Breadcrumbs

JScape FTP Messages

Classification

Rule Name

Rule Type

Classification

Common Event

JScape FTP Messages

Base Rule

Network Traffic

Connection Built

Logoff

Sub Rule

Authentication Success

User Logoff

Logon

Sub Rule

Authentication Success

User Logon

User Updated

Sub Rule

Account Modified

User Account Attribute Modified

Directory Changed

Sub Rule

Information

Directory Information

File Deleted

Sub Rule

Information

File Deleted

File Deletion Failed

Sub Rule

Error

File Delete Failure

File Renamed

Sub Rule

Information

File Renamed

File Uploaded

Sub Rule

Information

File Uploaded

Session Started

Sub Rule

Other Audit Success

FTP Session Started

Trigger Queued

Sub Rule

Information

FTP Trigger Activity

Trigger Started

Sub Rule

Information

FTP Trigger Activity

Trigger Completed

Sub Rule

Information

FTP Trigger Activity

File Downloaded

Sub Rule

Information

File Download

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

FTPD

<severity>

Text/String

Mar 14 04:35:36

<dname>

Text/String

JSCAPE

<sip>

IP Address

N/A

<sport>

Number

N/A

<dip>

IP Address

N/A

<dport>

Number

N/A

<login>

Text/String

N/A

<tag1>

<command>

Text/String

N/A

<object>

Text/String

N/A

<bytesin>

Number

N/A

<bytesout>

Number