OpenCanary - Telnet Login Attempt

 1title: OpenCanary - Telnet Login Attempt
 2id: 512cff7a-683a-43ad-afe0-dd398e872f36
 3status: test
 4description: Detects instances where a Telnet service on an OpenCanary node has had a login attempt.
 5references:
 6    - https://opencanary.readthedocs.io/en/latest/starting/configuration.html#services-configuration
 7    - https://github.com/thinkst/opencanary/blob/a0896adfcaf0328cfd5829fe10d2878c7445138e/opencanary/logger.py#L52
 8author: Security Onion Solutions
 9date: 2024-03-08
10tags:
11    - attack.privilege-escalation
12    - attack.persistence
13    - attack.defense-evasion
14    - attack.initial-access
15    - attack.command-and-control
16    - attack.t1133
17    - attack.t1078
18logsource:
19    category: application
20    product: opencanary
21detection:
22    selection:
23        logtype: 6001
24    condition: selection
25falsepositives:
26    - Unlikely
27level: high

References

• Configuration — OpenCanary 0.9 documentation

  Configuration Since we have many services, and each service has a few options, we have listed them all for you. Services Configuration We have gone ahead and listed all the services by their config...

  
  Read More

• opencanary/opencanary/logger.py at a0896adfcaf0328cfd5829fe10d2878c7445138e · thinkst/opencanary

  

  Modular and decentralised honeypot. Contribute to thinkst/opencanary development by creating an account on GitHub.

  
  Read More

Related rules

• External Remote RDP Logon from Public IP
• External Remote SMB Logon from Public IP
• Failed Logon From Public IP
• OpenCanary - SSH Login Attempt
• OpenCanary - SSH New Connection Attempt