ArcSight Specific Device Event Class IDs€¦ · ArcSight Specific Device Event Class IDs DeviceEventClassId Description Object Behavior Technique Device Group Significance Outcome

ArcSight Specific Device Event Class IDs DeviceEventClassId

Description Object Behavior Technique Device Group Significance Outcome

#rule:100 RULE_FIRE Host/Application Execute/Query Nothing Application Normal Success

PROFILE:001 PATTERNDISCOVERYRUN_STARTED Host/Application/Service Execute/Query Nothing Application Informational Attempt

PROFILE:002 PATTERNDISCOVERYRUN_FINISHED Host/Application/Service Execute/Query Application Informational Success

activelist:101 ACTIVE_LIST_ADD An entry was added to an

Active List Host/Application Modify/Configuration Nothing Application Normal Success

activelist:102 ACTIVE_LIST_REMOVE An entry was removed

from an Active List Host/Application Modify/Configuration Nothing Application Normal Success

activelist:103 ACTIVE_LIST_UPDATE An entry was changed

in an Active List Host/Application Modify/Configuration Nothing Application Normal Success

activelist:104

ACTIVE_LIST_EXPIRE An entry was removed

from an Active List because the last update to the

value was older than the expiration period

Host/Application Modify/Configuration Application Informational Success

activelist:105 ACTIVE_LIST_EVICT Host/Resource Check/Resource Application Informational/Alert Success

actor:100 ACTOR_DELETE Nothing Nothing Nothing Nothing Nothing Nothing

actor:102 ACTOR_ADD Nothing Nothing Nothing Nothing Nothing Nothing

actor:110 ACTOR_SINGLE_VALUE_UPDATE Nothing Nothing Nothing Nothing Nothing Nothing

actor:111 ACTOR_MULTI_VALUE_ADD Nothing Nothing Nothing Nothing Nothing Nothing

actor:112 ACTOR_MULTI_VALUE_DELETE Nothing Nothing Nothing Nothing Nothing Nothing

agent:000 AGENT Host/Application Nothing Nothing Application Normal Nothing

agent:001 Agent Connection Host/Application Access/Start Nothing Application Normal Success

agent:002 Agent Reconnected Host/Application Access/Start Nothing Application Informational Success

agent:003 Agent Zombie Host/Application Execute Nothing Application Informational/Error Failure

agent:004 Agent Disconnect Host/Application Access/Stop Nothing Application Informational Success

agent:006 Unknown Agent Attempted to Connect Host/Application Access/Start Nothing Application Suspicious Attempt

agent:007 AGENT_REGISTRATION_SUCCESS Agent was

successfully registered with Manager Host/Application Access Nothing Application Normal Success

agent:008 AGENT_REGISTRATION_FAILURE Agent was

not successfully registered with Manager Host/Application Access Nothing Application Informational/Error Failure



agent:009

AGENT_CONNECTION_REFUSED Manager

rejected a connection attempt from an Agent for

reasons other than authentication failure

Host/Application Access Nothing Application Informational/Error Failure

agent:010 AGENT_UPGRADE_SUCCESS Agent upgrade

succeeded Host/Application Modify/Content Nothing Application Normal Success

agent:011 AGENT_UPGRADE_FAILURE Agent upgrade

failed Host/Application Modify/Content Nothing Application Informational/Error Failure

agent:012

AGENT_TIME_DEVICE_FAILURE Agent

detected source events from a sensor device

containing incorrect time stamps

Host/Application Execute/Response Application Informational/Warn

ing Success

agent:013 AGENT_DEVICE_FOUND Agent noted that a

new sensor device is sending events Host/Application Communicate/Query Nothing Application Normal Success

agent:014

AGENT_SYSLOG_AGGREGATION_FAILURE

Agent could not find a base event referenced in a

syslog aggregate event

Host/Application Execute/Query Nothing Application Informational/Error Failure

agent:015 AGENT_CONNECTION_DEVICE_FAILURE

Agent could not connect to the sensor device's log Host/Application Access/Start Nothing Application Informational/Error Failure

agent:016

AGENT_CONNECTION_DEVICE_SUCCESS

Agent successfully connected to the sensor

device's log

Host/Application Access/Start Nothing Application Normal Success

agent:017 AGENT_COMMAND_SUCCESS Agent

successfully executed a command Host/Application Execute/Query Application Normal Success

agent:018 AGENT_COMMAND_FAILURE Agent could

not execute a command Host/Application Execute/Query Application Informational/Error Failure

agent:019

AGENT_CACHE_CACHING Agent is caching

events because they could not be immediately

transmitted to the Manager


ing Success

agent:020 AGENT_CACHE_EMPTY Agent has emptied its

cache of events Host/Application/Service Execute/Response Nothing Application Normal Success

agent:021 AGENT_NTCOLLECTOR_ERROR Agent could

not communicate with an NT collector sensor Host/Application Communicate/Query Nothing Application Informational/Error Failure



agent:022 AGENT_CONFIGURATION_FAILURE Agent

could not process a reconfiguration request Host/Application Modify/Configuration Nothing Application Informational/Error Failure

agent:023 AGENT_CHECKPOINT_ERROR Agent could

not communicate with a CheckPoint sensor Host/Application Execute Nothing Application Informational/Error Failure

agent:024 AGENT_CHECKPOINT_WARN Agent is having

difficulty communicating with CheckPoint Host/Application Execute Nothing Application

Informational/Warn

ing Failure

agent:025 AGENT_UPDATE_SUCCESS Agent content was

successfully updated Host/Application Modify/Configuration Nothing Application Normal Success

agent:026 AGENT_UPDATE_FAILURE Agent content

update failed Host/Application Modify/Configuration Nothing Application Informational/Error Failure

agent:027 AGENT_ACS_ERROR Host/Application/Service Execute/Query Nothing Application Informational/Error Failure

agent:028 AGENT_UNEXPECTED_ERROR Agent

experienced an unexpected problem Host/Application/Service Execute/Query Nothing Application Informational/Error Failure

agent:029 AGENT_CACHE_DROPPED Agent was forced

to drop some of its cached data Host/Resource Execute/Query Nothing Application

Informational/Warn

ing Failure

agent:030 AGENT_STARTED Agent started Host/Application/Service Execute/Start Nothing Application Normal Success

agent:031 AGENT_SHUTTINGDOWN Agent shutdown Host/Application/Service Execute/Stop Nothing Application Normal Success

agent:032 AGENT_CONFIGURATION_CHANGED Agent

configuration was successfully changed Host/Application/Service Modify/Configuration Nothing Application Informational Success

agent:033

AGENT_DATABASE_PASSWORD_CHANGE

D The password used by an Agent to access a

database has changed

Host/Application Authentication/Modif

y Application Informational Success

agent:034 AGENT_DEVICE_UPDATED The Agent has

been directed to monitor a different device (sensor) Host/Application Modify/Configuration Application Informational Success

agent:035

AGENT_TIME_FAILURE The Agent has

detected event time stamps that fall outside the

valid range


ing Success

agent:036 AGENT_UPGRADE_STARTED Host/Application Modify/Content Application Informational Attempt

agent:037 AGENT_UPGRADE_ROLLBACK_STARTED Host/Application Modify/Content Application Informational Attempt

agent:038 AGENT_UPGRADE_ROLLBACK_SUCCESS Host/Application Modify/Content Application Informational Success



agent:039 AGENT_UPGRADE_ROLLBACK_FAILURE Host/Application Modify/Content Application Informational/Error Failure

agent:040

AGENT_INTEGRITY These warn about

incoming non-internal events that have no raw

event data. If the user does want to protect his

event integrity, then these alerts should be given

attention since they probably imply that a

Connector has been improperly written such that

events are being generated without raw event data


ing Success

agent:041 AGENT_COMMAND_SENTTOAGENT Host/Application Communicate/Query Application Informational Success

agent:050 Nothing Nothing Nothing Nothing Nothing Nothing

agent:100 AGENT_CONNECTION Host/Application Access Nothing Application Normal Attempt

agent:101 AGENT_CONNECTION_ESTABLISH Agent has

just connected to Manager Host/Application Access Nothing Application Normal Success

agent:102 AGENT_CONNECTION_ZOMBIE Agent is

sending events but no heartbeats Host/Application Communicate/Query Application Informational/Error Failure

agent:103 AGENT_CONNECTION_DROP Agent is sending

neither events nor heartbeats Host/Application Communicate/Query Application Informational/Alert Failure

agent:104

AGENT_CONNECTION_UNKNOWN_AGENT

an unknown Agent attempted to connect to the

Manager

Host/Application Access Nothing Application Informational/Error Failure

agent:105

AGENT_CONNECTION_ID_MISMATCH an

Agent presented an incorrect shared secret when

authenticating

Host/Application Communicate/Query Nothing Application Informational/Error Failure

agent:106 AGENT_SIDETABLE_OVERFLOW Host/Resource Check/Resource Application Informational/Warn

ing Failure

agent:107 AGENT_SIDETABLE_OVERFLOW_DETECTE

D_ON_AGENT_SIDE Host/Resource Check/Resource Application

Informational/Warn

ing Failure

agent:108 AGENT_CONNECTION_BLACKLISTED_AGE

NT Host/Application Communicate/Query Application

Informational/Warn

ing Attempt

assetaging:000 ASSET_AGING Host/Application/Service Execute/Response Application Informational Success

assetaging:100 ASSET_AGING_DISABLED Host/Application/Service Modify/Configuration Application Informational Success



assetaging:101 ASSET_AGING_DELETED Nothing Nothing Nothing Nothing Nothing Nothing

authentication:000 AUTHENTICATION Host/Application Authentication Nothing Application Normal Attempt

authentication:100 AUTHENTICATION_LOGIN Successful client

login Host/Application Authentication/Verify Nothing Application Normal Success

authentication:101 AUTHENTICATION_LOGIN_FAIL Failed client

login Host/Application Authentication/Verify Nothing Application

Informational/Warn

ing Failure

authentication:102 AUTHENTICATION_LOGOUT Client logout Host/Application Access/Stop Nothing Application Normal Success

authentication:103 AUTHENTICATION_LOGOUT_TIME Client

timed out due to inactivity Host/Application Access/Stop Nothing Application Normal Success

authentication:104

AUTHENTICATION_LOGIN_EXCESSIVE_FAI

LURES Client suffered too many login failures

within a short time period

Host/Application Authentication/Modif

y Application

Informational/Warn

ing Success

authentication:105 AUTHENTICATION_NON_FIPS_USER Host/Application Authentication/Verify Application Informational/Warn

ing Failure

authentication:200 AUTHENTICATION_AGENT Successful Agent

authentication Host/Application Authentication/Verify Nothing Application Normal Success

authentication:201 AUTHENTICATION_AGENT_FAIL Agent

authentication failed Host/Application Authentication/Verify Nothing Application

Informational/Warn

ing Failure

authentication:202 AUTHENTICATION_NON_FIPS_AGENT Host/Application Authentication/Verify Application Informational/Warn

ing Failure

authentication:203 AUTHENTICATION_ARCHIVE_AGENT_FAIL Host/Application/Service Execute/Query Application Informational/Error Failure

authentication:300 AUTHENTICATION_CLIENT_REFUSED Client

failed to authenticate successfully Host/Application Authentication/Verify Application

Informational/Warn

ing Failure

authorization:100 AUTHORIZATION_SERVICE_REFUSED

Manager refused to authorize client Host/Application Authentication/Verify Nothing Application

Informational/Warn

ing Failure

authorization:101

it gets sent whenever a client attempts an XML

RPC call, but the manager no longer knows about

the session.

Host/Resource Access/Start Nothing Application Compromise/Confi

dentiality Attempt

buffer:001 BUFFER_OVERFILL A buffer overflowed Host/Resource Check/Resource Nothing Application Informational/Warn

ing Failure



cache:000 CACHE Host/Resource Application

cache:100 CACHE_OVERFLOW Host/Resource Check/Resource Application Informational/Warn

ing Failure

capsmanager:000 CAPS_MANAGER_ABORT The memory usage

manager has deactivated a configuration resource Host/Application Execute/Query Application Informational/Alert Success

capsmanager:001

The memory usage manager has asked a

configuration resource to reduce its memory usage

The memory usage manager has asked a

configuration resource to reduce its memory usage

Host/Application Execute/Query Application Informational/Warn

ing Success

capsmanager:100 CAPS_MANAGER_REDUCE Host/Application Execute/Query Application Informational/Warn

ing Success

channel:001 CHANNEL_ATTACHED An Active Channel was

opened Host/Application Execute/Query Nothing Application Normal Success

channel:002 CHANNEL_EMPTY An empty Active Channel

was opened Host/Application

Communicate/Respon

se Nothing Application Informational Success

channel:003 CHANNEL_QUERY_COMPLETED The initial

query for an Active Channel has completed. Host/Application Execute/Query Application Informational Success

channel:004 CHANNEL_QUERY_SLOW Host/Application Execute/Response Application Informational Success

cpu:100 Global CPU Linux /Monitor/CPU/Usage /proc/stat Host/Application Execute/Response Application Informational Success

cpu:101 Per CPU Linux /Monitor/CPUn/Usage /proc/stat Host/Application Execute/Response Application Informational Success

dashboard:001

DASHBOARD_ATTACHED Generated the first

time a client begins requesting data from each Data

Monitor

Host/Application Execute/Query Nothing Application Normal Success

database:000 DATABASE Host/Application/Database Nothing Nothing Application Normal Nothing

database:100 DATABASE_TABLESPACE_LOW Database

tablespace is low and will be deactivated Host/Application/Database Check/Resource Nothing Application Informational/Alert Failure

database:101 DATABASE_ERROR_FATAL Database has

generated a fatal error and will be deactivated Host/Application/Database Execute Nothing Application Informational/Alert Failure

database:102 DATABASE_REACTIVATED Database has been

reactivated Host/Application/Database Execute/Start Nothing Application Normal Success



database:103

DATABASE_TABLESPACE_AVALIABLE

Database has more tablespace available after

detecting a low tablespace condition

Host/Application/Database Check/Resource Application Informational Success

database:104 DATABASE_EVENT_DISCARDED Host/Application/Database/Data Delete Application Informational Success

datamonitor:000 DATA_MONITOR Host/Application Nothing Nothing

Security

Information

Manager

Informational Nothing

datamonitor:100 DATA_MONITOR_MOVING_AVERAGE Host/Application Execute/Response Nothing

Security

Information

Manager

Informational Success

datamonitor:101 DATA_MONITOR_MOVING_AVERAGE_THR

ESHOLD Host/Application Execute/Response Nothing

Security

Information

Manager


datamonitor:102

DATA_MONITOR_MOVING_AVERAGE_THR

ESHOLD_FALLING Moving Average Data

Monitor detected a rapidly falling moving average

Host/Application Execute/Response Nothing

Security

Information

Manager


datamonitor:103

DATA_MONITOR_MOVING_AVERAGE_THR

ESHOLD_RISING Moving Average Data Monitor

detected a rapidly rising moving average


Security

Information

Manager


datamonitor:104

DATA_MONITOR_MOVING_AVERAGE_STA

TUS Moving Average Data Monitor reporting the

current moving average


Security

Information

Manager


datamonitor:105

DATA_MONITOR_MOVING_AVERAGE_VAL

UE_ADD Moving Average Data Monitor started

tracking a new key value

Host/Application Execute/Response

Security

Information

Manager


datamonitor:106

DATA_MONITOR_MOVING_AVERAGE_VAL

UE_REMOVE Moving Average Data Monitor

stopped tracking a key value


Security

Information

Manager


datamonitor:200 DATA_MONITOR_STATISTICS Statistical Data

Monitor reporting a change in status Host/Application Execute/Response Nothing

Security

Information

Manager




datamonitor:201

DATA_MONITOR_STATISTICS_VALUE_ADD

Statistical Data Monitor started tracking a new key

value


Security

Information

Manager


datamonitor:202

DATA_MONITOR_STATISTICS_VALUE_REM

OVE Statistical Data Monitor stopped tracking a

key value


Security

Information

Manager


datamonitor:300

DATA_MONITOR_CORRELATION Correlation

Data Monitor reporting a correlated or non-

correlated event


Security

Information

Manager


datamonitor:400 DATA_MONITOR_SET_VALUE State changed

in Last State Data Monitor Host/Application Execute/Query

Security

Information

Manager

Normal Success

datamonitor:401 DATA_MONITOR_SET_VALUE_USER State

changed manually in Last State Data Monitor Host/Application Execute/Query

Security

Information

Manager

Normal Success

datamonitor:402

DATA_MONITOR_REMOVE_VALUE_USER

Key value removed manually in Last State Data

Monitor


Security

Information

Manager


datamonitor:500 DATA_MONITOR_TOP_VALUE_COUNT Host/Application Execute/Response

Security

Information

Manager


datamonitor:501 DATA_MONITOR_TOP_VALUE_COUNT_VA

LUE_ADD Host/Application Execute/Response

Security

Information

Manager


datamonitor:502 DATA_MONITOR_TOP_VALUE_COUNT_VA

LUE_REMOVE Host/Application Execute/Response

Security

Information

Manager


disk:102 Per disk read Linux /Monitor/Disk/drive/Read

/proc/diskstats Host/Application Execute/Response Application Informational Success

disk:103 Per disk write Linux /Monitor/Disk/drive/Write

/proc/diskstats Host/Application Execute/Response Application Informational Success

domain:000 DOMAIN Host/Application Execute/Response Application Informational Success



domain:100 DOMAIN_OUT_OF_COLUMNS Host/Application/Service Execute/Response Application Informational/Error Success

domain:101 DOMAIN_AUTOGENERATED Nothing Nothing Nothing Nothing Nothing Nothing

domain:102 DOMAIN_FIELD_AUTOGENERATED Nothing Nothing Nothing Nothing Nothing Nothing

domain:103 DOMAIN_INVALID_URI Nothing Nothing Nothing Nothing Nothing Nothing

filestore:000 FILESTORE Nothing Nothing Nothing Nothing Nothing Nothing

filestore:100 FILESTORE_DROPPED_EVENT Host/Application/Service Execute/Query Application Informational Success

filestore:101 FILESTORE_EXCEEDED_BLOCKSIZE Host/Application/Service Execute/Response Application Success

group:100 Group delete Host/Application Authorization/Delete Application Informational Success

group:101 Group update Host/Application Authorization/Modify Application Informational Success

group:102 group add Host/Application Authorization/Add Application Informational Success

integrationcommand:

000 INTEGRATION_COMMAND Nothing Nothing Nothing Nothing Nothing Nothing

integrationcommand:

100 INTEGRATION_COMMAND_SUCCEEDED Nothing Nothing Nothing Nothing Nothing Nothing

integrationcommand:

101 INTEGRATION_COMMAND_FAILED Nothing Nothing Nothing Nothing Nothing Nothing

license:100 LICENSE_ASSETS_TOTAL_COUNT Host/Application/Service Execute/Response Application Informational Success

license:101 LICENSE_DEVICES_TOTAL_COUNT Host/Application/Service Execute/Response Application Informational Success

license:102 LICENSE_ACTORS_TOTAL_COUNT Host/Application/Service Execute/Response Application Informational Success

license:103 LICENSE_CONSOLE_USERS_TOTAL_COUN

T Host/Application/Service Execute/Response Application Informational Success

license:104 LICENSE_WEB_USERS_TOTAL_COUNT Host/Application/Service Execute/Response Application Informational Success

license:105 LICENSE_EPS_INCOMING_TOTAL_COUNT Host/Application/Service Execute/Response Application Informational Success

manager:000 MANAGER Host/Application Nothing Nothing Application Normal Nothing

manager:100 MANAGER_START Manager has started Host/Application Execute/Start Nothing Application Normal Success

manager:101 MANAGER_STOP A clean Manager shutdown

has been requested Host/Application Execute/Stop Application Informational Success



manager:200 MANAGER_EVENTFLOW_STOPPED Manager

has stopped the event flow Host/Application/Service Execute/Stop Nothing Application

Informational/Warn

ing Failure

manager:201 MANAGER_EVENTFLOW_RESTARTED

Manager has allowed the event flow to resume Host/Application/Service Execute/Start Nothing Application Normal Success

manager:202 MANAGER_SUBSYSTEM_OK A subsystem of

the Manager is functioning normally Host/Application Execute/Response Application Normal Success

manager:203

MANAGER_SUBSYSTEM_WARNING A

subsystem of the Manager has detected a possible

problem


ing Failure

manager:204

MANAGER_SUBSYSTEM_ERROR A

subsystem of the Manager has detected a

confirmed problem

Host/Application Execute/Query Application Informational/Error Failure

memory:100 Platform memory Linux

/Monitor/Memory/Usage/Platform /proc/meminfo Host/Resource/Memory Execute/Response Application Informational Success

memory:101 JVM memory (all) /Monitor/Memory/Usage/Jvm

MemoryMXBean Host/Application Execute/Response Application Informational Success

memory:102

Platform buffers memory Linux

/Monitor/Memory/Usage/Platform/Buffers

/proc/meminfo

Host/Application Execute/Response Application Informational Success

memory:103

Platform cached memory Linux

/Monitor/Memory/Usage/Platform/Cached

/proc/meminfo


memory:104

Platform free memory Linux

/Monitor/Memory/Usage/Platform/Free

/proc/meminfo


memory:105

JVM heap memory (all)

/Monitor/Memory/Usage/Jvm/Heap

MemoryMXBean


memory:106

JVM non-heap memory (all)

/Monitor/Memory/Usage/Jvm/NonHeap

MemoryMXBean


monitor:100 MONITOR_ACTIVE_CHANNELS_OPEN Host/Application Execute/Response Application Informational Success



monitor:101 MONITOR_DATAMONITORS_ACTIVE_PROB

ES Host/Application Execute/Response Application Informational Success

monitor:102 MONITOR_EVENT_BROKER_INSERT_TIME Host/Application Execute/Response Application Informational Success

monitor:103 MONITOR_EVENT_BROKER_LOAD Host/Application Execute/Response Application Informational Success

monitor:104 MONITOR_AGENTS_EVENTS_OUTPUT Host/Application Execute/Response Application Informational Success

monitor:105 MONITOR_AGENTS_EVENTS_INPUT Host/Application Execute/Response Application Informational Success

monitor:106 MONITOR_AGENTS_EVENTS_FILTERED Host/Application Execute/Response Application Informational Success

monitor:107 MONITOR_AGENTS_EVENTS_AGGREGATE

D Host/Application Execute/Response Application Informational Success

monitor:108 MONITOR_AGENTS_EPS Host/Application Execute/Response Application Informational Success

monitor:109 MONITOR_AGENTS_EPS_OUTPUT Host/Application Execute/Response Application Informational Success

monitor:110 MONITOR_AGENTS_EPS_INPUT Host/Application Execute/Response Application Informational Success

monitor:111 MONITOR_AGENTS_EPS_FILTERED Host/Application Execute/Response Application Informational Success

monitor:112 MONITOR_AGENTS_EPS_AGGREGATED Host/Application Execute/Response Application Informational Success

monitor:113 MONITOR_AGENTS_CACHE_SIZE Host/Resource/Memory Execute/Response Application Informational Success

monitor:114 MONITOR_ACTIVE_LISTS_ENTRIES Host/Application Execute/Response Application Informational Success

monitor:115 MONITOR_ACTIVE_LISTS_TEMPORARY_LI

STS Host/Application Execute/Response Application Informational Success

monitor:116 MONITOR_ACTIVE_LISTS_USAGE Host/Application Execute/Response Application Informational Success

monitor:117 MONITOR_ACTIVE_LISTS_ENTRY_PERCEN

T_USED Host/Application Execute/Response Application Informational Success


ST_COUNT Host/Application Execute/Response Application Informational Success


ST_ENTRY_COUNT Host/Application Execute/Response Application Informational Success

monitor:120 MONITOR_TOTAL_EVENTS_OUTPUT Host/Application Execute/Response Application Informational Success

monitor:121 MONITOR_TOTAL_EVENTS_INPUT Host/Application Execute/Response Application Informational Success

monitor:122 MONITOR_TOTAL_EVENTS_FILTERED Host/Application Execute/Response Application Informational Success



monitor:123 MONITOR_TOTAL_EVENTS_AGGREGATED Host/Application Execute/Response Application Informational Success

monitor:124 MONITOR_TOTAL_EPS Host/Application Execute/Response Application Informational Success

monitor:125 MONITOR_TOTAL_EPS_OUTPUT Host/Application Execute/Response Application Informational Success

monitor:126 MONITOR_TOTAL_EPS_INPUT Host/Application Execute/Response Application Informational Success

monitor:127 MONITOR_TOTAL_EPS_FILTERED Host/Application Execute/Response Application Informational Success

monitor:128 MONITOR_TOTAL_EPS_AGGREGATED Host/Application Execute/Response Application Informational Success

monitor:129 MONITOR_TOTAL_CACHE_SIZE Host/Resource/Memory Execute/Response Application Informational Success

monitor:130 MONITOR_REPORTS_RUNNING Host/Application Execute/Response Application Informational Success

monitor:131 MONITOR_REPORTS_RUNNING_QUERYING

_DB Host/Application Execute/Response Application Informational Success

monitor:132 MONITOR_REPORTS_RUNNING_RENDERIN

G Host/Application Execute/Response Application Informational Success

monitor:140 MONITOR_EVENT_BROKER_RETRIEVAL_TI

ME Host/Application Execute/Response Application Informational Success

monitor:141 MONITOR_TOTAL_EVENTS_OUTPUT Host/Application Execute/Response Application Informational Success

monitor:142 MONITOR_TOTAL_EVENTS_INPUT Host/Application Execute/Response Application Informational Success

monitor:143 MONITOR_TOTAL_EVENTS_FILTERED Host/Application Execute/Response Application Informational Success

monitor:144 MONITOR_TOTAL_EVENTS_AGGREGATED Host/Application Execute/Response Application Informational Success

monitor:145 MONITOR_TOTAL_EPS Host/Application Execute/Response Application Informational Success

monitor:146 MONITOR_TOTAL_EPS_OUTPUT Host/Application Execute/Response Application Informational Success

monitor:147 MONITOR_TOTAL_EPS_INPUT Host/Application Execute/Response Application Informational Success

monitor:148 MONITOR_TOTAL_EPS_FILTERED Host/Application Execute/Response Application Informational Success

monitor:149 MONITOR_TOTAL_EPS_AGGREGATED Host/Application Execute/Response Application Informational Success

monitor:150 MONITOR_TOTAL_CACHE_SIZE Host/Resource/Memory Execute/Response Application Informational Success

monitor:151 MONITOR_RULES_TOTAL_EVENT_COUNT Host/Application Execute/Response Application Informational Success

monitor:152 MONITOR_RULES_INSERTED_EVENT_COU

NT Host/Application Execute/Response Application Informational Success



monitor:153 MONITOR_RULES_GENERATED_EVENT_CO

UNT Host/Application Execute/Response Application Informational Success

monitor:154 MONITOR_RULES_PARTIAL_MATCH_COUN

T Host/Application Execute/Response Application Informational Success

monitor:155 MONITOR_RULES_GC_EVENT_COUNT Host/Application Execute/Response Application Informational Success

monitor:156 MONITOR_RULES_GROUPBY_CELLS_SIZE Host/Application Execute/Response Application Informational Success

monitor:157 MONITOR_RULES_ACTIVE_RULES_COUNT Host/Application Execute/Response Application Informational Success

monitor:158 MONITOR_RULES_ACTIONS_TAKEN_COUN

T Host/Application Execute/Response Application Informational Success

monitor:159 MONITOR_RULES_GENERATED_EVENT_CO


monitor:160 MONITOR_SESSIONS_ACTIVE_TOTAL Host/Application Execute/Response Application Informational Success

monitor:161 MONITOR_ZONE_EVAL_COUNT Host/Application Execute/Response Application Informational Success

monitor:171 MONITOR_RESOURCES_ACTIVITY_INSERT Host/Resource Execute/Response Application Informational Success

monitor:172 MONITOR_RESOURCES_ACTIVITY_UPDAT

E Host/Resource Execute/Response Application Informational Success

monitor:173 MONITOR_RESOURCES_ACTIVITY_DELETE Host/Resource Execute/Response Application Informational Success

monitor:174 MONITOR_ACTIVE_CHANNELS_EVENTS_IN

SERT Host/Application Execute/Response Application Informational Success

monitor:175 MONITOR_ACTIVE_CHANNELS_EVENTS_C

HANGE Host/Application Execute/Response Application Informational Success

monitor:180 MONITOR_NOTIFICATION_NEW_COUNT Host/Application Execute/Response Application Informational Success

monitor:181 MONITOR_NOTIFICATION_ESCALATED_CO


monitor:190 MONITOR_PATTERNS_RUN_COUNT Host/Application Execute/Response Application Informational Success

monitor:191 MONITOR_PATTERNS_RUN_QUEUED Host/Application Execute/Response Application Informational Success

monitor:200 MONITOR_ASSETS_TOTAL_COUNT Host/Application Execute/Response Application Informational Success

monitor:201 MONITOR_ASSETS_SCANNER_EPS Host/Application Execute/Response Application Informational Success



monitor:202 MONITOR_ASSETS_RESOLUTIONS_PER_SE

COND Host/Application Execute/Response Application Informational Success

monitor:203 MONITOR_ASSETS_AVERAGE_TIME_SCAN

NER_EVENTS Host/Application Execute/Response Application Informational Success

monitor:204 MONITOR_ASSETS_RESOLUTIONS_AVERA

GE_TIME Host/Application Execute/Response Application Informational Success


GE_TIME_SOURCE Host/Application Execute/Response Application Informational Success


GE_TIME_DESTINATION Host/Application Execute/Response Application Informational Success

monitor:210 MONITOR_SIDETABLE_GEO_INFO_HIT_RA

TE Host/Application/Database Execute/Response Application Informational Success

monitor:211 MONITOR_SIDETABLE_GEO_INFO_INSERTS Host/Application/Database Execute/Response Application Informational Success

monitor:212 MONITOR_SIDETABLE_GEO_INFO_CACHE_

MISSES Host/Application/Database Execute/Response Application Informational Success

monitor:213 MONITOR_SIDETABLE_GEO_INFO_SIZE Host/Application/Database Execute/Response Application Informational Success

monitor:214 MONITOR_SIDETABLE_CATEGORY_HIT_R

ATE Host/Application/Database Execute/Response Application Informational Success

monitor:215 MONITOR_SIDETABLE_CATEGORY_INSERT

S Host/Application/Database Execute/Response Application Informational Success

monitor:216 MONITOR_SIDETABLE_CATEGORY_CACHE

_MISSES Host/Application/Database Execute/Response Application Informational Success

monitor:217 MONITOR_SIDETABLE_CATEGORY_SIZE Host/Application/Database Execute/Response Application Informational Success

monitor:218 MONITOR_SIDETABLE_AGENT_HIT_RATE Host/Application/Database Execute/Response Application Informational Success

monitor:219 MONITOR_SIDETABLE_AGENT_INSERTS Host/Application/Database Execute/Response Application Informational Success

monitor:220 MONITOR_SIDETABLE_AGENT_CACHE_MI

SSES Host/Application/Database Execute/Response Application Informational Success

monitor:221 MONITOR_SIDETABLE_AGENT_SIZE Host/Application/Database Execute/Response Application Informational Success

monitor:222 MONITOR_SIDETABLE_DEVICE_HIT_RATE Host/Application/Database Execute/Response Application Informational Success

monitor:223 MONITOR_SIDETABLE_DEVICE_INSERTS Host/Application/Database Execute/Response Application Informational Success



monitor:224 MONITOR_SIDETABLE_DEVICE_CACHE_MI


monitor:225 MONITOR_SIDETABLE_DEVICE_SIZE Host/Application/Database Execute/Response Application Informational Success

monitor:226 MONITOR_SIDETABLE_LABELS_HIT_RATE Host/Application/Database Execute/Response Application Informational Success

monitor:227 MONITOR_SIDETABLE_LABELS_INSERTS Host/Application/Database Execute/Response Application Informational Success

monitor:228 MONITOR_SIDETABLE_LABELS_CACHE_MI


monitor:229 MONITOR_SIDETABLE_LABELS_SIZE Host/Application/Database Execute/Response Application Informational Success

monitor:230 MONITOR_FLOW_EVENT_RATE Host/Application Execute/Response Application Informational Success

monitor:231 MONITOR_FLOW_EVENT_COUNT Host/Application Execute/Response Application Informational Success

monitor:232 MONITOR_RULES_EVENTS_MATCHING_AN

Y_RULE_COUNT Host/Application Execute/Response Application Informational Success

monitor:233 MONITOR_RULES_EVENTS_MATCHING_FIL

TER_RULE_COUNT Host/Application Execute/Response Application Informational Success

monitor:234 MONITOR_RULES_EVENTS_MATCHING_JOI

N_RULE_COUNT Host/Application Execute/Response Application Informational Success

monitor:235 MONITOR_RULES_MATCH_COUNT Host/Application Execute/Response Application Informational Success

monitor:240 MONITOR_TC_SIZE Host/Application Execute/Response Application Informational Success

monitor:260 MONITOR_SESSION_LISTS_LIST_COUNT Host/Application Execute/Response Application Informational Success

monitor:261 MONITOR_SESSION_LISTS_ENTRY_COUNT Host/Application Execute/Response Application Informational Success

monitor:262 MONITOR_SESSION_LISTS_ENTRY_CAPACI

TY Host/Application Execute/Response Application Informational Success

monitor:263 MONITOR_SESSION_LISTS_ENTRY_PERCE

NT_USED Host/Application Execute/Response Application Informational Success

monitor:264 MONITOR_SESSION_LISTS_QUERIES_PER_S

ECOND Host/Application Execute/Response Application Informational Success

monitor:265 MONITOR_SESSION_LISTS_CHANGES_PER_

SECOND Host/Application Execute/Response Application Informational Success

monitor:270 MONITOR_DB_FREESPACE_ARC_EVENT Host/Application Execute/Response Application Informational Success



monitor:271 MONITOR_DB_FREESPACE_ARC_EVENT_IN

DEX Host/Application Execute/Response Application Informational Success

monitor:272 MONITOR_DB_FREESPACE_ARC_SYSTEM Host/Application Execute/Response Application Informational Success

monitor:273 MONITOR_DB_FREESPACE_ARC_SYSTEM_I

NDEX Host/Application Execute/Response Application Informational Success

monitor:274 MONITOR_DB_FREESPACE_ARC_DBSM_TE

ST Host/Application Execute/Response Application Informational Success

monitor:275 MONITOR_DB_FREESPACE_ARC_EVENT_P

CT Host/Application Execute/Response Application Informational Success

monitor:276 MONITOR_DB_FREESPACE_ARC_EVENT_IN

DEX_PCT Host/Application Execute/Response Application Informational Success

monitor:277 MONITOR_DB_FREESPACE_ARC_SYSTEM_

PCT Host/Application Execute/Response Application Informational Success

monitor:278 MONITOR_DB_FREESPACE_ARC_SYSTEM_I

NDEX_PCT Host/Application Execute/Response Application Informational Success

monitor:279 MONITOR_DB_FREESPACE_ARC_DBSM_TE

ST_PCT Host/Application Execute/Response Application Informational Success

network:100 Per interface network input Linux

/Monitor/Network/Usage/iface/In /proc/net/dev Host/Application Execute/Response Application Informational Success

network:101 Per interface network output Linux

/Monitor/Network/Usage/iface/Out /proc/net/dev Host/Application Execute/Response Application Informational Success

network:102

Per interface network packet input Linux

/Monitor/Network/Usage/iface/PacketsIn

/proc/net/dev


network:103

Per interface network packet output Linux

/Monitor/Network/Usage/iface/PacketsOut

/proc/net/dev


notification:000 NOTIFICATION Host/Application Modify/Configuration Nothing Application Normal Nothing

notification:100 NOTIFICATION_TRANSPORT_DISABLE

Notification has been disabled Host/Application Modify/Configuration Nothing Application Informational/Alert Success



notification:101

NOTIFICATION_DISABLE_QUEUE_OVERFL

OW Notification has been disabled because the

queue of notifications to be sent is too large

Host/Application Modify/Configuration Nothing Application Informational/Alert Success

notification:102 NOTIFICATION_TRANSPORT_ENABLE

Notification has been enabled Host/Application Modify/Configuration Nothing Application Normal Success

notification:103

NOTIFICATION_ENABLE_QUEUE Notification

has been enabled because the queue of

notifications is back under control

Host/Application Modify/Configuration Nothing Application Normal Success

notification:104

NOTIFICATION_DESTINATION_DISABLE A

particular Notification Destination has been

disabled


notification:105

NOTIFICATION_DESTINATION_DISABLE_T

RAFFIC A particular Notification Destination has

been disabled because too much traffic has been

directed at that Destination


notification:106

NOTIFICATION_DESTINATION_ENABLE A

particular Notification Destination has been

enabled


notification:107 NOTIFICATION_EXPIRED A Notification

expired without being acknowledged Host/Application Execute/Response Nothing Application Informational/Error Failure

notification:108

NOTIFICATION_UNDELIVERABLE No

functioning Destination could be located for this

Notification

Host/Application Execute/Response Nothing Application Informational/Error Failure

notification:109 NOTIFICATION_PURGED Old Notification has

been purged Host/Application Modify/Configuration Nothing Application Normal Success

notification:110 NOTIFICATION_ESCALATED Notification has

been escelated to the next Destination level Host/Application/Service Execute/Query Nothing Application Informational Success

notification:111

NOTIFICATION_SENT_REQUIRES_ACKNOW

LEDGMENT A Notification that requires

acknowledgement has been sent

Host/Application Execute/Query Application Informational Success

notification:111v null Host/Application/Service Execute/Response Nothing Application Informational Success



notification:112

generated when an informative notification is sent

A Notification that does not require

acknowledgement has been sent

Host/Application/Service Execute/Response Nothing Application Informational Success

notification:200 NOTIFICATION_GROUP_TEST Sent a test

Notification to this Destination Group Host/Application Execute/Query Nothing Application Normal Success

notification:300 NOTIFICATION_ACKNOWLEDGE This

Notification has been acknowledged Host/Application Execute/Query Nothing Application Normal Success

notification:301 NOTIFICATION_RESOLVE This Notification

has been resolved Host/Application/Service Modify/Configuration Nothing Application Informational Success

partitionarchiver:000 PARTITION_ARCHIVER_NO_OPERATION Host/Application/Service Application Normal Attempt

partitionarchiver:100 PARTITION_ARCHIVER_FULL_SUCCESS The

partition was successfully archived Host/Application/Service Execute/Response Nothing Application Normal Success

partitionarchiver:200 PARTITION_ARCHIVER_PARTIAL_SUCCESS

There was a problem while archiving the partition Host/Application/Service Execute/Response Nothing Application Informational Success

partitionarchiver:300 PARTITION_ARCHIVER_DISABLED Partition

archiving is disabled Host/Application/Service Modify/Configuration Nothing Application Informational Success

partitionarchiver:400

PARTITION_ARCHIVER_TIMED_OUT

Partition archiving did not complete in the alotted

time

Host/Application/Service Execute/Response Nothing Application Informational/Error Failure

partitionarchiver:500 PARTITION_ARCHIVER_TOTAL_FAILURE

Partition archiving failed Host/Application/Service Execute/Response Nothing Application Informational/Error Failure

partitionarchiver:600

PARTITION_ARCHIVER_UNEXPECTED_ERR

OR There was an unexpected error while archiving

partitions


partitionmanager:000 PARTITION_MANAGER_NO_OPERATION Host/Application/Service Application Normal Attempt

partitionmanager:100 PARTITION_MANAGER_FULL_SUCCESS

Partitions have been successfully managed Host/Application/Service Execute/Response Nothing Application Normal Success

partitionmanager:200 PARTITION_MANAGER_PARTIAL_SUCCESS

There was a problem managing partitions Host/Application/Service Execute/Response Nothing Application Informational Success

partitionmanager:300 PARTITION_MANAGER_DISABLED The

partition manager has been disabled Host/Application/Service Modify/Configuration Application Informational Success



partitionmanager:500 PARTITION_MANAGER_TOTAL_FAILURE

Partitions could not be managed Host/Application/Service Execute/Response Nothing Application Informational/Error Failure

partitionmanager:600

PARTITION_MANAGER_UNEXPECTED_ERR

OR There was an unexpected error while

managing partitions


pattern:001 NEW_PATTERN_DISCOVERED A previously

unknown pattern of events was discovered Host/Application Execute/Response Application Informational Success

pattern:002

PATTERN_REDISCOVERED A previously

discovered pattern of events was observed once

again


queryviewer:100 QUERY_VIEWER_QUERY_SUCCEEDED Nothing Nothing Nothing Nothing Nothing Nothing

queryviewer:101 QUERY_VIEWER_QUERY_FAILED Nothing Nothing Nothing Nothing Nothing Nothing

quota:000 QUOTA Host/Resource Execute/Response Nothing Application Informational Attempt

quota:100 QUOTA_MET resource usage has fallen below the

fixed quota level Host/Resource Check/Resource Nothing Application Normal Success

quota:101 QUOTA_EXCEED resource usage has exceeded

the fixed quota level Host/Resource Check/Resource Nothing Application

Informational/Warn

ing Failure

quota:102 QUOTA_ASSET_AUTOCREATION Asset

autocreation has exceeded a fixed quota Host/Application Execute/Response Application Informational/Alert Success

quota:103 QUOTA_ASSET_AUTOCREATION_RATE

Asset autocreation is proceeding too rapidly Host/Application Execute/Response Application

Informational/Warn

ing Success

report:000 REPORT Host/Application Nothing Nothing Application Normal Nothing

report:100 REPORT_GENERATE Generated a new Archived

Report configuration resource Host/Application Execute/Response Nothing Application Normal Success

report:101 REPORT_GENERATE_FAIL Failed to generate a

new Archived Report configuration resource Host/Application Execute/Response Nothing Application Informational/Error Failure

report:102 REPORT_DELTA Generated a new delta

Archived Report configuration resource Host/Application Execute/Response Nothing Application Normal Success

report:103 REPORT_CANCELLED This Report run was

cancelled by a user Host/Application Execute/Response Application Informational Failure



report:104 REPORT_GENERATE_STARTED Host/Application Execute/Query Application Normal Attempt

report:105 REPORT_HALTED_BECAUSE_EMPTY Host/Application/Service Execute/Stop Application Informational/Error Success

resource:000 RESOURCE Host/Application Nothing Nothing Application Normal Nothing

resource:100 RESOURCE_DELETE Deleted a configuration

resource Host/Application Modify/Configuration Nothing Application Normal Success

resource:101 RESOURCE_UPDATE Updated a configuration


resource:102 RESOURCE_ADD Added a new configuration


resource:103 RESOURCE_LOCKED Resource has been locked

for edit Host/Application Modify/Configuration Nothing Application Normal Success

resource:104 RESOURCE_UNLOCKED Host/Application/Service Execute/Query Application Informational Attempt

resourcereference:000

RESOURCE_REFERENCE Nothing Nothing Nothing Application Normal Nothing

resourcereference:100

RESOURCE_REFERENCE_UNRESOLVED_UR

I Could not locate a configuration resource using

the given universal resource identifer (URI)

Host/Application Execute/Query Nothing Application Informational/Error Failure

rule:000 RULE Nothing Nothing Nothing Application Nothing Nothing

rule:100 RULE_FIRE Host/Application Execute/Query Application Normal Success

rule:101 RULE_MATCH Rule fired OnEveryEvent Host/Application Execute/Query Application Normal Success

rule:102 RULE_FIRST_MATCH Rule fired OnFirstEvent Host/Application Execute/Query Application Normal Success

rule:103 RULE_SUBSEQUENT_MATCH Rule fired

OnSubsequentEvents Host/Application Execute/Query Application Normal Success

rule:104 RULE_AGGREGATE Rule fired

OnEveryThreshold Host/Application Execute/Query Nothing Application Normal Success

rule:105 RULE_FIRST_AGGREGATE Rule fired

OnFirstThreshold Host/Application Execute/Query Nothing Application Normal Success

rule:106 RULE_SUBSEQUENT_AGGREGATE Rule fired

OnSubsequentThresholds Host/Application Execute/Query Nothing Application Normal Success



rule:107 RULE_FINAL_AGGREGATE Rule fired

OnTimeUnitExpiration Host/Application Execute/Query Nothing Application Normal Success

rule:108 RULE_FIRE_ON_TIME_UNIT Host/Application Execute/Query Application Normal Success

rule:300 RULE_ACTION Host/Application Execute/Response Nothing Application Normal Success

rule:301 RULE_ACTION_SET_SEVERITY Set Severity

action (deprecated) Host/Application Modify/Content Nothing Application Normal Success

rule:302 RULE_ACTION_SET_EVENT_ATTRIBUTE Set

Event Attribute action Host/Application Modify/Content Nothing Application Normal Success

rule:303 RULE_ACTION_SEND_TO_NOTIFIER Send to

Notifier action Host/Application Execute/Response Nothing Application Informational Success

rule:304 RULE_ACTION_EXECUTE_COMMAND

Execute Command action Host/Application Execute/Query Nothing Application Informational Success

rule:305 RULE_ACTION_EXPORT Export... action Host/Application Execute/Response Nothing Application Informational Success

rule:306 RULE_ACTION_CASE_NEW Create New Case

action Host/Application Modify/Content Nothing Application Informational Success

rule:307 RULE_ACTION_CASE_ADD Add to Case action Host/Application Modify/Content Nothing Application Informational Success

rule:308 RULE_ACTION_CASE_NEW_FAIL Create New

Case action failed Host/Application Modify/Content Application Informational/Error Failure

rule:309 RULE_ACTION_CASE_ADD_FAIL Add to Case

action failed Host/Application Modify/Content Application Informational/Error Failure

rule:310 RULE_ACTION_ACTIVE_LIST_ADD Add to

Active List action Host/Application Modify/Content Nothing Application Informational Success

rule:311 RULE_ACTION_ACTIVE_LIST_MOVE Move

between Active Lists action (deprecated) Host/Application Modify/Content Nothing Application Informational Success

rule:312 RULE_ACTION_ACTIVE_LIST_REMOVE

Remove from Active List action Host/Application Modify/Content Nothing Application Informational Success

rule:313 RULE_ACTION_EXECUTE_AGENT_COMMA

ND Execute Agent Command action Host/Application Execute/Query Application Informational Success

rule:314 RULE_ACTION_SEND_TO_OPENVIEW Send

to OpenView action Host/Application Execute/Response Application Informational Success



rule:315 RULE_ACTION_ASSET_CATEGORY_ADD Nothing Nothing Nothing Nothing Nothing Nothing

rule:316 RULE_ACTION_ASSET_CATEGORY_REMOV

E Nothing Nothing Nothing Nothing Nothing Nothing

rule:500 RULE_WARNING Host/Application Check/Configuration Nothing Application Informational/Error Failure

rule:501 RULE_WARNING_LOOP Rule is firing on

events generated by itself Host/Application Check/Configuration Nothing Application Informational/Error Failure

rule:700 RULE_DEACTIVATE Rule has been deactivated Host/Application Modify/Configuration Nothing Application Informational Success

rule:701

RULE_DEACTIVATE_UNSAFE Rule has been

deactivated because it is unsafe (excessive

recursion or excessive event matching)

Host/Application Modify/Configuration Nothing Application Informational/Warn

ing Success

rule:702 RULE_ACTIVATE Rule has been activated Host/Application Modify/Configuration Nothing Application Informational Success

rule:703

RULE_ACTIVATE_UNSAFE Rule has been re-

activated after having been deactivated because it

is unsafe (excessive recursion or excessive event

matching)

Host/Application Modify/Configuration Application Informational Success

rule:801 RULE_SCHEDULED_START Host/Application Execute/Query Application Informational Attempt

rule:802 RULE_SCHEDULED_FINISH Host/Application Execute/Query Application Informational Success

scanner:000 SCANNER_EVENTS_HANDLER Host/Application/Service Execute/Response Application Informational Success

scanner:100 SCANNER_EVENTS_HANDLER_ASSETS Host/Application/Service Execute/Response Application Informational Success

scanner:101 SCANNER_EVENTS_HANDLER_ASSETS_RE

SOURCE_UPDATED Host/Application/Service Execute/Query Application Informational Success

scanner:102 SCANNER_EVENTS_HANDLER_ASSETS_RE

SOURCE_DELETED Host/Application/Service Execute/Query Application Informational Success

scanner:103

SCANNER_EVENTS_HANDLER_ASSETS_DY

NAMIC_ZONE_INVALID_NO_MAC_NO_HOS

T

Host/Application/Service Execute/Response Application Informational Success

scanner:104 SCANNER_EVENTS_HANDLER_ASSETS_IN

VALID_NO_ADDRESS_NO_HOST Host/Application/Service Execute/Response Application Informational Success

scanner:105 SCANNER_EVENTS_HANDLER_ASSETS_IN

VALID_NO_NAME Host/Application/Service Execute/Response Application Informational Success



scheduler:000 SCHEDULER Host/Application Nothing Nothing Application Normal Nothing

scheduler:100

SCHEDULER_SKIP_DELAY The task Scheduler

skipped a scheduled task execution because the

scheduler was not allowed to run

Host/Application Execute/Query Nothing Application Informational/Warn

ing Failure

scheduler:101

SCHEDULER_SKIP_RUNNING The task

Scheduler skipped a scheduled task invocation

because the last invocation of the task is still

executing

Host/Application Execute/Query Nothing Application Informational/Warn

ing Failure

scheduler:102

SCHEDULER_SKIP_QUEUE_FULL A task was

skipped because too many tasks were queued

already

Host/Application/Service Execute/Query Nothing Application Informational/Error Failure

scheduler:103 SCHEDULER_RESERVED_THREADS Host/Application/Service Execute/Query Application Informational/Error Failure

scheduler:200 SCHEDULER_EXECUTE A task has been

executed Host/Application Execute/Query Nothing Application Normal Success

scheduler:201 SCHEDULER_EXECUTE_FAIL A task failed to

execute Host/Application Execute/Query Nothing Application Informational/Error Failure

scheduler:300 SCHEDULER_ADD A new task has been

scheduled Host/Application Modify/Configuration Nothing Application Normal Success

scheduler:301 SCHEDULER_ADD_FAIL A new task could not

be scheduled Host/Application Modify/Configuration Nothing Application Informational/Error Failure

scheduler:302 SCHEDULER_ENABLE Enable a task Host/Application Modify/Configuration Nothing Application Normal Success

scheduler:303 SCHEDULER_ENABLE_FAIL Could not enable

a task Host/Application Modify/Configuration Nothing Application Informational/Error Failure

scheduler:304 SCHEDULER_DELETE Deleted a task Host/Application Modify/Configuration Nothing Application Normal Success

scheduler:305 SCHEDULER_DELETE_FAIL Failed to delete a

task Host/Application Modify/Configuration Nothing Application Informational/Error Failure

scheduler:306 SCHEDULER_DISABLED Disable a task Host/Application/Service Execute/Stop Nothing Application Informational Success

scheduler:307 SCHEDULER_DISABLE_FAIL Could not

disable a task Host/Application/Service Execute/Stop Nothing Application Informational/Error Failure

search:301 SEARCH_QUERY_FAILURE Host/Application Execute/Query Application Informational/Error Failure



search:302 SEARCH_QUERY_SUCCESS Host/Application Execute/Query Application Informational Success

search:303 SEARCH_QUERY_EMPTY Host/Application Execute/Response Application Informational Success

searchindex:100 SEARCH_INDEX_CREATE The search index

was created Host/Application Execute/Query Application Normal Success

searchindex:101

The search index was updated to reflect changes to

configuration resources The search index was

updated to reflect changes to configuration

resources

Host/Application Execute/Query Application Informational Success

searchindex:200 SEARCH_INDEX_UPDATE Host/Application Execute/Query Application Normal Success

searchindex:300 SEARCH_INDEX_HANG Host/Application Execute/Query Application Informational Attempt

searchindex:400 SEARCH_INDEX_TIMEOUT Host/Application Execute/Query Application Informational/Error Failure

sessionlist:101 SESSION_LIST_ADD Host/Application Modify/Configuration Application Informational Success

sessionlist:102 SESSION_LIST_REMOVE Host/Application Modify/Configuration Application Informational Success

sessionlist:103 SESSION_LIST_UPDATE Host/Application Modify/Configuration Application Informational Success

sessionlist:104 SESSION_LIST_EXPIRE Host/Application Modify/Configuration Application Informational Success

sessionlist:201 SESSION_LIST_PARTITION_DROP Nothing Nothing Nothing Nothing Nothing Nothing

sessionlist:202 SESSION_LIST_PARTITION_DROP_FAIL Nothing Nothing Nothing Nothing Nothing Nothing

sessionlist:301 SESSION_LIST_CACHE_MISS_DROP Host/Application/Service Execute/Query Application Informational Attempt

sidetable:101 SITETABLE_SPACE_LOW Host/Application/Database Check/Resource Nothing Application Informational/Warn

ing Failure

sidetable:102 SITETABLE_SPACE_FULL Host/Application/Database Check/Resource Nothing Application Informational/Error Failure

sidetable:103

SIDETABLE_CACHE_HITRATE_LOW Too

many cache misses for a particular database side

table

Host/Application Execute/Response Nothing Application Informational Success

test:000 TEST Host/Application Execute Nothing Application Informational Success

test:100 TEST_STRESS A stress test event (used by QA

tools) Host/Application Execute Nothing Application Informational Success

trend:000 TREND Host/Application Application

trend:100 TREND_RUN_STARTED Nothing Nothing Nothing Nothing Nothing Nothing



trend:101 TREND_RUN_SUCCESS Nothing Nothing Nothing Nothing Nothing Nothing

trend:102 TREND_RUN_FAILURE Nothing Nothing Nothing Nothing Nothing Nothing

trend:201 TREND_SCAVENGE_SUCCESS Nothing Nothing Nothing Nothing Nothing Nothing

trend:202 TREND_SCAVENGE_FAILURE Nothing Nothing Nothing Nothing Nothing Nothing

trend:301 TREND_PARTITION_ADD Nothing Nothing Nothing Nothing Nothing Nothing

trend:302 TREND_PARTITION_DROP Nothing Nothing Nothing Nothing Nothing Nothing

trend:303 TREND_PARTITION_ADD_FAIL Nothing Nothing Nothing Nothing Nothing Nothing

trend:304 TREND_PARTITION_DROP_FAIL Nothing Nothing Nothing Nothing Nothing Nothing

trend:401 TREND_SET_ACTIVE Nothing Nothing Nothing Nothing Nothing Nothing

trend:402 TREND_SET_INACTIVE Nothing Nothing Nothing Nothing Nothing Nothing

trend:501 TREND_TASK_STARTED Nothing Nothing Nothing Nothing Nothing Nothing

trend:502 TREND_TASK_ENDED Nothing Nothing Nothing Nothing Nothing Nothing

trend:601 TREND_SYSTEM_DEACTIVATED Nothing Nothing Nothing Nothing Nothing Nothing

trend:700 TREND_ACTION Nothing Nothing Nothing Nothing Nothing Nothing

trend:701 TREND_ACTION_ACTIVELIST_ADD Nothing Nothing Nothing Nothing Nothing Nothing

user:100 user delete Host/Application Authentication/Delete Application Informational Success

user:101 user update Host/Application Authentication/Modif

y Application Informational Success

user:102 user add Host/Application Authentication/Add Application Informational Success

validation:000

VALIDATION Validation:000 is not referred by

any components, so you can ignore it for now. But

in the future, we might use it.

Host/Application Application

validation:100

VALIDATION_DEPENDENT Validation:100 is

sent when a resource becomes invalid due to

dependency constraint violation. Typically it

happens during dependency validation phase. For

example, a filter is deleted from the system, and

the deletion will invalidate a rule that depends on

Host/Resource Check/Configuration Application Informational/Warn

ing Failure



this filter. In this case, a validation:100 internal

event will be sent.

Documents

ArcSight Specific Device Event Class IDs€¦ · ArcSight Specific Device Event Class IDs DeviceEventClassId Description Object Behavior Technique Device Group Significance Outcome