mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-04-28 23:47:55 +02:00
Josh Brower
17 lines
375 B
YAML
17 lines
375 B
YAML
title: SO IDH - FTP Login Attempt
|
|
id: d2d82069-30a7-4ac3-b584-ba696fbc24fd
|
|
status: experimental
|
|
description: Detects when the FTP service on a SO IDH node has had a login attempt.
|
|
author: Security Onion Solutions
|
|
logsource:
|
|
product: idh
|
|
detection:
|
|
selection:
|
|
event.code:
|
|
- 2000
|
|
condition: selection
|
|
falsepositives:
|
|
- None
|
|
fields:
|
|
- source.ip
|
|
level: critical |