Merge branch 'dionaea-ftp-login' into 'master'

Dionaea: Fix FTP connection category without login attempt See merge request !5

Merge branch 'dionaea-ftp-login' into 'master'
33caedb3 · Pavel Valach · 3c69d477 · 3b2d611e · 33caedb3
Commit 33caedb3 authored 1 year ago by Pavel Valach
--- a/dionaea/log_wardenfiler.py
+++ b/dionaea/log_wardenfiler.py
@@ -247,12 +247,14 @@ class LogWardenfilerHandler(ihandler):
            event["Attach"].append(attach)
        else:
            # login without password or similar thing
-            event["Category"].append("Intrusion.UserCompromise")
-            event["Note"] = "Failed login attempt"
+            event["Category"].append("Recon.Scanning")
+            event["Note"] = "Connection"

        if len(s["cmds"]):
-            event["Category"].append("Attempt.Exploit")
-            event["Note"] += " with unauthorized command input"
+            # consider this an exploit only if there was a login attempt
+            if len(s["creds"]):
+                event["Category"].append("Attempt.Exploit")
+            event["Note"] += " with command input"
            idata = "\n".join(str(c) for c in s["cmds"])
            plain = all(c in string.printable for c in idata)
            eidata = idata if plain else b64encode(idata.encode()).decode()