Event Set - Table of Contents
Event Set - Details
You will find the Event Set options listed under the integration details.
Events by Category
Event Set categories include:
System Changes, Problems, Solutions, Entra ID Audit, Entra ID Error, AD Audit, Job Failed, Certificate Expire in 30 Days, Microsoft 365 Assessment, Google Workspace Assessment, and Web Application Scanning.
Below is a breakdown of each category and the available 'events' you can monitor for each.
System Changes
Event | Description |
|---|---|
New Asset Added | A new asset is added to the All Asset section; this can happen when agents are installed or assets are detected by probe scanning. |
Agent has Outdated Version | The agent version for a lightweight or probe agent is behind the current version release. |
New Company Created | A new company is created in the ConnectSecure portal, using local or PSA options. |
New Open Port Discovered (Probe Scan) | A new port is discovered on an internal asset during a probe scan; port discovery and scanning are only done by a Probe agent. |
New Open Port Discovered (External Scan) | A new open port is discovered during an external scan; it requires |
Probe Went Down | The probe agent is offline and can not be reached |
Server Agent Went Down | Any agent (probe or lightweight) that is a ‘Server’ identified by its operating system is offline and can not be reached. |
Problems
Event | Description |
|---|---|
CISA Vulnerabilities Found | Vulnerabilities found that are published by CISA https://www.cisa.gov/known-exploited-vulnerabilities-catalog |
Critical Severity Vulnerabilities Found | Vulnerabilities found with a critical severity as found in the CVSS Base Score |
High Severity Vulnerabilities Found | Vulnerabilities found with a critical severity as found in the CVSS Base Score |
Low Severity Vulnerabilities Found | Vulnerabilities found with a low severity as found in the CVSS Base Score |
Medium Severity Vulnerabilities Found | Vulnerabilities found with a critical severity as found in the CVSS Base Score |
Remote Login Vulnerabilities Found | Problems related to remote login or remote access problems; IE: RDP-NTLM |
SMB Vulnerabilities Found | Problems related to the SMB protocol; IE: SMB_Signing |
SSL/TLS Vulnerabilities Found | Problems related to SSL/TLS certificates and ciphers; IE: TLSv1.1, Sweet32, SSL_Heartbleed |
Unquoted Service Path Found | Windows-based vulnerability for improperly formatted or unquoted file paths when defining the executable path; IE: C:\Program Files\My Service\service.exe |
Vulnerabilities Found During External Scan | Vulnerabilities found during an external scan. |
Vulnerabilities Found With EPSS Score > 95 | Vulnerability is found where the EPSS score is equal to or above 95% exploitability. |
Registry Vulnerabilities Found | Vulnerability is found in the Windows Registry |
Solutions
Event | Description |
|---|---|
Application Baseline Plans Available | Application and/or Service listed in the application baseline is found; see your Application Baseline Results for details |
Pending Remediation Found with Critical Severity | Solutions found with a critical severity as found in the CVSS Base Score |
Pending Remediation Found with High Severity | Solutions found with a high severity as found in the CVSS Base Score |
Pending Remediation Found with Medium Severity | Solutions found with a medium severity as found in the CVSS Base Score |
Pending Remediation Found with Low Severity | Solutions found with a low severity as found in the CVSS Base Score |
Remediation Available | Solutions found with any severity in the CVSS Base Score, or no severity/informational |
Remediation Found With EPSS between 0 and 0.85 | Solution is found where the EPSS score is between 0 and 0.85 |
Remediation Found With EPSS between 0.85 and 0.9 | Solution is found where the EPSS score is between 0.85 and 0.9 |
Remediation Found With EPSS between 0.9 and 0.95 | Solution is found where the EPSS score is between 0.9 and 0.95 |
Remediation Found With EPSS >== 0.95 | Solution is found where the EPSS score is equal to or above 0.95 |
Entra ID Audit
Event Description | Event ID (Source) | Audit Subcategory |
|---|---|---|
A member was added to a security-disabled universal group (AzureAD) | Distribution Group Management | |
A member was added to a security-enabled universal group (AzureAD) | Security Group Management | |
A member was removed from a security-disabled universal group (AzureAD) | Distribution Group Management | |
A member was removed from a security-enabled universal group (AzureAD) | Security Group Management |
Entra ID Error
Event Description | Event Source / Link | Audit Subcategory |
|---|---|---|
Entra ID Sync Failure | Directory Synchronization | |
Azure Token Expired Error | Authentication / Token Management |
AD Audit
AD Audit Event Reference Table
Event Description | Event ID (Source) | Audit Subcategory |
|---|---|---|
A directory service object was created (Success) | Directory Service Changes | |
A directory service object was deleted (Success) | Directory Service Changes | |
A directory service object was moved (Success) | Directory Service Changes | |
A group service object was modified (Success) | Directory Service Changes | |
A logon was attempted using explicit credentials (Success) | Logon/Logoff | |
A member was added to a security disabled global group | Security Group Management | |
A member was added to a security disabled local group | Security Group Management | |
A member was added to a security disabled universal group | Security Group Management | |
A member was added to a security enabled global group | Security Group Management | |
A member was added to a security enabled local group | Security Group Management | |
A member was added to a security enabled universal group | Security Group Management | |
A member was removed from a security disabled global group | Security Group Management | |
A member was removed from a security disabled local group | Security Group Management | |
A member was removed from a security disabled universal group | Security Group Management | |
A member was removed from a security enabled global group | Security Group Management | |
A member was removed from a security enabled local group | Security Group Management | |
A member was removed from a security enabled universal group | Security Group Management | |
A network share object was accessed | Object Access | |
A request was made to authenticate to a wired network (Success/Failure) | Logon/Logoff | |
A request was made to authenticate to a wireless network (Success/Failure) | Logon/Logoff | |
A risky sign-in attempt made (Success) | Identity Protection | |
A security disabled global group was created | Security Group Management | |
A security disabled global group was deleted | Security Group Management | |
A security disabled local group was created | Security Group Management | |
A security disabled local group was deleted | Security Group Management | |
A security disabled universal group was created | Security Group Management | |
A security disabled universal group was deleted | Security Group Management | |
A security enabled global group was created | Security Group Management | |
A security enabled global group was deleted | Security Group Management | |
A security enabled local group was created | Security Group Management | |
A security enabled local group was deleted | Security Group Management | |
A security enabled universal group was changed | Security Group Management | |
A security enabled universal group was created | Security Group Management | |
A security enabled universal group was deleted | Security Group Management | |
A session was disconnected from a Windows Station (Success) | Logon/Logoff | |
A session was reconnected to a Windows Station (Success) | Logon/Logoff | |
A user Account was created | Account Management | |
A user Account was deleted | Account Management | |
A user Account was enabled | Account Management | |
A user Account was disabled | Account Management | |
A user Account was locked out | Account Management | |
A user Account was unlocked | Account Management | |
A user initiated logoff (Success) | Logon/Logoff | |
An attempt was made to change an Account's password | Account Management | |
An attempt was made to reset an Account's password | Account Management | |
An attempt was made to create a hard link | Object Access | |
Computer Account was created | Account Management | |
Computer Account was deleted | Account Management | |
Login Failure | Logon/Logoff | |
Login Success | Logon/Logoff | |
System security access was granted to an Account (Success) | Privilege Use | |
The domain controller failed to validate the credentials for an Account | Account Logon | |
The name of an Account was changed | Account Management | |
The workstation was locked (Success) | Logon/Logoff | |
The workstation was unlocked (Success) | Logon/Logoff | |
The requested credentials delegation was disallowed by policy (Failed) | Logon/Logoff |
Job Failed
Event | Description |
|---|---|
Scheduler Patch Job Failed | Patch Scheduler jobs that report a failure |
Scheduler Report Job Failed | Report Scheduler jobs that report a failure |
Certificate Expires in 30 Days
Event | Description |
|---|---|
Certificate expires in 30 Days | SSL Certificates that are set to expire in 30 days; see Certificates |
Microsoft 365 Assessment
Event Name | Description | Source | Severity |
|---|---|---|---|
Safe Attachments Not Enabled | Safe Attachments feature is not enabled for the tenant. | High | |
Microsoft Secure Defaults | Microsoft Secure Defaults are not enforced. | Medium | |
Applications Registered to Tenant with Client Secret (Password) Credentials | Applications are registered with client secret credentials. | Medium | |
Do Not Bypass the Safe Links Feature | Safe Links can be bypassed. | High | |
Spam ZAP (Zero-Hour Auto Purge) Not Enabled | Spam ZAP is not enabled. | Medium | |
SharePoint 'Anyone' Shared Links Never Expire | SharePoint “Anyone” links never expire. | Medium | |
Mailbox Auditing Should be Enabled at Tenant Level | Mailbox auditing is disabled at tenant level. | High | |
MFA Not Required for Device Registration | MFA is not required for device registration. | High | |
Applications Registered to Tenant with Certificate Credentials | Applications are registered with certificate credentials. | Medium | |
No Conditional Access Policies Mitigate User Risk | No Conditional Access policies mitigate risky sign-ins. | High | |
SharePoint Legacy Authentication is Enabled | SharePoint legacy authentication is enabled. | Medium | |
Dangerous Default Permissions | Dangerous default permissions detected. | High | |
Exchange Online Mailboxes with SMTP Authentication Enabled | SMTP AUTH is enabled on Exchange Online mailboxes. | High | |
Azure PowerShell Service Principal Assignment Not Enforced | Service principal assignments are not enforced. | Medium | |
Phish ZAP (Zero-Hour Auto Purge) Not Enabled | Phish ZAP is not enabled. | Medium | |
No Transport Rules to Block Executable Attachments | Executable attachments are not blocked. | Medium | |
Safe Links Click-Through is Allowed | Users can click through Safe Links. | Medium | |
Third-Party Applications Allowed | Third-party applications are allowed. | Medium | |
Highly Privileged Hidden Role Assignment Found | Hidden privileged role assignment found. | High | |
Common Malicious Attachment Extensions are Not Filtered | Common malicious file extensions not filtered. | High | |
Exchange Mailboxes with IMAP Enabled | IMAP is enabled on Exchange mailboxes. | High | |
Safe Links Does Not Flag Links in Real Time | Safe Links does not scan links in real time. | Medium | |
No Conditional Access Policies Block Risky Sign-in | Risky sign-ins not blocked by Conditional Access. | High | |
SharePoint External Sharing Enabled (Global) | SharePoint global external sharing is enabled. | Medium | |
Exchange Modern Authentication is Not Enabled | Modern authentication disabled in Exchange. | High | |
Users with No MFA Configured | Users do not have MFA configured. | High | |
MFA Not Required for Security Information Registration | MFA not required for registering security info. | High | |
Administrative Users with No Multi-Factor Authentication Enforced | Admin accounts lack MFA. | High | |
Do Not Bypass the Safe Attachments Filter | Safe Attachments filter can be bypassed. | High | |
User consent to OAUTH applications not restricted | OAuth consent is not restricted. | Medium | |
Unified Audit Log Search is Not Enabled | Unified Audit Log search disabled. | High | |
External Sender Message Tagging Not Enabled | External sender tagging is disabled. | Medium | |
Azure PowerShell Service Principal Configuration Missing | Service principal configuration missing. | Medium | |
No Transport Rules to Block Large Attachments | Large attachments not blocked. | Medium | |
Exchange Mailboxes with POP Enabled | POP is enabled on Exchange mailboxes. | High | |
No Transport Rules to Block Exchange Auto-Forwarding | Auto-forward not blocked by transport rules. | High | |
Dangerous Application Permissions Found | Dangerous application permissions identified. | High | |
Safe Links for Teams is Not Enabled | Safe Links not enabled for Teams. | Medium | |
Dangerous Attachment Extensions are Not Filtered | Dangerous file extensions not filtered. | High | |
Service Principals Found on Tenant with Certificate Credentials | Service principals using certificates found. | Medium | |
Malware Filter Policies Don't Alert for Internal Users Sending Malware | Malware filter policies do not alert when internal users send malware. | Medium | |
Conditional Access Policies | Conditional Access policies exist but may not be fully configured. | Medium | |
SMTP Authentication not Globally Disabled | SMTP authentication is globally enabled. | High | |
Service Principals Found on Tenant with Client Secret (Password) Credentials | Service principals using client secret credentials found. | Medium | |
SharePoint External User Resharing Permitted | External users can reshare SharePoint resources. | Medium | |
Directory Synced Users Found in Admin Roles | Directory-synced users are in admin roles. | High | |
Basic Authentication is Enabled | Basic Authentication is enabled. | High | |
Mailboxes without Mailbox Auditing Enabled | Mailbox auditing is disabled. | High | |
Safe Links Not Enabled | Safe Links is disabled. | High | |
Conditional Access Policies - Device Platforms | Conditional Access policies for device platforms missing or incomplete. | Medium | |
SharePoint Online Modern Authentication is Not Enabled | Modern authentication for SharePoint Online disabled. | High | |
Email reported by user as malware or phish Detected | User reported email as malware or phish. | Low | |
Sign-in attempt from a Suspicious Country | Sign-in attempt from a suspicious country detected. | High | |
PIM Alert Triggered | A Privileged Identity Management alert was triggered. | High | |
365 Mailbox Permissions Detected | Mailbox permissions activity detected. | Medium | |
DLP - ID Number Policy Violation Detected | DLP detected ID number policy violation. | High | |
Ergo-Flex Mail Flow Detected | Ergo-Flex mail flow anomaly detected. | Medium | |
DLP - High volume of content detected U.S. Financial Data Detected | High volume of U.S. financial data detected. | High | |
Password spray Detected | Password spray attack detected. | High | |
Suspicious inbox manipulation rule Detected | Suspicious inbox manipulation rule detected. | High | |
A user clicked through to a potentially malicious url Detected | User clicked through to a flagged malicious URL. | High | |
Email reported by user as junk Detected | User reported an email as junk. | Low | |
Successful Sign-in from a Suspicious Country | A successful sign-in occurred from a suspicious country. | High | |
Sign-in attempt from Outside Operating Countries | A sign-in attempt occurred from outside operating countries. | High | |
Potential Phishing Attack Detected | Potential phishing attack identified. | High | |
Privilege Account Sign-In Failure Spikes Detected | Multiple failed sign-ins on privileged accounts detected. | High | |
User Restricted from Sending Email | User restricted from sending emails due to suspicious activity. | High | |
DLP - High Volume of U.S. Financial Data Detected | High volume of U.S. financial data flagged by DLP. | High | |
Successful Sign-in Without MFA from Outside Operating Country | Successful sign-in without MFA from outside the operating country. | High | |
Administrative Users without MFA | Administrative users not using MFA. | High | |
New Users without MFA | Newly created users are not MFA-enabled. | High | |
Conditional Access Policy Deleted | A Conditional Access policy was deleted. | High | |
Admin Deleted Security Info | Admin deleted MFA/security information. | High | |
Strong Authentication Disabled | Strong authentication disabled on account. | High | |
Add Member To Role Outside of PIM | Member added to role outside Privileged Identity Management. | High | |
Cross-Tenant Access Partner Added | Cross-tenant access partner added. | High | |
Activity from a Password Spray Associated IP Address Detected | Password spray activity detected from IP address. | High | |
Add Service Principal Credentials Detected | Service principal credentials were added. | Medium | |
Admin triggered user compromise investigation Detected | Admin triggered a user compromise investigation. | Medium | |
At least 3 sign-in attempts from outside operating country within an hour Detected | Three sign-in attempts detected within an hour from outside country. | Medium | |
At least 5 sign-in attempts from outside operating country within 24 hours Detected | Five sign-in attempts detected in 24 hours from outside country. | Medium | |
Block Legacy Auth Detected | Legacy authentication detected. | Medium | |
Block SharePoint File Download Detected | SharePoint file download blocked. | Medium | |
Brute force attack against Azure Portal Detected | Brute force attack against Azure Portal detected. | Medium | |
Delete Policy Detected | A compliance/security policy was deleted. | Medium | |
Device No Longer Managed Detected | Device no longer managed by Intune. | Medium | |
DLP-U.K. PII: Scan content shared outside - low count Detected | Low volume UK PII detected by DLP. | Medium | |
Distributed Password cracking attempts in AzureAD Detected | Distributed password cracking detected in AzureAD. | Medium | |
Email sending limit exceeded Detected | Email sending limit exceeded. | Medium | |
Externally Shared File Detected | File shared externally. | Medium | |
Externally Shared Folder or Document Detected | Folder/document shared externally. | Medium | |
Explicit MFA Deny Detected | User explicitly denied MFA prompt. | Medium | |
Fail User Login Attempt Detected | Failed user login attempt detected. | Medium | |
Granted Access to Another Mailbox Detected | Access was granted to another mailbox. | Medium | |
Granted Mailbox Permission Detected | Mailbox permissions granted. | Medium | |
Honeytoken activity Detected | Honeytoken account activity detected. | Medium | |
Mail Forward Rule Enabled Detected | Mail forward rule created. | Medium | |
Mailbox Permissions Change Detected | Mailbox permissions changed. | Medium | |
Malware detection Detected | Malware detected in tenant. | Medium | |
Phishing Attempts Detected | Phishing attempts detected by Microsoft 365. | Medium | |
Rare application consent Detected | Rare app consent granted. | Medium | |
Remote code execution attempt Detected | Remote code execution attempt detected. | High | |
Sharepoint File Operation from New IP Detected | File operation from new IP in SharePoint. | Medium | |
Sign-in attempt without MFA from outside operating country Detected | Sign-in attempt without MFA from outside country. | High | |
Successful Signin from unidentifiable location/Ip Detected | Successful sign-in from unidentifiable location/IP. | Medium | |
Suspicious Email Sending Patterns Detected Detected | Suspicious email sending patterns detected. | Medium | |
Suspicious authentication activity Detected | Suspicious authentication activity detected. | Medium | |
Unusual addition of credentials to an oauth app Detected | Unusual credential addition to OAuth app detected. | Medium | |
Unusual volume of file deletion Detected | Unusual volume of file deletions detected. | Medium | |
Update Application Certificates And Secrets Management Detected | Application certificates/secrets updated. | Medium | |
Update Authorization Policy Detected | Authorization policy updated. | Medium | |
Update Conditional Access Policy Detected | Conditional Access policy updated. | Medium | |
Update Role Detected | Azure AD role updated. | Medium | |
Uploaded Sensitive File to 3rd Party App or Service Detected | Sensitive file uploaded to third-party app/service. | Medium | |
User Application Consent Detected | User granted application consent. | Medium | |
User MFA Detected | User MFA configuration detected or changed. | Medium | |
Add Member To Role Outside of PIM | Member added to role outside of PIM. | High | |
Cross-Tenant Access Partner Added | Cross-tenant access partner added. | High | |
PIM Alert Triggered | Privileged Identity Management alert triggered. | High |
Google Workspace Assessment
Event Name | Description | Source | Severity |
|---|---|---|---|
Admin 2-Step Verification Not Required | 2-Step Verification is not enforced for administrator accounts. | High | |
User 2-Step Verification Not Required | 2-Step Verification is not enforced for user accounts. | High | |
Excessive Super Administrators | Too many super administrator accounts are configured, increasing risk. | High | |
Minimum Super Administrators | Fewer than the recommended number of super administrator accounts exist, risking lockout. | Medium | |
Conflicting Admin Role Assignments | Admin accounts have conflicting or overlapping role assignments. | Medium |
Web Application Scanning
Event Name | Description | Source | Severity |
|---|---|---|---|
Path Traversal - Standard Sequences | Directory traversal via standard | High | |
Path Traversal - URL Encoded Variants | Directory traversal using URL-encoded payloads ( | High | |
Path Traversal - Alternative Encoding Schemes | Path traversal using double encoding, Unicode, or alternate encodings. | High | |
Path Traversal - OS-Specific Patterns | Path traversal using Windows/Linux specific patterns. | High | |
Path Traversal - Null Byte Injection | Null byte injection enables traversal ( | High | |
Remote File Inclusion | Remote file included and executed from attacker-supplied input. | Critical | |
Source Code Disclosure - Git |
| High | |
Source Code Disclosure - File Inclusion | Source code exposed via improper include calls. | High | |
Open Redirect | Unvalidated redirect allows attacker-controlled navigation. | Medium | |
Viewstate without MAC Signature (Unsure) | ASP.NET ViewState may lack MAC integrity signature. | High | |
Viewstate without MAC Signature (Sure) | Confirmed ViewState without MAC — integrity protection missing. | Critical | |
Heartbleed OpenSSL Vulnerability (Indicative) | Indicative of Heartbleed OpenSSL CVE-2014-0160. | Critical | |
Source Code Disclosure - /WEB-INF Folder |
| High | |
Properties File Disclosure - /WEB-INF folder | Sensitive | High | |
Remote Code Execution - Shell Shock (Original CVE-2014-6271) | Bash Shellshock vulnerability detected. | Critical | |
Remote Code Execution - Shell Shock (Variant/Bypass Patterns) | Variants/bypass patterns of Shellshock detected. | Critical | |
PII Disclosure | Personally identifiable information exposed. | High | |
ASP.NET ViewState Integrity | ASP.NET ViewState integrity check not enforced. | High | |
Access Control Issue - Improper Authentication | Weak/missing authentication controls. | Critical | |
Access Control Issue - Improper Authorization | Improper authorization checks allow privilege abuse. | Critical | |
Httpoxy - Proxy Header Misuse |
| High | |
Script Served From Malicious Domain (polyfill - Direct Inclusion) | Malicious polyfill script directly included. | High | |
Script Served From Malicious Domain (polyfill - Indirect Reference) | Malicious polyfill script indirectly referenced. | High | |
Heartbleed OpenSSL Vulnerability | OpenSSL Heartbleed detected (CVE-2014-0160). | Critical | |
Cross-Domain Misconfiguration - Adobe - Read | Adobe cross-domain XML allows read access. | Medium | |
Cross-Domain Misconfiguration - Adobe - Send | Adobe cross-domain XML allows send access. | Medium | |
Cross-Domain Misconfiguration - Silverlight | Silverlight cross-domain misconfiguration detected. | Medium | |
Source Code Disclosure - CVE-2012-1823 | PHP-CGI source disclosure bug. | High | |
Remote Code Execution - CVE-2012-1823 | PHP-CGI RCE vulnerability. | Critical | |
External Redirect (Location Header) | Open redirect via HTTP | Medium | |
External Redirect (Refresh Header) | Open redirect via HTTP | Medium | |
External Redirect (Meta Refresh Tag) | Open redirect via | Medium | |
External Redirect (JavaScript-Based) | Open redirect via | Medium | |
Server Side Include | Server Side Include injection detected. | High | |
Cross Site Scripting (Reflected) | Reflected XSS detected. | High | |
Session Fixation | Session fixation vulnerability. | High | |
Cross Site Scripting (Persistent) | Persistent XSS detected. | High | |
LDAP Injection | Application vulnerable to LDAP injection. | High | |
SQL Injection | Generic SQL injection detected. | Critical | |
SQL Injection - MySQL | MySQL-specific SQL injection detected. | Critical | |
SQL Injection - Hypersonic SQL | Hypersonic SQL-specific SQL injection. | Critical | |
SQL Injection - Oracle | Oracle-specific SQL injection detected. | Critical | |
SQL Injection - PostgreSQL | PostgreSQL-specific SQL injection detected. | Critical | |
SQL Injection - SQLite | SQLite-specific SQL injection detected. | Critical | |
Cross Site Scripting (DOM Based) | DOM-based XSS detected. | High | |
SQL Injection - MsSQL | Microsoft SQL Server-specific SQL injection detected. | Critical | |
Out of Band XSS | Out-of-band XSS attack detected. | High | |
NoSQL Injection - MongoDB | MongoDB NoSQL injection detected. | High | |
CORS Misconfiguration | Cross-Origin Resource Sharing misconfigured. | High | |
Log4Shell (CVE-2021-44228) | Apache Log4j RCE vulnerability. | Critical | |
Log4Shell (CVE-2021-45046) | Secondary Log4j vulnerability. | Critical | |
Spring4Shell | Spring Framework RCE vulnerability. | Critical | |
Server Side Request Forgery | SSRF vulnerability detected. | Critical | |
Text4shell (CVE-2022-42889) | Apache Commons Text RCE. | Critical | |
Advanced SQL Injection | Advanced SQL injection techniques detected. | Critical | |
Server Side Code Injection - PHP Code Injection | PHP server-side code injection. | Critical | |
Server Side Code Injection - ASP Code Injection | ASP server-side code injection. | Critical | |
Remote OS Command Injection | Remote OS command execution possible. | Critical | |
XPath Injection | XPath query injection detected. | High | |
XML External Entity Attack | XXE injection detected. | Critical | |
Generic Padding Oracle | Application vulnerable to padding oracle attacks. | High | |
Expression Language Injection | Expression Language injection detected. | High | |
SOAP Action Spoofing | SOAP Action header can be spoofed. | Medium | |
SOAP XML Injection | SOAP XML injection detected. | High | |
Cloud Metadata Potentially Exposed | Cloud metadata service accessible from app. | High | |
Server Side Template Injection | Server-side template injection detected. | Critical | |
Server Side Template Injection (Blind) | Blind template injection vulnerability. | Critical | |
NoSQL Injection - MongoDB (Time Based) | Time-based NoSQL injection in MongoDB. | High | |
Information Disclosure - Credit Card Number | Credit card number disclosure. | High | |
Information Disclosure - SQL Error | SQL error messages disclose sensitive info. | Medium | |
Telerik UI for ASP.NET AJAX Cryptographic Weakness (CVE-2017-9248) | Telerik cryptographic weakness detected. | High | |
Cross-Site WebSocket Hijacking | WebSocket hijacking detected. | High | |
JWT None Exploit | JWT tokens accepted with | Critical | |
File Content Disclosure (CVE-2019-5418) | Rails file disclosure vuln. | High | |
Personally Identifiable Information via WebSocket | PII disclosed via WebSocket messages. | High | |
Directory Browsing | Directory listing enabled. | Low | |
Session ID in URL Rewrite (Standard Parameters) | Session ID disclosed in URL parameters. | High | |
Session ID in URL Rewrite (Custom/Obfuscated Patterns) | Session ID exposed in custom/obfuscated params. | High | |
Referer Exposes Session ID | Session ID disclosed in Referer header. | High | |
Source Code Disclosure - SVN |
| High | |
Vulnerable JS Library | Vulnerable JavaScript library detected. | High | |
Missing Anti-clickjacking Header |
| Medium | |
Multiple X-Frame-Options Header Entries | Multiple conflicting | Low | |
X-Frame-Options Defined via META (Non-compliant with Spec) | Frame options defined via meta tag, not supported by browsers. | Low | |
X-Frame-Options Setting Malformed | Malformed | Low | |
HTTP Parameter Override | HTTP Parameter Pollution detected. | Medium | |
Potential IP Addresses Found in the Viewstate | Potential IP addresses detected in ViewState. | Low | |
Emails Found in the Viewstate | Email addresses detected in ViewState. | Low | |
Directory Browsing | Directory listing enabled (duplicate finding). | Low | |
Content Security Policy (CSP) Header Not Set | CSP header not configured. | High | |
HTTP to HTTPS Insecure Transition in Form Post | Form posts downgrade to HTTP. | High | |
HTTPS to HTTP Insecure Transition in Form Post | HTTPS form posts downgraded to HTTP. | High | |
Relative Path Confusion | Relative path confusion vulnerability detected. | Medium | |
X-ChromeLogger-Data (XCOLD) Header Information Leak |
| Medium | |
Apache Range Header DoS (CVE-2011-3192) | Apache Range header DoS detected. | High | |
CSP: Wildcard Directive | CSP wildcard directive weakens protection. | Medium | |
CSP: script-src unsafe-inline |
| High | |
CSP: style-src unsafe-inline |
| Medium | |
CSP: script-src unsafe-hashes |
| Medium | |
CSP: style-src unsafe-hashes |
| Medium | |
CSP: Malformed Policy (Non-ASCII) | CSP contains malformed characters. | Low | |
CSP: script-src unsafe-eval |
| High | |
CSP: Meta Policy Invalid Directive | CSP meta tag contains invalid directive. | Low | |
CSP: Failure to Define Directive with No Fallback | CSP directive missing with no fallback. | Medium | |
Backup File Disclosure | Backup files exposed (e.g., | High | |
Cross-Domain Misconfiguration | Cross-domain configuration allows unintended access. | Medium | |
Permissions Policy Header Not Set | Permissions-Policy header not configured. | Medium | |
Server Leaks Information via X-Powered-By HTTP Response Header Field(s) | Server reveals framework/version in | Low |
Event Sets Group By Options
Event Set Category | Group By Options | Filter By Options |
|---|---|---|
System Changes | ASSET, COMPANY | Not Available |
Problems | OS, PRODUCT, ASSET, COMPANY | OS, APPLICATION, NONE |
Solutions | PRODUCT, ASSET, COMPANY, FIX, ASSET AND PRODUCT | OS, APPLICATION, NONE |
Entra ID Audit | EVENT, COMPANY | Not Available |
Entra ID Error | COMPANY | Not Available |
AD Audit | EVENT, COMPANY, USER | Not Available |
Job Failed | COMPANY | Not Available |
Certificate Expire In 30 Days | ASSET, COMPANY | Not Available |
Microsoft 365 Assessment | COMPANY | Not Available |
Google Workspace Assessment | COMPANY | Not Available |
Web Application Scanning | COMPANY | Not Available |
Group By Option | Description |
|---|---|
ASSET | Alerts are grouped by the individual asset affected |
ASSET AND PRODUCT | Alerts are grouped by affected asset and product |
COMPANY | Alerts are grouped by the associated company |
EVENT | Alerts are grouped based on the event |
FIX | Alerts are grouped based on the fix for the problem |
OS | Alerts are grouped based on the affected operating system |
PRODUCT | Alerts are grouped based on the affected product |
USER | Alerts are grouped based on the affected user |
Event Sets Filter By Options
This will filter the selected alert(s) down to only those that affect the selected choice.
Need Support?
Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.
https://cybercns.freshdesk.com/en/support/login
Attachments (11)
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article