Signature severity helps security teams prioritize incidents.
A higher score indicates an increased risk associated with the intrusion event.
NSX IDS Severity Level |
Classification Type-Rating |
Classification Types |
CRITICAL |
1 |
- Attempted User Privilege Gain
- Unsuccessful User Privilege Gain
- Successful User Privilege Gain
- Attempted administrator Privilege Gain
- Successful Administrator Privilege Gain
- Executable Code was Detected
- A Network Trojan was Detected
- Web Application Attack
- Inappropriate Content was Detected
- Potential Corporate Privacy Violation
- Targeted Malicious Activity was Detected
- Exploit Kit Activity Detected
- Domain Observed Used for C2 Detected
- Successful Credential Theft Detected
- Emerging Threat alert from SpiderLabs Research
- RedAlert from SpiderLabs Research
|
High |
2 |
- Potentially Bad Traffic
- Information Leak
- Large Scale Information Leak
- Attempted Denial of Service
- Decode of an RPC Query
- Suspicious Filename Detected
- Attempted Login Using a Suspicious Username
- System Call Detected
- Client Using an Unusual Port
- Detection of a Denial of Service Attack
- Detection of a Non-Standard Protocol or Event
- Access to a Potential Vulnerable Web Application Attack
- Attempt to Log in By a Default Username and Password
- Device Retrieving External IP Address Detected
- Possibly Unwanted Program Detected
- Possible Social Engineering Attempted
- Crypto Currency Mining Activity Detected
|
Medium |
3 |
- Not Suspicious Traffic
- Unknown Traffic
- Suspicious String was Detected
- Detection of a Network Scan
- Generic Protocol Command Decode
- Misc Activity
- Generic ICMP event
|
Low |
4-9 |
- TCP Connection Detected
- Non-specific Potential Attack
- Attempt to Exploit Client-side Web Application Vulnerability
- Non-specific Potential Web App Attack
- Traffic Which is Likely a Bad Idea or Misconfiguration
- Attempt to Exploit Administrative-level Vulnerability
- Attempt to Exploit user-level Vulnerability
- IP Based Alert From SpiderLabs Research
- Successful Exploitation of a Root-level Vulnerability
- Indication of an Active Backdoor Channel
- Worm Propagation
- Specific Virus Detected
|