values

TCP_FLAGS
.TCP_FIN        0x1               Finish bit flag
.TCP_SYN        0x2               Synchronize bit flag
.TCP_RST        0x4               Reset bit flag
.TCP_PSH        0x8               Push bit flag
.TCP_ACK        0x10              Acknowledgement bit flag
.TCP_URG        0x20              Urgent bit flag
DIR_BIT_FIELD
.DIR_IN         1                 Direction in
.DIR_OUT        0                 Direction out
DIRECTION_FLAGS
.DIR_FLAG_REQ   0x8               Request
.DIR_FLAG_RSP   0x4               Response
.DIR_FLAG_SF    0x2               Single flow
.DIR_FLAG_NRC   0x1               Not recognized
IPV6_TUN_TYPE
.IPV6_TUN_NATIVE   0              Native IPv6
.IPV6_TUN_TEREDO   1              Teredo
.IPV6_TUN_ISATAP   2              ISATAP
.IPV6_TUN_6TO4     4              6to4
.IPV6_TUN_AYIYA    8              AYIYA
.IPV6_TUN_OTHER   16              Other protocol 41
.IPV6_TUN_6OVER4  32              6over4
SPOOF_TYPE
.SPOOF_BOGONS   0x1               Bogon filter
.SPOOF_SYMETRIC 0x2               Symetric filter
.SPOOF_NEWIP    0x4               New IP filter
.SPOOF_TCPHIST  0x8               TCP history filter
EVENT_TYPE
.EVT_T_PORTSCAN                      1         Portscan (unspecified type)
.EVT_T_PORTSCAN_H                    2         Horizontal portscan (one or a few ports, many addresses)
.EVT_T_PORTSCAN_V                    3         Vertical portscan (one address, many ports)
.EVT_T_DOS                          10         Denial of service attack (unspecified type)
.EVT_T_SYNFLOOD                     11         TCP SYN flood
.EVT_T_DNSAMP                       15         DNS Amplification attack
.EVT_T_BRUTEFORCE                   30         Bruteforce password guessing
.EVT_T_VOIP_PREFIX_GUESS            40         VoIP prefix guessing
.EVT_T_VOIP_CALL_DIFFERENT_COUNTRY  41         VoIP call to different country
TUNNEL_TYPE
.TUN_T_REQUEST_TUNNEL        1             Request anomaly - detected tunnel
.TUN_T_REQUEST_OTHER         2             Request anomaly - detected other anomaly than tunnel
.TUN_T_REQUEST_MALFORMED_P   3             Request anomaly - malformed packets
.TUN_T_RESPONSE_TUNNEL_REQ   4             Response anomaly - detected tunnel in request string field
.TUN_T_RESPONSE_TUNNEL_TXT   5             Response anomaly - detected tunnel in TXT field
.TUN_T_RESPONSE_TUNNEL_CNAME 6             Response anomaly - detected tunnel in CNAME field
.TUN_T_RESPONSE_TUNNEL_MX    7             Response anomaly - detected tunnel in MX field
.TUN_T_RESPONSE_TUNNEL_NS    8             Response anomaly - detected tunnel in NS field
.TUN_T_RESPONSE_OTHER        9             Response anomaly - detected other anomaly than tunnel
.TUN_T_RESPONSE_MALFORMED_P  10            Response anomaly - malformed packets
HB_TYPE
.HB_HEARTBEAT  24       Type of message is heartbeat message
HB_DIR
.HB_UNKNOWN		0     Unknow direction - if message is encrypted
.HB_REQUEST		1     Heartbeat request
.HB_RESPONSE	2     Heartbeat response
HB_ALERT_TYPE_FIELD
.HB_AT_MIN_SIZE   	1  Request smaller then minimal request size
.HB_AT_DIFF_SIZE  	2  Payload size is greater then real message size
.HB_AT_DIFF_REQ_RESP 4  Difference of request and response size is too big
.HB_AVG_RESP 			8  Average response size is suspicious (only if do not have requests)
WARDEN_TYPE
.WT_PORTSCAN        1
.WT_BRUTEFORCE      2
.WT_PROBE           3
.WT_SPAM            4
.WT_PHISHING        5
.WT_BOTNET_C_C      6
.WT_DOS             7
.WT_MALWARE         8
.WT_COPYRIGHT       9
.WT_WEBATTACK      10
.WT_VULNERABILITY  11
.WT_TEST           12
.WT_OTHER          13
HTTP_SDM_REQUEST_METHOD_ID
.HTTP_SDM_METHOD_GET		1		Constants taken from http-sdm.h in sources of http-sdm exporter plugin
.HTTP_SDM_METHOD_POST		2
.HTTP_SDM_METHOD_HEAD		4
.HTTP_SDM_METHOD_PUT		5
.HTTP_SDM_METHOD_OPTIONS	6
.HTTP_SDM_METHOD_DELETE		7
.HTTP_SDM_METHOD_TRACE		8
.HTTP_SDM_METHOD_CONNECT	9