Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
An FTP connection using an anonymous login was detected.
Attacker's Goals
Attackers may seek access to FTP accounts and use them to exfiltrate data, stage attack tools, or create command and control channels through trusted services.
Investigative actions
- Examine the legitimacy of the application that produced this FTP.
- Examine the parent process of this application.
- Verify that the connection attempts were not performed from an illegitimate source.