Skip to main content
Skip table of contents

Pattern 5 : FTP Syslog

Vendor Documentation

https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_0100110.html

Classification

Rule NameRule TypeClassificationCommon Event
Pattern 5: FTP SyslogBase RuleOps/InformationGeneral FTP Information
FTP Anonymous LoginSub RuleSecurity/SuspiciousSuspicious User Activity
FTP Administrator LoginSub RuleAudit/Authentication Success
User Logon
FTP Successful LoginSub RuleAudit/Authentication SuccessUser Logon
FTP Failed LoginSub RuleAudit/Authentication Failure
User Logon Failure
FTP Incorrect LoginSub RuleAudit/Authentication Failure
Authentication Failure Activity
FTP Transfer CompleteSub RuleAudit/Other Audit SuccessFile Transfer Complete
FTP User LogoutSub RuleAudit/Authentication SuccessUser Logoff
FTP Directory ListingSub RuleAudit/Access SuccessObject Read
FTP ConnectionSub RuleOps/Network TrafficConnection Established
FTP File Transfer RequestedSub RuleOps/InformationTransfer Request
FTP User LoginSub RuleAudit/Authentication SuccessUser Logon

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description

<dip>IP Address

<sip>IP Address

<session>Text\String

<login>Text\String

<tag1>Text\String

<tag2>Text\String

<tag3>Text\String
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close