Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Pattern FTP Session |
Base Rule |
General Information |
Information |
|
Thank You For Using The FTP Service |
Sub Rule |
General FTP Information |
Information |
|
FTPD Exiting |
Sub Rule |
Process/Service Stopping |
Startup and Shutdown |
|
FTP Download |
Sub Rule |
File Download |
Information |
|
FTP Login |
Sub Rule |
User Logon |
Authentication Success |
|
Authentication Failed - Login Incorrect |
Sub Rule |
User Logon Failure : Bad Username |
Authentication Failure |
|
FTP Upload |
Sub Rule |
File Upload Beginning |
Information |
|
File Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Fcntl Lock Of PID File Failed |
Sub Rule |
Command Execution Failure |
Access Failure |
|
FTP Session Closed |
Sub Rule |
Service Logoff |
Authentication Success |
|
Pam Authentication Failed |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<severity> |
Text\String |
|
N/A |
<Sip> |
IP Address |
|
N/A |
<sname> |
Text\String |
|
N/A |
<dname> |
Text\String |
|
N/A |
<protname> |
Text\String |
|
N/A |
<login> |
Text\String |
|
N/A |
<process> |
Text\String |
|
N/A |
<processid> |
Number |
|
N/A |
<object> |
Text\String |
|
N/A |
<bytesout> |
Number |
|
N/A |
<rate> |
Number |
|
N/A |
<tag1> |
Text\String |
|
N/A |
<tag2> |
Text\String |