| Authentication Event | AU01 | The requested peer certificate is not available |
| AU02 | Header-based authentication has been triggered |
| AU03 | Received AUTH_CONTINUE from the authentication service with a redirection |
| AU04 | Received AUTH_CONTINUE from the authentication service and an HTML page has been rendered by a login rendering service |
| AU05 | An authentication process has been terminated successfully |
| AU06 | Received a redirection from the authentication service |
| AU07 | Received an error (authentication failure) from the authentication service |
| AU10 | A logout has been triggered by a header specified in the service response |
| AU11 | A logout has been triggered by a header |
| AU12 | The authentication service replied with AUTH_CONTINUE to the logout request |
| AU13 | The authentication service replied with AUTH_REDIRECT to the logout request |
| AU14 | Forbidden because of unsecure connection (f.ex. no TLS/SSL) |
| AU15 | Redirect because of missing client certificate |
| AU16 | The sectoken timed out |
| AU17 | Received AUTH_CONTINUE from the authentication service, with an AuthDirectState response |
| Stepup Event | AS01 | The requested peer certificate is not available |
| AS02 | Header-based authentication has been triggered |
| AS03 | Received AUTH_CONTINUE from the authentication service with a redirection |
| AS04 | Received AUTH_CONTINUE from the authentication service and an HTML page has been rendered by a login rendering service |
| AS05 | An authentication process has been terminated successfully |
| AS06 | Received a redirection from the authentication service |
| AS07 | Received an error (authentication failure) from the authentication service |
| AS08 | Deny forbidden role |
| AS09 | Deny wrong role |
| AS10 | Pass through because the role already exists (via an IdentityCreationFilter or another SecurityRoleFilter) |
| AS11 | Pass through because no roles are required |
| Gateway Event | GW01 | The request has been aborted |
| GW02 | The TCP connection has been closed by the client while processing the request |
| GW50 | Connection to backend failed |
| GW51 | Reading from or writing to backend failed |
| Protocol Events | PR01 | Too many request headers |
| PR02 | Maximum request body size exceeded |
| PR03 | Request method not allowed |
| PR04 | Maximum number of parameters exceeded |
| Validator Events | VA01 | Request header denied |
| VA02 | Request header dropped |
| VA03 | Missing required request header |
| VA04 | Request parameter denied |
| VA05 | Missing required request parameter |
| VA06 | Request URI denied |
| VA07 | Request query denied |
| Session Events | SC01 | Session create |
| SC02 | Session remove. The session has timed out and been removed. |
| SC03 | Session invalidate. The session has been invalidated due to a customer logout or an invalid call by a filter (for example, the LuaFilter). Note that this event is only triggered by the dynamic session management. |
| SC04 | Cookie spoofing |
| SC05 | Client change detected |
| ModSecurity Events | MS01 | Blocked by the ModsecurityFilter in phase 1 (usually because of an invalid header) |
| MS02 | Blocked by the ModsecurityFilter in phase 2 (usually because of an invalid body) |
| MS03 | Blocked by the ModsecurityFilter in phase 3 (usually because of an invalid response header) |
| MS04 | Blocked by the ModsecurityFilter in phase 4 (usually because of an invalid response body) |
| WebSocket Events | WS01 | WebSocketInspectionFilter: Rule violation |
| Lua Events | LU01-LU10 | Reserved LUA events for customer-defined purposes. |
| Unknown Event | IW99 | |