Access
The access category contains authentication and access controls that are used for monitoring network events.
The following table describes the low-level event categories and associated severity levels for the access category.
| Low-level event category | Category ID | Description | Severity level (0 - 10) |
|---|---|---|---|
| Unknown Network Communication Event | 4001 | Indicates an unknown network communication event. | 3 |
| Firewall Permit | 4002 | Indicates that access to the firewall was allowed. | 0 |
| Firewall Deny | 4003 | Indicates that access to the firewall was denied. | 4 |
| Flow Context Response (QRadar SIEM only) | 4004 | Indicates events from the Classification Engine in response to a SIM request. | 5 |
| Misc Network Communication Event | 4005 | Indicates a miscellaneous communications event. | 3 |
| IPS Deny | 4006 | Indicates Intrusion Prevention Systems (IPS) denied traffic. | 4 |
| Firewall Session Opened | 4007 | Indicates that the firewall session was opened. | 0 |
| Firewall Session Closed | 4008 | Indicates that the firewall session was closed. | 0 |
| Dynamic Address Translation Successful | 4009 | Indicates that dynamic address translation was successful. | 0 |
| No Translation Group Found | 4010 | Indicates that no translation group was found. | 2 |
| Misc Authorization | 4011 | Indicates that access was granted to a miscellaneous authentication server. | 2 |
| ACL Permit | 4012 | Indicates that an Access Control List (ACL) allowed access. | 0 |
| ACL Deny | 4013 | Indicates that an Access Control List (ACL) denied access. | 4 |
| Access Permitted | 4014 | Indicates that access was allowed. | 0 |
| Access Denied | 4015 | Indicates that access was denied. | 4 |
| Session Opened | 4016 | Indicates that a session was opened. | 1 |
| Session Closed | 4017 | Indicates that a session was closed. | 1 |
| Session Reset | 4018 | Indicates that a session was reset. | 3 |
| Session Terminated | 4019 | Indicates that a session was allowed. | 4 |
| Session Denied | 4020 | Indicates that a session was denied. | 5 |
| Session in Progress | 4021 | Indicates that a session is in progress. | 1 |
| Session Delayed | 4022 | Indicates that a session was delayed. | 3 |
| Session Queued | 4023 | Indicates that a session was queued. | 1 |
| Session Inbound | 4024 | Indicates that a session is inbound. | 1 |
| Session Outbound | 4025 | Indicates that a session is outbound. | 1 |
| Unauthorized Access Attempt | 4026 | Indicates that an unauthorized access attempt was detected. | 6 |
| Misc Application Action Allowed | 4027 | Indicates that an application action was allowed. | 1 |
| Misc Application Action Denied | 4028 | Indicates that an application action was denied. | 3 |
| Database Action Allowed | 4029 | Indicates that a database action was allowed. | 1 |
| Database Action Denied | 4030 | Indicates that a database action was denied. | 3 |
| FTP Action Allowed | 4031 | Indicates that an FTP action was allowed. | 1 |
| FTP Action Denied | 4032 | Indicates that an FTP action was denied. | 3 |
| Object Cached | 4033 | Indicates that an object was cached. | 1 |
| Object Not Cached | 4034 | Indicates that an object was not cached. | 1 |
| Rate Limiting | 4035 | Indicates that the network rate-limits traffic. | 4 |
| No Rate Limiting | 4036 | Indicates that the network does not rate-limit traffic. | 0 |
| P11 Access Permitted | 4037 | Indicates that P11 access is permitted. | 8 |
| P11 Access Denied | 4038 | Indicates that P11 access was attempted and denied. | 8 |
| IPS Permit | 4039 | Indicates an IPS permit. | 0 |