OpenCanary - FTP Login Attempt

Rule Info

Name
OpenCanary - FTP Login Attempt
Author
Security Onion Solutions
Description
Detects instances where an FTP service on an OpenCanary node has had a login attempt.
Reference
https://opencanary.readthedocs.io/en/latest/starting/configuration.html#services-configuration
Date
2024-03-08 00:00:00
Modified
None
Id
6991bc2b-ae2e-447f-bc55-3a1ba04c14e5
Tags
attack.initial-access attack.exfiltration attack.t1190 attack.t1021
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=6991bc2b-ae2e-447f-bc55-3a1ba04c14e5

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #5177 from @nasbench - promote older rules status from `experimental` to `test`
2025-02-03
2bfb0935a
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Josh Brower
Merge PR #4695 from @defensivedepth - Add new rules based on OpenCanary tooling
2024-03-08
eac04262c
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022