Potential Exploit
The potential exploit category contains events that are related to potential application exploits and buffer overflow attempts.
The following table describes the low-level event categories and associated severity levels for the potential exploit category.
| Low-level event category | Category ID | Description | Severity level (0 - 10) |
|---|---|---|---|
| Unknown Potential Exploit Attack | 13001 | Indicates that a potential exploitative attack was detected. | 7 |
| Potential Buffer Overflow | 13002 | Indicates that a potential buffer overflow was detected. | 7 |
| Potential DNS Exploit | 13003 | Indicates that a potentially exploitative attack through the DNS server was detected. | 7 |
| Potential Telnet Exploit | 13004 | Indicates that a potentially exploitative attack through Telnet was detected. | 7 |
| Potential Linux® Exploit | 13005 | Indicates that a potentially exploitative attack through Linux was detected. | 7 |
| Potential UNIX Exploit | 13006 | Indicates that a potentially exploitative attack through UNIX was detected. | 7 |
| Potential Windows Exploit | 13007 | Indicates that a potentially exploitative attack through Windows was detected. | 7 |
| Potential Mail Exploit | 13008 | Indicates that a potentially exploitative attack through mail was detected. | 7 |
| Potential Infrastructure Exploit | 13009 | Indicates that a potential exploitative attack on the system infrastructure was detected. | 7 |
| Potential Misc Exploit | 13010 | Indicates that a potentially exploitative attack was detected. | 7 |
| Potential Web Exploit | 13011 | Indicates that a potentially exploitative attack through the web was detected. | 7 |
| Potential Botnet Connection | 13012 | Indicates a potentially exploitative attack that uses botnet was detected. | 6 |
| Potential Worm Activity | 13013 | Indicates a potential attack that uses worm activity was detected. | 6 |