{ "database:bruteforce": { "description": "IP has been reported for performing brute force on databases.", "label": "Database Bruteforce", "name": "database:bruteforce" }, "ftp:bruteforce": { "description": "IP has been reported for performing brute force on FTP services.", "label": "FTP Bruteforce", "name": "ftp:bruteforce" }, "generic:exploit": { "description": "IP has been reported trying to exploit known vulnerability/CVE on unspecified protocols.", "label": "Exploitation attempt", "name": "generic:exploit" }, "generic:bruteforce": { "description": "IP has been reported trying bruteforce on unspecified protocols.", "label": "Bruteforce attempt", "name": "generic:bruteforce" }, "generic:scan": { "description": "IP has been reported trying to scan or gather information", "label": "Scan attempt", "name": "generic:scan" }, "vcs:bruteforce": { "description": "IP has been reported trying to bruteforce VCS services", "label": "VCS Bruteforce", "name": "vcs:bruteforce" }, "http:bruteforce": { "description": "IP has been reported for performing a HTTP brute force attack (either generic HTTP probing or applicative related brute force).", "label": "HTTP Bruteforce", "name": "http:bruteforce" }, "http:crawl": { "description": "IP has been reported for performing aggressive crawling of web applications.", "label": "HTTP Crawl", "name": "http:crawl" }, "http:exploit": { "description": "IP has been reported for attempting to exploit a vulnerability in a web application.", "label": "HTTP Exploit", "name": "http:exploit" }, "http:scan": { "description": "IP has been reported for performing actions related to HTTP vulnerability scanning and discovery.", "label": "HTTP Scan", "name": "http:scan" }, "http:dos": { "description": "IP has been reported trying to perform denial of service attacks.", "label": "HTTP DoS", "name": "http:dos" }, "http:spam": { "description": "IP has been reported trying to perform spam via web forms/forums.", "label": "Web form spam", "name": "http:spam" }, "iot:bruteforce": { "description": "IP has been reported for performing brute force on IoT management interfaces.", "label": "IOT Bruteforce", "name": "iot:bruteforce" }, "ldap:bruteforce": { "description": "IP has been reported for performing brute force on LDAP services.", "label": "LDAP Bruteforce", "name": "ldap:bruteforce" }, "pop3/imap:bruteforce": { "description": "IP has been reported for performing a POP3/IMAP brute force attack.", "label": "POP3/IMAP Bruteforce", "name": "pop3/imap:bruteforce" }, "sip:bruteforce": { "description": "IP has been reported for performing a SIP (VOIP) brute force attack.", "label": "SIP Bruteforce", "name": "sip:bruteforce" }, "smb:bruteforce": { "description": "IP has been reported for performing brute force on samba services.", "label": "SMB Bruteforce", "name": "smb:bruteforce" }, "smtp:spam": { "description": "IP has been reported trying to perform spam SMTP service.", "label": "SMTP spam", "name": "smtp:spam" }, "ssh:bruteforce": { "description": "IP has been reported for performing brute force on ssh services.", "label": "SSH Bruteforce", "name": "ssh:bruteforce" }, "ssh:exploit": { "description": "IP has been reported for attempting to exploit a vulnerability in SSH.", "label": "SSH Exploit", "name": "ssh:exploit" }, "tcp:scan": { "description": "IP has been reported for performing TCP port scanning.", "label": "TCP Scan", "name": "tcp:scan" }, "telnet:bruteforce": { "description": "IP has been reported for performing brute force on telnet services.", "label": "Telnet Bruteforce", "name": "telnet:bruteforce" }, "vm-management:bruteforce": { "description": "IP has been reported for performing brute force on virtual environment management applications.", "label": "VM Management Bruteforce", "name": "vm-management:bruteforce" }, "vm-management:exploit": { "description": "IP has been reported for attempting to exploit a vulnerability on virtual environment management applications.", "label": "VM Management Exploit", "name": "vm-management:exploit" }, "windows:bruteforce": { "description": "IP has been reported for performing brute force on Windows (samba, remote desktop) services.", "label": "SMB/RDP bruteforce", "name": "windows:bruteforce" }, "windows:rce": { "description": "IP has been reported for exploiting Windows", "label": "Windows Exploit", "name": "windows:rce" }, "linux:post-exploitation": { "description": "IP has been reported for post exploitation on Linux", "label": "Linux Post Exploitation", "name": "linux:post-exploitation" }, "cloud:bruteforce": { "description": "IP has been reported for performing bruteforce on Cloud environment", "label": "Cloud Bruteforce", "name": "cloud:bruteforce" }, "cloud:unusual-activity": { "description": "IP has been reported for performing unusual activity on Cloud environment", "label": "Cloud Unusual Activty", "name": "cloud:unusual-activity" }, "cloud:audit": { "description": "IP has been reported for triggering Cloud Audit", "label": "Cloud Audit", "name": "cloud:audit" }, "ecommerce:fraud": { "description": "IP has been reported for performing fraud on Ecommerce website", "label": "Ecommerce Fraud", "name": "ecommerce:fraud" }, "k8s:scan": { "description": "IP has been reported for scanning Kubernetes cluster", "label": "K8s Scan", "name": "k8s:scan" }, "k8s:bruteforce": { "description": "IP has been reported for perfoming bruteforce on Kubernetes cluster", "label": "K8s Bruteforce", "name": "k8s:bruteforce" }, "k8s:audit": { "description": "IP has been reported for triggering Kubernetes Audit", "label": "K8s Audit", "name": "k8s:audit" }, "linux:exploitation": { "description": "Attempt to exploit a Linux vulnerability to escalate privilege", "label": "Linux Exploitation", "name": "linux:exploitation" } }