| Authentication Event | AU01 | The requested peer certificate is not available |
| AU02 | Header-based authentication has been triggered |
| AU03 | Received AUTH_CONTINUE from the authentication service with a redirection |
| AU04 | Received AUTH_CONTINUE from the authentication service and an HTML page has been rendered by a login rendering service |
| AU05 | An authentication process has been terminated successfully |
| AU06 | Received a redirection from the authentication service |
| AU07 | Received an error (authentication failure) from the authentication service |
| AU10 | A logout has been triggered by a header specified in the service response |
| AU11 | A logout has been triggered by a header |
| AU12 | The authentication service replied with AUTH_CONTINUE to the logout request |
| AU13 | The authentication service replied with AUTH_REDIRECT to the logout request |
| AU14 | Forbidden because of unsecure connection (f.ex. no TLS/SSL) |
| AU15 | Redirect because of missing client certificate |
| AU16 | The sectoken timed out |
| AU17 | Received AUTH_CONTINUE from the authentication service, with an AuthDirectState response |
| Stepup Event | AS01 | The requested peer certificate is not available |
| AS02 | Header-based authentication has been triggered |
| AS03 | Received AUTH_CONTINUE from the authentication service with a redirection |
| AS04 | Received AUTH_CONTINUE from the authentication service and an HTML page has been rendered by a login rendering service |
| AS05 | An authentication process has been terminated successfully |
| AS06 | Received a redirection from the authentication service |
| AS07 | Received an error (authentication failure) from the authentication service |
| AS08 | Deny forbidden role |
| AS09 | Deny wrong role |
| AS10 | Pass through because the role already exists (via an IdentityCreationFilter or another SecurityRoleFilter) |
| AS11 | Pass through because no roles are required |
| Gateway Event | GW01 | The request has been aborted |
| GW02 | The TCP connection has been closed by the client while processing the request |
| GW50 | Connection to backend failed |
| GW51 | Reading from or writing to backend failed |
| Protocol Events | PR01 | Too many request headers |
| PR02 | Maximum request body size exceeded |
| PR03 | Request method not allowed |
| PR04 | Maximum number of parameters exceeded |
| Validator Events | VA01 | Request header denied |
| VA02 | Request header dropped |
| VA03 | Missing required request header |
| VA04 | Request parameter denied |
| VA05 | Missing required request parameter |
| VA06 | Request URI denied |
| VA07 | Request query denied |
| Session Events | SC01 | Session create |
| SC02 | Session remove. The session has timed out and been removed. |
| SC03 | Session invalidate. The session has been invalidated due to a customer logout or an invalid call by a filter (for example, the LuaFilter). Note that this event is only triggered by the dynamic session management. |
| SC04 | Cookie spoofing |
| SC05 | Client change detected |
| ModSecurity Events | MS01 | Blocked by the ModsecurityFilter in phase 1 (usually because of an invalid header) |
| MS02 | Blocked by the ModsecurityFilter in phase 2 (usually because of an invalid body) |
| MS03 | Blocked by the ModsecurityFilter in phase 3 (usually because of an invalid response header) |
| MS04 | Blocked by the ModsecurityFilter in phase 4 (usually because of an invalid response body) |
| MS05 | A rule with a non disruptive action has been matched. The request may still be blocked. If it has, then one of the events MS01 to MS04 will be triggered as well. |
| MS06 | A rule with a disruptive action has been matched. This does not mean that the request will be blocked. If it has, then one of the events MS01 to MS04 will be triggered as well. |
| WebSocket Events | WS01 | WebSocketInspectionFilter: Rule violation |
| MySQL Store Events | MY01 | Reaping lasted longer than the configured ReaperTimeout |
| MY02 | An error occured while the reaper was running |
| Local Store Events | LC01 | Reaping lasted longer than the configured ReaperTimeout |
| Postgres Store Events | PS01 | Reaping lasted longer than the configured ReaperTimeout |
| Lua Events | LU01-LU10 | Reserved LUA events for customer-defined purposes. |
| Shutdown Events | RI02 | One or more of the session stores (local, MySQL or Postgres) could not be shut down correctly. |
| Unknown Event | IW99 | |