<< PREVIOUS

PVE ATTACKS

EXCEPTION NOTIFY

1. Code: 46

2. Brief Description: Exception Notify

3. Sample log message:

   1. CEF format

       

      Jul 17 19:27:03 10.16.8.144 CEF: 1|Virsec Security Platform|Virsec|1.3.0|46|Exception Notify|5|EventId=VS-EXNO-071720-N00009|Application_Name=WinDivByZero 1.0 Server_Name=win_2012_dotnet_8_150 Incident_Level=NOTIFICATION Incident_Category=UNKNOWN Incident_Type=Exception Notify Incident_Timestamp=17 Jul 2020 11:27:33 PM UTC Exception Code=0xc0000094 Exception Fault Memory Address=0xde1111 Process ID=4732 Thread ID=736 Module Start Memory Address=0xde0000 Source Module Name=div_by_zero.exe pid=4732 description=Exception Notify category=PVE Attacks eventTime=2020-07-17 23:27:14 tid=736

   2. CEF - Fixed Key Definition format

       

      Sep  8 22:17:15 10.16.8.184 CEF: 1|Virsec Security Platform|Virsec|1.4.0|46|Exception Notify|5|EventId=VS-EXNO-090920-N00003|Application_Name=PVETest_IIS85_job85 1 Server_Name=WIN-2012-188 Incident_Level=NOTIFICATION Incident_Category=PVE_ATTACK Incident_Type=Exception Notify Incident_Timestamp=09 Sep 2020 02:18:32 AM UTC Exception Code=0xc0000005 Exception Fault Memory Address=0x7fffcc6b571c Process ID=4200 Thread ID=1688 Module Start Memory Address=0x7fffcc680000 Source Module Name=ntdll.dll pid=4200 description=Exception Notify category=PVE Attacks eventTime=2020-09-09T02:17:45.562-07:00 tid=1688

SIGNAL NOTIFY

1. Code: 47

2. Brief Description: Signal Notify

3. Sample log message:

   1. CEF format

       

      Jul 17 16:28:39 10.16.8.144 CEF: 1|Virsec Security Platform|Virsec|1.3.0|47|Signal Notify|5|EventId=VS-SINO-071720-N00005|Application_Name=DivByZeroException 1.0 Server_Name=redhat7 Incident_Level=NOTIFICATION Incident_Category=UNKNOWN Incident_Type=Signal Notify Incident_Timestamp=17 Jul 2020 08:29:09 PM UTC Process ID=8352 Signal Number=0x8 Thread ID=8352 Module Start Memory Address=Not Available Source Module Name=div_by_zero Signal Access Memory Address=0x000000000040084e pid=8352 description=Signal Notify category=PVE Attacks eventTime=2020-07-17 16:28:32 tid=8352

   2. CEF - Fixed Key Definition format

       

      Sep  9 21:38:17 10.16.8.184 CEF: 1|Virsec Security Platform|Virsec|1.4.0|47|Signal Notify|5|EventId=VS-SINO-091020-N00002|Application_Name=RHEL67_div_by_zero_189 1 Server_Name=rhel6_53 Incident_Level=NOTIFICATION Incident_Category=PVE_ATTACK Incident_Type=Signal Notify Incident_Timestamp=10 Sep 2020 01:39:35 AM UTC Process ID=15867 Signal Number=0x8 Thread ID=15867 Module Start Memory Address=Not Available Source Module Name=div_by_zero Signal Access Memory Address=0x000000000040084e pid=15867 description=Signal Notify category=PVE Attacks eventTime=2020-09-10T01:38:47.031+05:00 tid=15867

<< PREVIOUS