A fixed set of event types are used for receiving events of Kaspersky Industrial CyberSecurity for Networks in Kaspersky Security Center. The event types in Kaspersky Security Center correspond to the specific event types in Kaspersky Industrial CyberSecurity for Networks and can be registered as Kaspersky Security Center incidents depending on the severities of the events (see the figure below).
Types of events in Kaspersky Security Center for receiving events of Kaspersky Industrial CyberSecurity for Networks
Displayed name of the event type |
Code of the event type in Kaspersky Security Center |
Registration as a Kaspersky Security Center incident |
Corresponding event type code in Kaspersky Industrial CyberSecurity for Networks |
|---|---|---|---|
Maximum number of reported events reached |
32769 |
yes, with the Warning severity level |
– |
Test event (DPI) |
32770 |
no |
4000000001 |
Test event (NIC) |
32771 |
no |
4000000002 |
Test event (IDS) |
32772 |
no |
4000000003 |
Test event (AM) |
32773 |
no |
4000000004 |
Unauthorized network interaction detected |
32774 |
no |
4000002601 |
System command detected |
32775 |
Only events with the Critical severity level |
4000002602 |
No traffic at monitoring point |
32776 |
no |
4000002700 |
TCP protocol anomaly detected: content substitution in overlapping TCP segments |
32777 |
no |
4000002701 |
Process Control rule violation |
32778 |
Only events with the Critical severity level |
4000002900 |
Intrusion Detection rule from the system set of rules was triggered |
32779 |
no |
4000003000 |
Intrusion Detection rule from the user-defined rule set was triggered |
32780 |
no |
4000003001 |
Symptoms of ARP spoofing detected in ARP replies |
32781 |
yes |
4000004001 |
Symptoms of ARP spoofing detected in ARP requests |
32782 |
yes |
4000004002 |
New device detected on network |
32783 |
yes |
4000005003 |
New device settings detected |
32784 |
no |
4000005004 |
IP address conflict detected |
32785 |
yes |
4000005005 |
Activity detected from device with Archived status |
32786 |
no |
4000005006 |
New IP address of device detected |
32787 |
yes |
4000005007 |
New MAC address of device detected |
32788 |
yes |
4000005010 |
MAC address added to device |
32789 |
no |
4000005008 |
IP address added to device |
32790 |
no |
4000005009 |
PLC Project Control: detected read of unknown block from PLC |
32791 |
no |
4000005200 |
PLC Project Control: detected read of known block from PLC |
32792 |
no |
4000005201 |
PLC Project Control: detected write of new block to PLC |
32793 |
no |
4000005202 |
PLC Project Control: detected write of known block to PLC |
32794 |
no |
4000005203 |
PLC Project Control: detected read of unknown project from PLC |
32795 |
no |
4000005204 |
PLC Project Control: detected read of known project from PLC |
32796 |
no |
4000005205 |
PLC Project Control: detected write of new project to PLC |
32797 |
no |
4000005206 |
PLC Project Control: detected write of known project to PLC |
32798 |
no |
4000005207 |
IP protocol anomaly detected: data conflict when assembling IP packet |
32799 |
no |
4000005100 |
IP protocol anomaly detected: fragmented IP packet size exceeded |
32800 |
no |
4000005101 |
IP protocol anomaly detected: the size of the initial fragment of the IP packet is less than expected |
32801 |
no |
4000005102 |
IP protocol anomaly detected: mis-associated fragments |
32802 |
no |
4000005103 |
Correlation rule event registered |
32803 |
Only events with the Critical severity level |
8000000001 |
User event based on External technology |
32804 |
Only events with the Critical severity level |
4000005400 |
Different MAC address of device detected in data received from EPP application |
32805 |
yes |
4000005011 |
New address information of device detected in data received from EPP application |
32806 |
yes |
4000005012 |
Conflict detected in device addresses after data received from EPP application |
32807 |
yes |
4000005013 |
Subnet added based on data from EPP application |
32808 |
yes |
4000005014 |