System event types based on Asset Management technology

This section provides a description of system event types associated with Asset Management technology (see the table below).

System event types based on Asset Management technology (AM)

Code of event type	Event title	Severity	Registration conditions
4000005003	Detected new asset with the address $owner_ip_or_mac	Critical	Asset Management monitoring mode resulted in the automatic addition of a new asset based on a detected IP address or MAC address that has not been specified for other assets in the table. The following variables are used in the title and description of an event type: $owner_ip_or_mac – IP or MAC address of the asset. $asset_name – assigned name of the asset. $assigned_mac – assigned MAC address (if defined). $owner_ip – assigned IP address (if defined). $asset_id – ID of the asset.
4000005004	Received new information about asset with the address $owner_ip_or_mac	Informational	Asset Management monitoring mode resulted in the automatic update of asset information based on data obtained from traffic. The following variables are used in the title and description of an event type: $owner_ip_or_mac – IP or MAC address of the asset. $asset_name – name of the asset. $updated_params – list of updated information. $asset_id – ID of the asset.
4000005005	IP address $owner_ip conflict detected	Critical	In Asset Management monitoring mode, the application detected the use of an IP address by a different asset than the asset for which this IP address was specified. The following variables are used in the title and description of an event type: $owner_ip – IP address. $challenger_asset_name – name of the asset that used the IP address. $challenger_mac – MAC address of the asset that used the IP address. $asset_name – name of the asset in whose settings the IP address was specified. $owner_mac – MAC address of the asset in whose settings the IP address was specified. $challenger_ips_list – list of other IP addresses of the asset that used the IP address. $asset_id – ID of the asset in whose settings the IP address was specified. $challenger_id – ID of the asset that used the IP address.
4000005006	Detected traffic from address $owner_ip_or_mac, which is assigned to an asset with the Archived status	Critical	In Asset Management monitoring mode, activity was detected from an asset that was assigned the Archived status. The following variables are used in the title and description of an event type: $owner_ip_or_mac – IP or MAC address of the asset. $asset_name – name of the asset. $last_seen_timestamp – date and time when the asset was last seen in the network. $asset_id – ID of the asset.
4000005007	A new IP address $new_ip_addr was detected for the asset with MAC address $owner_mac	Critical	In Asset Management monitoring mode, a new IP address used by an asset was detected. The following variables are used in the title and description of an event type: $new_ip_addr – detected IP address. $owner_mac – MAC address of the asset. $asset_name – name of the asset. $owner_ips_list – list of other IP addresses of the asset. $asset_id – ID of the asset.
4000005008	MAC address $owner_mac was added to the asset with IP address $owner_ip	Informational	Asset Management monitoring mode resulted in the automatic addition of a MAC address for a network interface for which only an IP address was specified (the asset had the Unauthorized or Archived status). The following variables are used in the title and description of an event type: $owner_mac – detected MAC address of the asset. $owner_ip – IP address of the asset $asset_name – name of the asset. $asset_id – ID of the asset.
4000005009	IP address $owner_ip was added to the asset with MAC address $owner_mac	Informational	Asset Management monitoring mode resulted in the automatic addition of an IP address for a network interface for which only a MAC address was specified (the asset had the Unauthorized or Archived status). The following variables are used in the title and description of an event type: $owner_ip – detected IP address of the asset. $owner_mac – MAC address of the asset. $asset_name – name of the asset. $asset_id – ID of the asset.
4000005010	Detected new MAC address $new_mac_addr for asset with the IP address $owner_ip	Critical	Asset Management monitoring mode resulted in the detection of a new MAC address used by an asset (autoupdate of address information is disabled for the asset). The following variables are used in the title and description of an event type: $new_mac_addr – detected MAC address. $owner_ip – IP address of the asset $asset_name – name of the asset. $asset_id – ID of the asset.
4000005200	PLC Project Control: detected read of unknown block from PLC $asset_name	Critical	PLC Project Control read/write monitoring resulted in a detected read of an unknown block of a project from a PLC (if there is no saved information about this block). The following variables are used in the title and description of an event type: $asset_name – name of the asset. $block_name – name of the block. $saved_date_time – date and time when th.e operation was detected.
4000005201	PLC Project Control: detected read of known block from PLC $asset_name	Critical	PLC Project Control read/write monitoring resulted in a detected read of a known block of a project from a PLC (if there is saved information about this block but the received information does not match the latest saved information about this block). The following variables are used in the title and description of an event type: $asset_name – name of the asset. $block_name – name of the block. $saved_date_time – date and time when the block was saved in the application.
4000005202	PLC Project Control: detected write of new block to PLC $asset_name	Critical	PLC Project Control read/write monitoring resulted in a detected write of an unknown block of a project from a PLC (if there is no saved information about this block). The following variables are used in the title and description of an event type: $asset_name – name of the asset. $block_name – name of the block. $saved_date_time – date and time when th.e operation was detected.
4000005203	PLC Project Control: detected write of known block to PLC $asset_name	Critical	PLC Project Control read/write monitoring resulted in a detected write of a known block of a project from a PLC (if there is saved information about this block but the received information does not match the latest saved information about this block). The following variables are used in the title and description of an event type: $asset_name – name of the asset. $block_name – name of the block. $saved_date_time – date and time when the block was saved in the application.
4000005204	PLC Project Control: detected read of unknown project from PLC $asset_name	Critical	PLC Project Control read/write monitoring resulted in a detected read of an unknown project from a PLC (if there is no saved information about this project). The following variables are used in the title and description of an event type: $asset_name – name of the asset. $saved_date_time – date and time when th.e operation was detected.
4000005205	PLC Project Control: detected read of known project from PLC $asset_name	Critical	PLC Project Control read/write monitoring resulted in a detected read of a known project from a PLC (if there is saved information about this project but the received information does not match the latest saved information about this project). The following variables are used in the title and description of an event type: $asset_name – name of the asset. $saved_date_time – date and time when the project was saved in the application.
4000005206	PLC Project Control: detected write of new project to PLC $asset_name	Critical	PLC Project Control read/write monitoring resulted in a detected write of a new project to a PLC (if there is no saved information about this project). The following variables are used in the title and description of an event type: $asset_name – name of the asset. $saved_date_time – date and time when th.e operation was detected.
4000005207	PLC Project Control: detected write of known project to PLC $asset_name	Critical	PLC Project Control read/write monitoring resulted in a detected write of a known project to a PLC (if there is saved information about this project but the received information does not match the latest saved information about this project). The following variables are used in the title and description of an event type: $asset_name – name of the asset. $saved_date_time – date and time when the project was saved in the application.
4000000004	Test event (AM)	Informational	A test network packet was detected (with the asset activity detection method enabled).

Page top