Event types in Kaspersky Security Center for Kaspersky Industrial CyberSecurity for Networks events

A fixed set of event types are used for receiving events of Kaspersky Industrial CyberSecurity for Networks in Kaspersky Security Center. The event types in Kaspersky Security Center correspond to the specific event types in Kaspersky Industrial CyberSecurity for Networks and can be registered as Kaspersky Security Center incidents depending on the severities of the events (see the figure below).

Event types in Kaspersky Security Center for receiving events of Kaspersky Industrial CyberSecurity for Networks

Displayed name of the event type

Code of the event type in Kaspersky Security Center

Registration as a Kaspersky Security Center incident

Corresponding event type code in Kaspersky Industrial CyberSecurity for Networks

Maximum number of reported events has been reached

32769

yes, with the Warning severity level

Test event (DPI)

32770

no

4000000001

Test event (NIC)

32771

no

4000000002

Test event (IDS)

32772

no

4000000003

Test event (AM)

32773

no

4000000004

Unauthorized network interaction detected

32774

no

4000002601

System command detected

32775

Only events with the Critical severity level

4000002602

No traffic at monitoring point

32776

no

4000002700

TCP protocol anomaly detected: content substitution in overlapping TCP segments

32777

yes

4000002701

Process Control rule violation

32778

Only events with the Critical severity level

4000002900

Intrusion Detection rule from the system set of rules was triggered

32779

no

4000003000

Intrusion Detection rule from the custom set of rules was triggered

32780

no

4000003001

Symptoms of ARP spoofing detected in ARP replies

32781

yes

4000004001

Symptoms of ARP spoofing detected in ARP requests

32782

yes

4000004002

New device detected in network

32783

yes

4000005003

New device settings detected

32784

no

4000005004

IP address conflict detected

32785

yes

4000005005

Activity detected from device with Archived status

32786

no

4000005006

New IP address of device detected

32787

yes

4000005007

New MAC address of device detected

32788

yes

4000005010

MAC address added to device

32789

no

4000005008

IP address added to device

32790

no

4000005009

PLC Project Control: detected read of unknown block from PLC

32791

no

4000005200

PLC Project Control: detected read of known block from PLC

32792

no

4000005201

PLC Project Control: detected write of new block to PLC

32793

no

4000005202

PLC Project Control: detected write of known block to PLC

32794

no

4000005203

PLC Project Control: detected read of unknown project from PLC

32795

no

4000005204

PLC Project Control: detected read of known project from PLC

32796

no

4000005205

PLC Project Control: detected write of new project to PLC

32797

no

4000005206

PLC Project Control: detected write of known project to PLC

32798

no

4000005207

IP protocol anomaly detected: data conflict when assembling IP packet

32799

yes

4000005100

IP protocol anomaly detected: fragmented IP packet size exceeded

32800

yes

4000005101

IP protocol anomaly detected: the size of the initial fragment of the IP packet is less than expected

32801

yes

4000005102

IP protocol anomaly detected: mis-associated fragments

32802

yes

4000005103

Vulnerability detected

32803

yes

4000005300

Vulnerability information was modified

32804

no

4000005303

Correlation rule event registered

32805

Only events with the Critical severity level

8000000001

Event from an external system

32807

yes

4000005400

Page top