A compromised file transfer server admin user account is always a huge problem. In the hands of a person with malicious intentions, a user account with administrative privileges can turn into a massive data breach. Thus, there may be cases when you'll want to be notified whenever an admin gains access to your system. If the login looks suspicious, you'll still have time to take appropriate action. In this post, I'll show you how to configure JSCAPE MFT Server so that it can automatically send an email to anyone who needs to know each time an admin logs in.
What we're trying to do
1. Create a trigger with the Administrator Login event type
JSCAPE MFT Server has a built in trigger event type that fires each time an admin logs in. It's aptly called the Administrator Login event type. Create a new trigger, give it a name (e.g. "Email notification in response to admin login"), and then select Administrator Login from the drop-down list. Click Next to proceed.
Of course, most (if not all) of the admin logins you'll encounter won't be of the malicious kind. So getting notifications for every single login can become quite annoying. If you want to filter out those logins that you're 100% sure are totally legit, you can write some filters in the Trigger Conditions dialog. For instance you can exempt logins if they: originated from a particular IP, were performed by a particular user account, were carried out at a particular time, and so on. You can view a list of the allowed parameters by clicking the Variables button.
For now, let's just leave this box blank. Click Next to proceed.
2. Add the Send Email trigger action
Add a new trigger action, expand the drop-down list, and select the Send Email trigger action. Click OK to proceed.
3. Add pertinent information to the email body using variables
Enter all the necessary parameters for sending that email notification, including the hostname of your SMTP server, the port number, connection type, etc.
Once you get to the Body, enter all the necessary information that will help you determine whether a particular login is legit or not. In the example below, I used the following variables (just click the Add Variable button to see the complete list):
- %ClientHost% - this is the IP address of the cllient machine used by the admin account during login
- %Month%, %DayOfMonth%, %Year%
- %Hour%, %Minute%, %Second%
- %ServerHost% - this is the IP address of the server
Click OK to proceed.
Don't forget to finalise your trigger creation process by clicking the Apply button as soon as you get back to the main screen.
Here's an example of the email that was received containing the details we added earlier.
Want to try this out? Download a free, fully-functional evaluation edition of JSCAPE MFT Server now.
Liked this article? Perhaps you'd want to read these too:
We'd love to engage with you on social media. Do connect with us ...