dionaea/log_wardenfiler.py: Fix category when no login is attempted

3b2d611e · Pavel Valach · 3c69d477 · 3b2d611e
Commit 3b2d611e authored 1 year ago by Pavel Valach
--- a/dionaea/log_wardenfiler.py
+++ b/dionaea/log_wardenfiler.py
@@ -247,12 +247,14 @@ class LogWardenfilerHandler(ihandler):
            event["Attach"].append(attach)
        else:
            # login without password or similar thing
-            event["Category"].append("Intrusion.UserCompromise")
-            event["Note"] = "Failed login attempt"
+            event["Category"].append("Recon.Scanning")
+            event["Note"] = "Connection"

        if len(s["cmds"]):
+            # consider this an exploit only if there was a login attempt
+            if len(s["creds"]):
                event["Category"].append("Attempt.Exploit")
-            event["Note"] += " with unauthorized command input"
+            event["Note"] += " with command input"
            idata = "\n".join(str(c) for c in s["cmds"])
            plain = all(c in string.printable for c in idata)
            eidata = idata if plain else b64encode(idata.encode()).decode()