Dionaea: Fix FTP connection category without login attempt

The category was Intrusion.UserCompromise even when the connection had only AUTH TLS or similar (which is a command for STARTTLS).

Now I have changed it to Recon.Scanning when no login attempt was present.

dionaea/log_wardenfiler.py

@@ -247,12 +247,14 @@ class LogWardenfilerHandler(ihandler):
             event["Attach"].append(attach)
         else:
             # login without password or similar thing
-            event["Category"].append("Intrusion.UserCompromise")
-            event["Note"] = "Failed login attempt"
+            event["Category"].append("Recon.Scanning")
+            event["Note"] = "Connection"
 
         if len(s["cmds"]):
-            event["Category"].append("Attempt.Exploit")
-            event["Note"] += " with unauthorized command input"
+            # consider this an exploit only if there was a login attempt
+            if len(s["creds"]):
+                event["Category"].append("Attempt.Exploit")
+            event["Note"] += " with command input"
             idata = "\n".join(str(c) for c in s["cmds"])
             plain = all(c in string.printable for c in idata)
             eidata = idata if plain else b64encode(idata.encode()).decode()