Pattern FTP Session
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Pattern FTP Session | Base Rule | General Information | Information |
| Thank You For Using The FTP Service | Sub Rule | General FTP Information | Information |
| FTPD Exiting | Sub Rule | Process/Service Stopping | Startup and Shutdown |
| FTP Download | Sub Rule | File Download | Information |
| FTP Login | Sub Rule | User Logon | Authentication Success |
| Authentication Failed - Login Incorrect | Sub Rule | User Logon Failure : Bad Username | Authentication Failure |
| FTP Upload | Sub Rule | File Upload Beginning | Information |
| File Deleted | Sub Rule | Object Deleted/Removed | Access Success |
| Fcntl Lock Of PID File Failed | Sub Rule | Command Execution Failure | Access Failure |
| FTP Session Closed | Sub Rule | Service Logoff | Authentication Success |
| Pam Authentication Failed | Sub Rule | Authentication Failure Activity | Authentication Failure |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <severity> | Text\String |
| N/A | <Sip> | IP Address |
| N/A | <sname> | Text\String |
| N/A | <dname> | Text\String |
| N/A | <protname> | Text\String |
| N/A | <login> | Text\String |
| N/A | <process> | Text\String |
| N/A | <processid> | Number |
| N/A | <object> | Text\String |
| N/A | <bytesout> | Number |
| N/A | <rate> | Number |
| N/A | <tag1> | Text\String |
| N/A | <tag2> | Text\String |