7.6.3 scan
event handlers
The standard scan
script defines one event handler:
account_tried (c: connection, user: string, passwd: string)
- The given connection made an attempt to access the given username and
password. Each distinct username/password pair is considered a new access.
The event handler generates a log message if the access matches the logging
policy outlined above.
Note: account_tried
events are generated by login
and ftp
analyzers.