Scribd
Upload
62 views

Rule - DN Associated IDs 31

This document is a user guide for v14.7 Database Activity Monitoring. It contains information about Rule.dn IDs, including a list of over 50 Rule.dn IDs along with their associated rule names and policy names. Rule.dn is a placeholder that can be included in syslog events to provide a unique ID for each detected rule or alert in the SecureSphere monitoring system.

Uploaded by

vijay konduru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
62 views

Rule - DN Associated IDs 31

This document is a user guide for v14.7 Database Activity Monitoring. It contains information about Rule.dn IDs, including a list of over 50 Rule.dn IDs along with their associated rule names and policy names. Rule.dn is a placeholder that can be included in syslog events to provide a unique ID for each detected rule or alert in the SecureSphere monitoring system.

Uploaded by

vijay konduru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

v14.

7 Database Activity Monitoring User Guide

v14.7 Database Activity Monitoring User


Guide

v14.7 Database Activity Monitoring User Guide 1


Contents

Contents
Rule.dn Associated IDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
About Rule.dns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
List of Rule.Dn Associated IDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

v14.7 Database Activity Monitoring User Guide


v14.7 Database Activity Monitoring User Guide

Rule.dn Associated IDs


This Appendix describes IDs that are used with the Rule.DN placeholder that can be part of a SecureSphere event sent
out in syslog format. This section reviews the following:

• About Rule.dns
• List of Rule.Dn Associated IDs

v14.7 Database Activity Monitoring User Guide 3


v14.7 Database Activity Monitoring User Guide

About Rule.dns
The Rule.dn placeholder represents a numerical value which is used to map the severity of rule/alert in SecureSphere.
It can be added to an event syslog message and its output provides a unique numerical ID per policy. This information
can assist in analyzing events and their sources.

v14.7 Database Activity Monitoring User Guide 4


v14.7 Database Activity Monitoring User Guide

List of Rule.Dn Associated IDs


The below is a list of rule.dn associated IDs.

Note: Some Rule.dns are in alphabetic and not numeric format.

Rule DN Rule Name Policy Name

1 Unknown Parameter Web Profile Policy

10 Too Many Cookies in a Request Web Protocol Policy

100 TCP - Bad State Network Protocol Violations Policy

101 TCP - TCP Unexpected SYN Network Protocol Violations Policy

102 UDP - Micro-Fragment Network Protocol Violations Policy

103 SQL protocol - invalid header SQL Protocol Policy

104 SQL protocol - invalid flags SQL Protocol Policy

105 SQL protocol - invalid header size SQL Protocol Policy

106 SQL protocol - invalid authentication SQL Protocol Policy

107 SQL protocol - invalid login SQL Protocol Policy

v14.7 Database Activity Monitoring User Guide 5


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

108 SQL protocol - invalid statement SQL Protocol Policy

109 SQL protocol - invalid length SQL Protocol Policy

11 Too Many of the Same Response Code Web Correlation Policy

110 SQL protocol - invalid message type SQL Protocol Policy

114 SQL protocol - unauthorized operation SQL Protocol Policy

118 Illegal Content Type Web Protocol Policy

119 Illegal Chunk Size Web Protocol Policy

12 Too Many URL Parameters Web Protocol Policy

120 Illegal Byte Code Character in Method Web Protocol Policy

121 NULL Character in Method Web Protocol Policy

122 Illegal Byte Code Character in URL Web Protocol Policy

123 NULL Character in Url Web Protocol Policy

124 Illegal Byte Code Character in Query String Web Protocol Policy

125 NULL Character in Query String Web Protocol Policy

v14.7 Database Activity Monitoring User Guide 6


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

126 Illegal Byte Code Character in Parameter Value Web Protocol Policy

127 NULL Character in Parameter Value Web Protocol Policy

13 URL is Above Root Directory Web Protocol Policy

14 Unknown HTTP Request Method Web Protocol Policy

15 Malformed URL Web Protocol Policy

16 Malformed HTTP Header Line Web Protocol Policy

17 Abnormally Long Request Web Protocol Policy

18 Abnormally Long Header Line Web Protocol Policy

19 Illegal URL Path Encoding Web Protocol Policy

2 Required Parameter Not Found Web Profile Policy

20 Illegal Parameter Encoding Web Protocol Policy

20000001 Custom Violation Anti Google Hacking - 1

20000002 Custom Violation Anti Google Hacking - 2

Unauthorized Privileged Operation -


20000016 Custom Violation
Deprecated

v14.7 Database Activity Monitoring User Guide 7


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

20000017 Custom Violation Direct changes to data dictionary

20000018 Custom Violation Automated Site Reconnaissance/Access

20000019 Custom Violation Automated Vulnerability Scanning

Malformed HTTP Attack (Non compatible


20000020 Custom Violation
HTTP Results Error code)

Suspected parameter tampering -


20000021 Custom Violation
Deprecated

Oracle - Attempt to Execute Database


20000022 Custom Violation
Export

20000025 Custom Violation Sensitive Error Messages Leakage

20000026 Custom Violation Directory Browsing Detection

Data Leakage - U.S Social Security


20000027 Custom Violation
Number

Privacy Violation - Credit Card Number


20000028 Custom Violation
Insertion

Privacy Violation - Credit Card Number


20000029 Custom Violation
Insertion by Internal IP Address

Privacy Violation - Credit Card Number


20000030 Custom Violation
Insertion by non Internal IP Address

v14.7 Database Activity Monitoring User Guide 8


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

20000033 Custom Violation Unsuccessful Directory Browsing

20000034 Custom Violation Apache Expect Header XSS

20000035 Custom Violation MSSQL Data Leakage through Errors

20000036 Custom Violation Webdav Method Detection

Oracle - Attempt to Create Wrapped


20000037 Custom Violation
Object

20000038 Custom Violation Suspicious Response Code

20000039 Custom Violation Oracle - PL/SQL Code Tampering

20000040 Custom Violation Cross Site Request Forgery

20000043 Custom Violation IIS Code Upload

20000044 Custom Violation WEB MISC Unauthorized File Access

20000045 Custom Violation Hazardous HTTP request methods

20010002 Custom Violation SOX - Unauthorized data changes

20010003 Custom Violation SOX - Data changes by administrator

20010004 Custom Violation SOX - Manual data changes

v14.7 Database Activity Monitoring User Guide 9


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

20010005 Custom Violation SOX - Direct changes to data dictionary

EBS - Suspected Activity in User Admin


20020001 Custom Violation
Tables

EBS - Suspected Access by a Non-Default


20020002 Custom Violation
User

EBS - Suspected Connection by a Default


20020003 Custom Violation
User

EBS PCI - Unauthorized access to credit


20020004 Custom Violation
card no.

EBS PCI - Violation to credit card number


20020005 Custom Violation
table

EBS PCI - Unauthorized access to credit


20020006 Custom Violation
cardholder

20020007 Custom Violation EBS PCI - Violation to credit cardholder

PCI - Unauthorized access to cardholder


20030001 Custom Violation
information

20030002 Custom Violation PCI - Usage of default user accounts

PCI - Violations to a cardholder


20030003 Custom Violation
information table

v14.7 Database Activity Monitoring User Guide 10


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

20030005 Custom Violation PCI - Violations of privileged commands

20030006 Custom Violation PCI - Existence alerts of Track data

PCI - Failed privileged operations on users


20030007 Custom Violation
and privileges management

PCI - Attempted users and privileges


20030008 Custom Violation management privileged operations by
non-privileged user

PCI - Violation to a cardholder


20030009 Custom Violation
information table

20030010 Custom Violation PCI - Violations caused by admin

SAP - Suspected Activity in User


20040001 Custom Violation
Administration Tables

SAP - Suspected Activity in Data


20040002 Custom Violation
Dictionary Tables

SAP - Suspected Activity in Confidential


20040003 Custom Violation
Financial Data and Vendor Tables

SAP - Suspected Activity in User Master


20040005 Custom Violation
Data Tables

SAP - Suspected Activity in Accounting


20040006 Custom Violation
Documents Tables

v14.7 Database Activity Monitoring User Guide 11


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

SAP - Suspected Activity in Personal Info


20040007 Custom Violation
Tables

SAP - Querying of Tables by Non-Default


20040008 Custom Violation
User

SAP - Suspected modifications in Tables


20040009 Custom Violation
by Non-Default User

SAP - Querying of Tables with a Non-


20040010 Custom Violation
Default Application

SAP - Suspected Access to Tables with a


20040011 Custom Violation
Non-Default Application

SAP - Suspected modification of SAP


20040012 Custom Violation
Metadata

SAP PCI - Unauthorized access to


20040013 Custom Violation
payment card no.

SAP PCI - Violation to payment card


20040014 Custom Violation
number table

SAP PCI - Unauthorized access to credit


20040015 Custom Violation
cardholder

20040016 Custom Violation SAP PCI - Violation to payment cardholder

20050001 Custom Violation HIPAA - Unauthorized data access

v14.7 Database Activity Monitoring User Guide 12


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

20050002 Custom Violation HIPAA - Unauthorized data modification

20050003 Custom Violation HIPAA - Attempt to backup database

20060001 Custom Violation PeopleSoft - Access to PeopleSoft Schema

PeopleSoft - Querying Tables by Non-


20060002 Custom Violation
Default Users

PeopleSoft - Querying with Unknown


20060003 Custom Violation
Application

PeopleSoft - Querying Tables from


20060004 Custom Violation
Unknown IPs

PeopleSoft - Changes by Non-Default


20060005 Custom Violation
Users

PeopleSoft - Changes by Non-Default


20060006 Custom Violation
Applications

20060007 Custom Violation PeopleSoft - Changes from Unknown IPs

20060008 Custom Violation PeopleSoft - Changes to Login Tables

PeopleSoft - Changes to User Admin


20060009 Custom Violation
Tables

PeopleSoft - Query of Payment Card Info


20060010 Custom Violation
Columns

v14.7 Database Activity Monitoring User Guide 13


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

PeopleSoft - Query of Identification Info


20060011 Custom Violation
Columns

PeopleSoft - Query of Personal Info


20060012 Custom Violation
Columns

PeopleSoft - DB Management by Non-


20060013 Custom Violation
Default Users

PeopleSoft - DB Management by Non-


20060014 Custom Violation
Default Apps

PeopleSoft - DB Management from


20060015 Custom Violation
Unknown IPs

20440001 Custom Violation ThreatRadar - Malicious IPs

20440002 Custom Violation ThreatRadar - Anonymous Proxies

20440003 Custom Violation ThreatRadar - Phishing URLs

20440004 Custom Violation ThreatRadar - TOR IPs

21 Extremely Long Parameter Web Protocol Policy

21000002 Custom Violation HTTP Response Splitting Vulnerability

WEB-FRONTPAGE-Access to Sensitive
21000003 Custom Violation
Internal Information

v14.7 Database Activity Monitoring User Guide 14


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

WEB-FRONTPAGE- External Access to


21000004 Custom Violation
Internal Information

21000005 Custom Violation eMail Hoarding

WEB-FRONTPAGE- Access to Internal


21000007 Custom Violation
Information

IE Discussion Bar- Access to Internal


21000008 Custom Violation
Information

21000009 Custom Violation Data Leakage - Application Source Code

21000010 Custom Violation Data Leakage - Developer Comments

Data Leakage - Visa, Short Credit Card


21000011 Custom Violation
Numbers

Data Leakage - Visa, Long Credit Card


21000012 Custom Violation
Numbers

Data Leakage - Diner's Club / Carte


21000013 Custom Violation
Blanche Credit Card Numbers

Data Leakage - enRoute Credit Card


21000014 Custom Violation
Numbers

21000015 Custom Violation Data Leakage - JCB Credit Card Numbers

v14.7 Database Activity Monitoring User Guide 15


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

Data Leakage - American Express Credit


21000016 Custom Violation
Card Numbers

Data Leakage - MasterCard Credit Card


21000017 Custom Violation
Numbers

Data Leakage - Discover Credit Card


21000018 Custom Violation
Numbers

Directory Traversal (In Cookies/


21000019 Custom Violation
Parameters Value)

21000020 Custom Violation Directory Traversal (In URL)

21000021 Custom Violation Directory Traversal (In URL) - Basic Rule

21000023 Custom Violation Plain Vanilla Scanner Detection

21000024 Custom Violation OS Command Injection

21000025 Custom Violation Fullwidth/Halfwidth Unicode Decoding

21000026 Custom Violation File Download Injection

22 NULL Character in Header Name Web Protocol Policy

23 NULL Character in Parameter Name Web Protocol Policy

24 Illegal Byte Code Character in Header Name Web Protocol Policy

v14.7 Database Activity Monitoring User Guide 16


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

25 Illegal Byte Code Character in Parameter Name Web Protocol Policy

26 Illegal Host Name Web Protocol Policy

261 Illegal Content Length Web Protocol Policy

27 Double URL Encoding Web Protocol Policy

28 Redundant UTF-8 Encoding Web Protocol Policy

29 Too Many Headers per Request Web Protocol Policy

3 Parameter Value Length Violation Web Profile Policy

30 Illegal HTTP Version Web Protocol Policy

Recommended Policy for Database


301-36 Sql Signature Violation
Applications - Legacy

Recommended Policy for Database


301-39 Sql Signature Violation
Applications - Legacy

Recommended Policy for Database


301-42 Sql Signature Violation
Applications - Legacy

Recommended Policy for General


302-37 Stream Signature Violation
Applications - Legacy

v14.7 Database Activity Monitoring User Guide 17


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

Recommended Policy for General


302-40 Stream Signature Violation
Applications - Legacy

Recommended Policy for General


302-43 Stream Signature Violation
Applications - Legacy

31 Illegal Response Code Web Protocol Policy

32 Too Many Headers per Response Web Protocol Policy

33 Parameter Type Violation Web Profile Policy

34 Parameter Read Only Violation Web Profile Policy

35 Web Worm Web Worm Policy

36 Unauthorized Access to Service Firewall Policy

37 Unauthorized Method for Known URL Web Profile Policy

38 Untraceable Database User SQL Profile Policy

39 Unauthorized Host SQL Profile Policy

40 Unauthorized OS User SQL Profile Policy

41 Unauthorized Database and Schema SQL Profile Policy

v14.7 Database Activity Monitoring User Guide 18


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

42 Login Statement Error Oracle SQL Protocol Policy

43 Excessive Attempts of Database Login SQL Correlation Policy

44 Excessive Login Attempts in Mid Database Session SQL Correlation Policy

45 Access to a black-listed table SQL Profile Policy

46 Unauthorized Sensitive Query Group SQL Profile Policy

47 Unauthorized Table/Operation Access SQL Profile Policy

48 Unauthorized Sensitive Table SQL Profile Policy

49 Unauthorized Sensitive Query SQL Profile Policy

5 Unauthorized Source IP Address SQL Profile Policy

50 SSL Untraceable Connection Network Protocol Violations Policy

5000 Incorrect cookie signature Cookie Signing Policy

5002 Missing cookie signature Cookie Signing Policy

5035 Cross-site scripting Web Correlation Policy

5037 SQL injection Web Correlation Policy

v14.7 Database Activity Monitoring User Guide 19


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

56 Unauthorized URL Access Web Profile Policy

57 Cookie Tampering Web Profile Policy

58 Cookie Injection Web Profile Policy

59 Reuse of Expired Session's Cookie Web Profile Policy

6 Unauthorized Database User SQL Profile Policy

60 Time of Day Violation SQL Profile Policy

61 Unauthorized Source Application SQL Profile Policy

62 Unauthorized SOAP Action Web Profile Policy

63 SOAP Element Value Length Violation Web Profile Policy

64 SOAP Element Value Type Violation Web Profile Policy

65 Required XML Element Not Found Web Profile Policy

66 Unknown SOAP Element Web Profile Policy

67 Malformed SOAP Message Web Protocol Policy

68 Unauthorized Request Content Type Web Protocol Policy

v14.7 Database Activity Monitoring User Guide 20


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

69 SOAP Access to a Non-SOAP URL Web Profile Policy

7 Unauthorized Query Group SQL Profile Policy

70 Non-SOAP Access to a SOAP Only URL Web Profile Policy

71 Redundant HTTP Headers Web Protocol Policy

72 Fragmented Packet Network Protocol Violations Policy

75 PCI Compliance - Card Track Data Detection SQL Correlation Policy

76 Session Attribute Changes Web Correlation Policy

77 Forceful Browsing Web Correlation Policy

78 IP - Bad Total Length Network Protocol Violations Policy

79 Bad Source IP Address Network Protocol Violations Policy

8 Unauthorized Query SQL Profile Policy

80 Invalid IP Flags Network Protocol Violations Policy

Recommended Policy for Web


80000001-35 HTTP Signature Violation
Applications - Legacy

v14.7 Database Activity Monitoring User Guide 21


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

Recommended Policy for Web


80000001-38 HTTP Signature Violation
Applications - Legacy

Recommended Policy for Web


80000001-41 HTTP Signature Violation
Applications - Legacy

Recommended Signatures Policy for Web


80000003-41 HTTP Signature Violation
Applications

Recommended Signatures Policy for Web


80000003-88 HTTP Signature Violation
Applications

Recommended Signatures Policy for Web


80000003-91 HTTP Signature Violation
Applications

Recommended Signatures Policy for Web


80000003-92 HTTP Signature Violation
Applications

Recommended Signatures Policy for Web


80000003-93 HTTP Signature Violation
Applications

Recommended Signatures Policy for Web


80000003-95 HTTP Signature Violation
Applications

Recommended Signatures Policy for


80000004-42 Sql Signature Violation
Database Applications

Recommended Signatures Policy for


80000004-86 Sql Signature Violation
Database Applications

v14.7 Database Activity Monitoring User Guide 22


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

Recommended Signatures Policy for


80000004-89 Sql Signature Violation
Database Applications

Recommended Signatures Policy for


80000005-43 Stream Signature Violation
General Applications

Recommended Signatures Policy for


80000005-87 Stream Signature Violation
General Applications

Recommended Signatures Policy for


80000005-90 Stream Signature Violation
General Applications

81 IP - Micro-Fragment Network Protocol Violations Policy

82 IP - Bad Fragment Network Protocol Violations Policy

83 Bad IP Option Padding Network Protocol Violations Policy

84 Unknown IP Option Network Protocol Violations Policy

85 Bad IP Option Length Network Protocol Violations Policy

86 IP - Too Small TTL Network Protocol Violations Policy

87 ICMP - LAND Attack Network Protocol Violations Policy

88 TCP - LAND Attack Network Protocol Violations Policy

89 TCP - Micro-Fragment Network Protocol Violations Policy

v14.7 Database Activity Monitoring User Guide 23


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

9 Attempt to Execute Privileged Operation SQL Profile Policy

90 TCP - SYN with FIN Network Protocol Violations Policy

91 TCP - SYN with Data Network Protocol Violations Policy

92 TCP - SYN with RST (not SYN ACK) Network Protocol Violations Policy

93 TCP - SYN with Non Zero ACK Sequence Network Protocol Violations Policy

94 TCP - Non Zero Reserved Flags Network Protocol Violations Policy

95 Bad TCP Option Length Network Protocol Violations Policy

96 Bad TCP Option Padding Network Protocol Violations Policy

97 Unknown TCP Option Network Protocol Violations Policy

98 Illegal TCP Option Network Protocol Violations Policy

Modified TCP Retransmission Data (client to


99 Network Protocol Violations Policy
server only)

http-event-too-long Extremely Long HTTP Request Web Protocol Policy

http-illegal-byte-
Illegal Byte Code Character in Header Value Web Protocol Policy
code-header-value

v14.7 Database Activity Monitoring User Guide 24


v14.7 Database Activity Monitoring User Guide

Rule DN Rule Name Policy Name

http-null-char-
NULL Character in Header Value Web Protocol Policy
header-value

http-post-missing-
Post Request - Missing Content Type Web Protocol Policy
content-type

invalid-ocsp-asn1-
Invalid ASN.1 Request Encoding OCSP Protocol Policy
encoding

invalid-ocsp-
Invalid Base64 Request Encoding OCSP Protocol Policy
base64-encoding

invalid-ocsp-
Invalid Message Content Type OCSP Protocol Policy
content-type

invalid-ocsp-
Invalid Request Structure OCSP Protocol Policy
request-structure

invalid-ocsp-version Invalid version OCSP Protocol Policy

ocsp-message-too-
OCSP Message Too Long OCSP Protocol Policy
long

ocsp-too-many-
Too many queries within a Request OCSP Protocol Policy
queries

sql-too-long Extremely Long SQL Request SQL Protocol Policy

tcp-incompatible-
TCP - Invalid Data Length in Header Network Protocol Violations Policy
data-len

v14.7 Database Activity Monitoring User Guide 25


v14.7 Database Activity Monitoring User Guide

v14.7 Database Activity Monitoring User Guide 26

You might also like