| { |
| "total":104593, |
| "results":[ |
| { |
| "id":"ad5cc7ea-5954-479f-8589-51f94b1c2f02", |
| "source":{ |
| "average":10.0, |
| "max":10.0, |
| "metron_alert":[ |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537279364136", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537279364122", |
| "enrichmentjoinbolt:joiner:ts":"1537279364128", |
| "adapter:geoadapter:begin:ts":"1537279364125", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537279364133", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:02:39.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537279364125", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537279364125", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537279364130", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537279359000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537279364122", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537279364125", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537279364130", |
| "adapter:threatinteladapter:begin:ts":"1537279364133", |
| "tcpflags":"***A**S*", |
| "guid":"c6843745-203c-49e1-80ad-f060eb88c9b1", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537280091506", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537280091491", |
| "enrichmentjoinbolt:joiner:ts":"1537280091498", |
| "adapter:geoadapter:begin:ts":"1537280091493", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537280091503", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:14:47.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537280091493", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537280091493", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537280091501", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537280087000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537280091491", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537280091493", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537280091501", |
| "adapter:threatinteladapter:begin:ts":"1537280091503", |
| "tcpflags":"***A****", |
| "guid":"f6521c0a-7aa9-4fc2-82ef-34c647d793f4", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537280221040", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537280221027", |
| "enrichmentjoinbolt:joiner:ts":"1537280221031", |
| "adapter:geoadapter:begin:ts":"1537280221029", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537280221037", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:16:56.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537280221029", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537280221029", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537280221035", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537280216000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537280221027", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537280221029", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537280221035", |
| "adapter:threatinteladapter:begin:ts":"1537280221037", |
| "tcpflags":"***A**S*", |
| "guid":"4b1a23db-8040-4639-88ae-83294d45921e", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537280908414", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537280908400", |
| "enrichmentjoinbolt:joiner:ts":"1537280908405", |
| "adapter:geoadapter:begin:ts":"1537280908403", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537280908411", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:28:27.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537280908402", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537280908403", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537280908407", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537280907000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537280908400", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537280908402", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537280908407", |
| "adapter:threatinteladapter:begin:ts":"1537280908411", |
| "tcpflags":"***A****", |
| "guid":"7f8babb8-72d6-4823-824a-0d57035bdfff", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537284816200", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537284816186", |
| "enrichmentjoinbolt:joiner:ts":"1537284816191", |
| "adapter:geoadapter:begin:ts":"1537284816188", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537284816198", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-15:33:35.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537284816188", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537284816189", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537284816194", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537284815000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537284816186", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537284816188", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537284816194", |
| "adapter:threatinteladapter:begin:ts":"1537284816196", |
| "tcpflags":"***A****", |
| "guid":"007a98c7-4301-44e1-b80d-a35cf5a88019", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537285796807", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537285796794", |
| "enrichmentjoinbolt:joiner:ts":"1537285796799", |
| "adapter:geoadapter:begin:ts":"1537285796796", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537285796804", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-15:49:52.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537285796796", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537285796796", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537285796802", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537285792000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537285796794", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537285796796", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537285796802", |
| "adapter:threatinteladapter:begin:ts":"1537285796804", |
| "tcpflags":"***A**S*", |
| "guid":"337b657f-9c48-45a2-b356-0ab08de9f549", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537296522470", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537295997966", |
| "enrichmentjoinbolt:joiner:ts":"1537295997971", |
| "adapter:geoadapter:begin:ts":"1537295997968", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537296522293", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-18:39:53.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537295997968", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537295997968", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537295997973", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537295993000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537295997966", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537295997968", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537295997973", |
| "adapter:threatinteladapter:begin:ts":"1537296522293", |
| "tcpflags":"***A**S*", |
| "guid":"0517c267-f7c9-409a-8b8f-40d95254eb2d", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537296937969", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537296937958", |
| "enrichmentjoinbolt:joiner:ts":"1537296937963", |
| "adapter:geoadapter:begin:ts":"1537296937960", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537296937967", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-18:55:33.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537296937960", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537296937960", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537296937965", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537296933000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537296937958", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537296937960", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537296937965", |
| "adapter:threatinteladapter:begin:ts":"1537296937967", |
| "tcpflags":"***A****", |
| "guid":"f2a6c42c-ec04-4e8e-ae8d-29a7a642b8be", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537297658265", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537297658252", |
| "enrichmentjoinbolt:joiner:ts":"1537297658256", |
| "adapter:geoadapter:begin:ts":"1537297658254", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537297658261", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:07:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537297658254", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537297658254", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537297658259", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537297657000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537297658252", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537297658254", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537297658259", |
| "adapter:threatinteladapter:begin:ts":"1537297658261", |
| "tcpflags":"***A**S*", |
| "guid":"2f34effe-93dc-41d4-aa04-920c89982f9c", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537297780829", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537297780818", |
| "enrichmentjoinbolt:joiner:ts":"1537297780822", |
| "adapter:geoadapter:begin:ts":"1537297780820", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537297780827", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:09:35.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537297780820", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537297780820", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537297780825", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537297775000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537297780818", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537297780820", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537297780825", |
| "adapter:threatinteladapter:begin:ts":"1537297780827", |
| "tcpflags":"***A**S*", |
| "guid":"bbbbdb93-fbef-4479-b018-02b92cc88103", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537298899732", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537298899713", |
| "enrichmentjoinbolt:joiner:ts":"1537298899718", |
| "adapter:geoadapter:begin:ts":"1537298899716", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537298899729", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:28:18.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537298899716", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537298899716", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537298899720", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537298898000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537298899713", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537298899716", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537298899720", |
| "adapter:threatinteladapter:begin:ts":"1537298899722", |
| "tcpflags":"***A**S*", |
| "guid":"5e42b3f7-5baf-48f6-b596-4db3e5e5f30b", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537299378075", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537299378057", |
| "enrichmentjoinbolt:joiner:ts":"1537299378062", |
| "adapter:geoadapter:begin:ts":"1537299378059", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537299378072", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:36:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537299378059", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537299378059", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537299378066", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537299377000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537299378057", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537299378059", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537299378066", |
| "adapter:threatinteladapter:begin:ts":"1537299378072", |
| "tcpflags":"***A****", |
| "guid":"d6df0c6a-9e7c-41c9-8ee6-38681225a38c", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537300647845", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537300647833", |
| "enrichmentjoinbolt:joiner:ts":"1537300647837", |
| "adapter:geoadapter:begin:ts":"1537300647834", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537300647842", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:57:26.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537300647834", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537300647834", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537300647839", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537300646000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537300647833", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537300647834", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537300647839", |
| "adapter:threatinteladapter:begin:ts":"1537300647842", |
| "tcpflags":"***A**S*", |
| "guid":"2f45a7f0-9771-49c3-8eba-bd1f8af8174f", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537301518165", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537301518147", |
| "enrichmentjoinbolt:joiner:ts":"1537301518158", |
| "adapter:geoadapter:begin:ts":"1537301518149", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537301518163", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:11:57.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537301518149", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537301518149", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537301518160", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537301517000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537301518147", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537301518149", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537301518160", |
| "adapter:threatinteladapter:begin:ts":"1537301518163", |
| "tcpflags":"***A**S*", |
| "guid":"0dd2ce0a-62aa-4800-a7de-ad56d0ed2f41", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537304529055", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304529042", |
| "enrichmentjoinbolt:joiner:ts":"1537304529048", |
| "adapter:geoadapter:begin:ts":"1537304529045", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537304529053", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-21:02:04.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304529045", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537304529045", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304529050", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537304524000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304529042", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304529045", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304529050", |
| "adapter:threatinteladapter:begin:ts":"1537304529053", |
| "tcpflags":"***A****", |
| "guid":"13760f67-1412-4463-8de3-a74def82c6ed", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537277777169", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537277777156", |
| "enrichmentjoinbolt:joiner:ts":"1537277777161", |
| "adapter:geoadapter:begin:ts":"1537277777158", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537277777165", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-13:36:15.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537277777158", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537277777158", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537277777163", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537277775000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537277777156", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537277777158", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537277777162", |
| "adapter:threatinteladapter:begin:ts":"1537277777165", |
| "tcpflags":"***A****", |
| "guid":"32c60f70-7a76-4d7b-a943-939a6cea9a3f", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537277957306", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537277957293", |
| "enrichmentjoinbolt:joiner:ts":"1537277957299", |
| "adapter:geoadapter:begin:ts":"1537277957296", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537277957303", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-13:39:16.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537277957296", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537277957296", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537277957301", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537277956000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537277957293", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537277957296", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537277957301", |
| "adapter:threatinteladapter:begin:ts":"1537277957303", |
| "tcpflags":"***A****", |
| "guid":"7dcf592a-d562-4ac6-92e7-aaea2ee14417", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537277957306", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537277957293", |
| "enrichmentjoinbolt:joiner:ts":"1537277957299", |
| "adapter:geoadapter:begin:ts":"1537277957296", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537277957303", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-13:39:16.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537277957296", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537277957296", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537277957301", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537277956000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537277957293", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537277957296", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537277957301", |
| "adapter:threatinteladapter:begin:ts":"1537277957303", |
| "tcpflags":"***A****", |
| "guid":"ebe214d5-a0ee-485e-bf39-78e8afde9711", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537281281274", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537281281256", |
| "enrichmentjoinbolt:joiner:ts":"1537281281261", |
| "adapter:geoadapter:begin:ts":"1537281281258", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537281281273", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:34:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537281281258", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537281281258", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537281281263", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537281277000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537281281256", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537281281258", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537281281263", |
| "adapter:threatinteladapter:begin:ts":"1537281281266", |
| "tcpflags":"***A****", |
| "guid":"f4d8a573-e957-4c22-b4e1-b9c657cd911d", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537281652539", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537281652526", |
| "enrichmentjoinbolt:joiner:ts":"1537281652532", |
| "adapter:geoadapter:begin:ts":"1537281652530", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537281652536", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:40:51.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537281652529", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537281652530", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537281652534", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537281651000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537281652526", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537281652529", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537281652534", |
| "adapter:threatinteladapter:begin:ts":"1537281652536", |
| "tcpflags":"***A**S*", |
| "guid":"c4f85a6b-0ebf-4e89-b212-5e0567788f03", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537281947945", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537281947925", |
| "enrichmentjoinbolt:joiner:ts":"1537281947930", |
| "adapter:geoadapter:begin:ts":"1537281947927", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537281947942", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:45:43.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537281947927", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537281947928", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537281947932", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537281943000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537281947925", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537281947927", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537281947932", |
| "adapter:threatinteladapter:begin:ts":"1537281947935", |
| "tcpflags":"***A****", |
| "guid":"c507d367-4556-41b9-8975-6cfc52b83545", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537282850352", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537282850310", |
| "enrichmentjoinbolt:joiner:ts":"1537282850315", |
| "adapter:geoadapter:begin:ts":"1537282850312", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537282850350", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-15:00:45.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537282850312", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537282850313", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537282850317", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537282845000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537282850310", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537282850312", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537282850317", |
| "adapter:threatinteladapter:begin:ts":"1537282850350", |
| "tcpflags":"***A**S*", |
| "guid":"78cb2af0-6056-464b-a94a-7d4ccedcc269", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537283450157", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537283450144", |
| "enrichmentjoinbolt:joiner:ts":"1537283450150", |
| "adapter:geoadapter:begin:ts":"1537283450147", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537283450156", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-15:10:46.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537283450147", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537283450147", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537283450153", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537283446000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537283450144", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537283450147", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537283450153", |
| "adapter:threatinteladapter:begin:ts":"1537283450156", |
| "tcpflags":"***A**S*", |
| "guid":"67e7927d-bf35-4506-9ce5-8236aea37417", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537296522491", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537296158983", |
| "enrichmentjoinbolt:joiner:ts":"1537296158988", |
| "adapter:geoadapter:begin:ts":"1537296158985", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537296522299", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-18:42:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537296158985", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537296158985", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537296158990", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537296154000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537296158983", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537296158985", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537296158990", |
| "adapter:threatinteladapter:begin:ts":"1537296522299", |
| "tcpflags":"***A****", |
| "guid":"8a851c1a-9f4f-45d1-b06a-c9c0d800f91c", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537296522537", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537296487429", |
| "enrichmentjoinbolt:joiner:ts":"1537296487439", |
| "adapter:geoadapter:begin:ts":"1537296487432", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537296522318", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-18:48:05.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537296487432", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537296487432", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537296487441", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537296485000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537296487429", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537296487432", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537296487441", |
| "adapter:threatinteladapter:begin:ts":"1537296522318", |
| "tcpflags":"***A**S*", |
| "guid":"5c9a68d8-16ff-44fe-83a6-9feb0b045125", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537297341824", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537297341800", |
| "enrichmentjoinbolt:joiner:ts":"1537297341805", |
| "adapter:geoadapter:begin:ts":"1537297341803", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537297341814", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:02:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537297341803", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537297341803", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537297341808", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537297337000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537297341800", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537297341803", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537297341808", |
| "adapter:threatinteladapter:begin:ts":"1537297341811", |
| "tcpflags":"***A**S*", |
| "guid":"1767fe9d-d61d-46b5-9cb7-c24b8074ddec", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537297520177", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537297520165", |
| "enrichmentjoinbolt:joiner:ts":"1537297520170", |
| "adapter:geoadapter:begin:ts":"1537297520167", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537297520174", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:05:18.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537297520167", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537297520167", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537297520172", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537297518000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537297520165", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537297520167", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537297520172", |
| "adapter:threatinteladapter:begin:ts":"1537297520174", |
| "tcpflags":"***A****", |
| "guid":"fc5b9a63-0894-4b16-9c5b-76c35cb00757", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537297710682", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537297710669", |
| "enrichmentjoinbolt:joiner:ts":"1537297710674", |
| "adapter:geoadapter:begin:ts":"1537297710671", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537297710679", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:08:29.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537297710671", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537297710671", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537297710676", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537297709000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537297710669", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537297710671", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537297710676", |
| "adapter:threatinteladapter:begin:ts":"1537297710679", |
| "tcpflags":"***A**S*", |
| "guid":"6b63bfb3-f809-46f0-932e-c22d5071b502", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537298106549", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537298106533", |
| "enrichmentjoinbolt:joiner:ts":"1537298106539", |
| "adapter:geoadapter:begin:ts":"1537298106536", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537298106547", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:15:02.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537298106536", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537298106536", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537298106541", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537298102000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537298106533", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537298106536", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537298106541", |
| "adapter:threatinteladapter:begin:ts":"1537298106544", |
| "tcpflags":"***A**S*", |
| "guid":"096b5469-6c46-4f54-b0a4-61ffc125d74c", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537300567318", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537300567298", |
| "enrichmentjoinbolt:joiner:ts":"1537300567302", |
| "adapter:geoadapter:begin:ts":"1537300567300", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537300567312", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:56:06.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537300567300", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537300567300", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537300567306", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537300566000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537300567298", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537300567300", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537300567306", |
| "adapter:threatinteladapter:begin:ts":"1537300567312", |
| "tcpflags":"***A****", |
| "guid":"9d84c1f0-2924-439a-abd7-32a4e8c69253", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537300823287", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537300823274", |
| "enrichmentjoinbolt:joiner:ts":"1537300823279", |
| "adapter:geoadapter:begin:ts":"1537300823276", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537300823285", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:00:22.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537300823277", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537300823276", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537300823281", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537300822000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537300823274", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537300823277", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537300823281", |
| "adapter:threatinteladapter:begin:ts":"1537300823284", |
| "tcpflags":"***A****", |
| "guid":"afa4b156-bc2f-4e6f-bf0c-ad03695056e3", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537302847425", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537302847413", |
| "enrichmentjoinbolt:joiner:ts":"1537302847418", |
| "adapter:geoadapter:begin:ts":"1537302847415", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537302847422", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:34:06.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537302847415", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537302847415", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537302847420", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537302846000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537302847413", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537302847415", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537302847420", |
| "adapter:threatinteladapter:begin:ts":"1537302847422", |
| "tcpflags":"***A**S*", |
| "guid":"06c6ed2a-5899-4682-aa85-25b7e252daf1", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537304283577", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304283562", |
| "enrichmentjoinbolt:joiner:ts":"1537304283566", |
| "adapter:geoadapter:begin:ts":"1537304283564", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537304283575", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:58:02.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304283564", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537304283564", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304283569", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537304282000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304283562", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304283564", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304283569", |
| "adapter:threatinteladapter:begin:ts":"1537304283571", |
| "tcpflags":"***A****", |
| "guid":"ae5022e5-38cc-4bf2-b2c5-18f6f9a688f2", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537277770301", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537277770279", |
| "enrichmentjoinbolt:joiner:ts":"1537277770284", |
| "adapter:geoadapter:begin:ts":"1537277770281", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537277770298", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-13:36:05.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537277770281", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537277770282", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537277770286", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537277765000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537277770279", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537277770281", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537277770286", |
| "adapter:threatinteladapter:begin:ts":"1537277770288", |
| "tcpflags":"***A**S*", |
| "guid":"3d578f8e-9b9c-44ec-93a7-af357428bcb9", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537278536143", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537278536124", |
| "enrichmentjoinbolt:joiner:ts":"1537278536131", |
| "adapter:geoadapter:begin:ts":"1537278536129", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537278536140", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-13:48:51.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537278536126", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537278536129", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537278536134", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537278531000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537278536124", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537278536126", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537278536134", |
| "adapter:threatinteladapter:begin:ts":"1537278536139", |
| "tcpflags":"***A**S*", |
| "guid":"5236f783-d06f-4268-b228-18b19ddaa05f", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537278612703", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537278612692", |
| "enrichmentjoinbolt:joiner:ts":"1537278612697", |
| "adapter:geoadapter:begin:ts":"1537278612695", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537278612701", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-13:50:08.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537278612694", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537278612695", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537278612699", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537278608000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537278612692", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537278612694", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537278612699", |
| "adapter:threatinteladapter:begin:ts":"1537278612701", |
| "tcpflags":"***A****", |
| "guid":"16196ae0-1a5b-437a-b7be-c1015e9e9b18", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537279218984", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537279218971", |
| "enrichmentjoinbolt:joiner:ts":"1537279218975", |
| "adapter:geoadapter:begin:ts":"1537279218973", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537279218982", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:00:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537279218973", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537279218973", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537279218978", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537279217000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537279218971", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537279218973", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537279218978", |
| "adapter:threatinteladapter:begin:ts":"1537279218980", |
| "tcpflags":"***A****", |
| "guid":"83635c2d-bc81-4a6e-87b9-51825f2e375f", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537279752934", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537279752920", |
| "enrichmentjoinbolt:joiner:ts":"1537279752925", |
| "adapter:geoadapter:begin:ts":"1537279752923", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537279752931", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:09:12.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537279752923", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537279752923", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537279752928", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537279752000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537279752920", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537279752923", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537279752928", |
| "adapter:threatinteladapter:begin:ts":"1537279752931", |
| "tcpflags":"***A****", |
| "guid":"13de1cf3-adfd-4c5e-9cb2-be470af1104d", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537279930875", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537279930833", |
| "enrichmentjoinbolt:joiner:ts":"1537279930846", |
| "adapter:geoadapter:begin:ts":"1537279930844", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537279930872", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:12:06.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537279930844", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537279930844", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537279930857", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537279926000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537279930834", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537279930844", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537279930857", |
| "adapter:threatinteladapter:begin:ts":"1537279930871", |
| "tcpflags":"***A**S*", |
| "guid":"a04ca59b-fa5d-4ad4-92ce-162765681dec", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537279954609", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537279954595", |
| "enrichmentjoinbolt:joiner:ts":"1537279954600", |
| "adapter:geoadapter:begin:ts":"1537279954597", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537279954606", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:12:33.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537279954597", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537279954597", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537279954603", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537279953000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537279954595", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537279954597", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537279954603", |
| "adapter:threatinteladapter:begin:ts":"1537279954606", |
| "tcpflags":"***A****", |
| "guid":"be858565-84b1-4f57-bc51-d67f52697006", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537280061942", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537280061924", |
| "enrichmentjoinbolt:joiner:ts":"1537280061930", |
| "adapter:geoadapter:begin:ts":"1537280061926", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537280061934", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:14:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537280061926", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537280061926", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537280061932", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537280057000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537280061924", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537280061926", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537280061932", |
| "adapter:threatinteladapter:begin:ts":"1537280061934", |
| "tcpflags":"***A****", |
| "guid":"4fc16ffe-27b7-4269-bc27-d347f6829fe3", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537280755832", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537280755819", |
| "enrichmentjoinbolt:joiner:ts":"1537280755824", |
| "adapter:geoadapter:begin:ts":"1537280755821", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537280755829", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:25:54.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537280755821", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537280755821", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537280755826", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537280754000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537280755819", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537280755821", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537280755826", |
| "adapter:threatinteladapter:begin:ts":"1537280755829", |
| "tcpflags":"***A**S*", |
| "guid":"5cbcc299-9b04-40f0-84b9-d759eb5f1fd6", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537280911771", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537280911759", |
| "enrichmentjoinbolt:joiner:ts":"1537280911764", |
| "adapter:geoadapter:begin:ts":"1537280911761", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537280911769", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:28:30.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537280911761", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537280911761", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537280911767", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537280910000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537280911759", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537280911761", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537280911767", |
| "adapter:threatinteladapter:begin:ts":"1537280911769", |
| "tcpflags":"***A****", |
| "guid":"223279f4-59ba-473d-85ab-4e6174416463", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537282654617", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537282654604", |
| "enrichmentjoinbolt:joiner:ts":"1537282654609", |
| "adapter:geoadapter:begin:ts":"1537282654606", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537282654614", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:57:30.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537282654606", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537282654606", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537282654612", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537282650000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537282654604", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537282654606", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537282654612", |
| "adapter:threatinteladapter:begin:ts":"1537282654614", |
| "tcpflags":"***A****", |
| "guid":"4ae68add-27d8-4b7c-a938-a60ee24d087a", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537284092223", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537284092211", |
| "enrichmentjoinbolt:joiner:ts":"1537284092216", |
| "adapter:geoadapter:begin:ts":"1537284092213", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537284092221", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-15:21:27.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537284092213", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537284092214", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537284092218", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537284087000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537284092211", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537284092213", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537284092218", |
| "adapter:threatinteladapter:begin:ts":"1537284092220", |
| "tcpflags":"***A****", |
| "guid":"281194ba-7091-4dd9-8708-d568d6323d3e", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537284672944", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537284672931", |
| "enrichmentjoinbolt:joiner:ts":"1537284672936", |
| "adapter:geoadapter:begin:ts":"1537284672934", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537284672942", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-15:31:11.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537284672934", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537284672934", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537284672939", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537284671000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537284672931", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537284672934", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537284672939", |
| "adapter:threatinteladapter:begin:ts":"1537284672942", |
| "tcpflags":"***A****", |
| "guid":"ae0d14a1-1253-4036-8c0d-4a4aa6fdfe33", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537297029540", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537297029528", |
| "enrichmentjoinbolt:joiner:ts":"1537297029533", |
| "adapter:geoadapter:begin:ts":"1537297029530", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537297029537", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-18:57:05.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537297029530", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537297029530", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537297029535", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537297025000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537297029528", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537297029530", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537297029535", |
| "adapter:threatinteladapter:begin:ts":"1537297029537", |
| "tcpflags":"***A**S*", |
| "guid":"02d6c1d3-f8d1-40f3-9d26-1a166d32a27a", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537299055443", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537299055430", |
| "enrichmentjoinbolt:joiner:ts":"1537299055435", |
| "adapter:geoadapter:begin:ts":"1537299055433", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537299055441", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:30:50.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537299055433", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537299055433", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537299055438", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537299050000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537299055430", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537299055433", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537299055438", |
| "adapter:threatinteladapter:begin:ts":"1537299055441", |
| "tcpflags":"***A****", |
| "guid":"da35d6ed-0014-4cdf-9503-aadf3650772c", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537300074867", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537300074854", |
| "enrichmentjoinbolt:joiner:ts":"1537300074859", |
| "adapter:geoadapter:begin:ts":"1537300074856", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537300074865", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:47:50.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537300074856", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537300074856", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537300074861", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537300070000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537300074854", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537300074856", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537300074861", |
| "adapter:threatinteladapter:begin:ts":"1537300074863", |
| "tcpflags":"***A**S*", |
| "guid":"f0a64d82-2820-4f74-b9f8-091b206543a7", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537301085145", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537301085124", |
| "enrichmentjoinbolt:joiner:ts":"1537301085128", |
| "adapter:geoadapter:begin:ts":"1537301085125", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537301085134", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:04:40.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537301085125", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537301085125", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537301085131", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537301080000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537301085124", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537301085125", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537301085131", |
| "adapter:threatinteladapter:begin:ts":"1537301085134", |
| "tcpflags":"***A**S*", |
| "guid":"549c755c-b446-4725-bb17-86055197152f", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537301449267", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537301449253", |
| "enrichmentjoinbolt:joiner:ts":"1537301449258", |
| "adapter:geoadapter:begin:ts":"1537301449255", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537301449263", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:10:48.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537301449255", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537301449255", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537301449260", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537301448000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537301449253", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537301449255", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537301449260", |
| "adapter:threatinteladapter:begin:ts":"1537301449263", |
| "tcpflags":"***A****", |
| "guid":"4a7b511b-96f8-4b43-bb62-0e9d6e9da410", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537301606658", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537301606644", |
| "enrichmentjoinbolt:joiner:ts":"1537301606650", |
| "adapter:geoadapter:begin:ts":"1537301606647", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537301606655", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:13:22.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537301606647", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537301606647", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537301606652", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537301602000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537301606644", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537301606647", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537301606652", |
| "adapter:threatinteladapter:begin:ts":"1537301606655", |
| "tcpflags":"***A**S*", |
| "guid":"90742c82-c227-46ed-bb6e-b262c51007c2", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537276900749", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537276900736", |
| "enrichmentjoinbolt:joiner:ts":"1537276900741", |
| "adapter:geoadapter:begin:ts":"1537276900738", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537276900748", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-13:21:39.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537276900738", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537276900739", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537276900743", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537276899000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537276900736", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537276900738", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537276900743", |
| "adapter:threatinteladapter:begin:ts":"1537276900746", |
| "tcpflags":"***A****", |
| "guid":"3a7595f6-6a6d-4b7d-979b-88407df1db2d", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537278576183", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537278576165", |
| "enrichmentjoinbolt:joiner:ts":"1537278576173", |
| "adapter:geoadapter:begin:ts":"1537278576168", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537278576179", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-13:49:35.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537278576168", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537278576168", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537278576176", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537278575000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537278576165", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537278576168", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537278576176", |
| "adapter:threatinteladapter:begin:ts":"1537278576179", |
| "tcpflags":"***A**S*", |
| "guid":"4f8521ff-179d-467d-864e-206f40f91809", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537278863333", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537278863321", |
| "enrichmentjoinbolt:joiner:ts":"1537278863326", |
| "adapter:geoadapter:begin:ts":"1537278863324", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537278863330", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-13:54:22.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537278863324", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537278863324", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537278863328", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537278862000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537278863321", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537278863324", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537278863328", |
| "adapter:threatinteladapter:begin:ts":"1537278863330", |
| "tcpflags":"***A**S*", |
| "guid":"3fa2010e-76a0-4285-9eb3-394d240cf4f9", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537280655645", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537280655623", |
| "enrichmentjoinbolt:joiner:ts":"1537280655629", |
| "adapter:geoadapter:begin:ts":"1537280655627", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537280655643", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:24:11.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537280655627", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537280655627", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537280655637", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537280651000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537280655623", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537280655627", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537280655637", |
| "adapter:threatinteladapter:begin:ts":"1537280655640", |
| "tcpflags":"***A**S*", |
| "guid":"8835c6f7-725f-468c-bccf-10f4ef1fd28d", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537282478521", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537282478506", |
| "enrichmentjoinbolt:joiner:ts":"1537282478512", |
| "adapter:geoadapter:begin:ts":"1537282478509", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537282478517", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:54:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537282478509", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537282478509", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537282478514", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537282474000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537282478506", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537282478509", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537282478514", |
| "adapter:threatinteladapter:begin:ts":"1537282478517", |
| "tcpflags":"***A****", |
| "guid":"a1166706-b890-451e-bbe3-109bf0c08a9c", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537282713695", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537282713683", |
| "enrichmentjoinbolt:joiner:ts":"1537282713688", |
| "adapter:geoadapter:begin:ts":"1537282713685", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537282713692", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:58:32.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537282713685", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537282713685", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537282713690", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537282712000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537282713683", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537282713685", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537282713690", |
| "adapter:threatinteladapter:begin:ts":"1537282713692", |
| "tcpflags":"***A**S*", |
| "guid":"d74132e0-eedf-4cdf-bc17-c9e870d54578", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537283204814", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537283204799", |
| "enrichmentjoinbolt:joiner:ts":"1537283204804", |
| "adapter:geoadapter:begin:ts":"1537283204802", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537283204812", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-15:06:43.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537283204802", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537283204803", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537283204807", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537283203000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537283204799", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537283204802", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537283204807", |
| "adapter:threatinteladapter:begin:ts":"1537283204809", |
| "tcpflags":"***A**S*", |
| "guid":"75415055-8d69-4683-9382-d25c39b68e9f", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537284300507", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537284300495", |
| "enrichmentjoinbolt:joiner:ts":"1537284300500", |
| "adapter:geoadapter:begin:ts":"1537284300498", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537284300505", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-15:24:56.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537284300498", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537284300498", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537284300502", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537284296000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537284300495", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537284300498", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537284300502", |
| "adapter:threatinteladapter:begin:ts":"1537284300505", |
| "tcpflags":"***A**S*", |
| "guid":"c42433e8-98f3-42dd-9089-6ac96e20095f", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537284659873", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537284659860", |
| "enrichmentjoinbolt:joiner:ts":"1537284659865", |
| "adapter:geoadapter:begin:ts":"1537284659862", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537284659870", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-15:30:58.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537284659862", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537284659862", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537284659867", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537284658000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537284659860", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537284659862", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537284659867", |
| "adapter:threatinteladapter:begin:ts":"1537284659870", |
| "tcpflags":"***A****", |
| "guid":"2895d881-503d-4092-b172-65dbb5e35ed3", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537296522533", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537296450178", |
| "enrichmentjoinbolt:joiner:ts":"1537296450183", |
| "adapter:geoadapter:begin:ts":"1537296450180", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537296522312", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-18:47:29.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537296450179", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537296450180", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537296450185", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537296449000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537296450178", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537296450179", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537296450185", |
| "adapter:threatinteladapter:begin:ts":"1537296522312", |
| "tcpflags":"***A****", |
| "guid":"1f236e95-6ae6-443c-98a0-31d4f2c425ed", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537297095805", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537297095791", |
| "enrichmentjoinbolt:joiner:ts":"1537297095797", |
| "adapter:geoadapter:begin:ts":"1537297095795", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537297095803", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-18:58:14.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537297095794", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537297095795", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537297095801", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537297094000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537297095791", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537297095794", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537297095801", |
| "adapter:threatinteladapter:begin:ts":"1537297095803", |
| "tcpflags":"***A**S*", |
| "guid":"022a9c0c-241f-4cb2-9c0d-1c428a099404", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537299018672", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537299018656", |
| "enrichmentjoinbolt:joiner:ts":"1537299018664", |
| "adapter:geoadapter:begin:ts":"1537299018662", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537299018669", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:30:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537299018662", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537299018662", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537299018667", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537299017000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537299018656", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537299018662", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537299018667", |
| "adapter:threatinteladapter:begin:ts":"1537299018669", |
| "tcpflags":"***A****", |
| "guid":"25421458-1b16-47fc-b8f5-a7c7a83bf86a", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537301124094", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537301124082", |
| "enrichmentjoinbolt:joiner:ts":"1537301124086", |
| "adapter:geoadapter:begin:ts":"1537301124084", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537301124091", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:05:19.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537301124084", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537301124084", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537301124089", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537301119000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537301124082", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537301124084", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537301124089", |
| "adapter:threatinteladapter:begin:ts":"1537301124091", |
| "tcpflags":"***A****", |
| "guid":"c48dce90-087a-461e-b408-3270e02fc513", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537301488853", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537301488841", |
| "enrichmentjoinbolt:joiner:ts":"1537301488846", |
| "adapter:geoadapter:begin:ts":"1537301488843", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537301488851", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:11:24.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537301488843", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537301488843", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537301488848", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537301484000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537301488841", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537301488843", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537301488848", |
| "adapter:threatinteladapter:begin:ts":"1537301488851", |
| "tcpflags":"***A**S*", |
| "guid":"afaa6ea8-f1f2-4806-93ce-e7076c238813", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537301564066", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537301564052", |
| "enrichmentjoinbolt:joiner:ts":"1537301564058", |
| "adapter:geoadapter:begin:ts":"1537301564055", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537301564063", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:12:39.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537301564055", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537301564055", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537301564061", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537301559000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537301564052", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537301564055", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537301564061", |
| "adapter:threatinteladapter:begin:ts":"1537301564063", |
| "tcpflags":"***A**S*", |
| "guid":"1cc03c24-72d5-46d7-a0d0-136bc63fe0f3", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537302711761", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537302711745", |
| "enrichmentjoinbolt:joiner:ts":"1537302711750", |
| "adapter:geoadapter:begin:ts":"1537302711749", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537302711759", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:31:50.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537302711747", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537302711749", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537302711754", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537302710000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537302711745", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537302711747", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537302711754", |
| "adapter:threatinteladapter:begin:ts":"1537302711758", |
| "tcpflags":"***A**S*", |
| "guid":"c1e9b8f7-925e-4110-8179-68e953e143d4", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537302827504", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537302827490", |
| "enrichmentjoinbolt:joiner:ts":"1537302827496", |
| "adapter:geoadapter:begin:ts":"1537302827493", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537302827501", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:33:43.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537302827493", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537302827493", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537302827498", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537302823000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537302827490", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537302827493", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537302827498", |
| "adapter:threatinteladapter:begin:ts":"1537302827501", |
| "tcpflags":"***A**S*", |
| "guid":"04aa400c-855c-4dee-9ea7-eca9842f9932", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537277086360", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537277086347", |
| "enrichmentjoinbolt:joiner:ts":"1537277086352", |
| "adapter:geoadapter:begin:ts":"1537277086349", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537277086357", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-13:24:40.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537277086349", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537277086349", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537277086355", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537277080000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537277086347", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537277086349", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537277086355", |
| "adapter:threatinteladapter:begin:ts":"1537277086357", |
| "tcpflags":"***A**S*", |
| "guid":"294c987b-da00-421b-bf89-91a1f45ad361", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537277780562", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537277780550", |
| "enrichmentjoinbolt:joiner:ts":"1537277780555", |
| "adapter:geoadapter:begin:ts":"1537277780552", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537277780559", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-13:36:19.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537277780552", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537277780552", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537277780557", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537277779000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537277780550", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537277780552", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537277780557", |
| "adapter:threatinteladapter:begin:ts":"1537277780559", |
| "tcpflags":"***A****", |
| "guid":"02c92408-826f-4d9c-b9c9-0393dd37d9db", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537279337550", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537279337537", |
| "enrichmentjoinbolt:joiner:ts":"1537279337542", |
| "adapter:geoadapter:begin:ts":"1537279337539", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537279337547", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:02:13.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537279337539", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537279337539", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537279337544", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537279333000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537279337537", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537279337539", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537279337544", |
| "adapter:threatinteladapter:begin:ts":"1537279337547", |
| "tcpflags":"***A****", |
| "guid":"bd7dba34-35ba-4341-a6a9-e92c75eac21c", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537279651897", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537279651884", |
| "enrichmentjoinbolt:joiner:ts":"1537279651889", |
| "adapter:geoadapter:begin:ts":"1537279651886", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537279651894", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:07:30.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537279651886", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537279651886", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537279651892", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537279650000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537279651884", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537279651886", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537279651892", |
| "adapter:threatinteladapter:begin:ts":"1537279651894", |
| "tcpflags":"***A**S*", |
| "guid":"4ababe43-0bd4-45aa-9f4f-b6bd951dd5a9", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537281693141", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537281693128", |
| "enrichmentjoinbolt:joiner:ts":"1537281693133", |
| "adapter:geoadapter:begin:ts":"1537281693130", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537281693138", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:41:32.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537281693130", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537281693130", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537281693136", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537281692000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537281693128", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537281693130", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537281693136", |
| "adapter:threatinteladapter:begin:ts":"1537281693138", |
| "tcpflags":"***A****", |
| "guid":"535f50ea-3b88-4b7d-ada0-76fc4aa2ec95", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537282293139", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537282293129", |
| "enrichmentjoinbolt:joiner:ts":"1537282293133", |
| "adapter:geoadapter:begin:ts":"1537282293130", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537282293137", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:51:32.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537282293131", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537282293130", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537282293135", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537282292000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537282293129", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537282293131", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537282293135", |
| "adapter:threatinteladapter:begin:ts":"1537282293137", |
| "tcpflags":"***A**S*", |
| "guid":"30f249fc-5a1f-4363-8dba-20530f7f2566", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537282585414", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537282585394", |
| "enrichmentjoinbolt:joiner:ts":"1537282585399", |
| "adapter:geoadapter:begin:ts":"1537282585396", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537282585413", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:56:21.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537282585396", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537282585397", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537282585402", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537282581000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537282585394", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537282585396", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537282585402", |
| "adapter:threatinteladapter:begin:ts":"1537282585410", |
| "tcpflags":"***A**S*", |
| "guid":"6d0d7638-289b-4e1a-b9f9-b922aa8a97d6", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537282598678", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537282598664", |
| "enrichmentjoinbolt:joiner:ts":"1537282598670", |
| "adapter:geoadapter:begin:ts":"1537282598667", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537282598675", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-14:56:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537282598667", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537282598667", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537282598672", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537282597000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537282598664", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537282598667", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537282598672", |
| "adapter:threatinteladapter:begin:ts":"1537282598675", |
| "tcpflags":"***A****", |
| "guid":"63e8b82f-f8e6-43c7-97a0-966219bf8651", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537282892585", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537282892572", |
| "enrichmentjoinbolt:joiner:ts":"1537282892576", |
| "adapter:geoadapter:begin:ts":"1537282892573", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537282892581", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-15:01:31.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537282892573", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537282892573", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537282892578", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537282891000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537282892572", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537282892573", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537282892578", |
| "adapter:threatinteladapter:begin:ts":"1537282892581", |
| "tcpflags":"***A**S*", |
| "guid":"adfd9fc6-3520-4c94-81b0-2d683e51cf37", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537297085181", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537297085168", |
| "enrichmentjoinbolt:joiner:ts":"1537297085173", |
| "adapter:geoadapter:begin:ts":"1537297085170", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537297085178", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-18:58:04.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537297085170", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537297085170", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537297085175", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537297084000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537297085168", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537297085170", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537297085175", |
| "adapter:threatinteladapter:begin:ts":"1537297085178", |
| "tcpflags":"***A**S*", |
| "guid":"34013b39-e514-41b4-b473-46158d601f44", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537298303311", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BD", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"40", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537298303296", |
| "enrichmentjoinbolt:joiner:ts":"1537298303301", |
| "adapter:geoadapter:begin:ts":"1537298303298", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C999D", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537298303308", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-19:18:18.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537298303298", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537298303298", |
| "id":"1900", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537298303304", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537298298000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537298303296", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537298303298", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537298303304", |
| "adapter:threatinteladapter:begin:ts":"1537298303308", |
| "tcpflags":"***A****", |
| "guid":"d0ce6a18-3c19-4244-8c8c-42e3ee1fbe2b", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537301038110", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537301038097", |
| "enrichmentjoinbolt:joiner:ts":"1537301038102", |
| "adapter:geoadapter:begin:ts":"1537301038099", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537301038109", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-20:03:53.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537301038099", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537301038099", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537301038105", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537301033000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537301038097", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537301038099", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537301038105", |
| "adapter:threatinteladapter:begin:ts":"1537301038109", |
| "tcpflags":"***A**S*", |
| "guid":"50a599ce-c0fb-4ce4-a527-84742e60b6b5", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"49195", |
| "threatinteljoinbolt:joiner:ts":"1537304777666", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xC88832BC", |
| "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", |
| "dgmlen":"44", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304777652", |
| "enrichmentjoinbolt:joiner:ts":"1537304777658", |
| "adapter:geoadapter:begin:ts":"1537304777655", |
| "tcpwindow":"0xFAF0", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x522C98B4", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537304777663", |
| "ip_dst_addr":"192.168.138.158", |
| "original_string":"09/18/18-21:06:13.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304777655", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537304777655", |
| "id":"1899", |
| "enrichments:geo:ip_src_addr:latitude":"48.8582", |
| "ip_src_addr":"188.165.164.184", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304777661", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537304773000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304777652", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304777655", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "ethlen":"0x3C", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304777661", |
| "adapter:threatinteladapter:begin:ts":"1537304777663", |
| "tcpflags":"***A**S*", |
| "guid":"bebe8215-9915-45f9-bd0f-d48cf8e6505b", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| { |
| "enrichments:geo:ip_dst_addr:locID":"563523", |
| "bro_timestamp":"1537304979.955487", |
| "status_code":200, |
| "enrichments:geo:ip_dst_addr:location_point":"55.7896,38.4467", |
| "ip_dst_port":80, |
| "threatinteljoinbolt:joiner:ts":"1537304981038", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981020", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "enrichments:geo:ip_dst_addr:latitude":"55.7896", |
| "uid":"CA0G2ASkF1efFirs7", |
| "resp_mime_types":[ |
| "image/png" |
| ], |
| "trans_depth":3, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981036", |
| "original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/button_pay.png tags:[] uid:CA0G2ASkF1efFirs7 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:727 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304979.955487 id.resp_h:95.163.121.204 resp_fuids:[\"F7c5Lp3iMksOUQHIbl\"]", |
| "ip_dst_addr":"95.163.121.204", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "host":"7oqnsnzwwnm6zb7y.gigapaysun.com", |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "enrichments:geo:ip_dst_addr:longitude":"38.4467", |
| "user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)", |
| "resp_fuids":[ |
| "F7c5Lp3iMksOUQHIbl" |
| ], |
| "timestamp":1537304979955, |
| "method":"GET", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981020", |
| "request_body_len":0, |
| "enrichments:geo:ip_dst_addr:city":"Elektrostal", |
| "enrichments:geo:ip_dst_addr:postalCode":"144009", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "uri":"/img/button_pay.png", |
| "metaalerts":[ |
| "ad5cc7ea-5954-479f-8589-51f94b1c2f02" |
| ], |
| "tags":[ |
| |
| ], |
| "referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg", |
| "alert_status":"OPEN", |
| "ip_src_port":49210, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981036", |
| "status_msg":"OK", |
| "guid":"a44697e2-69d0-4a0c-889d-59a47b68c676", |
| "enrichments:geo:ip_dst_addr:country":"RU", |
| "response_body_len":727 |
| } |
| ], |
| "threat:triage:score":820.0, |
| "count":82, |
| "groups":[ |
| "ip_src_addr" |
| ], |
| "sum":820.0, |
| "source:type":"metaalert", |
| "min":10.0, |
| "median":10.0, |
| "guid":"ad5cc7ea-5954-479f-8589-51f94b1c2f02", |
| "timestamp":1537521828936, |
| "status":"active" |
| }, |
| "score":1.0, |
| "index":"metaalert_index" |
| }, |
| { |
| "id":"f8078efd-5195-4ef5-bdb5-54cc3d03db73", |
| "source":{ |
| "enrichments:geo:ip_dst_addr:locID":"5368361", |
| "bro_timestamp":"1537304979.801853", |
| "status_code":200, |
| "enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641", |
| "ip_dst_port":80, |
| "threatinteljoinbolt:joiner:ts":"1537304981038", |
| "enrichments:geo:ip_dst_addr:dmaCode":"803", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981020", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "enrichments:geo:ip_dst_addr:latitude":"34.0494", |
| "uid":"C6NKjA4tt5Xc1a6uzd", |
| "resp_mime_types":[ |
| "text/plain" |
| ], |
| "trans_depth":1, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981036", |
| "original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9 tags:[] uid:C6NKjA4tt5Xc1a6uzd resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"Fr5Cg02TcSAxFeYoBh\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304979.801853 id.resp_h:72.34.49.86 resp_fuids:[\"FQcLCtotjacEmeBEf\"]", |
| "ip_dst_addr":"72.34.49.86", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "host":"comarksecurity.com", |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "enrichments:geo:ip_dst_addr:longitude":"-118.2641", |
| "user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)", |
| "resp_fuids":[ |
| "FQcLCtotjacEmeBEf" |
| ], |
| "timestamp":1537304979801, |
| "method":"POST", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981020", |
| "request_body_len":110, |
| "enrichments:geo:ip_dst_addr:city":"Los Angeles", |
| "enrichments:geo:ip_dst_addr:postalCode":"90014", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "orig_mime_types":[ |
| "text/plain" |
| ], |
| "uri":"/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9", |
| "tags":[ |
| |
| ], |
| "alert_status":"OPEN", |
| "orig_fuids":[ |
| "Fr5Cg02TcSAxFeYoBh" |
| ], |
| "ip_src_port":49204, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981033", |
| "status_msg":"OK", |
| "guid":"f8078efd-5195-4ef5-bdb5-54cc3d03db73", |
| "enrichments:geo:ip_dst_addr:country":"US", |
| "response_body_len":14 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"d0926d60-b278-48f7-99c3-1aeced081879", |
| "source":{ |
| "bro_timestamp":"1537304979.57605", |
| "ip_dst_port":8080, |
| "threatinteljoinbolt:joiner:ts":"1537304981035", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981020", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "uid":"CUrRne3iLIxXavQtci", |
| "trans_depth":237, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981033", |
| "original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169374962 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:237 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1537304979.57605 id.resp_h:192.168.66.121", |
| "ip_dst_addr":"192.168.66.121", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "host":"node1", |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.66.1", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36", |
| "timestamp":1537304979576, |
| "method":"GET", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981020", |
| "request_body_len":0, |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169374962", |
| "tags":[ |
| |
| ], |
| "referrer":"http://node1:8080/", |
| "alert_status":"OPEN", |
| "ip_src_port":50451, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981033", |
| "guid":"d0926d60-b278-48f7-99c3-1aeced081879", |
| "response_body_len":0 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"cbcceb89-6ed5-4c08-9a63-9a68fc718142", |
| "source":{ |
| "enrichments:geo:ip_dst_addr:locID":"2973783", |
| "bro_timestamp":"1537304979.574995", |
| "status_code":200, |
| "enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455", |
| "ip_dst_port":80, |
| "threatinteljoinbolt:joiner:ts":"1537304981038", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981020", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "enrichments:geo:ip_dst_addr:latitude":"48.5839", |
| "uid":"Ccyd7g4svVwuwbA0Td", |
| "trans_depth":1, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981036", |
| "original_string":"HTTP | id.orig_p:49196 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?51424ddd486ff06861fceed24e86b329 tags:[] uid:Ccyd7g4svVwuwbA0Td trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304979.574995 id.resp_h:62.75.195.236", |
| "ip_dst_addr":"62.75.195.236", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "host":"62.75.195.236", |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "enrichments:geo:ip_dst_addr:longitude":"7.7455", |
| "user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)", |
| "timestamp":1537304979574, |
| "method":"GET", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981020", |
| "request_body_len":0, |
| "enrichments:geo:ip_dst_addr:city":"Strasbourg", |
| "enrichments:geo:ip_dst_addr:postalCode":"67100", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "uri":"/?51424ddd486ff06861fceed24e86b329", |
| "tags":[ |
| |
| ], |
| "ip_src_port":49196, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981036", |
| "status_msg":"OK", |
| "guid":"cbcceb89-6ed5-4c08-9a63-9a68fc718142", |
| "enrichments:geo:ip_dst_addr:country":"FR", |
| "response_body_len":0 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"2781b7c9-34be-4255-ae79-4a1e7e5f37e2", |
| "source":{ |
| "enrichments:geo:ip_dst_addr:locID":"5308655", |
| "bro_timestamp":"1537304979.02948", |
| "status_code":404, |
| "enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712", |
| "ip_dst_port":80, |
| "threatinteljoinbolt:joiner:ts":"1537304981038", |
| "enrichments:geo:ip_dst_addr:dmaCode":"753", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981020", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "enrichments:geo:ip_dst_addr:latitude":"33.4499", |
| "uid":"C5X8cLiUo8znWskj8", |
| "resp_mime_types":[ |
| "text/html" |
| ], |
| "trans_depth":1, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981036", |
| "original_string":"HTTP | id.orig_p:49199 status_code:404 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42 tags:[] uid:C5X8cLiUo8znWskj8 resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FxVqoE45xXkM5ExM21\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304979.02948 id.resp_h:204.152.254.221 resp_fuids:[\"FEccQO3alHYeLjBO3c\"]", |
| "ip_dst_addr":"204.152.254.221", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "host":"runlove.us", |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "enrichments:geo:ip_dst_addr:longitude":"-112.0712", |
| "user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)", |
| "resp_fuids":[ |
| "FEccQO3alHYeLjBO3c" |
| ], |
| "timestamp":1537304979029, |
| "method":"POST", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981020", |
| "request_body_len":96, |
| "enrichments:geo:ip_dst_addr:city":"Phoenix", |
| "enrichments:geo:ip_dst_addr:postalCode":"85004", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "orig_mime_types":[ |
| "text/plain" |
| ], |
| "uri":"/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42", |
| "tags":[ |
| |
| ], |
| "orig_fuids":[ |
| "FxVqoE45xXkM5ExM21" |
| ], |
| "ip_src_port":49199, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981036", |
| "status_msg":"Not Found", |
| "guid":"2781b7c9-34be-4255-ae79-4a1e7e5f37e2", |
| "enrichments:geo:ip_dst_addr:country":"US", |
| "response_body_len":357 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"eda21dfc-47fb-46d3-b6e4-fd2da56d59b8", |
| "source":{ |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"50187", |
| "threatinteljoinbolt:joiner:ts":"1537304978831", |
| "ethsrc":"08:00:27:E8:B0:7A", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xF503D937", |
| "dgmlen":"52", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304978818", |
| "enrichmentjoinbolt:joiner:ts":"1537304978823", |
| "adapter:geoadapter:begin:ts":"1537304978821", |
| "tcpwindow":"0x1F5", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x7B81DBFB", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537304978829", |
| "ip_dst_addr":"192.168.66.1", |
| "original_string":"09/18/18-21:09:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.66.121,8080,192.168.66.1,50187,08:00:27:E8:B0:7A,0A:00:27:00:00:00,0x42,***A****,0xF503D937,0x7B81DBFB,,0x1F5,64,0,7564,52,53248,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304978821", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537304978821", |
| "id":"7564", |
| "ip_src_addr":"192.168.66.121", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304978826", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537304977000, |
| "ethdst":"0A:00:27:00:00:00", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304978818", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304978821", |
| "ttl":"64", |
| "ethlen":"0x42", |
| "iplen":"53248", |
| "ip_src_port":"8080", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304978826", |
| "adapter:threatinteladapter:begin:ts":"1537304978829", |
| "tcpflags":"***A****", |
| "guid":"eda21dfc-47fb-46d3-b6e4-fd2da56d59b8", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| "score":1.0, |
| "index":"snort_index_2018.09.18.21" |
| }, |
| { |
| "id":"89224e12-dd96-465d-8aa2-cf83103147b3", |
| "source":{ |
| "msg":"'snort test alert'", |
| "enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455", |
| "dgmlen":"40", |
| "enrichmentjoinbolt:joiner:ts":"1537304978823", |
| "adapter:geoadapter:begin:ts":"1537304978821", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0xF1BF08A0", |
| "protocol":"TCP", |
| "adapter:threatinteladapter:end:ts":"1537304978829", |
| "original_string":"09/18/18-21:09:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.138.158,49189,62.75.195.236,80,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0x9DFB1927,0xF1BF08A0,,0xFAF0,128,0,2396,40,40960,,,,", |
| "adapter:geoadapter:end:ts":"1537304978821", |
| "id":"2396", |
| "threat:triage:rules:0:score":10, |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304978819", |
| "threat:triage:score":10.0, |
| "enrichments:geo:ip_dst_addr:city":"Strasbourg", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304978821", |
| "ethlen":"0x3C", |
| "adapter:threatinteladapter:begin:ts":"1537304978829", |
| "tcpflags":"***A****", |
| "guid":"89224e12-dd96-465d-8aa2-cf83103147b3", |
| "enrichments:geo:ip_dst_addr:country":"FR", |
| "enrichments:geo:ip_dst_addr:locID":"2973783", |
| "sig_rev":"0", |
| "ip_dst_port":"80", |
| "threatinteljoinbolt:joiner:ts":"1537304978831", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0x9DFB1927", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304978819", |
| "tcpwindow":"0xFAF0", |
| "enrichments:geo:ip_dst_addr:latitude":"48.5839", |
| "source:type":"snort", |
| "ip_dst_addr":"62.75.195.236", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304978821", |
| "tos":"0", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304978826", |
| "enrichments:geo:ip_dst_addr:longitude":"7.7455", |
| "timestamp":1537304977000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_dst_addr:postalCode":"67100", |
| "is_alert":"true", |
| "ttl":"128", |
| "iplen":"40960", |
| "ip_src_port":"49189", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304978826", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| "score":1.0, |
| "index":"snort_index_2018.09.18.21" |
| }, |
| { |
| "id":"9de922ba-f0b2-4315-90c9-4c87b35cfe95", |
| "source":{ |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"8080", |
| "threatinteljoinbolt:joiner:ts":"1537304978832", |
| "ethsrc":"0A:00:27:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0x836B6E56", |
| "dgmlen":"608", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304978819", |
| "enrichmentjoinbolt:joiner:ts":"1537304978823", |
| "adapter:geoadapter:begin:ts":"1537304978821", |
| "tcpwindow":"0x1000", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x8DF89597", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537304978829", |
| "ip_dst_addr":"192.168.66.121", |
| "original_string":"09/18/18-21:09:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.66.1,50183,192.168.66.121,8080,0A:00:27:00:00:00,08:00:27:E8:B0:7A,0x26E,***AP***,0x836B6E56,0x8DF89597,,0x1000,64,2,52577,608,98312,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304978821", |
| "tos":"2", |
| "adapter:geoadapter:end:ts":"1537304978821", |
| "id":"52577", |
| "ip_src_addr":"192.168.66.1", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304978826", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537304977000, |
| "ethdst":"08:00:27:E8:B0:7A", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304978819", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304978821", |
| "ttl":"64", |
| "ethlen":"0x26E", |
| "iplen":"98312", |
| "ip_src_port":"50183", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304978826", |
| "adapter:threatinteladapter:begin:ts":"1537304978829", |
| "tcpflags":"***AP***", |
| "guid":"9de922ba-f0b2-4315-90c9-4c87b35cfe95", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| "score":1.0, |
| "index":"snort_index_2018.09.18.21" |
| }, |
| { |
| "id":"ace88c81-0e6f-457d-8d67-1fc8a07e76d8", |
| "source":{ |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"8080", |
| "threatinteljoinbolt:joiner:ts":"1537304978832", |
| "ethsrc":"0A:00:27:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0x398326A5", |
| "dgmlen":"785", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304978819", |
| "enrichmentjoinbolt:joiner:ts":"1537304978823", |
| "adapter:geoadapter:begin:ts":"1537304978821", |
| "tcpwindow":"0x1000", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0xA885FC6A", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537304978829", |
| "ip_dst_addr":"192.168.66.121", |
| "original_string":"09/18/18-21:09:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.66.1,50184,192.168.66.121,8080,0A:00:27:00:00:00,08:00:27:E8:B0:7A,0x31F,***AP***,0x398326A5,0xA885FC6A,,0x1000,64,0,43178,785,17420,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304978821", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537304978821", |
| "id":"43178", |
| "ip_src_addr":"192.168.66.1", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304978826", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537304977000, |
| "ethdst":"08:00:27:E8:B0:7A", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304978819", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304978821", |
| "ttl":"64", |
| "ethlen":"0x31F", |
| "iplen":"17420", |
| "ip_src_port":"50184", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304978826", |
| "adapter:threatinteladapter:begin:ts":"1537304978829", |
| "tcpflags":"***AP***", |
| "guid":"ace88c81-0e6f-457d-8d67-1fc8a07e76d8", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| "score":1.0, |
| "index":"snort_index_2018.09.18.21" |
| }, |
| { |
| "id":"42722a44-e4c1-4287-ad92-347045023c6d", |
| "source":{ |
| "msg":"'snort test alert'", |
| "enrichments:geo:ip_src_addr:longitude":"38.4467", |
| "dgmlen":"44", |
| "enrichmentjoinbolt:joiner:ts":"1537304978823", |
| "adapter:geoadapter:begin:ts":"1537304978821", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x32C0B55F", |
| "protocol":"TCP", |
| "adapter:threatinteladapter:end:ts":"1537304978829", |
| "original_string":"09/18/18-21:09:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,95.163.121.204,80,192.168.138.158,49209,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xF31124B8,0x32C0B55F,,0xFAF0,128,0,2014,44,45056,,,,", |
| "enrichments:geo:ip_src_addr:locID":"563523", |
| "adapter:geoadapter:end:ts":"1537304978821", |
| "id":"2014", |
| "threat:triage:rules:0:score":10, |
| "enrichments:geo:ip_src_addr:location_point":"55.7896,38.4467", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304978818", |
| "threat:triage:score":10.0, |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304978821", |
| "enrichments:geo:ip_src_addr:postalCode":"144009", |
| "ethlen":"0x3C", |
| "adapter:threatinteladapter:begin:ts":"1537304978829", |
| "tcpflags":"***A**S*", |
| "guid":"42722a44-e4c1-4287-ad92-347045023c6d", |
| "sig_rev":"0", |
| "ip_dst_port":"49209", |
| "threatinteljoinbolt:joiner:ts":"1537304978831", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xF31124B8", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304978818", |
| "tcpwindow":"0xFAF0", |
| "source:type":"snort", |
| "ip_dst_addr":"192.168.138.158", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304978821", |
| "tos":"0", |
| "enrichments:geo:ip_src_addr:latitude":"55.7896", |
| "ip_src_addr":"95.163.121.204", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304978826", |
| "timestamp":1537304977000, |
| "ethdst":"00:00:00:00:00:00", |
| "is_alert":"true", |
| "enrichments:geo:ip_src_addr:country":"RU", |
| "ttl":"128", |
| "iplen":"45056", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304978826", |
| "sig_id":"999158", |
| "sig_generator":"1", |
| "enrichments:geo:ip_src_addr:city":"Elektrostal" |
| }, |
| "score":1.0, |
| "index":"snort_index_2018.09.18.21" |
| }, |
| { |
| "id":"2d57c13a-e663-42fe-b55b-60fe70586fcb", |
| "source":{ |
| "bro_timestamp":"1537304975.98861", |
| "ip_dst_port":8080, |
| "threatinteljoinbolt:joiner:ts":"1537304981029", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981015", |
| "enrichmentjoinbolt:joiner:ts":"1537304981019", |
| "adapter:geoadapter:begin:ts":"1537304981017", |
| "uid":"CUrRne3iLIxXavQtci", |
| "trans_depth":193, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981027", |
| "original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169177369 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:193 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1537304975.98861 id.resp_h:192.168.66.121", |
| "ip_dst_addr":"192.168.66.121", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981017", |
| "host":"node1", |
| "adapter:geoadapter:end:ts":"1537304981017", |
| "ip_src_addr":"192.168.66.1", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981022", |
| "user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36", |
| "timestamp":1537304975988, |
| "method":"GET", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981015", |
| "request_body_len":0, |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981017", |
| "uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169177369", |
| "tags":[ |
| |
| ], |
| "referrer":"http://node1:8080/", |
| "ip_src_port":50451, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981022", |
| "adapter:threatinteladapter:begin:ts":"1537304981027", |
| "guid":"2d57c13a-e663-42fe-b55b-60fe70586fcb", |
| "response_body_len":0 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"70a6a54e-7f6f-4250-9304-09242d2b3c95", |
| "source":{ |
| "bro_timestamp":"1537304975.984151", |
| "ip_dst_port":8080, |
| "threatinteljoinbolt:joiner:ts":"1537304981029", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981014", |
| "enrichmentjoinbolt:joiner:ts":"1537304981019", |
| "adapter:geoadapter:begin:ts":"1537304981017", |
| "uid":"CUrRne3iLIxXavQtci", |
| "trans_depth":214, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981027", |
| "original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484169312026 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:214 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1537304975.984151 id.resp_h:192.168.66.121", |
| "ip_dst_addr":"192.168.66.121", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981017", |
| "host":"node1", |
| "adapter:geoadapter:end:ts":"1537304981017", |
| "ip_src_addr":"192.168.66.1", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981022", |
| "user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36", |
| "timestamp":1537304975984, |
| "method":"GET", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981014", |
| "request_body_len":0, |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981017", |
| "uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484169312026", |
| "tags":[ |
| |
| ], |
| "referrer":"http://node1:8080/", |
| "ip_src_port":50451, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981022", |
| "adapter:threatinteladapter:begin:ts":"1537304981027", |
| "guid":"70a6a54e-7f6f-4250-9304-09242d2b3c95", |
| "response_body_len":0 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"492d13b0-743c-4b93-9a11-d03a23ec91c3", |
| "source":{ |
| "bro_timestamp":"1537304975.941663", |
| "ip_dst_port":8080, |
| "threatinteljoinbolt:joiner:ts":"1537304981029", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981015", |
| "enrichmentjoinbolt:joiner:ts":"1537304981019", |
| "adapter:geoadapter:begin:ts":"1537304981017", |
| "uid":"CUrRne3iLIxXavQtci", |
| "trans_depth":158, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981027", |
| "original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services/KAFKA/components/KAFKA_BROKER?fields=metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesInPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesOutPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/BrokerTopicMetrics/AllTopicsMessagesInPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/controller/KafkaController/ActiveControllerCount[1484165383,1484168983,15],metrics/kafka/controller/ControllerStats/LeaderElectionRateAndTimeMs/1MinuteRate[1484165383,1484168983,15],metrics/kafka/controller/ControllerStats/UncleanLeaderElectionsPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/ReplicaFetcherManager/Replica-MaxLag[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/PartitionCount[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/UnderReplicatedPartitions[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/LeaderCount[1484165383,1484168983,15]&format=null_padding&_=1484168983985 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:158 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1537304975.941663 id.resp_h:192.168.66.121", |
| "ip_dst_addr":"192.168.66.121", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981017", |
| "host":"node1", |
| "adapter:geoadapter:end:ts":"1537304981017", |
| "ip_src_addr":"192.168.66.1", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981022", |
| "user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36", |
| "timestamp":1537304975941, |
| "method":"GET", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981015", |
| "request_body_len":0, |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981017", |
| "uri":"/api/v1/clusters/metron_cluster/services/KAFKA/components/KAFKA_BROKER?fields=metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesInPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesOutPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/BrokerTopicMetrics/AllTopicsMessagesInPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/controller/KafkaController/ActiveControllerCount[1484165383,1484168983,15],metrics/kafka/controller/ControllerStats/LeaderElectionRateAndTimeMs/1MinuteRate[1484165383,1484168983,15],metrics/kafka/controller/ControllerStats/UncleanLeaderElectionsPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/ReplicaFetcherManager/Replica-MaxLag[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/PartitionCount[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/UnderReplicatedPartitions[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/LeaderCount[1484165383,1484168983,15]&format=null_padding&_=1484168983985", |
| "tags":[ |
| |
| ], |
| "referrer":"http://node1:8080/", |
| "ip_src_port":50451, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981022", |
| "adapter:threatinteladapter:begin:ts":"1537304981027", |
| "guid":"492d13b0-743c-4b93-9a11-d03a23ec91c3", |
| "response_body_len":0 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"73405141-b9c0-4272-842b-a4e21d46adad", |
| "source":{ |
| "TTLs":[ |
| 14277.0 |
| ], |
| "qclass_name":"C_INTERNET", |
| "bro_timestamp":"1537304975.929184", |
| "qtype_name":"A", |
| "ip_dst_port":53, |
| "threatinteljoinbolt:joiner:ts":"1537304981035", |
| "qtype":1, |
| "rejected":false, |
| "answers":[ |
| "95.163.121.204" |
| ], |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981019", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "trans_id":5810, |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "uid":"CnArm31VD2mmBoGuG9", |
| "protocol":"dns", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981032", |
| "original_string":"DNS | AA:false TTLs:[14277.0] qclass_name:C_INTERNET id.orig_p:50329 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:7oqnsnzwwnm6zb7y.gigapaysun.com answers:[\"95.163.121.204\"] trans_id:5810 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CnArm31VD2mmBoGuG9 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1537304975.929184 id.resp_h:192.168.138.2", |
| "ip_dst_addr":"192.168.138.2", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "Z":0, |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "qclass":1, |
| "timestamp":1537304975929, |
| "AA":false, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981019", |
| "query":"7oqnsnzwwnm6zb7y.gigapaysun.com", |
| "rcode":0, |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "rcode_name":"NOERROR", |
| "TC":false, |
| "RA":true, |
| "RD":true, |
| "ip_src_port":50329, |
| "proto":"udp", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981032", |
| "guid":"73405141-b9c0-4272-842b-a4e21d46adad" |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"e01a64c4-d7aa-4763-a5f1-08058fd23211", |
| "source":{ |
| "enrichments:geo:ip_dst_addr:locID":"2973783", |
| "bro_timestamp":"1537304975.633374", |
| "status_code":200, |
| "enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455", |
| "ip_dst_port":80, |
| "threatinteljoinbolt:joiner:ts":"1537304981035", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981020", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "enrichments:geo:ip_dst_addr:latitude":"48.5839", |
| "uid":"CCOkcA3TQkLzkoUtVb", |
| "trans_depth":1, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981033", |
| "original_string":"HTTP | id.orig_p:49193 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?34eaf8bd50d85d8c6baacb45f0a7b22e tags:[] uid:CCOkcA3TQkLzkoUtVb trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.633374 id.resp_h:62.75.195.236", |
| "ip_dst_addr":"62.75.195.236", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "host":"62.75.195.236", |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "enrichments:geo:ip_dst_addr:longitude":"7.7455", |
| "user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)", |
| "timestamp":1537304975633, |
| "method":"GET", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981020", |
| "request_body_len":0, |
| "enrichments:geo:ip_dst_addr:city":"Strasbourg", |
| "enrichments:geo:ip_dst_addr:postalCode":"67100", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "uri":"/?34eaf8bd50d85d8c6baacb45f0a7b22e", |
| "tags":[ |
| |
| ], |
| "ip_src_port":49193, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981033", |
| "status_msg":"OK", |
| "guid":"e01a64c4-d7aa-4763-a5f1-08058fd23211", |
| "enrichments:geo:ip_dst_addr:country":"FR", |
| "response_body_len":0 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"ed2bbe5d-860b-4117-aa85-49c7c06029e9", |
| "source":{ |
| "enrichments:geo:ip_dst_addr:locID":"5308655", |
| "bro_timestamp":"1537304975.601971", |
| "status_code":404, |
| "enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712", |
| "ip_dst_port":80, |
| "threatinteljoinbolt:joiner:ts":"1537304981035", |
| "enrichments:geo:ip_dst_addr:dmaCode":"753", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981019", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "enrichments:geo:ip_dst_addr:latitude":"33.4499", |
| "uid":"Conlrz3quOfFxQTmne", |
| "resp_mime_types":[ |
| "text/html" |
| ], |
| "trans_depth":1, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981033", |
| "original_string":"HTTP | id.orig_p:49197 status_code:404 method:POST request_body_len:134 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?t=cdcnw7cfz43rmtg tags:[] uid:Conlrz3quOfFxQTmne resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FmqO3a4YSSwzXR3K89\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.601971 id.resp_h:204.152.254.221 resp_fuids:[\"FS2zkb1zoFMai4Wemh\"]", |
| "ip_dst_addr":"204.152.254.221", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "host":"runlove.us", |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "enrichments:geo:ip_dst_addr:longitude":"-112.0712", |
| "user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)", |
| "resp_fuids":[ |
| "FS2zkb1zoFMai4Wemh" |
| ], |
| "timestamp":1537304975601, |
| "method":"POST", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981020", |
| "request_body_len":134, |
| "enrichments:geo:ip_dst_addr:city":"Phoenix", |
| "enrichments:geo:ip_dst_addr:postalCode":"85004", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "orig_mime_types":[ |
| "text/plain" |
| ], |
| "uri":"/wp-content/themes/twentyfifteen/img5.php?t=cdcnw7cfz43rmtg", |
| "tags":[ |
| |
| ], |
| "orig_fuids":[ |
| "FmqO3a4YSSwzXR3K89" |
| ], |
| "ip_src_port":49197, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981033", |
| "status_msg":"Not Found", |
| "guid":"ed2bbe5d-860b-4117-aa85-49c7c06029e9", |
| "enrichments:geo:ip_dst_addr:country":"US", |
| "response_body_len":357 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"6f59f7f3-4f79-4db4-ac3c-73ef7f750ae3", |
| "source":{ |
| "enrichments:geo:ip_dst_addr:locID":"2973783", |
| "bro_timestamp":"1537304975.468395", |
| "status_code":200, |
| "enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455", |
| "ip_dst_port":80, |
| "threatinteljoinbolt:joiner:ts":"1537304981035", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981019", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "enrichments:geo:ip_dst_addr:latitude":"48.5839", |
| "uid":"CKC27s27NkdWd5dlzh", |
| "resp_mime_types":[ |
| "application/x-dosexec" |
| ], |
| "trans_depth":1, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981032", |
| "original_string":"HTTP | id.orig_p:49189 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b514ee6f0fe486009a6d83b035a4c0bd tags:[] uid:CKC27s27NkdWd5dlzh resp_mime_types:[\"application\\/x-dosexec\"] trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:221184 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.468395 id.resp_h:62.75.195.236 resp_fuids:[\"FwC0pj2qXLNlZWorPe\"]", |
| "ip_dst_addr":"62.75.195.236", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "host":"62.75.195.236", |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "enrichments:geo:ip_dst_addr:longitude":"7.7455", |
| "user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)", |
| "resp_fuids":[ |
| "FwC0pj2qXLNlZWorPe" |
| ], |
| "timestamp":1537304975468, |
| "method":"GET", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981019", |
| "request_body_len":0, |
| "enrichments:geo:ip_dst_addr:city":"Strasbourg", |
| "enrichments:geo:ip_dst_addr:postalCode":"67100", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "uri":"/?b514ee6f0fe486009a6d83b035a4c0bd", |
| "tags":[ |
| |
| ], |
| "ip_src_port":49189, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981032", |
| "status_msg":"OK", |
| "guid":"6f59f7f3-4f79-4db4-ac3c-73ef7f750ae3", |
| "enrichments:geo:ip_dst_addr:country":"FR", |
| "response_body_len":221184 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"384c0885-1c6d-45b8-9ca4-caca0554af33", |
| "source":{ |
| "enrichments:geo:ip_dst_addr:locID":"2973783", |
| "bro_timestamp":"1537304975.402485", |
| "status_code":200, |
| "enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455", |
| "ip_dst_port":80, |
| "threatinteljoinbolt:joiner:ts":"1537304981035", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981019", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "enrichments:geo:ip_dst_addr:latitude":"48.5839", |
| "uid":"CJVA893e60mcz43Jrj", |
| "trans_depth":1, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981032", |
| "original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CJVA893e60mcz43Jrj trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.402485 id.resp_h:62.75.195.236", |
| "ip_dst_addr":"62.75.195.236", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "host":"62.75.195.236", |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "enrichments:geo:ip_dst_addr:longitude":"7.7455", |
| "user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)", |
| "timestamp":1537304975402, |
| "method":"GET", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981019", |
| "request_body_len":0, |
| "enrichments:geo:ip_dst_addr:city":"Strasbourg", |
| "enrichments:geo:ip_dst_addr:postalCode":"67100", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "uri":"/?d71e0bd86db9587158745a986a4b3606", |
| "tags":[ |
| |
| ], |
| "ip_src_port":49192, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981032", |
| "status_msg":"OK", |
| "guid":"384c0885-1c6d-45b8-9ca4-caca0554af33", |
| "enrichments:geo:ip_dst_addr:country":"FR", |
| "response_body_len":0 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"11cb6a2c-34b3-4e06-b641-779ca2ade6c6", |
| "source":{ |
| "enrichments:geo:ip_dst_addr:locID":"2973783", |
| "bro_timestamp":"1537304975.26039", |
| "status_code":200, |
| "enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455", |
| "ip_dst_port":80, |
| "threatinteljoinbolt:joiner:ts":"1537304981035", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981019", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "enrichments:geo:ip_dst_addr:latitude":"48.5839", |
| "uid":"CGbTHj2sNiMLcUG4N4", |
| "resp_mime_types":[ |
| "text/html" |
| ], |
| "trans_depth":1, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981032", |
| "original_string":"HTTP | id.orig_p:49184 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?285a4d4e4e5a4d4d4649584c5d43064b4745 tags:[] uid:CGbTHj2sNiMLcUG4N4 resp_mime_types:[\"text\\/html\"] trans_depth:1 host:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:560 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.26039 id.resp_h:62.75.195.236 resp_fuids:[\"FG2Ous4y3FEVzkYyQ3\"]", |
| "ip_dst_addr":"62.75.195.236", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "host":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in", |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "enrichments:geo:ip_dst_addr:longitude":"7.7455", |
| "user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)", |
| "resp_fuids":[ |
| "FG2Ous4y3FEVzkYyQ3" |
| ], |
| "timestamp":1537304975260, |
| "method":"GET", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981019", |
| "request_body_len":0, |
| "enrichments:geo:ip_dst_addr:city":"Strasbourg", |
| "enrichments:geo:ip_dst_addr:postalCode":"67100", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "uri":"/?285a4d4e4e5a4d4d4649584c5d43064b4745", |
| "tags":[ |
| |
| ], |
| "ip_src_port":49184, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981032", |
| "status_msg":"OK", |
| "guid":"11cb6a2c-34b3-4e06-b641-779ca2ade6c6", |
| "enrichments:geo:ip_dst_addr:country":"FR", |
| "response_body_len":560 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"fbc11406-a465-49ae-9ebd-d75c58011daf", |
| "source":{ |
| "enrichments:geo:ip_dst_addr:locID":"5308655", |
| "bro_timestamp":"1537304975.099132", |
| "status_code":404, |
| "enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712", |
| "ip_dst_port":80, |
| "threatinteljoinbolt:joiner:ts":"1537304981035", |
| "enrichments:geo:ip_dst_addr:dmaCode":"753", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304981019", |
| "enrichmentjoinbolt:joiner:ts":"1537304981027", |
| "adapter:geoadapter:begin:ts":"1537304981022", |
| "enrichments:geo:ip_dst_addr:latitude":"33.4499", |
| "uid":"CPeJAk1CO2C5jBOZ9", |
| "resp_mime_types":[ |
| "text/html" |
| ], |
| "trans_depth":1, |
| "protocol":"http", |
| "source:type":"bro", |
| "adapter:threatinteladapter:end:ts":"1537304981033", |
| "original_string":"HTTP | id.orig_p:49201 status_code:404 method:POST request_body_len:162 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?u=mfymi71rapdzk tags:[] uid:CPeJAk1CO2C5jBOZ9 resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FNicswKjTl9SXFSH1\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.099132 id.resp_h:204.152.254.221 resp_fuids:[\"FH8lVp3u9se5nLCWYf\"]", |
| "ip_dst_addr":"204.152.254.221", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304981022", |
| "host":"runlove.us", |
| "adapter:geoadapter:end:ts":"1537304981022", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304981029", |
| "enrichments:geo:ip_dst_addr:longitude":"-112.0712", |
| "user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)", |
| "resp_fuids":[ |
| "FH8lVp3u9se5nLCWYf" |
| ], |
| "timestamp":1537304975099, |
| "method":"POST", |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304981019", |
| "request_body_len":162, |
| "enrichments:geo:ip_dst_addr:city":"Phoenix", |
| "enrichments:geo:ip_dst_addr:postalCode":"85004", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304981022", |
| "orig_mime_types":[ |
| "text/plain" |
| ], |
| "uri":"/wp-content/themes/twentyfifteen/img5.php?u=mfymi71rapdzk", |
| "tags":[ |
| |
| ], |
| "orig_fuids":[ |
| "FNicswKjTl9SXFSH1" |
| ], |
| "ip_src_port":49201, |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304981029", |
| "adapter:threatinteladapter:begin:ts":"1537304981032", |
| "status_msg":"Not Found", |
| "guid":"fbc11406-a465-49ae-9ebd-d75c58011daf", |
| "enrichments:geo:ip_dst_addr:country":"US", |
| "response_body_len":357 |
| }, |
| "score":1.0, |
| "index":"bro_index_2018.09.18.21" |
| }, |
| { |
| "id":"c84db5f0-b8fd-4293-81e5-2d5a9e2e05aa", |
| "source":{ |
| "msg":"'snort test alert'", |
| "enrichments:geo:ip_src_addr:longitude":"7.7455", |
| "dgmlen":"1407", |
| "enrichmentjoinbolt:joiner:ts":"1537304978823", |
| "adapter:geoadapter:begin:ts":"1537304978821", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x9DFB1927", |
| "protocol":"TCP", |
| "adapter:threatinteladapter:end:ts":"1537304978829", |
| "original_string":"09/18/18-21:09:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,62.75.195.236,80,192.168.138.158,49189,00:00:00:00:00:00,00:00:00:00:00:00,0x58D,***AP***,0xF1BC1268,0x9DFB1927,,0xFAF0,128,0,1722,1407,130068,,,,", |
| "enrichments:geo:ip_src_addr:locID":"2973783", |
| "adapter:geoadapter:end:ts":"1537304978821", |
| "id":"1722", |
| "threat:triage:rules:0:score":10, |
| "enrichments:geo:ip_src_addr:location_point":"48.5839,7.7455", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537304978818", |
| "threat:triage:score":10.0, |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537304978821", |
| "enrichments:geo:ip_src_addr:postalCode":"67100", |
| "ethlen":"0x58D", |
| "adapter:threatinteladapter:begin:ts":"1537304978829", |
| "tcpflags":"***AP***", |
| "guid":"c84db5f0-b8fd-4293-81e5-2d5a9e2e05aa", |
| "sig_rev":"0", |
| "ip_dst_port":"49189", |
| "threatinteljoinbolt:joiner:ts":"1537304978831", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xF1BC1268", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537304978818", |
| "tcpwindow":"0xFAF0", |
| "source:type":"snort", |
| "ip_dst_addr":"192.168.138.158", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537304978821", |
| "tos":"0", |
| "enrichments:geo:ip_src_addr:latitude":"48.5839", |
| "ip_src_addr":"62.75.195.236", |
| "threatintelsplitterbolt:splitter:end:ts":"1537304978826", |
| "timestamp":1537304974000, |
| "ethdst":"00:00:00:00:00:00", |
| "is_alert":"true", |
| "enrichments:geo:ip_src_addr:country":"FR", |
| "ttl":"128", |
| "iplen":"130068", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537304978826", |
| "sig_id":"999158", |
| "sig_generator":"1", |
| "enrichments:geo:ip_src_addr:city":"Strasbourg" |
| }, |
| "score":1.0, |
| "index":"snort_index_2018.09.18.21" |
| }, |
| { |
| "id":"ba50bc6e-b1da-4275-ab1e-006d1b44711f", |
| "source":{ |
| "msg":"'snort test alert'", |
| "enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641", |
| "dgmlen":"436", |
| "enrichmentjoinbolt:joiner:ts":"1537449087990", |
| "adapter:geoadapter:begin:ts":"1537449087985", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0xE263A146", |
| "protocol":"TCP", |
| "adapter:threatinteladapter:end:ts":"1537449088001", |
| "original_string":"09/18/18-21:09:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.138.158,49198,72.34.49.86,80,00:00:00:00:00:00,00:00:00:00:00:00,0x1C2,***AP***,0x24718A4B,0xE263A146,,0xFAF0,128,0,2451,436,184324,,,,", |
| "adapter:geoadapter:end:ts":"1537449087985", |
| "id":"2451", |
| "threat:triage:rules:0:score":10, |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537449087976", |
| "threat:triage:score":10.0, |
| "enrichments:geo:ip_dst_addr:city":"Los Angeles", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537449087980", |
| "ethlen":"0x1C2", |
| "adapter:threatinteladapter:begin:ts":"1537449088001", |
| "tcpflags":"***AP***", |
| "guid":"ba50bc6e-b1da-4275-ab1e-006d1b44711f", |
| "enrichments:geo:ip_dst_addr:country":"US", |
| "enrichments:geo:ip_dst_addr:locID":"5368361", |
| "enrichments:geo:ip_dst_addr:dmaCode":"803", |
| "sig_rev":"0", |
| "ip_dst_port":"80", |
| "threatinteljoinbolt:joiner:ts":"1537449088004", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0x24718A4B", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537449087976", |
| "tcpwindow":"0xFAF0", |
| "enrichments:geo:ip_dst_addr:latitude":"34.0494", |
| "source:type":"snort", |
| "ip_dst_addr":"72.34.49.86", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537449087980", |
| "tos":"0", |
| "ip_src_addr":"192.168.138.158", |
| "threatintelsplitterbolt:splitter:end:ts":"1537449087995", |
| "enrichments:geo:ip_dst_addr:longitude":"-118.2641", |
| "timestamp":1537304974000, |
| "ethdst":"00:00:00:00:00:00", |
| "enrichments:geo:ip_dst_addr:postalCode":"90014", |
| "is_alert":"true", |
| "ttl":"128", |
| "iplen":"184324", |
| "ip_src_port":"49198", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537449087995", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| "score":1.0, |
| "index":"snort_index_2018.09.20.13" |
| }, |
| { |
| "id":"34aa9e7a-1643-4e33-831d-061364080490", |
| "source":{ |
| "msg":"'snort test alert'", |
| "sig_rev":"0", |
| "ip_dst_port":"8080", |
| "threatinteljoinbolt:joiner:ts":"1537449088008", |
| "ethsrc":"0A:00:27:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xF7B16C0", |
| "dgmlen":"52", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537449087978", |
| "enrichmentjoinbolt:joiner:ts":"1537449087993", |
| "adapter:geoadapter:begin:ts":"1537449087985", |
| "tcpwindow":"0xFF8", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x7784A578", |
| "protocol":"TCP", |
| "source:type":"snort", |
| "adapter:threatinteladapter:end:ts":"1537449088001", |
| "ip_dst_addr":"192.168.66.121", |
| "original_string":"09/18/18-21:09:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.66.1,50451,192.168.66.121,8080,0A:00:27:00:00:00,08:00:27:E8:B0:7A,0x42,***A****,0xF7B16C0,0x7784A578,,0xFF8,64,0,17011,52,53248,,,,", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537449087984", |
| "tos":"0", |
| "adapter:geoadapter:end:ts":"1537449087985", |
| "id":"17011", |
| "ip_src_addr":"192.168.66.1", |
| "threatintelsplitterbolt:splitter:end:ts":"1537449087995", |
| "threat:triage:rules:0:score":10, |
| "timestamp":1537304974000, |
| "ethdst":"08:00:27:E8:B0:7A", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537449087979", |
| "threat:triage:score":10.0, |
| "is_alert":"true", |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537449087984", |
| "ttl":"64", |
| "ethlen":"0x42", |
| "iplen":"53248", |
| "ip_src_port":"50451", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537449087995", |
| "adapter:threatinteladapter:begin:ts":"1537449088001", |
| "tcpflags":"***A****", |
| "guid":"34aa9e7a-1643-4e33-831d-061364080490", |
| "sig_id":"999158", |
| "sig_generator":"1" |
| }, |
| "score":1.0, |
| "index":"snort_index_2018.09.20.13" |
| }, |
| { |
| "id":"336bf8b7-f714-463a-a6f7-c106347df78b", |
| "source":{ |
| "msg":"'snort test alert'", |
| "enrichments:geo:ip_src_addr:longitude":"-118.2641", |
| "dgmlen":"40", |
| "enrichmentjoinbolt:joiner:ts":"1537449087994", |
| "enrichments:geo:ip_src_addr:dmaCode":"803", |
| "adapter:geoadapter:begin:ts":"1537449087990", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x24718C5E", |
| "protocol":"TCP", |
| "adapter:threatinteladapter:end:ts":"1537449088001", |
| "original_string":"09/18/18-21:09:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,72.34.49.86,80,192.168.138.158,49198,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xE263A234,0x24718C5E,,0xFAEF,128,0,1923,40,40960,,,,", |
| "enrichments:geo:ip_src_addr:locID":"5368361", |
| "adapter:geoadapter:end:ts":"1537449087990", |
| "id":"1923", |
| "threat:triage:rules:0:score":10, |
| "enrichments:geo:ip_src_addr:location_point":"34.0494,-118.2641", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537449087985", |
| "threat:triage:score":10.0, |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537449087989", |
| "enrichments:geo:ip_src_addr:postalCode":"90014", |
| "ethlen":"0x3C", |
| "adapter:threatinteladapter:begin:ts":"1537449088001", |
| "tcpflags":"***A****", |
| "guid":"336bf8b7-f714-463a-a6f7-c106347df78b", |
| "sig_rev":"0", |
| "ip_dst_port":"49198", |
| "threatinteljoinbolt:joiner:ts":"1537449088009", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0xE263A234", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537449087985", |
| "tcpwindow":"0xFAEF", |
| "source:type":"snort", |
| "ip_dst_addr":"192.168.138.158", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537449087989", |
| "tos":"0", |
| "enrichments:geo:ip_src_addr:latitude":"34.0494", |
| "ip_src_addr":"72.34.49.86", |
| "threatintelsplitterbolt:splitter:end:ts":"1537449087996", |
| "timestamp":1537304974000, |
| "ethdst":"00:00:00:00:00:00", |
| "is_alert":"true", |
| "enrichments:geo:ip_src_addr:country":"US", |
| "ttl":"128", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537449087996", |
| "sig_id":"999158", |
| "sig_generator":"1", |
| "enrichments:geo:ip_src_addr:city":"Los Angeles" |
| }, |
| "score":1.0, |
| "index":"snort_index_2018.09.20.13" |
| }, |
| { |
| "id":"d8875d2a-f911-40b3-825d-33fa66f9c258", |
| "source":{ |
| "msg":"'snort test alert'", |
| "enrichments:geo:ip_src_addr:longitude":"38.4467", |
| "dgmlen":"40", |
| "enrichmentjoinbolt:joiner:ts":"1537449087997", |
| "adapter:geoadapter:begin:ts":"1537449087993", |
| "threat:triage:rules:0:name":null, |
| "tcpack":"0x63626C24", |
| "protocol":"TCP", |
| "adapter:threatinteladapter:end:ts":"1537449088004", |
| "original_string":"09/18/18-21:09:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,95.163.121.204,80,192.168.138.158,49210,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0x9B7A5688,0x63626C24,,0xFAF0,128,0,2013,40,40960,,,,", |
| "enrichments:geo:ip_src_addr:locID":"563523", |
| "adapter:geoadapter:end:ts":"1537449087993", |
| "id":"2013", |
| "threat:triage:rules:0:score":10, |
| "enrichments:geo:ip_src_addr:location_point":"55.7896,38.4467", |
| "threat:triage:rules:0:reason":null, |
| "enrichmentsplitterbolt:splitter:end:ts":"1537449087991", |
| "threat:triage:score":10.0, |
| "adapter:hostfromjsonlistadapter:begin:ts":"1537449087994", |
| "enrichments:geo:ip_src_addr:postalCode":"144009", |
| "ethlen":"0x3C", |
| "adapter:threatinteladapter:begin:ts":"1537449088004", |
| "tcpflags":"***A****", |
| "guid":"d8875d2a-f911-40b3-825d-33fa66f9c258", |
| "sig_rev":"0", |
| "ip_dst_port":"49210", |
| "threatinteljoinbolt:joiner:ts":"1537449088028", |
| "ethsrc":"00:00:00:00:00:00", |
| "threat:triage:rules:0:comment":null, |
| "tcpseq":"0x9B7A5688", |
| "enrichmentsplitterbolt:splitter:begin:ts":"1537449087991", |
| "tcpwindow":"0xFAF0", |
| "source:type":"snort", |
| "ip_dst_addr":"192.168.138.158", |
| "adapter:hostfromjsonlistadapter:end:ts":"1537449087994", |
| "tos":"0", |
| "enrichments:geo:ip_src_addr:latitude":"55.7896", |
| "ip_src_addr":"95.163.121.204", |
| "threatintelsplitterbolt:splitter:end:ts":"1537449088000", |
| "timestamp":1537304974000, |
| "ethdst":"00:00:00:00:00:00", |
| "is_alert":"true", |
| "enrichments:geo:ip_src_addr:country":"RU", |
| "ttl":"128", |
| "iplen":"40960", |
| "ip_src_port":"80", |
| "threatintelsplitterbolt:splitter:begin:ts":"1537449088000", |
| "sig_id":"999158", |
| "sig_generator":"1", |
| "enrichments:geo:ip_src_addr:city":"Elektrostal" |
| }, |
| "score":1.0, |
| "index":"snort_index_2018.09.20.13" |
| } |
| ], |
| "facetCounts":{ |
| "source:type":{ |
| "metaalert":1, |
| "bro":52319, |
| "snort":52273 |
| }, |
| "ip_dst_addr":{ |
| "95.163.121.204":15832, |
| "72.34.49.86":5079, |
| "192.168.138.158":17989, |
| "188.165.164.184":995, |
| "192.168.138.2":6396, |
| "192.168.66.1":4226, |
| "62.75.195.236":15813, |
| "224.0.0.251":4979, |
| "192.168.66.121":28822, |
| "204.152.254.221":4461 |
| }, |
| "enrichments:geo:ip_dst_addr:country":{ |
| "RU":15832, |
| "FR":16808, |
| "US":9540 |
| }, |
| "ip_src_addr":{ |
| "95.163.121.204":2106, |
| "72.34.49.86":2284, |
| "192.168.138.158":48576, |
| "192.168.138.2":118, |
| "192.168.66.1":33801, |
| "62.75.195.236":12552, |
| "192.168.66.121":4226, |
| "204.152.254.221":929 |
| } |
| } |
| } |