A fixed set of event types are used for receiving events of Kaspersky Industrial CyberSecurity for Networks in Kaspersky Security Center. The event types in Kaspersky Security Center correspond to the specific event types in Kaspersky Industrial CyberSecurity for Networks and can be registered as Kaspersky Security Center incidents depending on the severities of the events (see the figure below).
Event types in Kaspersky Security Center for receiving events of Kaspersky Industrial CyberSecurity for Networks
Displayed name of the event type |
Code of the event type in Kaspersky Security Center |
Registration as a Kaspersky Security Center incident |
Corresponding event type code in Kaspersky Industrial CyberSecurity for Networks |
---|---|---|---|
Maximum number of reported events reached |
32769 |
yes, with the Warning severity level |
– |
Test event (DPI) |
32770 |
no |
4000000001 |
Test event (NIC) |
32771 |
no |
4000000002 |
Test event (IDS) |
32772 |
no |
4000000003 |
Test event (AM) |
32773 |
no |
4000000004 |
Unauthorized network interaction detected |
32774 |
no |
4000002601 |
System command detected |
32775 |
Only events with a Critical severity level |
4000002602 |
No traffic at monitoring point |
32776 |
no |
4000002700 |
TCP protocol anomaly detected: content substitution in overlapping TCP segments |
32777 |
no |
4000002701 |
Process Control rule violation |
32778 |
Only events with a Critical severity level |
4000002900 |
Intrusion Detection rule from the system set of rules triggered |
32779 |
no |
4000003000 |
Intrusion Detection rule from the user-defined rule set triggered |
32780 |
no |
4000003001 |
Symptoms of ARP spoofing detected in ARP replies |
32781 |
yes |
4000004001 |
Symptoms of ARP spoofing detected in ARP requests |
32782 |
yes |
4000004002 |
New device detected on network |
32783 |
yes |
4000005003 |
New device settings detected |
32784 |
no |
4000005004 |
IP address conflict detected |
32785 |
yes |
4000005005 |
Activity detected from device with Archived status |
32786 |
no |
4000005006 |
New device IP address detected |
32787 |
yes |
4000005007 |
New device MAC address detected |
32788 |
yes |
4000005010 |
MAC address added to the device |
32789 |
no |
4000005008 |
IP address added to the device |
32790 |
no |
4000005009 |
PLC Project Control: detected reading of unknown block from PLC |
32791 |
no |
4000005200 |
PLC Project Control: detected reading of known block from PLC |
32792 |
no |
4000005201 |
PLC Project Control: detected writing of new block to PLC |
32793 |
no |
4000005202 |
PLC Project Control: detected writing of known block to PLC |
32794 |
no |
4000005203 |
PLC Project Control: detected reading of unknown project from PLC |
32795 |
no |
4000005204 |
PLC Project Control: detected reading of known project from PLC |
32796 |
no |
4000005205 |
PLC Project Control: detected writing of new project to PLC |
32797 |
no |
4000005206 |
PLC Project Control: detected writing of known project to PLC |
32798 |
no |
4000005207 |
IP protocol anomaly detected: data conflict when assembling IP packet |
32799 |
no |
4000005100 |
IP protocol anomaly detected: fragmented IP packet size exceeded |
32800 |
no |
4000005101 |
IP protocol anomaly detected: the size of the initial fragment of the IP packet is less than expected |
32801 |
no |
4000005102 |
IP protocol anomaly detected: mis-associated fragments |
32802 |
no |
4000005103 |
Correlation rule event registered |
32803 |
Only events with a Critical severity level |
8000000001 |
Event from external system |
32804 |
Only events with a Critical severity level |
4000005400 |
Different MAC address for a device is found in data received from EPP application |
32805 |
yes |
4000005011 |
New address information for a device is found in data received from EPP application |
32806 |
yes |
4000005012 |
Conflict detected in device addresses after receiving data from EPP application |
32807 |
yes |
4000005013 |
Subnet added based on data from EPP application |
32808 |
yes |
4000005014 |
Device equipment change detected |
32809 |
no |
4000005015 |