System event types based on Endpoint Protection Platform

4000005500

Activity specific for network attacks

The integration server received data indicating that the Network Threat Protection component of the EPP application was triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005501

Connection of an untrusted external device

The integration server received data indicating that the Device Control component of the EPP application was triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005502

Attempt to run an unauthorized or untrusted application

The integration server received data indicating that the Application Launch Control component of the EPP application was triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005503

Prohibited file operation in the specified monitoring scope

The integration server received data indicating that the File Integrity Monitor component of the EPP application was triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005504

Files in the specified monitoring scope are modified

The integration server received data indicating that the Baseline File Integrity Monitor component of the EPP application was triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005505

Network connection not allowed by firewall rules

The integration server received data indicating that the Firewall Management component of the EPP application was triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005506

System registry modifications in the specified monitoring scope

The integration server received data indicating that the Registry Access Monitor component of the EPP application is triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005507

Log analysis rule is triggered

The integration server received data indicating that a rule of the Log Inspection component of the EPP application was triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005508

Attempt to exploit a vulnerability in a protected process

The integration server received data indicating that the Exploit Prevention component of the EPP application is triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005509

Attempt to maliciously encrypt network file resources

The integration server received data indicating that the Anti-Cryptor component of the EPP application was triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005510

Attempt to connect to a Wi-Fi network

The integration server received data indicating that the Wi-Fi Control component of the EPP application was triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005511

PLC project was modified compared to the baseline

The integration server received data indicating that the PLC Project Control component of the EPP application was triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.

4000005512

Infected or probably infected object is detected

The integration server received data indicating that the Real-Time File Protection component of the EPP application was triggered.

The event type description uses the variable $epp_event_description for data from the EPP application.