeat for as many entered.> Event Filters: Rule <Number> <event information here. Repeat for as many entered.> Custom Details: <custom information here> Groups/Systems: <Groups/systems selected here> Actions: E-mail <details here> RSS: <details here> Beep: <details here> Net Message: <details here> SNMP: <details here> Syslog: <details here> Agent Remedial Action: <details here> Console Remedial Action: <details here> New value Name : <Value> Thread level: <Value> Threshold level: <Value> Status: <Active/Inactive> Event Details: Rule <Number> <event information here. Repeat for as many entered.> Event Filters: Rule <Number> <event information here. Repeat for as many entered.> Custom Details: <custom information here> Groups/Systems: <Groups/systems selected here> Actions: E-mail <details here> RSS: <details here> Beep: <details here> Net Message: <details here> SNMP: <details here> Syslog: <details here> Agent Remedial Action: <details here> Console Remedial Action: <details here></td> </tr> |
| 2222 | A deviation was added for a benchmark rule in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Title: <Title> Benchmark Name: <Benchmark Name> Deviation Rationale: deviation added Plan of Action and Milestones (POAM) Planned: False Deviation for this valuation only: True |
| 2224 | A deviation declared for a benchmark rule was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Title: <Title> Benchmark Name: <Benchmark Name> |
| 2225 | A deviation was modified for a benchmark rule in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Title: <Title> Benchmark Name: <Benchmark Name> Old value Deviation Rationale: deviation added Plan of Action and Milestones (POAM) Planned: False Deviation for this valuation only: True New value Deviation Rationale: deviation added. Edited to add new info Plan of Action and Milestones (POAM) Planned: False Deviation for this valuation only: True |
| 2226 | A deviation declared for a benchmark rule was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Title: <Title> Benchmark Name: <Benchmark Name> |
| 2245 | An Event Filter was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Name : <Value> Description: <Value> Status: <Status> Filter Details: Rule <1> Filter Exceptions: Rule <1> Groups/Systems: |
| 2246 | An Event Filter was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Old value Name : <Value> Description: <Value> Status: <Active/Inactive> Filter Details: Rule <1> Filter Exceptions: Rule <1> Groups/Systems: New value Name : <Value> Description: <Value> Status: <Active/Inactive> Filter Details: Rule <1> Filter Exceptions: Rule <1> Groups/Systems: |
| 2247 | An Event Filter was deleted in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Name : <Value> Status: <Active/Inactive> |
| 2248 | An Event Filter was in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Name : <Value> Status: <Active/Inactive> |
| 2257 | Resource status changed. Resource Type: System Resource: <Resource Name> Status: Down |
| 2290 | Patterns was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Number of patterns: <Client Address> Class name: <IP Address> Group name: <Group name> File type:<File type> File name: <File name> Separator: \n Terminator: \n Data index: 0 Description index: 0 Skip Header Rows: 0 Added by: <Account Name> |
| 2291 | Entity was updated in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: IE v 90 Configuration Information: Entity pattern : <processnames.exe> Class name : <Processes> Updated by : <Account Name> |
| 2292 | Entitiy was deleted from EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: IE v 90 Configuration Information: Entities : 1 Updated by : <Account Name> |
| 2293 | Class was added in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Class name: <HashValues> Selected rules: <Unique process hash,> Validation type: String |
| 2294 | Class was updated in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Old values: Class name: <HashValues> Selected rules: <Unique process hash,> Validation type: String New values: Class name: <HashValues> Selected rules: <Unique process hash,> Validation type: String |
| 2295 | Class was deleted from EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Class name: <HashValues> |
| 3000 | Logbook configuration modified User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Column name: <Column name> Display name: <Display name> |
| 3001 | Logbook entry added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Reason: verify Tag Criticality: 1 Added By:<Account Name> Added On: 7/23/2015 5:22:44 AM |
| 3002 | Logbook entry edited. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Reason: verify Tag Criticality: 3 Added By: <Account Name> Added On: 7/23/2015 5:25:19 AM |
| 3003 | Logbook activity added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Activity Added By Activity Added On: 7/23/2015 5:27:54 AM |
| 3004 | Logbook activity added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Activity Added By Activity Added On: 7/23/2015 5:27:54 AM |
| 3005 | Logbook attachment added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Filename: <Filename> |
| 3006 | Logbook attachment deleted. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> |
| 3007 | Logbook reference added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> |
| 3008 | Logbook reference deleted. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> |
| 3009 | Logbook referenced attachment deleted. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> |
| 3010 | Logbook investigation Completed. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Reason: verify |
| 3011 | Logbook reopened. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Chrome v 430 Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Reason: verify |
| 3012 | Logbook email sent. User Information: Account Name: <Value> Account Domain: <Value> Configuration Information: Logbook Number: <Logbook Number> Logbook Title: <Logbook Title> Email Address: <Email Address> |
| 3021 | Knowledge object added. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: InternetExplorer v 110 Configuration Information: Object name: <Object name> Applies to: eventtracker 7.6 Description: <Description> Enabled: True |
| 3022 | Knowledge object modified. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: InternetExplorer v 110 Configuration Information: Object name: <Object name> Applies to: eventtracker 7.6 Description: <Description> Enabled: True |
| 3023 | Knowledge object deleted. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: InternetExplorer v 110 Configuration Information: Object name: <Object name> |
| 3030 | EventTracker Agent Configuration template is modified. Template Name: <Template Name> Agent Version: <Agent Version> User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Browser Version: Firefox v 24.0 Configuration Information: File Transfer: File transfer frequency: 11 Purge days: 3 Max retries: 5 Retry interval: 15 Generate event for each attempt: False |
| 3060 | An Unknown process filter was added in EventTracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Rule Name: <Rule Name> Rule Description: <Rule Description> Group Name:<Group Name> Publisher: <Publisher> Publisher Operator: Contains Signed: Yes Product Name: <Product Name> Product Name Operator: Equals Product Version: <Product Version> Product Version Operator: Contains File Name: <File Name> File Name Operator: Regular Expression Image File Path: <Image File Path> Image File Path Operator: Equals Parent Process Name: <Parent Process Name> Parent Process Name Operator: Equals Parent Image File Path:<Parent Image File Path> Parent Image File Path Operator: Regular Expression File Version: <File Version> File Version Operator: Contains Type: Safe Active: True |
| 3061 | An Unknown process filter was modified in Event Tracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Old value Rule Name: <Rule Name> Rule Description: <Rule Description> Group Name: <Group Name> Publisher: <Publisher> Publisher Operator: Equals Signed: Yes Product Name: <Product Name> Product Name Operator: Equals Product Version: <Product Version> Product Version Operator: Contains File Name: <File Name> File Name Operator: Regular Expression Image File Path: <Image File Path> Image File Path Operator: Equals Parent Process Name: <Parent Process Name> Parent Process Name Operator: Equals Parent Image File Path:<Parent Image File Path> Parent Image File Path Operator: Regular Expression File Version: <File Version> File Version Operator: Contains Type: Safe Active: True New value Rule Name: <Rule Name> Rule Description: <Rule Description> Group Name: <Group Name> Publisher: <Publisher> Publisher Operator: Equals Signed: Yes Product Name: <Product Name> Product Name Operator: Equals Product Version: <Product Version> Product Version Operator: Contains File Name: <File Name> File Name Operator: Regular Expression Image File Path: <Image File Path> Image File Path Operator: Equals Parent Process Name: <Parent Process Name> Parent Process Name Operator: Equals Parent Image File Path:<Parent Image File Path> Parent Image File Path Operator: Regular Expression File Version: <File Version> File Version Operator: Contains Type: Safe Active: False |
| 3062 | An Unknown process filter(s) was deleted in Event Tracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Rule Name(s): Unknown process filter test rule for testing, Test rule1, Test rule2 |
| 3063 | An Unknown process filter was activated in the Event Tracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Rule Name: <Rule Name> |
| 3064 | An Unknown process filter was deactivated in the Event Tracker application. User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Client Address> Client Address (IPv6): <Client Address (IPv6)> Client Browser Version: InternetExplorer v 11.0 Configuration Information: Rule Name: <Rule Name> |
| 3075 | User e-mail id not valid for resetting password Invalid e-mail id : <E-mail Address> |
| 3201 | Detected free space in drive <drive:> is less than N percent. Disk Size: X MB, Free: Y MB |
| 3202 | Detected Service <Service Name> is not running. |
| 3203 | Detected Service <Service Name> was restarted successfully. |
| 3204 | Detected Service <Service Name> could not be restarted. |
| 3206 | Detected High Memory Usage. More than N percent in use for last X seconds. Peak Memory: Q percent. Total Physical: Y MB, Total Paging: Z MB, Avail Physical: B MB, Avail Paging: C MB. |
| 3207 | Detected High CPU Usage. More than N percent in use for last X seconds. |
| 3208 | Detected software <Some S/W> has been installed on this system. |
| 3209 | Detected software <Some S/W> has been uninstalled from this system. |
| 3210 | <Some Log> Event Log is near to its maximum log size. Take administrative actions. Maximum Log Size : X Kilobytes, Current Log Size : Y Kilobytes. |
| 3211 | <Some Log> Event Log has already reached its maximum log size. New events cannot be logged. Take administrative actions. Maximum Log Size : X Kilobytes. |
| 3212 | <Some Log> Event Log has reached its maximum size. EventTracker has backed up to <Backup File> and reset the event log. |
| 3213 | Detected disk usage for drive X: is back to below configured threshold limit. Disk Size: Y MB, Free: Z MB |
| 3214 | Detected Service <Service Name> is now running. |
| 3215 | Detected Memory usage is back to below configured threshold limit. Peak Memory: N percent. Total Physical: W MB, Total Paging: X MB, Avail Physical: Y MB, Avail Paging: Z MB. |
| 3216 | Detected CPU usage is back to below configured threshold limit. Current CPU usage is N percent. |
| 3217 | Process <Process Name> has crossed the memory usage limit of N megabytes. Actual Use: M Megabytes |
| 3218 | Process <Process Name> has crossed the CPU usage limit of X%. Actual Use: Y% |
| 3219 | The memory usage by process <Process Name> is now normal and below the usage limit of X megabytes. Actual Use: Y Megabytes |
| 3220 | The CPU usage by process <Process Name> is now normal and below the usage limit of X%. Actual Use: Y% |
| 3221 | App Open: Exe: <Exe Name> Name: <App Name> Description: <App Description> Version: <App Version> Vendor: <App Vendor> PID: <Process ID> |
| 3222 | App Close: Exe: <Exe Name> Name: <App Name> PID: <Process ID> |
| 3223 | TCP connection ESTABLISHED Type: TCP Status: New Local Address: <Local Addr> Local Port: <Local Port> Remote Address: <Remote Address> Remote Port: <Remote Port> Connection State: <State> Process Name: <Process Name> |
| 3224 | TCP connection MODIFIED Type: TCP Status: Changed Local Address: <Local Address> Local Port: <Local Port> Remote Address: <Remote Address> Remote Port: <Remote Port> New Connection States: <State> Old Connection States: <State> Process Name: <Process Name> |
| 3225 | TCP connection DISCONNECTED Type: TCP Status: Deleted Local Address: <Local Address> Local Port: <Local Port> Remote Address: <Remote Address> Remote Port: <Remote Port> Connection active time: %<N> secs Last know Connection State: <State> Process Name: <Process Name> |
| 3226 | UDP connection ESTABLISHED Type: UDP Status: New Local Address: <Local Address> Local Port: <Local Port> Process Name: <Process Name> |
| 3227 | UDP connection DISCONNECTED Type: UDP Status: Deleted Local Address: <Local Address> Local Port: <Local Port> Connection active time: %<N> secs Process Name: <Process Name> |
| 3228 | Detected new drive <H:> Volume Label: Volume Serial No: 553439901 Volume ID: \\?\Volume{a6f19931-6ce9-11dd-8f6f-0013d38afad4}\ Type: Removable File System: FAT32 Network Volume: No Description: Change affects physical device or drive. |
| 3229 | Drive <H:> removed. Network Volume: No Description: Change affects physical device or drive. |
| 3229 | Events generated by solaris agent. |
| 3230 | Descr : FILE: <File Name> \r\n TYPE: <File Type> \r\n FIELD: <Search String> \r\n ENTRY: <Record Found> \r\n |
| 3231 | The agent less client <%s> could not be accessed for the last %d poll attempts. Please take administrative action. |
| 3232 | Disk space availability Drive C:, Disk Size: 20000 MB, Free: 10980 MB, Free(in percent): 54 Drive D:, Disk Size: 76316 MB, Free: 58921 MB, Free(in percent): 77 Drive E:, Disk Size: 18161 MB, Free: 5109 MB, Free(in percent): 28 Drive G:, Disk Size: 38475 MB, Free: 3482 MB, Free(in percent): 9 Drive H:, Disk Size: 199996 MB, Free: 7782 MB, Free(in percent): 3 |
| 3233 | action: monitor orig: i/f_dir: inbound i/f_name: RTL8023xp7 uuid: <00000000,00000000,00000000,00000000> product: SmartDefense __policy_id_tag: product=VPN-1 & FireWall-1[db_tag={A46E46F9-5E4A-4D14-B716-84ED6CB4D88B};mgmt=123-mar_mgmt;date=1180443405;policy_name=Standard] Attack Info: Non MD5-authenticated RIP Protocol Detected on Connection attack: RIP Enforcement Violation SmartDefense profile: Default_Protection src: 192.164.1.1 s_port: rip dst: 192.164.1.255 service: rip proto: udp |
| 3234 | Received Remedial action request for <Action Type> action. |
| 3235 | Agent <Agent System Name> : Successfully initiated <Action Type> action. |
| 3236 | Agent <Agent System Name> : Failed to initiate <Action Type> Remedial action. |
| 3237 | Agent <Agent System Name> : Remedial action is disabled at the agent side. Ignoring the request. Remedial Action: Restart Service (1) action. |
| 3238 | Matched Remedial action on Manager. |
| 3239 | USB Monitoring started for H:\ Volume Label: Volume Serial No: 553439901 Volume ID: \\?\Volume{a6f19931-6ce9-11dd-8f6f-0013d38afad4}\ Type: Removable File System: FAT32 Network Volume: No Description: Change affects physical device or drive. Console User: Active Users: |
| 3240 | USB Monitoring stopped for H:\ Volume Label: Volume Serial No: 1918040687 Volume ID: \\?\Volume{bf4b109d-44f2-11dd-b2fb-00148549755f}\ Type: Removable File System: FAT32 Network Volume: No Description: Change affects physical device or drive. Console User: Active Users: No files added or modified or deleted. |
| 3241 | EventTracker has backed up the log file :Security: because its offset has been lost. The backed up file is stored in the following directory F:\Program Files\Prism Microsystems\EventTracker\Agent\SPIDER\Eventlog_1217928508.evt for further analysis. For EventTracker to continue the main log file will be cleared. |
| 3242 | Media drive <H:> is disabled by EventTracker. Please contact your system administrator. Volume Label: Volume Serial No: 553439901 Volume ID: \\?\Volume{a6f19931-6ce9-11dd-8f6f-0013d38afad4}\ Type: Removable File System: FAT32 Network Volume: No Description: Change affects physical device or drive. |
| 3243 | Error ejecting removable device F: |
| 3244 | Direct log archiver started processing. |
| 3245 | Direct log archiver successfully processed the following files: C:\LogFiles\W3SVC1\ex070709.log C:\LogFiles\W3SVC1\ex070710.log C:\LogFiles\W3SVC1\ex070712.log |
| 3246 | Direct log archiver stopped processing. Total number of files processed: No files are available for processing. OR Direct log archiver stopped processing. Total number of files processed: 3 |
| 3247 | Direct log archiver failed to process the following files: C:\LogFiles\W3SVC1\ex070622.log C:\LogFiles\W3SVC1\ex070626.log C:\LogFiles\W3SVC1\ex070628.log |
| 3248 | Detected following windows updates are installed on this system: 1) KB902848 Title: Outlook Live 2003 Service Pack 2 Date: Wednesday, February 22, 2006 2) KB887619 Title: OneNote 2003 Service Pack 2 Date: Wednesday, February 22, 2006 3) KB887620 Title: Project 2003 Service Pack 2 Date: Wednesday, February 22, 2006 4) KB829019 Title: Microsoft .NET Framework 2.0: x86 (KB829019) Date: Tuesday, January 24, 2006 5) KB887618 Title: Office 2003 Service Pack 2 for Proofing Tools Date: Tuesday, February 21, 2006 |
| 3249 | EventTracker Agent Configuration Modified Version: 6.3 – Build 41 Agent System Name: <System Name> Managers: No change Event Filters: Enable High Performance mode: enabled. System Monitor: No change Monitor Apps: No change Services: No change Log Backup: No change Processes: No change Network Connection Monitor: No change Logfile Monitor: No change |
| 3250 | Critical Network alarm – Several systems are not reachable \N\NNumber of ping failure in your enterprise have crossed defined limit.\N\NPlease generate a report on event id 2008 to verify that which system are not reachable. |
| 3251 | Critical alert- Intrusion detected.\N\N\NAn unauthorized and repeated logon request from $IntrEvt1.Description&Client Address: &13.\N\NIt may be due to sophisticated hacking attempt. Please investigate and if required block the IP address on the firewall |
| 3252 | Critical security alarm – Intrusion is detected – Excessive logon failures \N\N number of log failures in your enterprise have crossed the limit. \NPlease generate a report on event id 676 to verify that which system and user is trying responsible for intrusion. |
| 3253 | Intrusion is detected – Excessive logon failures due to bad password \N\N Number of log failures in your enterprise have crossed the limit. \N\NPlease generate a report on event id 675 to verify that which system and user is trying responsible for intrusion. |
| 3254 | DLA File not found for processing in last 24 hour |
| 3256 | Intrusion Detection: Excessive network logon in your enterprise: \N\NFor more information about this condition\NGenerate a report on event ID 540 using EventTracker – Log Search |
| 3257 | Intrusion Detection: Excessive network user lockout in your enterprise: \N\NFor more information about this condition\NGenerate a report on event ID 644 using EventTracker – Log Search |
| 3258 | Intrusion Detection: Excessive user lockout in your enterprise: \N\NFor more information about this condition\NGenerate a report on event ID 539 using EventTracker – Log Search |
| 3259 | Intrusion Detection: Excessive network logon on computer $ExcessiveC540.ComputerName \N\NFor more information about this condition.\NGenerate a report on event ID 540 using EventTracker – Log Search |
| 3260 | Intrusion Detection: Excessive Authentication in your enterprise. \N\NFor more information about this condition.\NGenerate a report on event ID 672 using EventTracker – Log Search |
| 3261 | Intrusion Detection: Excessive network logon on computer $ExcessiveC672.ComputerName \N\NFor more information about this condition.\NGenerate a report on event ID=672 using EventTracker – Log Search |
| 3262 | Critical security alarm – excessive amount of resource access failures on $ExcessiveC560.ComputerName. \NIt is highly possible that user is persistently trying to access files and operation is not allowed. \N \NGenerate a report for event id 560 by selecting the involved computer names. Examine the origin of the traffic including the user. |
| 3263 | Intrusion detected\N\NUnauthorized excessive file access failure on $ExcessiveF560.&Object Name:&&New Handle ID:&. \NIt is highly possible that user is persistently trying to access file and operation is not allowed. \N\NGenerate a report for event id 560 by selecting the involved computer names. Examine the origin of the traffic including the user. |
| 3264 | Intrusion detected:\N\NUnauthorized user $ExcessiveU560.User is persistently attempting to access resources which not permitted. \NIt is highly possible that user is persistently trying to access file and operation is not allowed. \N \NGenerate a report for event id 560 by selecting the involved computer names. Examine the origin of the traffic including the user. |
| 3265 | High Security Alert:\N\NToo many files are being deleted from $ExcessiveD560.ComputerName \NIt may be a normal deletes. \N\NGenerate a report for event id 560 by selecting the involved computer names. Examine the origin of the traffic including the user. |
| 3266 | Critical Security alarm: Excessive logon on computer $ExcessiveC528.ComputerName \N\NFor more information about this condition.\NGenerate a report on event ID=528 using EventTracker – Log Search |
| 3267 | Critical Security alarm: Excessive logon on computer $ExcessiveC529.ComputerName \N\NFor more information about this condition\NGenerate a report on event ID=529 using EventTracker – Log Search |
| 3268 | Critical Security alarm: Excessive logon on domain $Excessive529.Domain \N\NFor more information about this condition.\NGenerate a report on event ID=529 using EventTracker – Log Search |
| 3271 | This event indicates that the user has initially logged onto the network. $InitEvt3.Description |
| 3272 | EventTracker Diagnostics found.Status: Normal |
| 3272 | EventTracker Diagnostics found few issues. Services Stopped: Service: <Service Name> Service: <Service Name> |
| 3273 | Used for vmware logs by EventTracker Agent. Also for Succesful creation of manual collection point |
| 3274 | Used for vmware logs by EventTracker Agent. Event Source will be VMWARE Also for Successful creation of manual collection point. Event Source will be EventTracker |
| 3275 | Collection Point: <CP Name> deleted successfully Drop Data: <True/False> |
| 3276 | A system’s type was modified in the EventTracker application User Information: Account Name: <Value> Account Domain: <Value> Network Information: Client Address: <Value> Client Browser Version: <Value> Configuration Information Name : <Value> Old value Type: <Value> New value Type: <Value> |
| 3277 | Agent Installation Status : <Install / Upgrade> Agent version on system Agent Systemname : < Agent version > OS Type : <OS Type > File Versions : etagent.exe <Version / Tme stamp > etagent.dll <Version / Tme stamp > etaconfig.exe <Version / Tme stamp > etaconfig.ini <Tme stamp> |
| 3278 | EventTracker Agent Configuration Modified Version:<EvenTracker Build Number> Agent <System Name>Managers: No change Event Filters: No change System Monitor: No change Monitor Apps: No change Services: No change Log Backup: No change Processes: No change Network Connection Monitor: No change Logfile Monitor: No changeSystem(s) requested for configuration changes: <system names> |
| 3279 | Agent DLA file send attempt Manager: <system names> File: <EC file name> Status: Success/Failed Reason: Descriptive message for failure with error codes etc (applicable only for failures) |
| 3280 | An account was successfully logged on to EventLogCentralNew Logon: Account Name: <User Name> Account Domain: <Domain name> Network Information: Client Network Address: <Network Address> Client Browser Version: Gecko v1.0. |
| 3281 | An account failed to log on to EventLogCentralAccount For Which Logon Failed: Account Name: <User Name> Account Domain: <Domain name> Failure Information: Failure Reason: Invalid username or password Network Information: Client Network Address: <Network Address> Client Browser Version: Gecko v1.0. |
| 3282 | An account was logged off from EventLogCentral.Subject: Account Name: <User name> Account Domain: <Domain name> Network Information: Client Network Address: <Network Address> Client Browser Version: IE v7. |
| 3283 | A scheduled analysis was added from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Analysis title: Logs – Detail Analysis type: Logs – Detail Categories: ***ALERTS*** Schedule Freq: Daily Schedule Time: 12:00:00 AM Systems: <System1:System2: . .> System Groups: <Group1:Group2: . .> Sites: <Site Name> Sort by: Log Time Export type: PDF File (*.pdf) Analysis Header: Analysis Footer: |
| 3284 | A scheduled analysis was modified from EventLogCentralUser Information: Account Name: <User name> Account Domain: <Domain name>Network Information:Client Address: <Client Address> Client Browser Version: IE v7.0Configuration Information:Analysis Name: alerts analysis Old Value: Description: Analysis type:Logs Schedule frequency:Daily Schedule start time:12:00:00 AM Schedule, first run:1/29/2009 12:00:00 AM Email: Systems: Site:ETSERVER, Groups:DLA, Systems:attacktestRefine User: Refine Desc: Filter User: Filter Desc: Sort by:Computer Export type:PDF file RSS feed:None Report Header:EventLogCentral Report Footer:New Value: Description: Analysis type:Logs Schedule frequency:Daily Schedule start time:12:00:00 AM Schedule, first run:1/29/2009 12:00:00 AM Email: Systems: Site:ETSERVER, Groups:DLA, Systems:attacktest Refine User: Refine Desc: Filter User: Filter Desc: Sort by:Computer Export type:PDF file RSS feed:None Report Header:EventLogCentral Report Footer: |
| 3285 | A scheduled report was deleted from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Report title: Daily USER Logon Schedule Freq: Daily Schedule Time: 2/11/2009 11:59:59 PM |
| 3286 | A custom column was added from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Column Name: EmpLogoffTime Column Key: LogOffTime Key Value Splitter: : Key Value Terminator: ; Custom Resolution: |
| 3287 | A custom column was modified from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Old Values: Column Name: EmpName Column Key: UserName Key Value Splitter: : Key Value Terminator: ; Custom Resolution: New Values: Column Name: Column Key: Key Value Splitter: : Key Value Terminator: ; Custom Resolution: |
| 3288 | A custom column was deleted from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Column Name: U Name Column Key: UNa |
| 3289 | A report Configuration was modified from EventTracker User Information Account Name: <User name> Account Domain: <Domain name> Configuration Information: Option screen: E-mail Configuration Old Values: Authentication: False Username: New Values: Authentication: True Username: |
| 3290 | A role was added from EventLogCentralUser Information: Account Name: <User name> Account Domain: <Domain name>Network Information: Client Address: <Client Address> Client Browser Version: IE v7.0Configuration Information: Role Name: Testrol |
| 3291 | A role was modified from EventLogCentralUser Information: Account Name: <Account name> Account Domain: <Domain name>Network Information: Client Address: <Client Address> Client Browser Version: IE v7.0Configuration Information: Role Name: Testrole Old Value:Home Alerts,New Value:Home,Alerts,Advanced,Advanced Compliance,Advanced Security,Advanced Operations,On Demand,Advanced Scheduled Report,Defined Report,Exception,Dashboard,Configuration |
| 3292 | A role was deleted from EventLogCentralUser Information: Account Name: <User Name> Account Domain: <Domain name>Network Information: Client Address: <Client address> Client Browser Version: IE v7.0 Configuration Information:Role Name: ETREPORT Admin |
| 3293 | (Asked by UserA for UserB) |
| 3294 | Token template Added |
| 3295 | Token template Modified |
| 3296 | Token template deleted |
| 3297 | Token template Activated/In Activated. |
| 3298 | “Access denied. You do not have permission to view this page. URL: http://somedomain/page” |
| 3500 | EventTracker Agent has successfully received and processed the file <File Name> Contents that are read. InputDir = OutputDir = Schema Path = C:\Program Files\Prism Microsystems\EventTracker\Agent\xml OVALDefXslValid = 0 OVALDefXslFile = oval-definitions-schematron.xsl XCCDFXsdValid = 1 XCCDFXsdFile = xccdf-1.1.4.xsd OVALResultApplyXSL = 1 OVALResultXSLFile = results_to_html.xsl OVALSysCharFile = OVALSysChar.xml OVALTransFile = OVALResults.html XCCDFResultFile = XCCDFResults.xml XCCDFResultApplyXSL = 0 XCCDFResultXSLFile = xccdf_to_docx.xsl XCCDFTransFile = XCCDFResults.docx InputFolderName = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Input1270544121516 OutputFolderName = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Output1270544121516 BenchmarkProfile = DISA-Gold BenchmarkId = 55 SchedulesId = 4 |
| 3501 | EventTracker Agent has successfully generated the XCCDF result file.List of files that are generated. OVALTransFilePath = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Output1270543003612\OVALResults.html, OVALResultPath = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Output1270543003612\OVAL_Result.xml, OVALSysCharPath = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Output1270543003612\OVALSysChar.xml, XCCDFResultPath = C:\Program Files\Prism Microsystems\EventTracker\Agent\SCAP\NEMO\Output1270543003612\XCCDFResults.xml. |
| 3502 | Agent FDCC process attempt Manager: <System Name > Status: Success |
| 3503 | Agent FDCC process attempt Manager: <System Name > Status: Failed/Success Reason: Descriptive message for failure with error codes etc (applicable only for failures) |
| 3505 | [Info/Error] License Data receive failed |
| 3506 | [Info/Error] EventTracker Agent Configuration update requested from Manager |
| 3507 | [Info/Error] EventTracker Agent Script File Execution success/Failure |
| 3508 | [Warning] System Handle crossed the threshold limit. |
| 3508 | [Info] System Handle Usage is normal and below the usage limit. |
| 3509 | [Warning] System Thread crossed the threshold limit. |
| 3509 | [Info] System Thread Usage is normal and below the usage limit. |
| 3510 | [Warning] Process Handle crossed the threshold limit. |
| 3510 | [Info] Process Handle Usage is normal and below the usage limit. |
| 3511 | [Warning] Process Thread crossed the threshold limit. |
| 3511 | [Info] Process Thread Usage is normal and below the usage limit. |
| 3512 | [Info] Network connection opened: Type: TCP IP Version: 4 Local Address: <Local IP Address > Local Hostname: <Local Hostname > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Hostname: <Remote Hostname > Remote Port: <Port No > Direction: Inbound User: <Username > Process ID: <Process ID > Process Name: <Process Name > Image File Name: <Image File Name > Services registered in this process: MSSQLSERVER(SQL Server (MSSQLSERVER)) |
| 3513 | [Info] Network connection opened: Type: TCP IP Version: 4 Local Address: <Local IP Address > Local Hostname: <Local Hostname > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Hostname: <Remote Hostname > Remote Port: <Port No > Direction: Outbound User: <Username > rocess ID: <Process ID > Process Name: <Process Name > Image File Name: <Image File Name > |
| 3514 | [Info] Network connection opened: Type: TCP IP Version: 4 Local Address: <Local IP Address > Local Hostname: <Local Hostname > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Hostname: <Remote Hostname > Remote Port: <Port No > Direction: Outbound User: <Username > rocess ID: <Process ID > Process Name: <Process Name > Image File Name: <Image File Name > |
| 3515 | [Info] UDP operation detected: Type: UDP IP Version: 4 Local Address: <Local IP Address > Local Hostname: <Local Hostname > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Hostname: <Remote Hostname > Remote Port: <Port No > Operation: Send Bytes: 659 User: <Username > rocess ID: <Process ID > Process Name: <Process Name > Image File Name: <Image File Name > Services registered in this process: EventTracker Agent(EventTracker Agent) |
| 3516 | [Info] UDP operation detected: Type: UDP IP Version: 4 Local Address: <Local IP Address > Local Hostname: <Local Hostname > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Hostname: <Remote Hostname > Remote Port: <Port No > Operation: Receive Bytes: 659 User: <Username > Process ID: <Process ID > Process Name: <Process Name > Image File Name: <Image File Name > Services registered in this process: EventTracker Receiver(EventTracker Receiver) |
| 3517 | DLL load |
| 3518 | DLL unload |
| 3519 | [Info]A Suspicious process has been terminated by EventTracker. Process Name: <Process Name > Image File Name: <Image File Name > Account Name: <Account name> Account Domain: <Domain name> New Process ID: <New Process ID > Creator Process ID: <Creator Process ID > Creator Process Name: <Creator Process Name > Creator Image File Name: <Creator Image File Name > System Name: <System Name > File Version: <File Version > File Description: <File Description > Product Name: <Product Name > Product Version: 6.1.7600.16385 Process Command Line: <Process Command Line > File Size: <File Size > Last Modified Time: 2010-11-20T21:29:39Z Signed: No Signer: N/A Signed On: N/A Counter Signed: No Counter Signer: N/A Counter Signed On: N/A Session ID: 5 UserSid: S-1-5-21-903365541-1942580562-2730907773-1497 Token Elevation Type: TokenElevationTypeDefault(1) LogonId: 0x1d2195f Token Integrity Level: High Hash (MD5): 60b7c0fead45f2066e5b805a91f4f0fc |
| 3520 | EventTracker Monitoring Daemon: EventTracker Agent scheduled restart success. EventTracker Monitoring Daemon: EventTracker Agent Forced restart success. |
| 3520 | EventTracker Monitoring Daemon: Memory threshold crossed the limit and Memory Usage: 1024 MB, PeakMemoryUsage: 1300 MB of the RAM, restarting the service. EventTracker Monitoring Daemon: CPU usage threshold crossed the limit of 00:01:04:9870 min, restarting the service. EventTracker Monitoring Daemon: Handle threshold crossed the limit of <>, restarting the service. EventTracker Monitoring Daemon: EventTracker Agent Forced restart failure. Current State: 02 Exit Code: 06 Check Point: 00 Wait Hint: 1000 |
| 3521 | Used for events generated by NCM when new ports starts listening for connection |
| 3522 | New process hash detected |
| 3523 | New remote IP detected |
| 3524 | [Info]A new process, which is communicating to an external IP address, has been detected by EventTracker. Hash (MD5): c5c785497a57fc48ab3d11245b90ed09 Process Name: <Process Name > Image File Name: <Image File Name > Local Address: <Local IP Address > Local Port: <Port No> Remote Address: <Remote IP Address > Remote Port: <Remote Port > Direction: Outbound Account Name: <User name> Account Domain: <Domain name> Process ID: <Process ID> Creator Process ID: <Creator Process ID> Creator Process Name: <Creator Process Name> Creator Image File Name: <Creator Image File Name> System Name: <System Name> File Version: <File Version> File Description: <File Description> Product Name: <Product Name> Product Version: <Product Version> Signed: Yes Signer: Grammarly, Inc. Signed On: 0000-00-00T00:00:00Z Counter Signed: No Counter Signer: Counter Signed On: 0000-00-00T00:00:00Z Session ID: 7 Process Command Line: N/A |
| 3525 | Configuration File Missing: EventTracker agent will not terminate suspicious process because WHT_HLST.safe file is not available. |
| 3526 | SQL service MSSQL$SQLEXPRESS has crossed the configured threshold value of 2048 MB. Current memory usage is 2058 MB. EventTracker agent is restarting the SQL instance. Instance name: MSSQL$SQLEXPRESS Memory Threshold: 2048 MB Current value: 2050 MB |
| 3529 | Event Type: warning Description: EventTracker Agent had detected anomalous login attempt from IP address 178.1.10.26, act of prevention created the firewall rule EventTrackerRDPProtectRule_178.1.10.26 in windows firewall. Event Type: Information Description: EventTracker Agent added anomalous login rule has crossed the rule expire time. Rule EventTrackerRDPProtectRule_178.1.10.26 will be removed from windows firewall. |
| 3530 | Event Type: warning Description: EventTracker Agent had detected anomalous login attempt from IP address 1.2.3.4, act of prevention adding the IP address to the EventTracker block list Event Type: Information Description: EventTracker Agent added anomalous login for IP address has crossed the rule expire time. IP address 1.2.4.4 will be removed from EventTracker block list. |
| 3531 | Event Type: warning Description: EventTracker Agent had attempt to connect URL https://registrationapi.eventtracker.com/ip2geo.php Failed Error message : Information Description: EventTracker Agent had attempt to connect URL https://registrationapi.eventtracker.com/ip2geo.php Success : collected Geo Information code:200, message:success ip:IP Address country_code:IN country_name:India sub_div_name:Karnataka sub_div_code:KA city:Bengaluru postal_code:560049 latitude:12.9833 longitude:77.5833 time_zone:Asia\/Kolkata |
| 4015 | “A new ticket has been created in PSA tool from the EventTracker application Tool Name: <Tool Name> Case id: <Case id> Ticket id: <Ticket id> Title: <Title> Added by: <Added by>” |
| 4016 | “A ticket in PSA tool has been modified from the EventTracker application Tool Name: <Tool Name> Case id: <Case id> Ticket id: <Ticket id> Modified by: <Modified by> Notes: ECC observed multiple attacks (Cross-Site Scripting, SQL Injection, and Remote code execution with Directory traversal) on the URL https://www.aarete.com/resources/css/styles.css?, from the bad reputed (Ukraine) which is involved in BOTS activity. and the attack status code is 200(Successful). Criticality: Medium Status: New” |
| 4017 | ConnectWise ticket delete |
| 4018 | log event when there is a failure to map EventTracker group to ConnectWise Manage company |
| 4019 | log event when there is a failure to map EventTracker system to ConnectWise Manage configuration |
| 4021 | “A report has been published to RMM Tool from EventTracker application. Tool Name: <Tool Name> Report Name: <Report Name> Report Status : No Record Found Group: <Group>” |
| 4022 | “A report has failed to publish to RMM Tool from EventTracker application. Tool Name: <Tool Name> Report Name: <Report Name> Report Status : <Report Status> Group: <Group>” |
| 8011 | Unsafe MD5 detected |