| Linux |
10001 |
Local success login
|
True
|
10000:Server Remote Access
|
| Linux |
10002 |
remote ssh success logins
|
True
|
10000:Server Remote Access
|
| Linux |
10003 |
local failed logins
|
True
|
10000:Server Remote Access
|
| Linux |
10004 |
ssh failed logins
|
False
|
10000:Server Remote Access
|
| Windows |
20001 |
local login on server
|
True
|
10000:Server Remote Access
|
| Windows |
20002 |
remote desktop login on server
|
True
|
10000:Server Remote Access
|
| Windows |
20003 |
failed remote desktop logins on server
|
False
|
10000:Server Remote Access
|
| Linux |
10071 |
Success remote login via OpenVPN
|
True
|
10007:VPN Remote Access
|
| Linux |
10072 |
Attempt of remote login via OpenVPN
|
False
|
10007:VPN Remote Access
|
| Linux |
10011 |
Success tcp connection to external source
|
True
|
10001:Output Server Traffic
|
| Linux |
10012 |
Failed tcp connection to external source
|
False
|
10001:Output Server Traffic
|
| Linux |
10013 |
Success udp negotiation with external source
|
True
|
10001:Output Server Traffic
|
| Linux |
10014 |
Udp packages sent to external source
|
False
|
10001:Output Server Traffic
|
| Windows |
20011 |
Connection to external source
|
True
|
10001:Output Server Traffic
|
| Linux |
10041 |
fail2ban detected failed login attempts
|
False
|
10002:Security tools
|
| Linux |
10042 |
fail2ban banned an Ip Address
|
False
|
10002:Security tools
|
| Linux |
10021 |
success pure-ftpd login
|
True
|
10004:FTP Connections
|
| Linux |
10022 |
failed pure-ftpd login
|
False
|
10004:FTP Connections
|
| Windows |
20021 |
failed FTP login
|
False
|
10004:FTP Connections
|
| Windows |
20022 |
success FTP login
|
True
|
10004:FTP Connections
|
| Linux |
10031 |
Wordpress success login
|
True
|
10003:Logins on web sites
|
| Linux |
10032 |
Wordpress failed login
|
False
|
10003:Logins on web sites
|
| Linux |
10130 |
Couchbase UI Admin success logins
|
True
|
10005:Server security events
|
| Linux |
10131 |
Couchbase UI Admin failed logins
|
True
|
10005:Server security events
|
| Linux |
10510 |
new software installed
|
True
|
10005:Server security events
|
| Linux |
10511 |
software erased
|
True
|
10005:Server security events
|
| Windows |
20501 |
Windows Defender antivirus updated the signature database
|
True
|
10005:Server security events
|
| Windows |
20502 |
Windows Defender detected virus
|
True
|
10005:Server security events
|
| Windows |
20510 |
new product installed
|
True
|
10005:Server security events
|
| Windows |
20511 |
a service was installed in the system
|
True
|
10005:Server security events
|
| Windows |
20611 |
new user account created
|
True
|
10005:Server security events
|
| Windows |
20612 |
user account enabled
|
True
|
10005:Server security events
|
| Windows |
20613 |
user account was changed
|
True
|
10005:Server security events
|
| Wordpress |
30011 |
User login has failed.
|
False
|
10006:Wordpress security events
|
| Wordpress |
30012 |
User login has success.
|
True
|
10006:Wordpress security events
|
| Wordpress |
30013 |
Users password is reset.
|
True
|
10006:Wordpress security events
|
| Wordpress |
30021 |
Attachment has been added
|
True
|
10006:Wordpress security events
|
| Wordpress |
30022 |
Link has been added
|
True
|
10006:Wordpress security events
|
| Wordpress |
30051 |
Existing user profile is updated.
|
True
|
10006:Wordpress security events
|
| Wordpress |
30052 |
User is deleted from the database.
|
True
|
10006:Wordpress security events
|
| Wordpress |
30053 |
User is a added to a site.
|
True
|
10006:Wordpress security events
|
| Wordpress |
30071 |
Switches current theme to new template.
|
True
|
10006:Wordpress security events
|
| Wordpress |
30072 |
Plugin has been activated.
|
True
|
10006:Wordpress security events
|
| Wordpress |
30073 |
Plugin has been deactivated.
|
True
|
10006:Wordpress security events
|
| Wordpress |
30081 |
Post is transitioned from one status to another.
|
True
|
10006:Wordpress security events
|
| Wordpress |
30082 |
Post is sent to the trash.
|
True
|
10006:Wordpress security events
|
| Wordpress |
30083 |
Called an XML-RPC request.
|
True
|
10006:Wordpress security events
|
| Wordpress |
30084 |
Post deleted
|
True
|
10006:Wordpress security events
|
| Wordpress |
30085 |
Post published
|
True
|
10006:Wordpress security events
|
| Wordpress |
30086 |
Category created
|
True
|
10006:Wordpress security events
|
| Wordpress |
30087 |
Page published
|
True
|
10006:Wordpress security events
|
| Wordpress |
30088 |
Page deleted
|
True
|
10006:Wordpress security events
|
| Amazon |
50000 |
Change action in AWS console
|
True
|
20001:Cloud User Activity
|
| Amazon |
50001 |
Successful AWS console sign-in
|
True
|
20000:Cloud Remote Access
|
| Amazon |
50002 |
Unsuccessful AWS console sign-in attempt
|
False
|
20000:Cloud Remote Access
|
| Amazon |
50003 |
Ip rules in the security group changed
|
True
|
20001:Cloud User Activity
|
| Amazon |
50004 |
User access settings changed
|
True
|
20001:Cloud User Activity
|
| Amazon |
50005 |
Cloud instances state changed
|
True
|
20001:Cloud User Activity
|
