Event Summary data is organized by type_id: description. For example, if you are analyzing Vantage events, this is represented in ATP as 4113: Vantage Detection.
Event type and ID number
1000: Database error
Reports when an endpoint data recorder database error occurred.
4096: Reputation Lookup
Reports when a request is made to Symantec Insight or Symantec Mobile Insight for information about the reputation of a file.
4098: Intrusion Prevention
Reports when a Symantec intrusion prevention system detected a possible malicious IPS signature.
4099: Suspicious File Detection
Reports when a suspicious file was detected.
4100: SONAR Detection
Reports when Symantec Online Network for Advanced Response (SONAR) technology detected a new threat.
4102: Antivirus (Endpoint Detection)
Reports when an antivirus was detected on an endpoint.
4109: File IoC Event
Reports when an Incident of Compromise (IoC) event occurred on a file.
4110: Network IoC Event
Reports when an Incident of Compromise (IoC) event occurred on a network.
4112: Blacklist (IP/URL/Domain)
Reports when an IP, URL, or Domain was detected that is in a Symantec-provided Blacklist or the ATP Blacklist.
4113: Vantage Detection
Reports when Symantec Vantage technology detected malicious activity on an endpoint or Vantage signature-based threats were found in the network system.
4115: Insight Detection
Reports when Symantec Endpoint Protection has queried the file reputation server about a file on a managed endpoint or Insight detected malicious activity that occurred in your network.
4116: Mobile Insight
Reports when Symantec Mobile Insight technology detected issues with an Android executable.
4117: Sandboxing Detection
Reports when sandboxing technology observed a malicious file in your network.
4118: Blacklist (file)
Reports when a file was detected that is in a Symantec-provided Blacklist or the ATP Blacklist.
4123: Endpoint File Detection
Reports when a suspicious file was detected on an endpoint.
4124: Endpoint (IP/URL/Domain) Detection
Reports when a suspicious IP, URL, or domain was detected on an endpoint.
4125: Email Detection
Reports when suspicious email was detected.
4353: Antivirus (Network) Detection
Reports when an antivirus was detected on a network.
8000: Session Event
Reports when a user attempts a log on or log off, successfully or otherwise.
8001: Process Event
Reports when a process launches, terminates, or opens another process, successful or otherwise.
8002: Module Event
Reports when a process loads or unloads a module.
8003: File Event
Reports operations on file system objects.
8004: Directory Event
Reports operations on directories.
8005: Registry Key Event
Reports actions on Windows registry keys.
8006: Registry Value Event
Reports actions on Windows registry values.
8007: Network Event
Reports attempted network connections, successful or otherwise.
8009: Kernel Event
Reports when an actor process creates, reads, or deletes a kernel object.
8080: Session Query Result
Reports information on existing user sessions.
8081: Process Query Result
Reports information on a running process.
8082: Module Query Result
Reports information on loaded modules.
8083: File Query Result
Reports information on file system objects.
8084: Directory Query Result
Reports directory information.
8085: Registry Key Query Result
Reports information on Windows Registry keys.
8086: Registry Value Query Result
Reports information on Windows Registry values.
8089: Kernel Object Query Result
Reports information on kernel objects.
8090: Service Query Result
Reports information service queries.
8099: Query Command Errors
Reports information on EOC (Evidence of Compromise Query command errors.
8103: File Remediation
8119: File Remediation Errors
Reports information on errors that result from an EOC (Evidence of Compromise) file remediation action.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.