Preset Types

DDoS attack

DNS protocol attacks

Tcp Dns

Yes

DNS protocol attacks

Unusual ports

Unusual Network Port

Yes

Unusual ports

Abnormal protocol attacks

Unusual Protocol

Yes

Abnormal protocol attacks

ACK Flood

ACK Flood

Yes

ACK Flood

BGP flood

BGP Flood Attack

Yes

BGP flood

DNS IP TTL

DNS IP TTL Check Fail

Yes

DNS IP TTL

DNS reply flood

DNS Reply Flood

Yes

DNS reply flood

DNS query flood

DNS Query Flood

Yes

DNS query flood

Abnormal DNS size

DNS Size Abnormal

Yes

Abnormal DNS size

DNS reflection

DNS Reflection

Yes

DNS reflection

Abnormal DNS response flow

DNS Reply Domain Flow Abnormal

Yes

Abnormal DNS response flow

Invalid DNS format

DNS Format Error

Yes

Invalid DNS format

DNS cache matching

DNS Cache Match

Yes

DNS cache matching

DNS cache poisoning

DNS Cache Poisoning

Yes

DNS cache poisoning

Abnormal DNS request flow

DNS Request Domain Flow Abnormal

Yes

Abnormal DNS request flow

DNS domain name errors

DNS No Such Name

Yes

DNS domain name errors

FIN/RST Flood

FIN/RST Flood

Yes

FIN/RST Flood

HTTPS Flood

HTTPS Flood

Yes

HTTPS Flood

HTTP slow attacks

HTTP Slow Attack

Yes

HTTP slow attacks

ICMP blocking

ICMP Protocol Block

Yes

ICMP blocking

IP reputation

IP Reputation

Yes

IP reputation

SIP Flood

SIP Flood

Yes

SIP Flood

Abnormal SIP source rate

SIP Source Rate Abnormity

Yes

Abnormal SIP source rate

SYN Flood

SYN Flood

Yes

SYN Flood

SYN-ACK Flood

SYN-ACK Flood

Yes

SYN-ACK Flood

TCP bandwidth overflow

TCP Bandwidth Overflow

Yes

TCP bandwidth overflow

TCP multi-connection attacks

TCP Connection Flood

Yes

TCP multi-connection attacks

TCP fragment bandwidth overflow

TCP Fragment Bandwidth Overflow

Yes

TCP fragment bandwidth overflow

TCP fragment attacks

TCP Fragment Flood

Yes

TCP fragment attacks

Malformed TCP packets

TCP Malformed

Yes

Malformed TCP packets

TCP/UDP attacks

TCP-authenticated UDP Attack

Yes

TCP/UDP attacks

TCP blocking

TCP Protocol Block

Yes

TCP blocking

UDP bandwidth overflow

UDP Bandwidth Overflow

Yes

UDP bandwidth overflow

UDP fragments

UDP Fragment Flood

Yes

UDP fragments

UDP fragment bandwidth overflow

UDP Fragment Bandwidth Overflow

Yes

UDP fragment bandwidth overflow

Malformed UDP packets

UDP Malformed

Yes

Malformed UDP packets

UDP blocking

UDP Protocol Block

Yes

UDP blocking

URI monitoring

URI Monitor

Yes

URI monitoring

Dark web IP addresses

Dark IP

Yes

Dark web IP addresses

Single EIP bandwidth overflow

Single IP Bandwidth Overflow

Yes

Single EIP bandwidth overflow

Current connection flood attacks

Concurrent Connections Flood

Yes

Current connection flood attacks

Port scan attacks

Port Scanning Attack

Yes

Port scan attacks

Malicious domain name attacks

Malicious Domains Attack

Yes

Malicious domain name attacks

Anti-malware

Anti-Malware

Yes

Anti-malware

DDoS attacks

DDOS

Yes

DDoS attacks

Partition bandwidth overflow

Zone Bandwidth Overflow

Yes

Partition bandwidth overflow

Filter attacks

Filter Attack

Yes

Filter attacks

Blacklist

Blacklist

Yes

Blacklist

Botnets/Trojans/Worms

Botnets/Trojan horses/Worms Attack

Yes

Botnets/Trojans/Worms

Destination IP new session rate limiting

Destination IP new session rate limiting

Yes

Destination IP new session rate limiting

Other flood attacks

Other Flood

Yes

Other flood attacks

Other bandwidth overflow

Other Bandwidth Overflow

Yes

Other bandwidth overflow

Other global exceptions

Global Other Abnormal

Yes

Other global exceptions

Other protocol blocking

Other Protocol Block

Yes

Other protocol blocking

Global ICMP exception

Global ICMP Abnormal

Yes

Global ICMP exception

Abnormal global TCP fragments

Global TCP Fragment Abnormal

Yes

Abnormal global TCP fragments

Global TCP exception

Global TCP Abnormal

Yes

Global TCP exception

Abnormal global UDP fragments

Global UDP Fragment Abnormal

Yes

Abnormal global UDP fragments

Global UDP exception

Global UDP Abnormal

Yes

Global UDP exception

Web attacks

Web Attack

Yes

Web attacks

Geolocation attacks

Location Attack

Yes

Geolocation attacks

Connection flood attack

New Connections Flood

Yes

Connection flood attack

Domain hijacking

Domain Hijacking

Yes

Domain hijacking

Abnormal source DNS response traffic

Source DNS Reply Flow Abnormal

Yes

Abnormal source DNS response traffic

Abnormal source DNS request traffic

Source DNS Request Flow Abnormal

Yes

Abnormal source DNS request traffic

Host traffic overflow

Host Traffic Over Flow

Yes

Host traffic overflow

HTTP Flood

HTTP Flood

Yes

HTTP Flood

ICMP Flood

ICMP Flood

Yes

ICMP Flood

SSL Flood

SSL Flood

Yes

SSL Flood

TCP Flood

TCP Flood

Yes

TCP Flood

UDP Flood

UDP Flood

Yes

UDP Flood

XML Flood

XML Flood

Yes

XML Flood

Amplification attacks

Amplification

Yes

Amplification attacks

Malicious code

Hidden link

Web Page Dark Link

Yes

Hidden link

Web page Trojan

Web Page Trojan

Yes

Web page Trojan

Web attacks

Webshell

Webshell

Yes

Webshell

WAF robot

WAF Robot

Yes

WAF robot

IP address whitelist

White IP

Yes

IP address whitelist

Known attack source

Known Attack Source

Yes

Known attack source

IP address blacklist

Black IP

Yes

IP address blacklist

Vulnerability exploits

Vulnerability Attack

Yes

Vulnerability exploits

Data masking

Leakage

Yes

Data masking

Default

Default

Yes

Default

Scanners/Crawlers

Scanner & Crawler

Yes

Scanners/Crawlers

CC attacks

Challenge Collapsar

Yes

CC attacks

IP reputation database

IP Repuation

Yes

IP reputation database

SQL injection

SQL Injection

Yes

SQL injection

XSS

Cross-Site Scripting

Yes

XSS

Local file inclusion

Local Code Inclusion

Yes

Local file inclusion

Geolocation access control

Geo IP

Yes

Geolocation access control

Malicious crawlers

Malicious Web Crawlers

Yes

Malicious crawlers

Anti-crawler

Anticrawler

Yes

Anti-crawler

Web tampering protection

AntiTamper

Yes

Web tampering protection

Invalid requests

Illegal Access

Yes

Invalid requests

Blacklist or whitelist alarms

White or Black IP

Yes

Blacklist or whitelist alarms

Precise protection

Custom Rule

Yes

Precise protection

Command injection

Command Injection

Yes

Command injection

Path Traversal

Path Traversal

Yes

Path Traversal

Website Trojans

Website Trojan

Yes

Website Trojans

Website data leakage

Information Leakage

Yes

Website data leakage

Information leakage

Web Service Exfiltration

Yes

Information leakage

Remote code execution

Remote Code Execute

Yes

Remote code execution

Remote file inclusion

Remote Code Inclusion

Yes

Remote file inclusion

Malware

Encrypted currency mining

Cryptomining

Yes

Encrypted currency mining

Docker malicious program

Docker Malware

Yes

Docker malicious program

Fishing

Phishing

Yes

Fishing

Malicious adware

Adware

Yes

Malicious adware

Malware

Malicious Software

Yes

Malware

Hacker tool

Hacktool

Yes

Hacker tool

Grayware

Grayware

Yes

Grayware

Spyware

Spyware

Yes

Spyware

Spam

Spam

Yes

Spam

Rootkit

Rootkit

Yes

Rootkit

Webshell

Webshell

Yes

Webshell

Virus/Worm

Virus and Worm

Yes

Virus/Worm

Malicious file

Malicous File

Yes

Malicious file

Reverse shell

Reverse Shell

Yes

Reverse shell

Trojan

Backdoor Trojan

Yes

Trojan

Botnet

Botnet Program

Yes

Botnet

Ransomware

Ransomware

Yes

Ransomware

Bitcoin Miner

Bitcoin Miner

Yes

Bitcoin Miner

Mining software

Mining Software

Yes

Mining software

Risk Audit

Web-CMS Vulnerability

Webcms Vulnerability

Yes

Web-CMS Vulnerability

Windows OS vulnerabilities

Windows Vulnerability

Yes

Windows OS vulnerabilities

Local access vulnerability

Local Access Vulnerability

Yes

Local access vulnerability

Incorrect configuration policy

Mis-Configured Policy

Yes

Incorrect configuration policy

Other OS vulnerability

Other OS Vulnerability

Yes

Other OS vulnerability

Other vulnerability

Other Vulnerability

Yes

Other vulnerability

Application vulnerability

Application Vulnerability

Yes

Application vulnerability

Remote access vulnerability

Remote Access Vulnerability

Yes

Remote access vulnerability

Risk Audit

Weak Password

Weak Password

Yes

Weak Password

Risky system configuration

System Risk Configuration

Yes

Risky system configuration

Attacks

Fishing

Phishing

Yes

Fishing

Network topology

Map Network Topology

Yes

Network topology

Account and group information collection

Identify Groups/Roles

Yes

Account and group information collection

Fingerprint scan

Fingerprinting

Yes

Fingerprint scan

Host discovery

Determine IP Address

Yes

Host discovery

Vulnerability exploit

ActiveX vulnerability exploit

ActiveX Exploit

Yes

ActiveX vulnerability exploit

CGI attack

CGI Attack

Yes

CGI attack

DNS vulnerability exploit

DNS Exploit

Yes

DNS vulnerability exploit

FTP vulnerability exploit

FTP Exploit

Yes

FTP vulnerability exploit

Hadoop vulnerability exploit

Hadoop Vulnerability Exploit

Yes

Hadoop vulnerability exploit

Vulnerability exploit of hypervisor

Hypervisor Exploit

Yes

Vulnerability exploit of hypervisor

LDAP injection

LDAP Injection Attack

Yes

LDAP injection

MacOS vulnerability exploit

MacOS Exploit

Yes

MacOS vulnerability exploit

MySQL vulnerability exploit

MySQL Vulnerability Exploit

Yes

MySQL vulnerability exploit

Vulnerability exploit of Office software

Office Exploit

Yes

Vulnerability exploit of Office software

Redis vulnerability exploit

Redis Vulnerability Exploit

Yes

Redis vulnerability exploit

RPC vulnerability exploit

RPC Exploit

Yes

RPC vulnerability exploit

SQL injection

SQL Injection

Yes

SQL injection

SSH vulnerability exploit

SSH Exploit

Yes

SSH vulnerability exploit

SSI injection attack

SSI Injection Attack

Yes

SSI injection attack

Struts2 OGNL injection

Struts2 OGNL Injection

Yes

Struts2 OGNL injection

Telnet vulnerability exploit

TELNET Exploit

Yes

Telnet vulnerability exploit

Unix vulnerability exploit

Unix Exploit

Yes

Unix vulnerability exploit

Web vulnerability exploit

Web Exploit

Yes

Web vulnerability exploit

Cross site scripting (XSS)

Cross-Site Scripting

Yes

Cross site scripting (XSS)

Local file inclusion

Local File Inclusion

Yes

Local file inclusion

Malicious file delivery

Malicious File Delivery

Yes

Malicious file delivery

Malicious file execution

Malicious File Execution

Yes

Malicious file execution

Buffer overflow attack

Buffer Overflow

Yes

Buffer overflow attack

Session hijacking

Session Hijack

Yes

Session hijacking

Password guessing

Password Cracking

Yes

Password guessing

Browser vulnerability exploit

Browser Exploit

Yes

Browser vulnerability exploit

Weak password access

Weak Password Access

Yes

Weak password access

Database vulnerability exploit

Database Exploit

Yes

Database vulnerability exploit

Unknown vulnerability exploit

Unknown Exploit

Yes

Unknown vulnerability exploit

Hidden link access

Hide Link Access

Yes

Hidden link access

Email vulnerability exploit

Mail Exploit

Yes

Email vulnerability exploit

Remote code execution

Remote Code Execution

Yes

Remote code execution

Remote access vulnerability exploit

Remote Access Exploit

Yes

Remote access vulnerability exploit

Remote file inclusion prevention

Remote File Inclusion

Yes

Remote file inclusion prevention

Remote file injection

Remote File Injection

Yes

Remote file injection

Combined vulnerability exploit

Misc Exploit

Yes

Combined vulnerability exploit

CMS vulnerability

CMS Exploit

Yes

CMS vulnerability

CSRF attack

CSRF Attack

Yes

CSRF attack

JNDI injection

JNDI Injection Attack

Yes

JNDI injection

Linux vulnerability

Linux Exploit

Yes

Linux vulnerability

SMB vulnerability

SMB Exploit

Yes

SMB vulnerability

Windows vulnerability

Windows Exploit

Yes

Windows vulnerability

XML injection

XML Injection

Yes

XML injection

Code Injection

Code Injection

Yes

Code Injection

Vulnerability escape

Vulnerability Escape Attack

Yes

Vulnerability escape

Command execution

Command Execution

Yes

Command execution

Command injection

Command Injection

Yes

Command injection

File escape

File Escape Attack

Yes

File escape

VM escape

VM Escape Attack

Yes

VM escape

Common vulnerability exploit

General Exploit

Yes

Common vulnerability exploit

Command and control

Message sent from current ECS IP address to high-risk network

Command Control Activity

Yes

Message sent from current ECS IP address to high-risk network

Dynamic resolution

Dynamic Resolution

Yes

Dynamic resolution

Other suspicious connection

Abnormal Connection

Yes

Other suspicious connection

Other suspicious behavior

Abnormal Behaviour

Yes

Other suspicious behavior

Malicious DNS connection

Malicious Domain Query

Yes

Malicious DNS connection

Malicious IP address connection

Malicious Ip Address Query

Yes

Malicious IP address connection

Covert tunnel

Protocol Tunneling

Yes

Covert tunnel

Mining pool communication

Mining Pool Communication

Yes

Mining pool communication

Other

Public_Opinion

Public_Opinion

Yes

Public_Opinion

Cloud firewall attack

CFW_RISK

Yes

Cloud firewall attack

Data leakage

Data theft

Steal Data

Yes

Data theft

Unauthorized data transfer

Transfer Data Abnormal

Yes

Unauthorized data transfer

Abnormal network behavior

Abnormal access frequency of IP addresses

IP Access Frequency Abnormal

Yes

Abnormal access frequency of IP addresses

Abnormal IP address switch

IP Switch Abnormal

Yes

Abnormal IP address switch

First login from an IP address

IP First Access

Yes

First login from an IP address

Sinkhole attack IP address access

Sink Hole

Yes

Sinkhole attack IP address access

Proxy IP address access

Proxy

Yes

Proxy IP address access

Malicious resource access

Resource Permissions

Yes

Malicious resource access

Fraudulent payment website IP address/domain name access

Payment

Yes

Fraudulent payment website IP address/domain name access

Onion website IP access

Tor

Yes

Onion website IP access

C&C abnormal communication

C&C Abnormal Communication

Yes

C&C abnormal communication

Blacklisted IP address access

IP Blacklist Access

Yes

Blacklisted IP address access

URL blacklist access

URL Blacklist Access

Yes

URL blacklist access

Malicious URL access

Malicious URL Access

Yes

Malicious URL access

Malicious domain name access

Malicious Domain Name Access

Yes

Malicious domain name access

Unauthorized access attempt

Unauthorized Access Attemp

Yes

Unauthorized access attempt

Suspicious network traffic

Suspicious Network Traffic

Yes

Suspicious network traffic

Container-network external connection

Container Network Connect

Yes

Container-network external connection

Unknown network access

Unknown Abnormal Network Access

Yes

Unknown network access

File MD5 blacklist access

File MD5 Blacklist Access

Yes

File MD5 blacklist access

Abnormal external connection

Abnormal External Behavior

Yes

Abnormal external connection

Domain name blacklist access

Domain Name Blacklist Access

Yes

Domain name blacklist access

Periodic external communication

Periodic Outreach

Yes

Periodic external communication

Suspicious port forwarding

Suspicious Port Forward

Yes

Suspicious port forwarding

Fileless attacks

VDSO hijacking

VDSO Hijacking

Yes

VDSO hijacking

Dynamic library injection

Dynamic Library Inject Process

Yes

Dynamic library injection

Key configuration change

Critical File Change

Yes

Key configuration change

Environment variable change

Environment Change

Yes

Environment variable change

Process injection

Process Inject

Yes

Process injection

Memory file process

Memfd Process

Yes

Memory file process

File manipulation

File Manipulation

Yes

File manipulation

Abnormal system behavior

Suspicious crontab task

Crontab Suspicious Task

Yes

Suspicious crontab task

Socket connection error

Abnormal Socket Connection

Yes

Socket connection error

Backup deletion

Backup Deletion

Yes

Backup deletion

Unauthorized database access

Unauthorized Database Access

Yes

Unauthorized database access

Abnormal permission access

Privilege Abnormal Access

Yes

Abnormal permission access

Abnormal log change

Unexpected Log Change

Yes

Abnormal log change

Exit the container process

Container Process Exist

Yes

Exit the container process

Abnormal behavior of unknown server

Unknown Host Abnormal Activity

Yes

Abnormal behavior of unknown server

File blacklist access

File blocklist access

Yes

File blacklist access

Abnormal change of file permission

Unexpected File Permission Change

Yes

Abnormal change of file permission

System protection disabled

System Security Protection disabled

Yes

System protection disabled

System account change

System Account Change

Yes

System account change

Suspicious registry operation

Abnormal Registry Operation

Yes

Suspicious registry operation

Crontab script privilege escalation

Crontab Script Privilege Escalation

Yes

Crontab script privilege escalation

Crontab script modification

Crontab Script Change

Yes

Crontab script modification

High-risk command execution

High-risk Command Execution

Yes

High-risk command execution

High-risk system call

High-Risk Syscall

Yes

High-risk system call

Important file/directory change

File/Directory Change

Yes

Important file/directory change

Critical file change

Key File Change

Yes

Critical file change

Process privilege escalation

Process Privilege Escalation

Yes

Process privilege escalation

Abnormal process behavior

Process Abnormal Activity

Yes

Abnormal process behavior

Sensitive file access

Sensitive File Access

Yes

Sensitive file access

Abnormal container process

Container Abnormal Process

Yes

Abnormal container process

Abnormal container startup

Container Abnormal Start

Yes

Abnormal container startup

Abnormal database connection

Abnormal Database Connection

Yes

Abnormal database connection

NIC in promiscuous mode

Network Adapter Promiscuous Mode

Yes

NIC in promiscuous mode

File privilege escalation

File Privilege Escalation

Yes

File privilege escalation

Abnormal file deletion

File Abnormal Delete

Yes

Abnormal file deletion

System startup script modification

System Start Script Change

Yes

System startup script modification

Abnormal shell

Abnormal Shell

Yes

Abnormal shell

Abnormal command execution

Abnormal Command Execution

Yes

Abnormal command execution

Data damage

Information tampering

Information Tampering

Yes

Information tampering

Information loss

Information Loss

Yes

Information loss

Information counterfeiting

Information Masquerading

Yes

Information counterfeiting

Information theft

Information Interception

Yes

Information theft

Information leakage

Information Disclosure

Yes

Information leakage

Linux web tampering

Linux Web Page Tampering

Yes

Linux web tampering

Windows web tampering

Windows Web Page Tampering

Yes

Windows web tampering

Path Traversal

Directory Traversal

Yes

Path Traversal

Abnormal user behavior

Malicious use of token

Token Leakage

Yes

Malicious use of token

Malicious token exploit success

Token Leakage Success

Yes

Malicious token exploit success

First login by an abnormal user

User First Cross Domain Access

Yes

First login by an abnormal user

Abnormal user access frequency

User Access Frequency Abnormal

Yes

Abnormal user access frequency

Abnormal time segment

User Hour Level Access Abnormal

Yes

Abnormal time segment

Abnormal user download behavior through a specific IP address

User IP Download Abnormal

Yes

Abnormal user download behavior through a specific IP address

First access to an object

Client First Access

Yes

First access to an object

Abnormal user download behavior

User Download Abnormal

Yes

Abnormal user download behavior

Brute-force attack

Brute Force Cracking

Yes

Brute-force attack

Illegal login

Illegal Login

Yes

Illegal login

Abnormal behavior of unknown users

Unknown User Abnormal Activity

Yes

Abnormal behavior of unknown users

Abnormal login

Abnormal Login

Yes

Abnormal login

Login attempt

User Login Attempt

Yes

Login attempt

Password theft

User Password Theft

Yes

Password theft

Successful user privilege escalation

User Privilege Escalation Succeeded

Yes

Successful user privilege escalation

Failed to elevate user rights

User Privilege Escalation Failed

Yes

Failed to elevate user rights

First login

User First login

Yes

First login

Account deletion

User Account Removed

Yes

Account deletion

Account creation

User Account Added

Yes

Account creation

User group change

User Group Changed

Yes

User group change

User group deletion

User Group Removed

Yes

User group deletion

User group addition

User Group Added

Yes

User group addition

Account spoofing

Account Forgery

Yes

Account spoofing

Suspicious ECS account creation

Suspicious Ecs User Create

Yes

Suspicious ECS account creation

ECS account permission escalation

ECS User Escalate Privilege

Yes

ECS account permission escalation

Suspicious IAM account creation

Suspicious IAM Account Create

Yes

Suspicious IAM account creation

IAM permission escalation

IAM Permissons Escalation

Yes

IAM permission escalation

ECS login through brute-force attack

ECS BruteForce Login

Yes

ECS login through brute-force attack

IAM login through brute-force attack

IAM BruteForce Login

Yes

IAM login through brute-force attack

Invalid account

Invalid System Account

Yes

Invalid account

Unsafe account

Risky Account

Yes

Unsafe account

ECS login from suspicious IP address

Suspicious IP Address Login

Yes

ECS login from suspicious IP address

Suspicious IP address login to IAM

Suspicious IP Address Login

Yes

Suspicious IP address login to IAM

Abnormal login to IAM

IAM Abnormal Login

Yes

Abnormal login to IAM

Remote login to ECS

Instance Credential Exfiltration

Yes

Remote login to ECS

User login success

User Login Success

Yes

User login success

User login denial

User Login Denied

Yes

User login denial

User account change

User Account Changed

Yes

User account change

Resource manipulation

Malicious logic insertion

Malicious Logic Insertion

Yes

Malicious logic insertion

Infrastructure manipulation

Infrastructure Manipulation

Yes

Infrastructure manipulation

Configuration/environment manipulation

Configuration/Environment Manipulation

Yes

Configuration/environment manipulation

Container escape

Container Escape

Yes

Container escape

Container resource manipulation

Container Resource Manipulation

Yes

Container resource manipulation

Software integrity

Software Integrity Attack

Yes

Software integrity

Resource scanning

Abnormal number of detected ports

Port Detection

Yes

Abnormal number of detected ports

ARP scan

ARP Scan

Yes

ARP scan

DNS test

DNS Recon

Yes

DNS test

Hypervisor detection

Hypervisor Recon

Yes

Hypervisor detection

ICMP detection

ICMP Recon

Yes

ICMP detection

Linux detection

Linux Recon

Yes

Linux detection

MacOS detection

MacOS Recon

Yes

MacOS detection

Nmap scan

NMAP Scan

Yes

Nmap scan

RPC request detection

RPC Recon

Yes

RPC request detection

SNMP scan

SNMP Recon

Yes

SNMP scan

TCP scan

TCP Recon

Yes

TCP scan

UDP scan

UDP Recon

Yes

UDP scan

Unix detection

Unix Recon

Yes

Unix detection

Web detection

Web Recon

Yes

Web detection

Windows probing

Windows Recon

Yes

Windows probing

Encrypted penetration scan

Encrypted Penetration Scan

Yes

Encrypted penetration scan

Common scan event

General Scanner

Yes

Common scan event

Database detection

Database Recon

Yes

Database detection

Mail detection

Mail Recon

Yes

Mail detection

Server scan

Host Scan

Yes

Server scan

Combined detection

Misc Recon

Yes

Combined detection

Port scan

Port Scan

Yes

Port scan

DDoS attack

DNS protocol attacks

Tcp Dns

Yes

DNS protocol attacks

Unusual ports

Unusual Network Port

Yes

Unusual ports

Abnormal protocol attacks

Unusual Protocol

Yes

Abnormal protocol attacks

ACK Flood

ACK Flood

Yes

ACK Flood

BGP flood

BGP Flood Attack

Yes

BGP flood

DNS IP TTL

DNS IP TTL Check Fail

Yes

DNS IP TTL

DNS reply flood

DNS Reply Flood

Yes

DNS reply flood

DNS query flood

DNS Query Flood

Yes

DNS query flood

Abnormal DNS size

DNS Size Abnormal

Yes

Abnormal DNS size

DNS reflection

DNS Reflection

Yes

DNS reflection

Abnormal DNS response flow

DNS Reply Domain Flow Abnormal

Yes

Abnormal DNS response flow

Invalid DNS format

DNS Format Error

Yes

Invalid DNS format

DNS cache matching

DNS Cache Match

Yes

DNS cache matching

DNS cache poisoning

DNS Cache Poisoning

Yes

DNS cache poisoning

Abnormal DNS request flow

DNS Request Domain Flow Abnormal

Yes

Abnormal DNS request flow

DNS domain name errors

DNS No Such Name

Yes

DNS domain name errors

FIN/RST Flood

FIN/RST Flood

Yes

FIN/RST Flood

HTTPS Flood

HTTPS Flood

Yes

HTTPS Flood

HTTP slow attacks

HTTP Slow Attack

Yes

HTTP slow attacks

ICMP blocking

ICMP Protocol Block

Yes

ICMP blocking

IP reputation

IP Reputation

Yes

IP reputation

SIP Flood

SIP Flood

Yes

SIP Flood

Abnormal SIP source rate

SIP Source Rate Abnormity

Yes

Abnormal SIP source rate

SYN Flood

SYN Flood

Yes

SYN Flood

SYN-ACK Flood

SYN-ACK Flood

Yes

SYN-ACK Flood

TCP bandwidth overflow

TCP Bandwidth Overflow

Yes

TCP bandwidth overflow

TCP multi-connection attacks

TCP Connection Flood

Yes

TCP multi-connection attacks

TCP fragment bandwidth overflow

TCP Fragment Bandwidth Overflow

Yes

TCP fragment bandwidth overflow

TCP fragment attacks

TCP Fragment Flood

Yes

TCP fragment attacks

Malformed TCP packets

TCP Malformed

Yes

Malformed TCP packets

TCP/UDP attacks

TCP-authenticated UDP Attack

Yes

TCP/UDP attacks

TCP blocking

TCP Protocol Block

Yes

TCP blocking

UDP bandwidth overflow

UDP Bandwidth Overflow

Yes

UDP bandwidth overflow

UDP fragments

UDP Fragment Flood

Yes

UDP fragments

UDP fragment bandwidth overflow

UDP Fragment Bandwidth Overflow

Yes

UDP fragment bandwidth overflow

Malformed UDP packets

UDP Malformed

Yes

Malformed UDP packets

UDP blocking

UDP Protocol Block

Yes

UDP blocking

URI monitoring

URI Monitor

Yes

URI monitoring

Dark web IP addresses

Dark IP

Yes

Dark web IP addresses

Single EIP bandwidth overflow

Single IP Bandwidth Overflow

Yes

Single EIP bandwidth overflow

Current connection flood attacks

Concurrent Connections Flood

Yes

Current connection flood attacks

Port scan attacks

Port Scanning Attack

Yes

Port scan attacks

Malicious domain name attacks

Malicious Domains Attack

Yes

Malicious domain name attacks

Anti-malware

Anti-Malware

Yes

Anti-malware

DDoS attacks

DDOS

Yes

DDoS attacks

Partition bandwidth overflow

Zone Bandwidth Overflow

Yes

Partition bandwidth overflow

Filter attacks

Filter Attack

Yes

Filter attacks

Blacklist

Blacklist

Yes

Blacklist

Botnets/Trojans/Worms

Botnets/Trojan horses/Worms Attack

Yes

Botnets/Trojans/Worms

Destination IP new session rate limiting

Destination IP new session rate limiting

Yes

Destination IP new session rate limiting

Other flood attacks

Other Flood

Yes

Other flood attacks

Other bandwidth overflow

Other Bandwidth Overflow

Yes

Other bandwidth overflow

Other global exceptions

Global Other Abnormal

Yes

Other global exceptions

Other protocol blocking

Other Protocol Block

Yes

Other protocol blocking

Global ICMP exception

Global ICMP Abnormal

Yes

Global ICMP exception

Abnormal global TCP fragments

Global TCP Fragment Abnormal

Yes

Abnormal global TCP fragments

Global TCP exception

Global TCP Abnormal

Yes

Global TCP exception

Abnormal global UDP fragments

Global UDP Fragment Abnormal

Yes

Abnormal global UDP fragments

Global UDP exception

Global UDP Abnormal

Yes

Global UDP exception

Web attacks

Web Attack

Yes

Web attacks

Geolocation attacks

Location Attack

Yes

Geolocation attacks

Connection flood attack

New Connections Flood

Yes

Connection flood attack

Domain hijacking

Domain Hijacking

Yes

Domain hijacking

Abnormal source DNS response traffic

Source DNS Reply Flow Abnormal

Yes

Abnormal source DNS response traffic

Abnormal source DNS request traffic

Source DNS Request Flow Abnormal

Yes

Abnormal source DNS request traffic

Host traffic overflow

Host Traffic Over Flow

Yes

Host traffic overflow

HTTP Flood

HTTP Flood

Yes

HTTP Flood

ICMP Flood

ICMP Flood

Yes

ICMP Flood

SSL Flood

SSL Flood

Yes

SSL Flood

TCP Flood

TCP Flood

Yes

TCP Flood

UDP Flood

UDP Flood

Yes

UDP Flood

XML Flood

XML Flood

Yes

XML Flood

Amplification attacks

Amplification

Yes

Amplification attacks

Malicious code

Hidden link

Web Page Dark Link

Yes

Hidden link

Web page Trojan

Web Page Trojan

Yes

Web page Trojan

Web attacks

Webshell

Webshell

Yes

Webshell