The account type is not mapped.

The account type is unknown.

An IAM Policy was attached to a user/role.

A user/role was created.

A user/role was deleted.

An IAM Policy was detached from a.

A user/role was disabled.

A user/role was enabled.

A user account was locked out.

An authentication factor was disabled for.

An authentication factor was enabled for.

an account.

An attempt was made to change an account's.

An attempt was made to reset an account's.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

Any agent or sensor that.

Any agent or sensor that.

Any DLP sensor or agent.

Any EDR sensor or agent.

Any agent or sensor that.

Any agent or sensor.

The type is not mapped.

Any agent or sensor that.

Any agent or sensor that.

The type is unknown.

Any agent or sensor that.

Behavioral analytics focus on monitoring and.

Exact Data Match is a precise comparison.

Fingerprinting is the technique of collecting.

Indexed Data Match refers to comparing.

Keyword Match involves scanning content for.

content against a pre-compiled index of sensitive information to efficiently detect and prevent unauthorized access or breaches, streamlining DLP and compliance efforts.

Partial Data Match involves identifying.

Regular Expressions are used to define.

A Rule in security analytics refers to.

Statistical analytics pertains to analyzing.

Tagging refers to the practice of assigning.

The API call in the event pertains to a 'create'.

The API call in the event pertains to a 'delete'.

activity.

The API call in the event pertains to a 'read'.

The API call in the event pertains to a 'update'.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

A Kerberos authentication ticket (TGT).

A logon session was terminated and no.

A new logon session was requested.

A preauthentication stage was engaged.

A Kerberos service ticket was renewed.

A Kerberos service ticket was.

The authentication protocol is not mapped.

The authentication protocol is unknown.

A batch server logon, where.

A user logged on to this device.

Same as Remote Interactive.

Workstation logon.

A local logon to device console.

A user or device logged onto this.

A user logged on to this device.

A caller cloned its current token.

A logon by a service or daemon.

The logon type is not mapped.

A remote logon using Terminal.

Used only by the System account,.

The logon type is unknown.

A user unlocked the device.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

Devices that verify identity-based on.

A code or link is sent to a user's.

Physical device that generates a code to.

have previously established.

Application generates a one-time password.

The user enters a password that they.

System calls the user's registered phone.

Push notification is sent to user's.

The user responds to a security question.

User receives and inputs a code sent to.

Typically involves a hardware token,.

Web-based API that enables users to.

Assign special groups to a new logon.

Assign special privileges to a new logon.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The compliance check failed for at least one of the.

The event status is not mapped.

The compliance check passed for all the evaluated.

The status is unknown.

The compliance check did not yield a result due to.

A finding was closed.

A finding was created.

A finding was updated.

The confidence is not mapped to the defined enum.

The normalized confidence is unknown.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The Finding is under review.

The Finding is new and yet to be reviewed.

The event status is not mapped.

The Finding was reviewed, remediated and is now.

The Finding was reviewed, determined to be benign.

The status is unknown.

The discovered information is via a collection.

The discovered information is via a log.

process.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

Any business-specific sensitive.

Any financially-related sensitive.

Any sensitive government.

Any mission-specific sensitive.

Any other type of data.

Any Personally Identifiable.

Any sensitive security-related.

The type is not mapped.

The confidentiality is not mapped.

The confidentiality is unknown.

Any business-specific sensitive.

Any financially-related sensitive.

Any sensitive government.

Any mission-specific sensitive.

Any other type of data.

Any Personally Identifiable.

Any sensitive security-related.

The type is not mapped.

The confidentiality is not mapped.

The confidentiality is unknown.

The data was stored on physical or.

The data was actively moving.

The data was being processed,.

The type is not mapped.

A built in Data Loss.

A Cloud Access.

A tool that actively.

A Data Security.

A Database Activity.

Any Developer.

A Digital Rights.

A Data Loss.

A dedicated agent or.

A Mobile Device.

Any other type of.

A Secure Email.

A Secure Web Gateway.

The type is not.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

An existing Data Security finding is closed, this.

A new Data Security finding is created.

due to inaccurate detection techniques or a known true negative.

An existing Data Security finding is suppressed.

An existing Data Security finding is updated with.

The confidence is not mapped to the defined enum.

The normalized confidence is unknown.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

The impact is not mapped.

The normalized impact is unknown.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The Finding is under review.

The Finding is new and yet to be reviewed.

The event status is not mapped.

The Finding was reviewed, remediated and is now.

The Finding was reviewed, determined to be benign.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

The 'Connect' activity involves establishing a.

The 'Create' activity involves generating new data.

The 'Decrypt' activity involves converting encrypted.

The 'Delete' activity involves removing specific data.

The 'Encrypt' activity involves securing data by.

The 'List' activity provides an overview of existing.

data back to its original format.

The 'Query' activity involves retrieving a filtered.

The 'Read' activity involves accessing specific data.

The 'Update' activity pertains to modifying specific.

The 'Write' activity involves writing specific data.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The datastore resource type is not mapped.

The datastore resource type is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

A finding was closed.

A finding was created.

A finding was updated.

The confidence is not mapped to the defined enum.

The normalized confidence is unknown.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

The impact is not mapped.

The normalized impact is unknown.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The Finding is under review.

The Finding is new and yet to be reviewed.

The event status is not mapped.

The Finding was reviewed, remediated and is now.

The Finding was reviewed, determined to be benign.

The status is unknown.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

The type is not mapped.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

The type is unknown.

A <a target='_blank'.

The discovered information is via a collection.

The discovered information is via a log.

process.

The security level is not mapped.

The security level is not mapped.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

DHCPACK: The server accepts the request by sending.

DHCPDECLINE.

DHCPDISCOVER.

DHCPEXPIRE: A DHCP lease expired.

DHCPINFORM.

DHCPNAK.

DHCPOFFER.

DHCPRELEASE: A DHCP client sends a DHCPRELEASE.

DHCPREQUEST.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

Microsoft Authenticode Digital Signature.

Digital Signature Algorithm (DSA).

Elliptic Curve Digital Signature Algorithm.

Algorithm.

Rivest-Shamir-Adleman (RSA) Algorithm.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

The DNS query request.

The DNS query response.

Bidirectional DNS request and response traffic.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Algorithm not supported.

Bad/missing Server Cookie.

Key not recognized.

Bad TKEY Mode.

Duplicate key name.

TSIG Signature Failure or Bad OPT Version.

Signature out of time window.

Bad Truncation.

DSO-TYPE Not Implemented.

Format Error.

No Error.

Not Authorized or Server Not Authoritative for zone.

Not Implemented.

Name not contained in zone.

Non-Existent Domain.

RR Set that should exist does not.

The dns response code is not defined by the RFC.

Query Refused.

The codes deemed to be reserved by the RFC (codes:.

Server Failure.

The codes deemed to be unassigned by the RFC.

Name Exists when it should not.

RR Set Exists when it should not.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The event DNS header flag is not mapped.

DNS Stateful Operations (DSO).

Inverse query, obsolete.

Zone change notification.

Standard query.

Reserved, not used.

Server status request.

Dynamic DNS update.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

Email being scanned (example: security scanning).

Email Inbound, from the Internet or outside network.

Email Internal, from inside the network destined.

for an entity inside network.

Email Outbound, from inside the network destined.

The email direction is unknown.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

scanning).

Email file being scanned (example: security.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

Email URL being scanned (example: security scanning).

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The confidentiality is not mapped.

The confidentiality is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

A request to create a new file on a file.

A request to decrypt a file on a file system.

A request to delete a file on a file system.

A request to encrypt a file on a file system.

A request to get attributes for a file on a.

A request to get security for a file on a file.

A request to mount a file on a file system.

A request to create a file handle.

A request to read data from a file on a file.

A request to rename a file on a file system.

A request to set attributes for a file on a.

A request to set security for a file on a file.

A request to unmount a file from a file.

A request to write data to a file on a file.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

Copy a file.

Delete a file.

Download a file.

Lock a file.

Move a file.

Open a file.

Preview a file.

Rename a file.

Restore a file.

Share a file.

Mark a file or folder to sync with a computer.

Unlock a file.

Unshare a file.

Mark a file or folder to not sync with a computer.

Update a file.

Upload a file.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The ssdeep generated fuzzy checksum.

MD5 message-digest algorithm producing a 128-bit.

algorithm that works by XORing the bytes in a circular-shifting fashion.

Microsoft simple non-cryptographic hash.

Secure Hash Algorithm 1 producing a 160-bit (20-.

Secure Hash Algorithm 2 producing a 256-bit (32-.

Secure Hash Algorithm 2 producing a 512-bit (64-.

The TLSH fuzzy hashing algorithm.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

Delete file(s) from the FTP or SFTP site.

File download from the FTP or SFTP site.

List files in a specified directory.

Poll directory for specific file(s) or folder(s) at.

File upload to the FTP or SFTP site.

Rename the file(s) in the FTP or SFTP site.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

Add user to a group.

Assign privileges to a group.

A group was created.

A group was deleted.

Remove user from a group.

Revoke privileges from a group.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

The CONNECT method establishes a tunnel to the server.

The DELETE method deletes the specified resource.

The GET method requests a representation of the.

The HEAD method asks for a response identical to a.

The OPTIONS method describes the communication.

along the path to the target resource.

The POST method submits an entity to the specified.

The PUT method replaces all current representations.

The TRACE method performs a message loop-back test.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

Reports closure of an Incident .

Reports the creation of an Incident.

Reports updates to an Incident.

The confidence is not mapped to the defined enum.

The normalized confidence is unknown.

The impact is not mapped.

The normalized impact is unknown.

Interruption making a critical functionality.

Critical functionality or network access is.

Application or personal procedure is unusable, where.

Non-critical function or procedure is unusable or.

The priority is not normalized.

No priority is assigned.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The incident is resolved and no further action is.

The incident has been assigned to an agent but has.

The service desk has received the incident but has.

The incident requires some information or response.

The event status is not mapped.

The service desk has confirmed that the incident is.

The status is unknown.

The incident is benign.

The incident can be disregarded as it is.

The incident is a duplicate.

The incident is a false positive.

The incident has insufficient data to make.

The incident remediation or required.

The type is not mapped.

The incident is a security risk.

The incident is suspicious.

The incident is a test.

The incident is a true positive.

The type is unknown.

The discovered information is via a collection.

The discovered information is via a log.

process.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The type is not mapped.

The type is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

A driver/extension was loaded into the kernel.

kernel.

A driver/extension was unloaded (removed) from the.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

With hands-on keyboard access, intruders.

Malware opens a command channel to enable.

The intruders will use various tactics,.

The intruders start leveraging.

The intruders install malware on the.

The kill chain phase is not mapped.

The attackers pick a target and perform a.

The kill chain phase is unknown.

The attackers develop a malware weapon and.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

Data Execution Permission.

Data Execution Permission.

<code>WriteProcessMemory</code>).

Read (Example:.

Write (Example:.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

A memory mapped file, typically created.

A module loaded in a way avoidant of.

A module loaded in a non standard way.

However, GetModuleFileName succeeds on this allocation.

A raw module in process memory that is.

A normal module loaded by the normal.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

The network connection was closed.

The network connection failed.

A new network connection was opened.

The network connection was refused.

The network connection was abnormally terminated or.

Network traffic report.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

External network traffic between two.

Through a gateway VPC endpoint (Nitro-.

Through an inter-region VPC peering.

Internal network traffic between two.

Through an Internet gateway (Nitro-.

Through an Internet gateway or a.

Through an intra-region VPC peering.

Through a local gateway.

Local network traffic on the same.

The boundary is not mapped.

Through another resource in the same.

The connection boundary is unknown.

Through a virtual private gateway.

Inbound network connection.

Lateral network connection.

The direction is not mapped.

Outbound network connection.

The connection direction is unknown.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The socket connection has been closed by the remote.

The socket is not in use.

The socket connection has been closed by the local.

The socket has an established connection between a.

The socket connection has been closed by the local.

The socket connection has been closed by the local.

The socket connection has been closed by the remote.

The socket is listening for incoming connections.

The state is not mapped.

The socket has passively received a connection.

The socket is actively trying to establish a.

The socket connection has been closed by the local.

The socket state is unknown.

The event status is not mapped.

The status is unknown.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

The type is not mapped.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

The type is unknown.

A <a target='_blank'.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

Copy a file.

Delete a file.

Download a file.

Lock a file.

Move a file.

Open a file.

Preview a file.

Rename a file.

Restore a file.

Share a file.

Mark a file or folder to sync with a computer.

Unlock a file.

Unshare a file.

Mark a file or folder to not sync with a computer.

Update a file.

Upload a file.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

The type is not mapped.

A <a target='_blank'.

A <a target='_blank'.

A <a target='_blank'.

The type is unknown.

A <a target='_blank'.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

Broadcast time info to network.

NTP client, syncs with servers.

Monitoring and control messaging.

The event activity is not mapped.

Reserved - Not defined in standard.

Dedicated NTP time server,.

Bidirectional time exchange.

Device responds as a server to.

Not used in standard NTP.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The stratum level is not mapped.

The highest precision primary server (e.g.

Reserved stratum (possible values: 17-255).

A secondary level server (possible values: 2-.

Unspecified or invalid.

15).

The observable data type is not mapped.

Unknown observable data type.

The type is not mapped.

The type is unknown.

attribute, which contains a data source specific value.

The discovered information is via a collection.

The discovered information is via a log.

process.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

The injection type is not mapped.

The injection type is unknown.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

An RDP connection request.

An RDP connection response.

The initial RDP request.

The initial RDP response.

The TLS handshake.

Network traffic report.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.

The requestor's access has been.

The request or activity was detected.

Granted access or allowed the action.

A request or submission was approved.

Denied access or blocked the action to.

Required the end user to solve a.

Ran a silent challenge that required.

A corrupt file or configuration was.

Counted the request or activity but.

A custom action was executed such as.

An operation was delayed, for example.

A file or other content was deleted.

Suspicious activity or a policy.

The request was detected as a threat.

An error occurred during the.

A suspicious or risky entity was.

A session was isolated on the network.

The operation or action was logged.

The outcome of an operation had no.

The disposition is not listed.

A corrupt file or configuration was.

A suspicious file or other content was.

A request or submission was rejected.

The request was detected as a threat.

A quarantined file or other content.

A file or other entity was marked with.

An attempt to access a resource was.

A corrupt file or configuration was.

The disposition was not known.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The discovered results are via a query request.

The target was not found.

The discovery attempt failed.

The target was found.

The query result is not mapped.

The target was partially found.

The query result is unknown.

Discovery of the target was not supported.

Action is required immediately and the scope is.

An error occurred but it is too late to take.

Action is required immediately.

Informational message.

The user decides if action is needed.

Action is required but the situation is not.

The event/finding severity is not mapped.

The event/finding severity is unknown.

The event status is not mapped.

The status is unknown.

The type is not mapped.

The type is unknown.

Starting to establish a history of suspicious.

Starting to establish a history of normal.

Proven evidence of maliciousness.

No established history of normal behavior.

The reputation score is not mapped.

Strong possibility of maliciousness.

Indicators of maliciousness.

Reasonable history of good behavior.

Consistently good behavior.

A site with a history of suspicious or risky.

The reputation score is unknown.

Long history of good behavior.

The activity was allowed.

The attempted activity was denied.

The action was not mapped.

The action was unknown.