Detectionhightest

OpenCanary - Telnet Login Attempt

Detects instances where a Telnet service on an OpenCanary node has had a login attempt.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Security Onion SolutionsCreated Fri Mar 08512cff7a-683a-43ad-afe0-dd398e872f36application

Log Source

opencanaryapplication

Productopencanary← raw: opencanary

Categoryapplication← raw: application

Detection Logic

detection:
    selection:
        logtype: 6001
    condition: selection

False Positives

Unlikely

False positives are unlikely for most environments. High confidence detection.

References

MITRE ATT&CK

Tactics

Techniques

Rule Metadata

Rule ID

512cff7a-683a-43ad-afe0-dd398e872f36

Status

test

Level

high

Type

Detection

Created

Fri Mar 08

Author

Path

rules/application/opencanary/opencanary_telnet_login_attempt.yml

Raw Tags

attack.privilege-escalationattack.persistenceattack.defense-evasionattack.initial-accessattack.command-and-controlattack.t1133attack.t1078