Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-25-2019 02:20 AM
Hello Team,
I am a SOC ANALYST , I wanted to know all the "Event name" that i can see on my SIEM. so i can make sure that i am seeing all the events. Please help. I want to make sure if any "Event Name" is missing.
Currently I am seeing these "Event Names"
| Traffic Close |
| URL Filtering |
| Session Denied |
| Received conflicting ARP on interface indicating duplicate IP |
| System Informational |
| Client Configuration |
| FileType Detected |
| User Logout |
| URL Blocked |
| System Error |
| System Notice |
| User Login |
| Config installed |
| Daemon configuration load phase succeeded |
| Configuration Change Successful |
| Failed User Login |
| User connected to a server |
| unknown |
| PAN-DB miscellaneous information |
| PNG File Chunk Length Abnormal |
| Configuration Changed Submitted |
| Configuration synchronized with peer |
| HTTP SQL Injection Attempt |
| Suspicious DNS Query |
| HTTP SQL Injection Attempt |
| User Session Timed Out |
| HTTP Directory Traversal Vulnerability |
| Wordpress system.multicall XMLRPC Information Disclosure Vulnerability |
| OpenSSL TLS Malformed Heartbeat Request Found - Heartbleed |
| OpenSSL TLS Encrypted Heartbeat Information Disclosure Vulnerability - Heartbleed |
| Palo Alto PA Series Appliances Message |
| Microsoft Windows win.ini access attempt |
| HTTP Cross Site Scripting Attempt |
| WordPress Cuckootap Theme Arbitrary File Download Vulnerability |
| WordPress Revolution Slider File Upload Vulnerability |
| Unrecognized Vulnerability Exploit Threat Event |
| HTTP SQL Injection Attempt |
| HTTP SQL Injection Attempt |
| System Warning |
| Generic HTTP Cross Site Scripting Attempt |
| Generic HTTP Cross Site Scripting Attempt |
| Configuration Change Failed |
| Long Http Transfer Encoding Anomaly |
| Baidu_Sobar_4_9_4 Information Disclosure |
| Bash Remote Code Execution Vulnerability |
| Apache Struts ClassLoader Security Bypass Vulnerability |
| PeerCast HandshakeHTTP Function Buffer Overflow |
| Netscape iPlanet Search NS-Query-Pat Directory Traversal Vulnerability |
| Apache Struts2 Redirect/Action Method Remote Code Execution Vulnerability |
| IBM WebSphere Faultactor Cross-Site Scripting Vulnerability |
| RealNetworks Realplayer RecordClip Parameter Injection Remote Code Execution Vulnerability |
| Wordpress MailPoet Newsletters Unauthenticated File Upload Vulnerability |
| Jive Software Openfire Jabber Server Authentication Bypass |
| Microsoft Schannel Remote Code Execution Vulnerability |
| Generic HTTP Cross Site Scripting Attempt |
| HTTP Non-RFC Compliant Request |
| Microsoft Windows IIS Script Filename Wrong Parsing Remote Code Execution Vulnerability |
| Unrecognized Spyware Threat Event |
| Apache Struts Content-Type Remote Code Execution Vulnerability |
| WordPress Login BruteForce Attempt |
01-26-2019 06:26 AM
Hi @Saad.ahmed
I honestly don't think someone will (or is able) to share a complete list of event names. But may I ask for what you need such a list? As a SOC analyst my interpretation is that you need to be alerted based on the severity of the events and of there is vulnerable software that is used kn your network you can override the alerts and priorize specific events. On https://threatvault.paloaltonetworks.com you can search for threat IDs. There are thousands of vulnerabilities a paloalto firewall is able to detect, so your list needs to be a little longer to be complete.
Regards,
Remo
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
