System event logs
|
ID
|
Log Type
|
Message
|
|
11001
|
Update events
|
Product Updates: {USER} installed hot fix {VERSION} from {IP}
|
|
11002
|
Update events
|
Product Updates: {USER} rolled back hot fix {VERSION} from {IP}
|
|
11003
|
Update events
|
Product Updates: Appliance firmware upgraded by {USER} from {IP}
|
|
12001
|
Update events
|
Deep Discovery Director: Hotfix update successful
|
|
12002
|
Update events
|
Deep Discovery Director: Firmware update successful
|
|
12003
|
Update events
|
Deep Discovery Director: Virtual Analyzer image import successful
|
|
12004
|
Update events
|
Deep Discovery Director: Configuration update successful
|
|
12005
|
Update events
|
Deep Discovery Director: Unregistered by Deep Discovery Director
administrator
|
|
12101
|
Update events
|
Deep Discovery Director: Suspicious object synchronization with Apex Central
disabled
|
|
12201
|
Update events
|
Deep Discovery Director: End-User Quarantine configuration disabled
|
|
130xx
|
Update events
|
ActiveUpdate: {COMPONENT} downloaded manually by {USER} from
{IP}
|
|
131xx
|
Update events
|
ActiveUpdate: {COMPONENT} unsuccessfully downloaded manually by
{USER} from {IP}
|
|
132xx
|
Update events
|
ActiveUpdate: {COMPONENT} downloaded by scheduled update
|
|
133xx
|
Update events
|
ActiveUpdate: {COMPONENT} unsuccessfully downloaded by scheduled
update
|
|
134xx
|
Update events
|
ActiveUpdate: {COMPONENT} rolled back to version {VERSION} by {USER}
from {IP}
|
|
135xx
|
Update events
|
ActiveUpdate: {COMPONENT} unsuccessfully rolled back by {USER} from
{IP}
|
|
136xx
|
Update events
|
ActiveUpdate Exception - Apply {COMPONENT} {VERSION} to local
scanner failed
|
|
20101
|
Audit log
|
System started
|
|
20102
|
Audit log
|
System stopped
|
|
20201
|
Audit log
|
Service started
|
|
20202
|
Audit log
|
Service stopped
|
|
20301
|
Audit log
|
License: {NAME} license expired, grace period ends on {DATE}
|
|
20302
|
Audit log
|
License: {NAME} license expired
|
|
20303
|
Audit log
|
License: {NAME} license updated
|
|
20401
|
Audit log
|
System Maintenance: Device powered off by {USER} from {IP}
|
|
20402
|
Audit log
|
System Maintenance: Device restarted by {USER} from {IP}
|
|
20501
|
Audit log
|
Logon: 'admin' logged on from {HOST} via SSH
|
|
20502
|
Audit log
|
Logon: Attempted logon with user name ('admin') from {HOST} via
SSH
|
|
20503
|
Audit log
|
Logon: 'root' logged on from {HOST} with token {NAME} via SSH
|
|
20504
|
Audit log
|
Logon: Attempted logon with user name ('root') from {HOST} via
SSH
|
|
20505
|
Audit log
|
Logon: 'admin' logged off from {HOST} via SSH
|
|
20506
|
Audit log
|
Logon: 'root' logged off from {HOST} with token {NAME} via SSH
|
|
20507
|
Audit log
|
Logon: Attempted logon with user name {USER} from {HOST} via SSH
|
|
30101
|
Audit log
|
Active update source setting was changed
|
|
30102
|
Audit log
|
Active update schedule setting was changed
|
|
30201
|
Audit log
|
System Settings: Host name saved as {NAME} by {USER} from {IP}
|
|
30202
|
Audit log
|
System Settings: {INTERFACE} IPv4 address and subnet mask were saved
as {SUBNET} by {USER} from {IP}
|
|
30203
|
Audit log
|
System Settings: {INTERFACE} IPv6 address and prefix length were
saved as {IP}/{LENGTH} by {USER} from {IP}
|
|
30204
|
Audit log
|
System Settings: {INTERFACE} IPv4 gateway saved as {GATEWAY} by
{USER} from {IP}
|
|
30205
|
Audit log
|
System Settings: {INTERFACE} IPv6 gateway saved as {GATEWAY} by
{USER} from {IP}
|
|
30206
|
Audit log
|
System Settings: {INTERFACE} primary IPv4 DNS server saved as {IP}
and secondary IPv4 DNS server saved as {IP} by {USER} from {IP}
|
|
30207
|
Audit log
|
System Settings: {INTERFACE} primary IPv6 DNS server saved as {IP}
and secondary IPv6 DNS server saved as {IP} by {USER} from {IP}
|
|
30208
|
Audit log
|
System Settings: {INTERFACE} IPv4 address and subnet mask deleted by {USER} from
{IP}
|
|
30209
|
Audit log
|
System Settings: NIC teaming settings changed by {USER} from {IP}
|
|
30301
|
Audit log
|
System Settings: Operation mode saved as {MODE} by {USER} from
{IP}
|
|
30401
|
Audit log
|
System Settings: Proxy settings modified by {USER} from {IP}
|
|
30402
|
Audit log
|
System Settings: Proxy settings unsuccessfully modified by {USER}
from {IP}
|
|
30501
|
Audit log
|
System Settings: SMTP server settings modified by {USER} from
{IP}
|
|
30601
|
Audit log
|
System Settings: System time zone saved as {ZONE} by {USER} from
{IP}
|
|
30602
|
Audit log
|
System Settings: NTP server synchronization enabled by {USER} from
{IP}
|
|
30603
|
Audit log
|
System Settings: NTP server synchronization disabled by {USER} from
{IP}
|
|
30604
|
Audit log
|
System Settings: System time saved as {TIME} by {USER} from {IP}
|
|
30605
|
Audit log
|
System Settings: Database time zone saved as {ZONE} by {USER} from
{IP}
|
|
30606
|
Audit log
|
System Settings: NTP server saved as {NAME} by {USER} from {IP}
|
|
30701
|
Audit log
|
System Settings: SNMP settings modified by {USER} from {IP}
|
|
30702
|
Audit log
|
System Settings: SNMP MIB files downloaded by {USER} from {IP}
|
|
30703
|
Audit log
|
System settings: Session timeout setting modified by {USER} from
{IP}
|
|
30704
|
Audit log
|
System Settings: SSL settings modified by {USER} from {IP}
|
|
30705
|
Audit log
|
System Settings: {USER} added certificate signing request {NAME} from {IP}
|
|
30706
|
Audit log
|
System Settings: {USER} added self-signed certificate {NAME} from {IP}
|
|
30707
|
Audit log
|
System Settings: {USER} deleted certificate {NAME} from {IP}
|
|
30708
|
Audit log
|
System Settings: {USER} imported certificate {NAME} from {IP}
|
|
30709
|
Audit log
|
System Settings: {USER} changed certificate name from {NAME} to {NAME} from
{IP}
|
|
30710
|
Audit log
|
System Settings: {USER} assigned certificate {NAME} to {SERVICE} from {IP}
|
|
30711
|
Audit log
|
System Settings: {USER} deleted trusted CA certificate {NAME} from {IP}
|
|
30712
|
Audit log
|
System Settings: {USER} imported trusted CA certificate {NAME} from {IP}
|
|
30801
|
Audit log
|
Mail Settings: SMTP Connection setting saved by {USER} from {IP}
|
|
30802
|
Audit log
|
Mail Settings: TLS certificate uploaded by {USER} from {IP}
|
|
30803
|
Audit log
|
Mail Settings: TLS certificate downloaded by {USER} from {IP}
|
|
30901
|
Audit log
|
Mail Settings: Delivery profiles exported by {USER} from {IP}
|
|
30902
|
Audit log
|
Mail Settings: Delivery profiles unsuccessfully exported by {USER}
from {IP}
|
|
30903
|
Audit log
|
Mail Settings: Delivery profiles imported by {USER} from {IP}
|
|
30904
|
Audit log
|
Mail Settings: Mail Settings: Delivery profiles unsuccessfully
imported due to maximum entries (256) exceeded
|
|
30905
|
Audit log
|
Mail Settings: Delivery profiles unsuccessfully imported by {USER}
from {IP}
|
|
30906
|
Audit log
|
Mail Settings: Delivery profile added by {USER} from {IP}
|
|
30907
|
Audit log
|
Mail Settings: Delivery profile modified by {USER} from {IP}
|
|
30908
|
Audit log
|
Mail Settings: Delivery profile deleted by {USER} from {IP}
|
|
31001
|
Audit log
|
Mail Settings: Mail settings modified by {USER} from {IP}
|
|
31101
|
Audit log
|
Mail Settings: SMTP server greeting saved by {USER} from {IP}
|
|
31102
|
Audit log
|
Mail Settings: Internal domain settings modified by {USER} from {IP}
|
|
31103
|
Audit log
|
Mail Settings: Internal domains imported by {USER} from {IP}
|
|
31103
|
Audit log
|
Mail Settings: Internal domain {NAME} added through a policy by {USER} from
{IP}
|
|
31104
|
Audit log
|
Mail Settings: Address Rewriting settings modified by by {USER} from {IP}
|
|
31105
|
Audit log
|
Mail Settings: Domain Rewriting settings modified by {USER} from
{IP}
|
|
31106
|
Audit log
|
Mail Settings: {USER} added IP address or domain {NAME} from {IP}
for incoming messages
|
|
31107
|
Audit log
|
Mail Settings: {USER} updated IP address or domain {NAME} from {IP}
for incoming messages
|
|
31108
|
Audit log
|
Mail Settings: {USER} deleted one or more IP addresses or domains
from {IP} for incoming messages
|
|
31109
|
Audit log
|
Mail Settings: {USER} imported one or more IP addresses or domains
from {IP} for incoming messages
|
|
31110
|
Audit log
|
Mail Settings: {USER} enabled IP address or domain {NAME} from {IP}
for incoming messages
|
|
31111
|
Audit log
|
Mail Settings: {USER} disabled IP address or domain {NAME} from {IP}
for incoming messages
|
|
31112
|
Audit log
|
Mail Settings: {USER} added domain {NAME} from {IP} for outgoing
messages
|
|
31113
|
Audit log
|
Mail Settings: {USER} updated domain {NAME} from {IP} for outgoing
messages
|
|
31114
|
Audit log
|
Mail Settings: {USER} deleted one or more domains from {IP} for
outgoing messages
|
|
31115
|
Audit log
|
Mail Settings: {USER} imported one or more domains from {IP} for
outgoing messages
|
|
31116
|
Audit log
|
Mail Settings: {USER} enabled domain {NAME} from {IP} for outgoing
messages
|
|
31117
|
Audit log
|
Mail Settings: {USER} disabled domain {NAME} from {IP} for outgoing
messages
|
|
31201
|
Audit log
|
Log Settings: {NAME} syslog server profile created by {USER} from
{IP}
|
|
31202
|
Audit log
|
Log Settings: {NAME} syslog server profile deleted by {USER} from
{IP}
|
|
31203
|
Audit log
|
Log Settings: {NAME} syslog server profile modified by {USER} from
{IP}
|
|
31204
|
Audit log
|
Log Settings: {NAME} enabled by {USER} from {IP}
|
|
31205
|
Audit log
|
Log Settings: {NAME} disabled by {USER} from {IP}
|
|
31206
|
Audit log
|
Integrated Products/Services: {USER} synchronized data for all LDAP servers from
{IP}
|
|
31207
|
Audit log
|
Integrated Products/Services: {USER} enabled LDAP server {NAME} from {IP}
Log Settings: {NAME} disabled by {USER} from {IP}
|
|
31208
|
Audit log
|
Integrated Products/Services: {USER} disabled LDAP server {NAME} from {IP}
|
|
31301
|
Audit log
|
Integrated Products/Services: SFTP Upload settings modified by {USER}
from {IP}
|
|
31402
|
Audit log
|
Integrated Products/Services: {USER} added LDAP server {NAME} from
{IP}
|
|
31403
|
Audit log
|
Integrated Products/Services: {USER} modified LDAP server {NAME} from
{IP}
|
|
31404
|
Audit log
|
Integrated Products/Services: {USER} deleted LDAP server {NAME} from
{IP}
|
|
31405
|
Audit log
|
Integrated Products/Services: {USER} synchronized data for LDAP
server {NAME} from {IP}
|
|
31406
|
Audit log
|
Integrated Products/Services: {USER} synchronized data for all LDAP
servers from {IP}
|
|
31407
|
Audit log
|
Integrated Products/Services: {USER} enabled LDAP server {NAME} from
{IP}
|
|
31408
|
Audit log
|
Integrated Products/Services: {USER} disabled LDAP server {NAME} from
{IP}
|
|
31501
|
Audit log
|
Integrated Products/Services: Threat Intelligent Sharing settings
modified by {USER} from {IP}
|
|
31502
|
Audit log
|
Integrated Products/Services: {USER} generate suspicious objects
list from {IP}
|
|
31601
|
Audit log
|
Integrated Products/Services: Auxiliary Products/Services settings
modified by {USER} from {IP}
|
|
31602
|
Audit log
|
Integrated Products/Services: {USER} clicked Auxiliary
Products/Services > Distribute Now from {IP}
|
|
31701
|
Audit log
|
Systems Settings: Apex Central settings modified by {USER} from {IP}
|
|
31702
|
Audit log
|
System Settings: Suspicious object synchronization enabled by {USER}
from {IP}
|
|
31703
|
Audit log
|
System Settings: Suspicious object synchronization disabled by
{USER} from {IP}
|
|
31801
|
Audit log
|
System Settings: Proxy settings for Deep Discovery Director modified
by {USER} by {IP}
|
|
31802
|
Audit log
|
System Settings: Registered to Deep Discovery Director by {USER}
from {IP}
|
|
31803
|
Audit log
|
System Settings: Unregistered from Deep Discovery Director by {USER}
from {IP}
|
|
31804
|
Audit log
|
System Settings: Deep Discovery Director fingerprint trusted by
{USER} from {IP}
|
|
31901
|
Audit log
|
Scanning / Analysis: Image imported by {USER} from {IP}
|
|
31902
|
Audit log
|
Scanning / Analysis: Image deleted by {USER} from {IP}
|
|
31903
|
Audit log
|
Scanning / Analysis: Number of instances for each Virtual Analyzer
image modified by {USER} from {IP}
|
|
32001
|
Audit log
|
Scanning / Analysis: Virtual Analyzer settings modified by {USER}
from {IP}
|
|
32101
|
Audit log
|
Scanning / Analysis: {PRODUCT NAME} registered to the external
Virtual Analyzer
|
|
32102
|
Audit log
|
Scanning / Analysis: Unable to register to the external Virtual
Analyzer
|
|
32103
|
Audit log
|
Scanning / Analysis: {PRODUCT NAME} unregistered from the external
Virtual Analyzer
|
|
32104
|
Audit log
|
Scanning / Analysis: Virtual Analyzer external integration settings
modified by {USER} from ''%s''
|
|
32201
|
Audit log
|
Scanning / Analysis: File Passwords setting was modified by {USER}
from {IP}
|
|
32301
|
Audit log
|
Scanning / Analysis: Smart Protection settings modified by {USER}
from {IP}
|
|
32401
|
Audit log
|
Scanning / Analysis: Smart Feedback settings modified by {USER} from
{IP}
|
|
32501
|
Audit log
|
Scanning / Analysis: {USER} added YARA rule {NAME} from {IP}
|
|
32502
|
Audit log
|
Scanning / Analysis: {USER} modified YARA rule {NAME} from {IP}
|
|
32503
|
Audit log
|
Scanning / Analysis: {USER} deleted YARA rule {NAME} from {IP}
|
|
32504
|
Audit log
|
Scanning / Analysis: {USER} modified status for YARA rule {NAME} from
{IP}
|
|
32510
|
Audit log
|
Scanning / Analysis: Time-of-Click settings modified by {USER} from {IP}
|
|
32520
|
Audit log
|
Scanning / Analysis: High-Profile Users settings modified by {USER} from {IP}
|
|
32521
|
Audit log
|
Scanning / Analysis: Internal Domains settings modified by {USER} from {IP}
|
|
32522
|
Audit log
|
Scanning / Analysis: Approved Senders settings modified by {USER} from {IP}
|
|
32523
|
Audit log
|
Scanning / Analysis: Cousin Domains settings modified by {USER} from
{IP}
|
|
32530
|
Audit log
|
Scanning / Analysis: URL Scanning setting modified by {USER} from
{IP}
|
|
32601
|
Audit log
|
System Maintenance: Configuration imported by {USER} from {IP}
|
|
32602
|
Audit log
|
System Maintenance: Configuration unsuccessfully imported by {USER}
from {IP}
|
|
32603
|
Audit log
|
System Maintenance: Configuration exported by {USER} from {IP}
|
|
32604
|
Audit log
|
System Maintenance: Configuration unsuccessfully exported by {USER}
from {IP}
|
|
32701
|
Audit log
|
System Maintenance: Data purge started automatically
|
|
32702
|
Audit log
|
System Maintenance: Data purge completed ({MIN} min {SEC} s)
|
|
32703
|
Audit log
|
System Maintenance: Storage maintenance setting modified by {USER}
from {IP}
|
|
32801
|
Audit log
|
System Maintenance: System log level setting modified by {USER} from
{IP}
|
|
32901
|
Audit log
|
Accounts / Contacts: {USER} created the account {NAME} from {IP}
|
|
32902
|
Audit log
|
Accounts / Contacts: {USER} deleted the account {NAME} from {IP}
|
|
32903
|
Audit log
|
Accounts / Contacts: {USER} modified the account {NAME} from
{IP}
|
|
32904
|
Audit log
|
Accounts / Contacts: {USER} unlocked the account {NAME} from {IP}
|
|
33001
|
Audit log
|
Logon: {USER} logged on as {ROLE} role from {IP}
|
|
33002
|
Audit log
|
Logon: {USER} logged off from {IP}
|
|
33003
|
Audit log
|
Logon: Attempted logon with an invalid user name ({USER}) or password
from {IP}
|
|
33004
|
Audit log
|
Logon: Attempted logon with a disabled user name ({USER}) from
{IP}
|
|
33005
|
Audit log
|
Logon: Attempted logon with a locked user name {NAME} from {IP}
|
|
33006
|
Audit log
|
Logon: Unlocked user name {NAME} from {IP}
|
|
33007
|
Audit log
|
RDQA Logon: ''{USER}'' logged on as {NAME} role from {IP}
|
|
33008
|
Audit log
|
RDQA Logon: ''{USER}" logged off
|
|
33009
|
Audit log
|
RDQA Logon: Attempted logon with an invalid user name ''{USER}'' or password from
{IP}
|
|
33010
|
Audit log
|
RDQA Logon: Attempted logon with a disabled user name ''{USER}'' from {IP}
|
|
33011
|
Audit log
|
RDQA Logon: Attempted logon with a locked user name ''{USER}'' from {IP}
|
|
33012
|
Audit log
|
RDQA Logon: Unlocked user name ''{USER}'' from {IP}
|
|
33101
|
Audit log
|
Accounts / Contacts: Contacts for alert notifications and reports
modified by {USER} from {IP}
|
|
33201
|
Audit log
|
Accounts / Contacts: {USER} modified the password for {NAME} from
{IP}
|
|
33202
|
Audit log
|
Accounts / Contacts: {USER} added SAML group {NAME} from {IP}
|
|
33203
|
Audit log
|
Accounts / Contacts: {USER} modified SAML group {NAME} from {IP}
|
|
33204
|
Audit log
|
Accounts / Contacts: {USER} deleted SAML group {NAME} from {IP}
|
|
33205
|
Audit log
|
Accounts / Contacts: {USER} enabled SAML group {NAME} from {IP}
|
|
33206
|
Audit log
|
Accounts / Contacts: {USER} disabled SAML group {NAME} from {IP}
|
|
33301
|
Audit log
|
License: {NAME} license activated by {USER} from {IP}
|
|
33302
|
Audit log
|
License: Attempted to activate {NAME} license using an invalid Activation Code by
{USER} from {IP}
|
|
33303
|
Audit log
|
License: {NAME} license updated by {USER} from {IP}
|
|
33401
|
Audit log
|
Policy: Policy setting changed by {USER} from {IP}
|
|
33402
|
Audit log
|
Policy: {USER} added policy {NAME} from {IP}
|
|
33403
|
Audit log
|
Policy: {USER} modified policy {NAME} from {IP}
|
|
33404
|
Audit log
|
Policy: {USER} imported policies from {IP}
|
|
33405
|
Audit log
|
Policy: {USER} deleted policy {NAME} from {IP}
|
|
33406
|
Audit log
|
Policy: {USER} copied policy {NAME} from {IP}
|
|
33407
|
Audit log
|
Policy: {USER} enabled policy {NAME} from {IP}
|
|
33408
|
Audit log
|
Policy: {USER} disabled policy {NAME} from {IP}
|
|
33409
|
Audit log
|
Policy: {USER} modified priority setting of policy {NAME} from {PRIORITY} to
{PRIORITY} from {IP}
|
|
33410
|
Audit log
|
Policy: {USER} added content filtering rule {NAME} from {IP}
|
|
33411
|
Audit log
|
Policy: {USER} updated content filtering rule {NAME} from {IP}
|
|
33412
|
Audit log
|
Policy: {USER} copied content filtering rule {NAME} from {IP}
|
|
33413
|
Audit log
|
Policy: {USER} deleted content filtering rule {NAME} from {IP}
|
|
33414
|
Audit log
|
Policy: {USER} added antispam rule {NAME} from {IP}
|
|
33415
|
Audit log
|
Policy: {USER} updated antispam rule {NAME} from {IP}
|
|
33416
|
Audit log
|
Policy: {USER} copied antispam rule {NAME} from {IP}
|
|
33417
|
Audit log
|
Policy: {USER} deleted antispam rule {NAME} from {IP}
|
|
33418
|
Audit log
|
Policy: {USER} added advanced threat protection rule {NAME} from {IP}
|
|
33419
|
Audit log
|
Policy: {USER} updated advanced threat protection rule {NAME} from {IP}
|
|
33420
|
Audit log
|
Policy: {USER} copied advanced threat protection rule {NAME} from {IP}
|
|
33421
|
Audit log
|
Policy: {USER} deleted advanced threat protection rule {NAME} from {IP}
|
|
33422
|
Audit log
|
Policy: {USER} added policy notification {NAME} from {IP}
|
|
33423
|
Audit log
|
Policy: {USER} modified policy notification {NAME} from {IP}
|
|
33424
|
Audit log
|
Policy: {USER} deleted some policy notifications from {IP}
|
|
33425
|
Audit log
|
Policy: {USER} copied policy notification {NAME} from {IP}
|
|
33426
|
Audit log
|
Policy: {USER} added archive server {NAME} from {IP}
|
|
33427
|
Audit log
|
Policy: {USER} modified archive server {NAME} from {IP}
|
|
33428
|
Audit log
|
Policy: {USER} deleted some archive servers from {IP}
|
|
33429
|
Audit log
|
Policy: {USER} added DLP rule {NAME} from {IP}
|
|
33430
|
Audit log
|
Policy: '{USER} updated DLP rule {NAME} from {IP}
|
|
33431
|
Audit log
|
Policy: {USER} copied DLP rule {NAME} from {IP}
|
|
33432
|
Audit log
|
Policy: {USER} deleted DLP rule {NAME} from {IP}
|
|
33433
|
Audit log
|
Policy Objects: {USER} added expression {NAME} from {IP}
|
|
33434
|
Audit log
|
Policy Objects: {USER} updated expression {NAME} from {IP}
|
|
33435
|
Audit log
|
Policy Objects: {USER} copied expression {NAME} from {IP}
|
|
33436
|
Audit log
|
Policy Objects: {USER} deleted expression {NAME} from {IP}
|
|
33437
|
Audit log
|
Policy Objects: {USER} imported expression file from {IP}
|
|
33438
|
Audit log
|
Policy Objects: {USER} added file attribute {NAME} from {IP}
|
|
33439
|
Audit log
|
Policy Objects: {USER} updated file attribute {NAME} from {IP}
|
|
33440
|
Audit log
|
Policy Objects: {USER} copied file attribute {NAME} from {IP}
|
|
33441
|
Audit log
|
Policy Objects: {USER} deleted file attribute {NAME} from {IP}
|
|
33442
|
Audit log
|
Policy Objects: {USER} imported file attribute file from {IP}
|
|
33443
|
Audit log
|
Policy Objects: {USER} added keyword list {NAME} from {IP}
|
|
33444
|
Audit log
|
Policy Objects: {USER} updated keyword list {NAME} from {IP}
|
|
33445
|
Audit log
|
Policy Objects: {USER} copied keyword list {NAME} from {IP}
|
|
33446
|
Audit log
|
Policy Objects: {USER} deleted keyword list {NAME}from {IP}
|
|
33447
|
Audit log
|
Policy Objects: {USER} imported keyword list file from {IP}
|
|
33448
|
Audit log
|
Policy Objects: {USER} added template {NAME} from {IP}
|
|
33449
|
Audit log
|
Policy Objects: {USER} updated template {NAME} from {IP}
|
|
33450
|
Audit log
|
Policy Objects: {USER} copied template {NAME} from {IP}
|
|
33451
|
Audit log
|
Policy Objects: {USER} deleted template {NAME} from {IP}
|
|
33452
|
Audit log
|
Policy Objects: {USER} imported template file from {IP}
|
|
33453
|
Audit log
|
Policy Objects: {USER} added policy stamp {NAME} from {IP}
|
|
33454
|
Audit log
|
Policy Objects: {USER} modified policy stamp {NAME} from {IP}
|
|
33455
|
Audit log
|
Policy Objects: {USER} deleted some policy stamps from {IP}
|
|
33456
|
Audit log
|
Policy Objects: {USER} enabled policy stamp {NAME} from {IP}
|
|
33457
|
Audit log
|
Policy Objects: {USER} disabled policy stamp {NAME} from {IP}
|
|
33458
|
Audit log
|
Policy Objects: {USER} added address group {NAME} from {IP}
|
|
33459
|
Audit log
|
Policy Objects: {USER} deleted address group {NAME} from {IP}
|
|
33460
|
Audit log
|
Policy Objects: {USER} updated address group {NAME} from {IP}
|
|
33501
|
Audit log
|
Policy: Policy exception settings modified by {USER} from {IP}
|
|
33502
|
Audit log
|
Policy: Graymail exception settings modified by {USER} from {IP}
|
|
33601
|
Audit log
|
Alerts: Alert rule settings modified by {USER} from {IP}
|
|
33701
|
Audit log
|
Report: Report settings changed by {USER} from {IP}
|
|
33801
|
Audit log
|
Detected Messages: Message {NAME} downloaded by {USER} from {IP}
|
|
33802
|
Audit log
|
Detected Messages: Investigation package {NAME} downloaded by {USER}
from {IP}
|
|
33803
|
Audit log
|
Detected Messages: Screenshot of message {NAME} viewed by {USER} from {IP}
|
|
33804
|
Audit log
|
Detected Messages: Virtual Analyzer report of message {NAME} viewed by {USER}
from {IP}
|
|
33901
|
Audit log
|
Quarantine: MsgID {ID} released by {USER} from {IP}
|
|
33902
|
Audit log
|
Quarantine: MsgID {ID} deleted by {USER} from {IP}
|
|
33903
|
Audit log
|
Quarantine: Resumed processing message {ID} by {USER} from {IP}
|
|
33904
|
Audit log
|
Quarantine: Message {ID} unlocked and reprocessed by {USER} from {IP}
|
|
34001
|
Audit log
|
Unable to distribute suspicious objects to Check Point OPSEC. Verify
that the Check Point OPSEC settings are correct and that no network problem
exists.
|
|
34002
|
Audit log
|
Unable to distribute suspicious objects to Trend Micro TippingPoint
SMS. Verify that the Trend Micro TippingPoint SMS settings are correct and that no
network problem exists.
|
|
34003
|
Audit log
|
Unable to distribute suspicious objects to IBM Security Network
Protection XGS. Verify that the IBM Security Network Protection XGS settings are
correct and that no network problem exists.
|
|
34004
|
Audit log
|
Unable to distribute suspicious objects to Palo Alto Panorama or
Firewalls. Verify that the Palo Alto Panorama or Firewalls settings are correct
and that no network problem exists.
|
|
34005
|
Audit log
|
Unable to generate suspicious objects list. Verify that the Threat
Intelligence Sharing settings are correct.
|
|
34101
|
Audit log
|
End-User Quarantine: EUQ settings modified by {USER} from {IP}
|
|
34102
|
Audit log
|
End-User Quarantine: User Quarantine Access settings modified by
{USER} from {IP}
|
|
34103
|
Audit log
|
End-User Quarantine: EUQ Digest settings modified by {USER} from
{IP}
|
|
34201
|
Audit log
|
Sender Filtering: Approved Senders list modified by {USER} from {IP}
|
|
34202
|
Audit log
|
Sender Filtering: ERS settings modified by {USER} from {IP}
|
|
34203
|
Audit log
|
Sender Filtering: DHA protection settings modified by {USER} from {IP}
|
|
34204
|
Audit log
|
Sender Filtering: Bounced attack protection settings modified by {USER} from
{IP}
|
|
34205
|
Audit log
|
Sender Filtering: SMTP traffic throttling settings modified by {USER} from
{IP}
|
|
34206
|
Audit log
|
Sender Filtering: Blocked Senders list modified by {USER} from {IP}
|
|
34207
|
Audit log
|
Sender Filtering: Some Blocked Senders list entries moved to Approved Senders
list by {USER} from {IP}
|
|
34208
|
Audit log
|
Sender Filtering: SPF settings modified by {USER} from {IP}
|
|
34209
|
Audit log
|
Sender Filtering: DKIM Authentication settings modified by {USER} from {IP}
|
|
34210
|
Audit log
|
Sender Filtering: DKIM Signatures settings modified by {USER} from {IP}
|
|
34211
|
Audit log
|
Sender Filtering: DMARC settings modified by {USER} from {IP}
|
|
35001
|
Audit log
|
Message Queues: Messages deleted by {USER} from {IP}
|
|
35002
|
Audit log
|
Message Queues: Messages delivered by {USER} from {IP}
|
|
35003
|
Audit log
|
Message Queues: All messages delivered by {USER} from {IP}
|
|
35004
|
Audit log
|
Message Tracking: Investigation package {NAME} downloaded by {USER} from {IP}
|
|
35005
|
Audit log
|
Email Submissions: Message submitted by {USER} from {IP}
|
|
35006
|
Audit log
|
Message Queues: Messages rerouted by to {IP} by {USER} from {IP}
|
|
35007
|
Audit log
|
Message Queues: All messages rerouted by to {IP} by {USER} from
{IP}
|
|
35008
|
Audit log
|
Message Queues: All messages deleted by {USER} from {IP}
|
|
35011
|
Audit log
|
Integrated Products/Services: Registered to Email Encryption server by {USER}
from {IP}
|
|
35012
|
Audit log
|
Integrated Products/Services: Domain {DOMAIN} added to Email Encryption server by
{USER} from {IP}
|
|
35013
|
Audit log
|
Integrated Products/Services: Domain {DOMAIN} deleted from Email Encryption
server by {USER} from {IP}
|
|
35014
|
Audit log
|
Integrated Products/Services: Key file uploaded to Email Encryption server for
domain {DOMAIN} by {USER} from {IP}
|
|
35016
|
Audit log
|
Integrated Products/Services: Default sender modified to {SENDER} for
Email Encryption by {USER} from {IP}
|
|
35017
|
Audit log
|
Integrated Products/Services: Email address modified to {EMAIL} for
Email Encryption by {USER} from {IP}
|
|
35021
|
Audit log
|
Integrated Products/Services: {USER} added identity provider server {NAME} from
{IP}
|
|
35022
|
Audit log
|
Integrated Products/Services: {USER} modified identity provider server {NAME}
from {IP}
|
|
35023
|
Audit log
|
Integrated Products/Services: {USER} deleted identity provider server {NAME} from
{IP}
|
|
35024
|
Audit log
|
Integrated Products/Services: {USER} enabled identity provider server {NAME} from
{IP}
|
|
35025
|
Audit log
|
Integrated Products/Services: {USER} disabled identity provider server {NAME}
from {IP}
|
|
35026
|
Audit log
|
Integrated Products/Services: {USER} updated certificate for management console
from {IP}
|
|
35027
|
Audit log
|
Integrated Products/Services: {USER} updated certificate for EUQ console from
{IP}
|
|
35028
|
Audit log
|
Logon: {USER} logged on via identity provider server {NAME} as {ROLE}
from {IP}
|
|
35029
|
Audit log
|
Logon: {USER} logged off via identity provider server {NAME} from {IP}
|
|
41001
|
EUQ log
|
EUQ: {USER} logged on from {IP}
|
|
41002
|
EUQ log
|
EUQ: {USER} logged off from {IP}
|
|
41003
|
EUQ log
|
EUQ: MsgID {ID} released by {USER} from {IP}
|
|
41004
|
EUQ log
|
EUQ: MsgID {ID} deleted by {USER} from {IP}
|
|
41005
|
EUQ log
|
EUQ: Approved Senders list modified by {USER} from {IP}
|
|
41006
|
EUQ log
|
EUQ: {USER} logged on via identity provider server {NAME} from
{IP}
|
|
41007
|
EUQ log
|
EUQ: {USER} logged off via identity provider server {NAME} from
{IP}
|