JScape FTP Messages
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| JScape FTP Messages | Base Rule | Network Traffic | Connection Built |
| Logoff | Sub Rule | Authentication Success | User Logoff |
| Logon | Sub Rule | Authentication Success | User Logon |
| User Updated | Sub Rule | Account Modified | User Account Attribute Modified |
| Directory Changed | Sub Rule | Information | Directory Information |
| File Deleted | Sub Rule | Information | File Deleted |
| File Deletion Failed | Sub Rule | Error | File Delete Failure |
| File Renamed | Sub Rule | Information | File Renamed |
| File Uploaded | Sub Rule | Information | File Uploaded |
| Session Started | Sub Rule | Other Audit Success | FTP Session Started |
| Trigger Queued | Sub Rule | Information | FTP Trigger Activity |
| Trigger Started | Sub Rule | Information | FTP Trigger Activity |
| Trigger Completed | Sub Rule | Information | FTP Trigger Activity |
| File Downloaded | Sub Rule | Information | File Download |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| FTPD | <severity> | Text/String |
| Mar 14 04:35:36 | <dname> | Text/String |
| JSCAPE | <sip> | IP Address |
| N/A | <sport> | Number |
| N/A | <dip> | IP Address |
| N/A | <dport> | Number |
| N/A | <login> | Text/String |
| N/A | <tag1> <command> | Text/String |
| N/A | <object> | Text/String |
| N/A | <bytesin> | Number |
| N/A | <bytesout> | Number |