Previous: scan functions, Up: scan Analyzer


7.7.3 scan event handlers

The standard scan script defines one event handler:

`account_tried (c: connection, user: string, passwd: string)'
The given connection made an attempt to access the given username and password. Each distinct username/password pair is considered a new access. The event handler generates an alarm if the access matches the logging policy outlined above.

Note: account_tried events are generated by login and ftp analyzers.