Skip to main content
Open events represent services that are unexpectedly open or exposed in Guardian Ops abuse classification. Each open event signifies the existence of open ports, with the corresponding subtypes providing details about the services associated with these open ports. This reference provides a comprehensive list of all supported Open subtypes, organized by category for easy navigation.

Network Services

Services related to network infrastructure and proxy functionality:
  • socks Traffic related to the SOCKS protocol, often used for proxy services
  • proxy Communication involving proxy servers, intermediaries that facilitate network connections
  • router Activity associated with routers, devices directing traffic between networks
  • vpn Interactions with Virtual Private Network services

Database Services

Database systems and data storage services:
  • redis Interactions with Redis, an open-source, in-memory data structure store
  • mongodb Traffic related to MongoDB, a NoSQL database
  • elasticsearch Activity involving Elasticsearch, a distributed search and analytics engine
  • mssql Traffic associated with Microsoft SQL Server or MySQL databases
  • mysql MySQL database services
  • postgresql Traffic related to PostgreSQL database services
  • couchdb Activities associated with CouchDB, a NoSQL database
  • db2 Traffic associated with IBM Db2 database services

File/Directory Services

File transfer, synchronization, and directory services:
  • portmapper Communication with portmapper services, facilitating RPC-based interactions
  • tftp Traffic related to Trivial File Transfer Protocol, a simple file transfer protocol
  • ftp Communication involving File Transfer Protocol for file exchanges
  • rsync Traffic related to rsync, a file synchronization tool
  • smb Interactions with Server Message Block protocol for file and printer sharing
  • afp Traffic associated with Apple Filing Protocol, used for Mac file services
  • directory_listing Traffic related to directory listing services

Remote Access Services

Remote access and administration protocols:
  • rdp Activities associated with Remote Desktop Protocol for remote access
  • vnc Traffic involving Virtual Network Computing for remote desktop access
  • telnet Communication with Telnet services for remote command-line access
  • ssh Communication involving Secure Shell protocol for secure access
  • radmin Traffic related to Radmin, a remote administration software
  • citrix Communication with Citrix servers for virtualization and remote access

Web/HTTP Services

Web servers and HTTP-related services:
  • http Communication involving Hypertext Transfer Protocol for web services
  • apache_server Activities associated with Apache web servers
  • ssl Traffic related to secure communication using SSL/TLS protocols
  • tls Traffic related to secure communication using SSL/TLS protocols

Mail Services

Email servers and mail protocols:
  • mail_server Traffic involving mail servers for email communication
  • imap Interactions with IMAP or POP3 protocols for email retrieval
  • pop3 Interactions with IMAP or POP3 protocols for email retrieval

DNS Services

Domain Name System resolution services:
  • dns_resolver Communication with DNS resolvers for domain name resolution
  • mdns_resolver Interactions with mDNS resolvers, facilitating device discovery

Management/Monitoring Services

Network management and monitoring protocols:
  • snmp Traffic associated with Simple Network Management Protocol, used for network monitoring
  • ipmi Traffic related to Intelligent Platform Management Interface, used for server management
  • ldap Interactions with Lightweight Directory Access Protocol services
  • cwmp Activities associated with CPE WAN Management Protocol for device management

Industrial/IoT Services

Industrial control systems and Internet of Things protocols:
  • ics Traffic involving Industrial Control Systems protocols
  • modbus Traffic involving Modbus protocol for industrial communication
  • bacnet Traffic related to BACnet protocol for building automation and control networks
  • coap Traffic related to Constrained Application Protocol for IoT
  • mqtt Traffic involving MQTT, a lightweight messaging protocol for IoT

Network Time

Time synchronization services:
  • ntp Interactions with Network Time Protocol servers, synchronizing system clocks

Media/Messaging Services

Multimedia and messaging protocols:
  • netbios Communication with NetBIOS services, often used for file sharing
  • sip Communication involving Session Initiation Protocol for multimedia sessions
  • stun Interactions with Session Traversal Utilities for NAT protocols
  • amqp Interactions with Advanced Message Queuing Protocol services

Specialized Services

Enterprise applications, development tools, and specialized protocols:
  • ard Communication with Apple Remote Desktop services
  • ipp Activities involving Internet Printing Protocol for printer communication
  • xdmcp Activities related to X Display Manager Control Protocol for remote display
  • adb Activities involving Android Debug Bridge for Android device interactions
  • chargen Traffic related to the Character Generator Protocol
  • memcached Interactions with Memcached, an in-memory caching system
  • natpmp Communication with NAT Port Mapping Protocol for network address translation
  • qotd Traffic related to the Quote of the Day Protocol
  • ssdp Interactions with Simple Service Discovery Protocol for device discovery
  • isakmp Activities associated with Internet Security Association and Key Management Protocol
  • hadoop Communication with Hadoop services for distributed storage and processing
  • cisco_smart_install Activities related to Cisco Smart Install protocol
  • grafana Interactions with Grafana, an open-source analytics and monitoring platform
  • bitbucket Communication with Bitbucket servers for source code management
  • gitlab_server Traffic involving GitLab servers for source code management
  • ubiquiti Interactions with Ubiquiti network devices
  • smi Activities associated with Structure of Management Information protocol
  • bosmon Traffic related to BosMon, a monitoring system for emergency services
  • ms_exchange Communication with Microsoft Exchange servers for email services
  • ms_sharepoint Communication with Microsoft SharePoint servers
  • ms_rpc Microsoft RPC services
  • secvest_alarm_system Activities involving Secvest Alarm System protocols
  • kubernetes_api_server Communication with Kubernetes API servers
  • epmd Interactions with Erlang Port Mapper Daemon services
  • quic Communication involving QUIC (Quick UDP Internet Connections) protocol
  • docker Traffic related to Docker, a containerization platform
  • dvr Activities related to Digital Video Recorder services
  • hp_ilo Communication with Hewlett Packard Integrated Lights-Out management
  • smarter_mail_server Interactions with SmarterMail servers for email services
  • log4j Traffic related to Log4j, a Java-based logging utility
  • zimbra_server Communication with Zimbra Collaboration Suite servers
  • sap Activities involving SAP (Systems, Applications, and Products) services
  • qnap Communication with QNAP network-attached storage devices
  • confluence Interactions with Confluence servers for collaboration and documentation
  • sophos Traffic involving Sophos security solutions
  • h2_web_console Communication with H2 Database web consoles
  • fortigate Interactions with Fortigate, a network security appliance
  • ivanti Activities associated with Ivanti endpoint management solutions
  • mc_sqlr Activities associated with Microsoft SQL Server