A fixed set of event types are used for receiving events of Kaspersky Industrial CyberSecurity for Networks in Kaspersky Security Center. The event types in Kaspersky Security Center correspond to the specific event types in Kaspersky Industrial CyberSecurity for Networks and can be registered as Kaspersky Security Center incidents depending on the severities of the events (see the figure below).
Event types in Kaspersky Security Center for receiving events of Kaspersky Industrial CyberSecurity for Networks
Displayed name of the event type |
Code of the event type in Kaspersky Security Center |
Registration as a Kaspersky Security Center incident |
Corresponding event type code in Kaspersky Industrial CyberSecurity for Networks |
---|---|---|---|
Maximum number of reported events has been reached |
32769 |
yes, with the Warning severity level |
– |
Test event (DPI) |
32770 |
no |
4000000001 |
Test event (NIC) |
32771 |
no |
4000000002 |
Test event (IDS) |
32772 |
no |
4000000003 |
Test event (AM) |
32773 |
no |
4000000004 |
Unauthorized network interaction detected |
32774 |
no |
4000002601 |
System command detected |
32775 |
Only events with the Critical severity level |
4000002602 |
No traffic at monitoring point |
32776 |
no |
4000002700 |
TCP protocol anomaly detected: content substitution in overlapping TCP segments |
32777 |
yes |
4000002701 |
Process Control rule violation |
32778 |
Only events with the Critical severity level |
4000002900 |
Intrusion Detection rule from the system set of rules was triggered |
32779 |
no |
4000003000 |
Intrusion Detection rule from the custom set of rules was triggered |
32780 |
no |
4000003001 |
Symptoms of ARP spoofing detected in ARP replies |
32781 |
yes |
4000004001 |
Symptoms of ARP spoofing detected in ARP requests |
32782 |
yes |
4000004002 |
New device detected in network |
32783 |
yes |
4000005003 |
New device settings detected |
32784 |
no |
4000005004 |
IP address conflict detected |
32785 |
yes |
4000005005 |
Activity detected from device with Archived status |
32786 |
no |
4000005006 |
New IP address of device detected |
32787 |
yes |
4000005007 |
New MAC address of device detected |
32788 |
yes |
4000005010 |
MAC address added to device |
32789 |
no |
4000005008 |
IP address added to device |
32790 |
no |
4000005009 |
PLC Project Control: detected read of unknown block from PLC |
32791 |
no |
4000005200 |
PLC Project Control: detected read of known block from PLC |
32792 |
no |
4000005201 |
PLC Project Control: detected write of new block to PLC |
32793 |
no |
4000005202 |
PLC Project Control: detected write of known block to PLC |
32794 |
no |
4000005203 |
PLC Project Control: detected read of unknown project from PLC |
32795 |
no |
4000005204 |
PLC Project Control: detected read of known project from PLC |
32796 |
no |
4000005205 |
PLC Project Control: detected write of new project to PLC |
32797 |
no |
4000005206 |
PLC Project Control: detected write of known project to PLC |
32798 |
no |
4000005207 |
IP protocol anomaly detected: data conflict when assembling IP packet |
32799 |
yes |
4000005100 |
IP protocol anomaly detected: fragmented IP packet size exceeded |
32800 |
yes |
4000005101 |
IP protocol anomaly detected: the size of the initial fragment of the IP packet is less than expected |
32801 |
yes |
4000005102 |
IP protocol anomaly detected: mis-associated fragments |
32802 |
yes |
4000005103 |
Vulnerability detected |
32803 |
yes |
4000005300 |
Vulnerability information was modified |
32804 |
no |
4000005303 |
Correlation rule event registered |
32805 |
Only events with the Critical severity level |
8000000001 |
Event from an external system |
32807 |
yes |
4000005400 |