Event Types
TechnicalEvent type definitions and categories used in DioIPS.
Event Categories
| Category | ID Range | Source |
|---|---|---|
| Process | 0x0100 - 0x01FF | Kernel |
| Network | 0x0200 - 0x02FF | WFP / NDIS |
| Registry | 0x0300 - 0x03FF | Kernel |
| File | 0x0400 - 0x04FF | Kernel |
| Image | 0x0500 - 0x05FF | Kernel |
| Injection | 0x0600 - 0x06FF | Kernel |
| Hypervisor | 0x0700 - 0x07FF | Hypervisor |
| USB | 0x0800 - 0x08FF | Kernel |
Process Events
| ID | Name |
|---|---|
| 0x0101 | ProcessCreate |
| 0x0102 | ProcessExit |
| 0x0103 | ThreadCreate |
| 0x0104 | ThreadExit |
Network Events
| ID | Name |
|---|---|
| 0x0201 | TcpConnect |
| 0x0202 | TcpAccept |
| 0x0203 | UdpSend |
| 0x0204 | UdpRecv |
| 0x0205 | DnsQuery |
| 0x0206 | IcmpSend |
| 0x0210 | NdisPacket |
| 0x0211 | ArpSpoof |
Registry Events
| ID | Name |
|---|---|
| 0x0301 | RegCreateKey |
| 0x0302 | RegOpenKey |
| 0x0303 | RegSetValue |
| 0x0304 | RegDeleteKey |
| 0x0305 | RegDeleteValue |
Injection Events
| ID | Name |
|---|---|
| 0x0601 | RemoteThread |
| 0x0602 | ProcessHandle |
| 0x0603 | ThreadHandle |
| 0x0701 | HvVmWrite |