DoS
The DoS category contains events that are related to denial-of-service (DoS) attacks against services or hosts.
The following table describes the low-level event categories and associated severity levels for the DoS category.
| Low-level event category | Category ID | Description | Severity level (0 - 10) |
|---|---|---|---|
| Unknown DoS Attack | 2001 | Indicates an unknown DoS attack. | 8 |
| ICMP DoS | 2002 | Indicates an ICMP DoS attack. | 9 |
| TCP DoS | 2003 | Indicates a TCP DoS attack. | 9 |
| UDP DoS | 2004 | Indicates a UDP DoS attack. | 9 |
| DNS Service DoS | 2005 | Indicates a DNS service DoS attack. | 8 |
| Web Service DoS | 2006 | Indicates a web service DoS attack. | 8 |
| Mail Service DoS | 2007 | Indicates a mail server DoS attack. | 8 |
| Distributed DoS | 2008 | Indicates a distributed DoS attack. | 9 |
| Misc DoS | 2009 | Indicates a miscellaneous DoS attack. | 8 |
| UNIX DoS | 2010 | Indicates a UNIX DoS attack. | 8 |
| Windows DoS | 2011 | Indicates a Windows DoS attack. | 8 |
| Database DoS | 2012 | Indicates a database DoS attack. | 8 |
| FTP DoS | 2013 | Indicates an FTP DoS attack. | 8 |
| Infrastructure DoS | 2014 | Indicates a DoS attack on the infrastructure. | 8 |
| Telnet DoS | 2015 | Indicates a Telnet DoS attack. | 8 |
| Brute Force Login | 2016 | Indicates access to your system through unauthorized methods. | 8 |
| High Rate TCP DoS | 2017 | Indicates a high rate TCP DoS attack. | 8 |
| High Rate UDP DoS | 2018 | Indicates a high rate UDP DoS attack. | 8 |
| High Rate ICMP DoS | 2019 | Indicates a high rate ICMP DoS attack. | 8 |
| High Rate DoS | 2020 | Indicates a high rate DoS attack. | 8 |
| Medium Rate TCP DoS | 2021 | Indicates a medium rate TCP attack. | 8 |
| Medium Rate UDP DoS | 2022 | Indicates a medium rate UDP attack. | 8 |
| Medium Rate ICMP DoS | 2023 | Indicates a medium rate ICMP attack. | 8 |
| Medium Rate DoS | 2024 | Indicates a medium rate DoS attack. | 8 |
| Low Rate TCP DoS | 2025 | Indicates a low rate TCP DoS attack. | 8 |
| Low Rate UDP DoS | 2026 | Indicates a low rate UDP DoS attack. | 8 |
| Low Rate ICMP DoS | 2027 | Indicates a low rate ICMP DoS attack. | 8 |
| Low Rate DoS | 2028 | Indicates a low rate DoS attack. | 8 |
| Distributed High Rate TCP DoS | 2029 | Indicates a distributed high rate TCP DoS attack. | 8 |
| Distributed High Rate UDP DoS | 2030 | Indicates a distributed high rate UDP DoS attack. | 8 |
| Distributed High Rate ICMP DoS | 2031 | Indicates a distributed high rate ICMP DoS attack. | 8 |
| Distributed High Rate DoS | 2032 | Indicates a distributed high rate DoS attack. | 8 |
| Distributed Medium Rate TCP DoS | 2033 | Indicates a distributed medium rate TCP DoS attack. | 8 |
| Distributed Medium Rate UDP DoS | 2034 | Indicates a distributed medium rate UDP DoS attack. | 8 |
| Distributed Medium Rate ICMP DoS | 2035 | Indicates a distributed medium rate ICMP DoS attack. | 8 |
| Distributed Medium Rate DoS | 2036 | Indicates a distributed medium rate DoS attack. | 8 |
| Distributed Low Rate TCP DoS | 2037 | Indicates a distributed low rate TCP DoS attack. | 8 |
| Distributed Low Rate UDP DoS | 2038 | Indicates a distributed low rate UDP DoS attack. | 8 |
| Distributed Low Rate ICMP DoS | 2039 | Indicates a distributed low rate ICMP DoS attack. | 8 |
| Distributed Low Rate DoS | 2040 | Indicates a distributed low rate DoS attack. | 8 |
| High Rate TCP Scan | 2041 | Indicates a high rate TCP scan. | 8 |
| High Rate UDP Scan | 2042 | Indicates a high rate UDP scan. | 8 |
| High Rate ICMP Scan | 2043 | Indicates a high rate ICMP scan. | 8 |
| High Rate Scan | 2044 | Indicates a high rate scan. | 8 |
| Medium Rate TCP Scan | 2045 | Indicates a medium rate TCP scan. | 8 |
| Medium Rate UDP Scan | 2046 | Indicates a medium rate UDP scan. | 8 |
| Medium Rate ICMP Scan | 2047 | Indicates a medium rate ICMP scan. | 8 |
| Medium Rate Scan | 2048 | Indicates a medium rate scan. | 8 |
| Low Rate TCP Scan | 2049 | Indicates a low rate TCP scan. | 8 |
| Low Rate UDP Scan | 2050 | Indicates a low rate UDP scan. | 8 |
| Low Rate ICMP Scan | 2051 | Indicates a low rate ICMP scan. | 8 |
| Low Rate Scan | 2052 | Indicates a low rate scan. | 8 |
| VoIP DoS | 2053 | Indicates a VoIP DoS attack. | 8 |
| Flood | 2054 | Indicates a Flood attack. | 8 |
| TCP Flood | 2055 | Indicates a TCP flood attack. | 8 |
| UDP Flood | 2056 | Indicates a UDP flood attack. | 8 |
| ICMP Flood | 2057 | Indicates an ICMP flood attack. | 8 |
| SYN Flood | 2058 | Indicates a SYN flood attack. | 8 |
| URG Flood | 2059 | Indicates a flood attack with the urgent (URG) flag on. | 8 |
| SYN URG Flood | 2060 | Indicates a SYN flood attack with the urgent (URG) flag on. | 8 |
| SYN FIN Flood | 2061 | Indicates a SYN FIN flood attack. | 8 |
| SYN ACK Flood | 2062 | Indicates a SYN ACK flood attack. | 8 |