Google Git
Sign in
apache / metron / HEAD / . / metron-interface / metron-alerts / cypress / fixtures / search.json
blob: e2e03e445f542e0a3823fd60a6d2348950fdfd8d [file] [log] [blame]
{
"total":104593,
"results":[
{
"id":"ad5cc7ea-5954-479f-8589-51f94b1c2f02",
"source":{
"average":10.0,
"max":10.0,
"metron_alert":[
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537279364136",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537279364122",
"enrichmentjoinbolt:joiner:ts":"1537279364128",
"adapter:geoadapter:begin:ts":"1537279364125",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537279364133",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:02:39.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537279364125",
"tos":"0",
"adapter:geoadapter:end:ts":"1537279364125",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537279364130",
"threat:triage:rules:0:score":10,
"timestamp":1537279359000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537279364122",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537279364125",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537279364130",
"adapter:threatinteladapter:begin:ts":"1537279364133",
"tcpflags":"***A**S*",
"guid":"c6843745-203c-49e1-80ad-f060eb88c9b1",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537280091506",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537280091491",
"enrichmentjoinbolt:joiner:ts":"1537280091498",
"adapter:geoadapter:begin:ts":"1537280091493",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537280091503",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:14:47.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537280091493",
"tos":"0",
"adapter:geoadapter:end:ts":"1537280091493",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537280091501",
"threat:triage:rules:0:score":10,
"timestamp":1537280087000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537280091491",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537280091493",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537280091501",
"adapter:threatinteladapter:begin:ts":"1537280091503",
"tcpflags":"***A****",
"guid":"f6521c0a-7aa9-4fc2-82ef-34c647d793f4",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537280221040",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537280221027",
"enrichmentjoinbolt:joiner:ts":"1537280221031",
"adapter:geoadapter:begin:ts":"1537280221029",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537280221037",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:16:56.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537280221029",
"tos":"0",
"adapter:geoadapter:end:ts":"1537280221029",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537280221035",
"threat:triage:rules:0:score":10,
"timestamp":1537280216000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537280221027",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537280221029",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537280221035",
"adapter:threatinteladapter:begin:ts":"1537280221037",
"tcpflags":"***A**S*",
"guid":"4b1a23db-8040-4639-88ae-83294d45921e",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537280908414",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537280908400",
"enrichmentjoinbolt:joiner:ts":"1537280908405",
"adapter:geoadapter:begin:ts":"1537280908403",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537280908411",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:28:27.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537280908402",
"tos":"0",
"adapter:geoadapter:end:ts":"1537280908403",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537280908407",
"threat:triage:rules:0:score":10,
"timestamp":1537280907000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537280908400",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537280908402",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537280908407",
"adapter:threatinteladapter:begin:ts":"1537280908411",
"tcpflags":"***A****",
"guid":"7f8babb8-72d6-4823-824a-0d57035bdfff",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537284816200",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537284816186",
"enrichmentjoinbolt:joiner:ts":"1537284816191",
"adapter:geoadapter:begin:ts":"1537284816188",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537284816198",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-15:33:35.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537284816188",
"tos":"0",
"adapter:geoadapter:end:ts":"1537284816189",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537284816194",
"threat:triage:rules:0:score":10,
"timestamp":1537284815000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537284816186",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537284816188",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537284816194",
"adapter:threatinteladapter:begin:ts":"1537284816196",
"tcpflags":"***A****",
"guid":"007a98c7-4301-44e1-b80d-a35cf5a88019",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537285796807",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537285796794",
"enrichmentjoinbolt:joiner:ts":"1537285796799",
"adapter:geoadapter:begin:ts":"1537285796796",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537285796804",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-15:49:52.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537285796796",
"tos":"0",
"adapter:geoadapter:end:ts":"1537285796796",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537285796802",
"threat:triage:rules:0:score":10,
"timestamp":1537285792000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537285796794",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537285796796",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537285796802",
"adapter:threatinteladapter:begin:ts":"1537285796804",
"tcpflags":"***A**S*",
"guid":"337b657f-9c48-45a2-b356-0ab08de9f549",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537296522470",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537295997966",
"enrichmentjoinbolt:joiner:ts":"1537295997971",
"adapter:geoadapter:begin:ts":"1537295997968",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537296522293",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-18:39:53.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537295997968",
"tos":"0",
"adapter:geoadapter:end:ts":"1537295997968",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537295997973",
"threat:triage:rules:0:score":10,
"timestamp":1537295993000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537295997966",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537295997968",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537295997973",
"adapter:threatinteladapter:begin:ts":"1537296522293",
"tcpflags":"***A**S*",
"guid":"0517c267-f7c9-409a-8b8f-40d95254eb2d",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537296937969",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537296937958",
"enrichmentjoinbolt:joiner:ts":"1537296937963",
"adapter:geoadapter:begin:ts":"1537296937960",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537296937967",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-18:55:33.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537296937960",
"tos":"0",
"adapter:geoadapter:end:ts":"1537296937960",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537296937965",
"threat:triage:rules:0:score":10,
"timestamp":1537296933000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537296937958",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537296937960",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537296937965",
"adapter:threatinteladapter:begin:ts":"1537296937967",
"tcpflags":"***A****",
"guid":"f2a6c42c-ec04-4e8e-ae8d-29a7a642b8be",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537297658265",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537297658252",
"enrichmentjoinbolt:joiner:ts":"1537297658256",
"adapter:geoadapter:begin:ts":"1537297658254",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537297658261",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:07:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537297658254",
"tos":"0",
"adapter:geoadapter:end:ts":"1537297658254",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537297658259",
"threat:triage:rules:0:score":10,
"timestamp":1537297657000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537297658252",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537297658254",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537297658259",
"adapter:threatinteladapter:begin:ts":"1537297658261",
"tcpflags":"***A**S*",
"guid":"2f34effe-93dc-41d4-aa04-920c89982f9c",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537297780829",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537297780818",
"enrichmentjoinbolt:joiner:ts":"1537297780822",
"adapter:geoadapter:begin:ts":"1537297780820",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537297780827",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:09:35.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537297780820",
"tos":"0",
"adapter:geoadapter:end:ts":"1537297780820",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537297780825",
"threat:triage:rules:0:score":10,
"timestamp":1537297775000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537297780818",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537297780820",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537297780825",
"adapter:threatinteladapter:begin:ts":"1537297780827",
"tcpflags":"***A**S*",
"guid":"bbbbdb93-fbef-4479-b018-02b92cc88103",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537298899732",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537298899713",
"enrichmentjoinbolt:joiner:ts":"1537298899718",
"adapter:geoadapter:begin:ts":"1537298899716",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537298899729",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:28:18.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537298899716",
"tos":"0",
"adapter:geoadapter:end:ts":"1537298899716",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537298899720",
"threat:triage:rules:0:score":10,
"timestamp":1537298898000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537298899713",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537298899716",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537298899720",
"adapter:threatinteladapter:begin:ts":"1537298899722",
"tcpflags":"***A**S*",
"guid":"5e42b3f7-5baf-48f6-b596-4db3e5e5f30b",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537299378075",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537299378057",
"enrichmentjoinbolt:joiner:ts":"1537299378062",
"adapter:geoadapter:begin:ts":"1537299378059",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537299378072",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:36:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537299378059",
"tos":"0",
"adapter:geoadapter:end:ts":"1537299378059",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537299378066",
"threat:triage:rules:0:score":10,
"timestamp":1537299377000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537299378057",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537299378059",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537299378066",
"adapter:threatinteladapter:begin:ts":"1537299378072",
"tcpflags":"***A****",
"guid":"d6df0c6a-9e7c-41c9-8ee6-38681225a38c",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537300647845",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537300647833",
"enrichmentjoinbolt:joiner:ts":"1537300647837",
"adapter:geoadapter:begin:ts":"1537300647834",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537300647842",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:57:26.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537300647834",
"tos":"0",
"adapter:geoadapter:end:ts":"1537300647834",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537300647839",
"threat:triage:rules:0:score":10,
"timestamp":1537300646000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537300647833",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537300647834",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537300647839",
"adapter:threatinteladapter:begin:ts":"1537300647842",
"tcpflags":"***A**S*",
"guid":"2f45a7f0-9771-49c3-8eba-bd1f8af8174f",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537301518165",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537301518147",
"enrichmentjoinbolt:joiner:ts":"1537301518158",
"adapter:geoadapter:begin:ts":"1537301518149",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537301518163",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:11:57.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537301518149",
"tos":"0",
"adapter:geoadapter:end:ts":"1537301518149",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537301518160",
"threat:triage:rules:0:score":10,
"timestamp":1537301517000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537301518147",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537301518149",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537301518160",
"adapter:threatinteladapter:begin:ts":"1537301518163",
"tcpflags":"***A**S*",
"guid":"0dd2ce0a-62aa-4800-a7de-ad56d0ed2f41",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537304529055",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304529042",
"enrichmentjoinbolt:joiner:ts":"1537304529048",
"adapter:geoadapter:begin:ts":"1537304529045",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537304529053",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-21:02:04.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537304529045",
"tos":"0",
"adapter:geoadapter:end:ts":"1537304529045",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537304529050",
"threat:triage:rules:0:score":10,
"timestamp":1537304524000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537304529042",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304529045",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537304529050",
"adapter:threatinteladapter:begin:ts":"1537304529053",
"tcpflags":"***A****",
"guid":"13760f67-1412-4463-8de3-a74def82c6ed",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537277777169",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537277777156",
"enrichmentjoinbolt:joiner:ts":"1537277777161",
"adapter:geoadapter:begin:ts":"1537277777158",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537277777165",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-13:36:15.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537277777158",
"tos":"0",
"adapter:geoadapter:end:ts":"1537277777158",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537277777163",
"threat:triage:rules:0:score":10,
"timestamp":1537277775000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537277777156",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537277777158",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537277777162",
"adapter:threatinteladapter:begin:ts":"1537277777165",
"tcpflags":"***A****",
"guid":"32c60f70-7a76-4d7b-a943-939a6cea9a3f",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537277957306",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537277957293",
"enrichmentjoinbolt:joiner:ts":"1537277957299",
"adapter:geoadapter:begin:ts":"1537277957296",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537277957303",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-13:39:16.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537277957296",
"tos":"0",
"adapter:geoadapter:end:ts":"1537277957296",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537277957301",
"threat:triage:rules:0:score":10,
"timestamp":1537277956000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537277957293",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537277957296",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537277957301",
"adapter:threatinteladapter:begin:ts":"1537277957303",
"tcpflags":"***A****",
"guid":"7dcf592a-d562-4ac6-92e7-aaea2ee14417",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537277957306",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537277957293",
"enrichmentjoinbolt:joiner:ts":"1537277957299",
"adapter:geoadapter:begin:ts":"1537277957296",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537277957303",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-13:39:16.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537277957296",
"tos":"0",
"adapter:geoadapter:end:ts":"1537277957296",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537277957301",
"threat:triage:rules:0:score":10,
"timestamp":1537277956000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537277957293",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537277957296",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537277957301",
"adapter:threatinteladapter:begin:ts":"1537277957303",
"tcpflags":"***A****",
"guid":"ebe214d5-a0ee-485e-bf39-78e8afde9711",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537281281274",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537281281256",
"enrichmentjoinbolt:joiner:ts":"1537281281261",
"adapter:geoadapter:begin:ts":"1537281281258",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537281281273",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:34:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537281281258",
"tos":"0",
"adapter:geoadapter:end:ts":"1537281281258",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537281281263",
"threat:triage:rules:0:score":10,
"timestamp":1537281277000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537281281256",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537281281258",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537281281263",
"adapter:threatinteladapter:begin:ts":"1537281281266",
"tcpflags":"***A****",
"guid":"f4d8a573-e957-4c22-b4e1-b9c657cd911d",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537281652539",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537281652526",
"enrichmentjoinbolt:joiner:ts":"1537281652532",
"adapter:geoadapter:begin:ts":"1537281652530",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537281652536",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:40:51.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537281652529",
"tos":"0",
"adapter:geoadapter:end:ts":"1537281652530",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537281652534",
"threat:triage:rules:0:score":10,
"timestamp":1537281651000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537281652526",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537281652529",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537281652534",
"adapter:threatinteladapter:begin:ts":"1537281652536",
"tcpflags":"***A**S*",
"guid":"c4f85a6b-0ebf-4e89-b212-5e0567788f03",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537281947945",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537281947925",
"enrichmentjoinbolt:joiner:ts":"1537281947930",
"adapter:geoadapter:begin:ts":"1537281947927",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537281947942",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:45:43.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537281947927",
"tos":"0",
"adapter:geoadapter:end:ts":"1537281947928",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537281947932",
"threat:triage:rules:0:score":10,
"timestamp":1537281943000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537281947925",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537281947927",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537281947932",
"adapter:threatinteladapter:begin:ts":"1537281947935",
"tcpflags":"***A****",
"guid":"c507d367-4556-41b9-8975-6cfc52b83545",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537282850352",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537282850310",
"enrichmentjoinbolt:joiner:ts":"1537282850315",
"adapter:geoadapter:begin:ts":"1537282850312",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537282850350",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-15:00:45.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537282850312",
"tos":"0",
"adapter:geoadapter:end:ts":"1537282850313",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537282850317",
"threat:triage:rules:0:score":10,
"timestamp":1537282845000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537282850310",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537282850312",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537282850317",
"adapter:threatinteladapter:begin:ts":"1537282850350",
"tcpflags":"***A**S*",
"guid":"78cb2af0-6056-464b-a94a-7d4ccedcc269",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537283450157",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537283450144",
"enrichmentjoinbolt:joiner:ts":"1537283450150",
"adapter:geoadapter:begin:ts":"1537283450147",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537283450156",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-15:10:46.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537283450147",
"tos":"0",
"adapter:geoadapter:end:ts":"1537283450147",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537283450153",
"threat:triage:rules:0:score":10,
"timestamp":1537283446000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537283450144",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537283450147",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537283450153",
"adapter:threatinteladapter:begin:ts":"1537283450156",
"tcpflags":"***A**S*",
"guid":"67e7927d-bf35-4506-9ce5-8236aea37417",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537296522491",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537296158983",
"enrichmentjoinbolt:joiner:ts":"1537296158988",
"adapter:geoadapter:begin:ts":"1537296158985",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537296522299",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-18:42:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537296158985",
"tos":"0",
"adapter:geoadapter:end:ts":"1537296158985",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537296158990",
"threat:triage:rules:0:score":10,
"timestamp":1537296154000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537296158983",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537296158985",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537296158990",
"adapter:threatinteladapter:begin:ts":"1537296522299",
"tcpflags":"***A****",
"guid":"8a851c1a-9f4f-45d1-b06a-c9c0d800f91c",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537296522537",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537296487429",
"enrichmentjoinbolt:joiner:ts":"1537296487439",
"adapter:geoadapter:begin:ts":"1537296487432",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537296522318",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-18:48:05.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537296487432",
"tos":"0",
"adapter:geoadapter:end:ts":"1537296487432",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537296487441",
"threat:triage:rules:0:score":10,
"timestamp":1537296485000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537296487429",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537296487432",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537296487441",
"adapter:threatinteladapter:begin:ts":"1537296522318",
"tcpflags":"***A**S*",
"guid":"5c9a68d8-16ff-44fe-83a6-9feb0b045125",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537297341824",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537297341800",
"enrichmentjoinbolt:joiner:ts":"1537297341805",
"adapter:geoadapter:begin:ts":"1537297341803",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537297341814",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:02:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537297341803",
"tos":"0",
"adapter:geoadapter:end:ts":"1537297341803",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537297341808",
"threat:triage:rules:0:score":10,
"timestamp":1537297337000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537297341800",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537297341803",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537297341808",
"adapter:threatinteladapter:begin:ts":"1537297341811",
"tcpflags":"***A**S*",
"guid":"1767fe9d-d61d-46b5-9cb7-c24b8074ddec",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537297520177",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537297520165",
"enrichmentjoinbolt:joiner:ts":"1537297520170",
"adapter:geoadapter:begin:ts":"1537297520167",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537297520174",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:05:18.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537297520167",
"tos":"0",
"adapter:geoadapter:end:ts":"1537297520167",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537297520172",
"threat:triage:rules:0:score":10,
"timestamp":1537297518000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537297520165",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537297520167",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537297520172",
"adapter:threatinteladapter:begin:ts":"1537297520174",
"tcpflags":"***A****",
"guid":"fc5b9a63-0894-4b16-9c5b-76c35cb00757",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537297710682",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537297710669",
"enrichmentjoinbolt:joiner:ts":"1537297710674",
"adapter:geoadapter:begin:ts":"1537297710671",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537297710679",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:08:29.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537297710671",
"tos":"0",
"adapter:geoadapter:end:ts":"1537297710671",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537297710676",
"threat:triage:rules:0:score":10,
"timestamp":1537297709000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537297710669",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537297710671",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537297710676",
"adapter:threatinteladapter:begin:ts":"1537297710679",
"tcpflags":"***A**S*",
"guid":"6b63bfb3-f809-46f0-932e-c22d5071b502",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537298106549",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537298106533",
"enrichmentjoinbolt:joiner:ts":"1537298106539",
"adapter:geoadapter:begin:ts":"1537298106536",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537298106547",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:15:02.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537298106536",
"tos":"0",
"adapter:geoadapter:end:ts":"1537298106536",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537298106541",
"threat:triage:rules:0:score":10,
"timestamp":1537298102000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537298106533",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537298106536",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537298106541",
"adapter:threatinteladapter:begin:ts":"1537298106544",
"tcpflags":"***A**S*",
"guid":"096b5469-6c46-4f54-b0a4-61ffc125d74c",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537300567318",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537300567298",
"enrichmentjoinbolt:joiner:ts":"1537300567302",
"adapter:geoadapter:begin:ts":"1537300567300",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537300567312",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:56:06.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537300567300",
"tos":"0",
"adapter:geoadapter:end:ts":"1537300567300",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537300567306",
"threat:triage:rules:0:score":10,
"timestamp":1537300566000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537300567298",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537300567300",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537300567306",
"adapter:threatinteladapter:begin:ts":"1537300567312",
"tcpflags":"***A****",
"guid":"9d84c1f0-2924-439a-abd7-32a4e8c69253",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537300823287",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537300823274",
"enrichmentjoinbolt:joiner:ts":"1537300823279",
"adapter:geoadapter:begin:ts":"1537300823276",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537300823285",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:00:22.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537300823277",
"tos":"0",
"adapter:geoadapter:end:ts":"1537300823276",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537300823281",
"threat:triage:rules:0:score":10,
"timestamp":1537300822000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537300823274",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537300823277",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537300823281",
"adapter:threatinteladapter:begin:ts":"1537300823284",
"tcpflags":"***A****",
"guid":"afa4b156-bc2f-4e6f-bf0c-ad03695056e3",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537302847425",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537302847413",
"enrichmentjoinbolt:joiner:ts":"1537302847418",
"adapter:geoadapter:begin:ts":"1537302847415",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537302847422",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:34:06.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537302847415",
"tos":"0",
"adapter:geoadapter:end:ts":"1537302847415",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537302847420",
"threat:triage:rules:0:score":10,
"timestamp":1537302846000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537302847413",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537302847415",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537302847420",
"adapter:threatinteladapter:begin:ts":"1537302847422",
"tcpflags":"***A**S*",
"guid":"06c6ed2a-5899-4682-aa85-25b7e252daf1",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537304283577",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304283562",
"enrichmentjoinbolt:joiner:ts":"1537304283566",
"adapter:geoadapter:begin:ts":"1537304283564",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537304283575",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:58:02.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537304283564",
"tos":"0",
"adapter:geoadapter:end:ts":"1537304283564",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537304283569",
"threat:triage:rules:0:score":10,
"timestamp":1537304282000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537304283562",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304283564",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537304283569",
"adapter:threatinteladapter:begin:ts":"1537304283571",
"tcpflags":"***A****",
"guid":"ae5022e5-38cc-4bf2-b2c5-18f6f9a688f2",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537277770301",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537277770279",
"enrichmentjoinbolt:joiner:ts":"1537277770284",
"adapter:geoadapter:begin:ts":"1537277770281",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537277770298",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-13:36:05.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537277770281",
"tos":"0",
"adapter:geoadapter:end:ts":"1537277770282",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537277770286",
"threat:triage:rules:0:score":10,
"timestamp":1537277765000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537277770279",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537277770281",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537277770286",
"adapter:threatinteladapter:begin:ts":"1537277770288",
"tcpflags":"***A**S*",
"guid":"3d578f8e-9b9c-44ec-93a7-af357428bcb9",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537278536143",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537278536124",
"enrichmentjoinbolt:joiner:ts":"1537278536131",
"adapter:geoadapter:begin:ts":"1537278536129",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537278536140",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-13:48:51.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537278536126",
"tos":"0",
"adapter:geoadapter:end:ts":"1537278536129",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537278536134",
"threat:triage:rules:0:score":10,
"timestamp":1537278531000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537278536124",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537278536126",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537278536134",
"adapter:threatinteladapter:begin:ts":"1537278536139",
"tcpflags":"***A**S*",
"guid":"5236f783-d06f-4268-b228-18b19ddaa05f",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537278612703",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537278612692",
"enrichmentjoinbolt:joiner:ts":"1537278612697",
"adapter:geoadapter:begin:ts":"1537278612695",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537278612701",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-13:50:08.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537278612694",
"tos":"0",
"adapter:geoadapter:end:ts":"1537278612695",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537278612699",
"threat:triage:rules:0:score":10,
"timestamp":1537278608000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537278612692",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537278612694",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537278612699",
"adapter:threatinteladapter:begin:ts":"1537278612701",
"tcpflags":"***A****",
"guid":"16196ae0-1a5b-437a-b7be-c1015e9e9b18",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537279218984",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537279218971",
"enrichmentjoinbolt:joiner:ts":"1537279218975",
"adapter:geoadapter:begin:ts":"1537279218973",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537279218982",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:00:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537279218973",
"tos":"0",
"adapter:geoadapter:end:ts":"1537279218973",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537279218978",
"threat:triage:rules:0:score":10,
"timestamp":1537279217000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537279218971",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537279218973",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537279218978",
"adapter:threatinteladapter:begin:ts":"1537279218980",
"tcpflags":"***A****",
"guid":"83635c2d-bc81-4a6e-87b9-51825f2e375f",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537279752934",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537279752920",
"enrichmentjoinbolt:joiner:ts":"1537279752925",
"adapter:geoadapter:begin:ts":"1537279752923",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537279752931",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:09:12.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537279752923",
"tos":"0",
"adapter:geoadapter:end:ts":"1537279752923",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537279752928",
"threat:triage:rules:0:score":10,
"timestamp":1537279752000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537279752920",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537279752923",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537279752928",
"adapter:threatinteladapter:begin:ts":"1537279752931",
"tcpflags":"***A****",
"guid":"13de1cf3-adfd-4c5e-9cb2-be470af1104d",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537279930875",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537279930833",
"enrichmentjoinbolt:joiner:ts":"1537279930846",
"adapter:geoadapter:begin:ts":"1537279930844",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537279930872",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:12:06.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537279930844",
"tos":"0",
"adapter:geoadapter:end:ts":"1537279930844",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537279930857",
"threat:triage:rules:0:score":10,
"timestamp":1537279926000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537279930834",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537279930844",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537279930857",
"adapter:threatinteladapter:begin:ts":"1537279930871",
"tcpflags":"***A**S*",
"guid":"a04ca59b-fa5d-4ad4-92ce-162765681dec",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537279954609",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537279954595",
"enrichmentjoinbolt:joiner:ts":"1537279954600",
"adapter:geoadapter:begin:ts":"1537279954597",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537279954606",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:12:33.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537279954597",
"tos":"0",
"adapter:geoadapter:end:ts":"1537279954597",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537279954603",
"threat:triage:rules:0:score":10,
"timestamp":1537279953000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537279954595",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537279954597",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537279954603",
"adapter:threatinteladapter:begin:ts":"1537279954606",
"tcpflags":"***A****",
"guid":"be858565-84b1-4f57-bc51-d67f52697006",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537280061942",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537280061924",
"enrichmentjoinbolt:joiner:ts":"1537280061930",
"adapter:geoadapter:begin:ts":"1537280061926",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537280061934",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:14:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537280061926",
"tos":"0",
"adapter:geoadapter:end:ts":"1537280061926",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537280061932",
"threat:triage:rules:0:score":10,
"timestamp":1537280057000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537280061924",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537280061926",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537280061932",
"adapter:threatinteladapter:begin:ts":"1537280061934",
"tcpflags":"***A****",
"guid":"4fc16ffe-27b7-4269-bc27-d347f6829fe3",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537280755832",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537280755819",
"enrichmentjoinbolt:joiner:ts":"1537280755824",
"adapter:geoadapter:begin:ts":"1537280755821",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537280755829",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:25:54.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537280755821",
"tos":"0",
"adapter:geoadapter:end:ts":"1537280755821",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537280755826",
"threat:triage:rules:0:score":10,
"timestamp":1537280754000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537280755819",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537280755821",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537280755826",
"adapter:threatinteladapter:begin:ts":"1537280755829",
"tcpflags":"***A**S*",
"guid":"5cbcc299-9b04-40f0-84b9-d759eb5f1fd6",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537280911771",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537280911759",
"enrichmentjoinbolt:joiner:ts":"1537280911764",
"adapter:geoadapter:begin:ts":"1537280911761",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537280911769",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:28:30.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537280911761",
"tos":"0",
"adapter:geoadapter:end:ts":"1537280911761",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537280911767",
"threat:triage:rules:0:score":10,
"timestamp":1537280910000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537280911759",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537280911761",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537280911767",
"adapter:threatinteladapter:begin:ts":"1537280911769",
"tcpflags":"***A****",
"guid":"223279f4-59ba-473d-85ab-4e6174416463",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537282654617",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537282654604",
"enrichmentjoinbolt:joiner:ts":"1537282654609",
"adapter:geoadapter:begin:ts":"1537282654606",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537282654614",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:57:30.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537282654606",
"tos":"0",
"adapter:geoadapter:end:ts":"1537282654606",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537282654612",
"threat:triage:rules:0:score":10,
"timestamp":1537282650000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537282654604",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537282654606",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537282654612",
"adapter:threatinteladapter:begin:ts":"1537282654614",
"tcpflags":"***A****",
"guid":"4ae68add-27d8-4b7c-a938-a60ee24d087a",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537284092223",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537284092211",
"enrichmentjoinbolt:joiner:ts":"1537284092216",
"adapter:geoadapter:begin:ts":"1537284092213",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537284092221",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-15:21:27.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537284092213",
"tos":"0",
"adapter:geoadapter:end:ts":"1537284092214",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537284092218",
"threat:triage:rules:0:score":10,
"timestamp":1537284087000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537284092211",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537284092213",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537284092218",
"adapter:threatinteladapter:begin:ts":"1537284092220",
"tcpflags":"***A****",
"guid":"281194ba-7091-4dd9-8708-d568d6323d3e",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537284672944",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537284672931",
"enrichmentjoinbolt:joiner:ts":"1537284672936",
"adapter:geoadapter:begin:ts":"1537284672934",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537284672942",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-15:31:11.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537284672934",
"tos":"0",
"adapter:geoadapter:end:ts":"1537284672934",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537284672939",
"threat:triage:rules:0:score":10,
"timestamp":1537284671000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537284672931",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537284672934",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537284672939",
"adapter:threatinteladapter:begin:ts":"1537284672942",
"tcpflags":"***A****",
"guid":"ae0d14a1-1253-4036-8c0d-4a4aa6fdfe33",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537297029540",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537297029528",
"enrichmentjoinbolt:joiner:ts":"1537297029533",
"adapter:geoadapter:begin:ts":"1537297029530",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537297029537",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-18:57:05.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537297029530",
"tos":"0",
"adapter:geoadapter:end:ts":"1537297029530",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537297029535",
"threat:triage:rules:0:score":10,
"timestamp":1537297025000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537297029528",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537297029530",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537297029535",
"adapter:threatinteladapter:begin:ts":"1537297029537",
"tcpflags":"***A**S*",
"guid":"02d6c1d3-f8d1-40f3-9d26-1a166d32a27a",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537299055443",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537299055430",
"enrichmentjoinbolt:joiner:ts":"1537299055435",
"adapter:geoadapter:begin:ts":"1537299055433",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537299055441",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:30:50.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537299055433",
"tos":"0",
"adapter:geoadapter:end:ts":"1537299055433",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537299055438",
"threat:triage:rules:0:score":10,
"timestamp":1537299050000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537299055430",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537299055433",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537299055438",
"adapter:threatinteladapter:begin:ts":"1537299055441",
"tcpflags":"***A****",
"guid":"da35d6ed-0014-4cdf-9503-aadf3650772c",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537300074867",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537300074854",
"enrichmentjoinbolt:joiner:ts":"1537300074859",
"adapter:geoadapter:begin:ts":"1537300074856",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537300074865",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:47:50.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537300074856",
"tos":"0",
"adapter:geoadapter:end:ts":"1537300074856",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537300074861",
"threat:triage:rules:0:score":10,
"timestamp":1537300070000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537300074854",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537300074856",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537300074861",
"adapter:threatinteladapter:begin:ts":"1537300074863",
"tcpflags":"***A**S*",
"guid":"f0a64d82-2820-4f74-b9f8-091b206543a7",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537301085145",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537301085124",
"enrichmentjoinbolt:joiner:ts":"1537301085128",
"adapter:geoadapter:begin:ts":"1537301085125",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537301085134",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:04:40.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537301085125",
"tos":"0",
"adapter:geoadapter:end:ts":"1537301085125",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537301085131",
"threat:triage:rules:0:score":10,
"timestamp":1537301080000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537301085124",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537301085125",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537301085131",
"adapter:threatinteladapter:begin:ts":"1537301085134",
"tcpflags":"***A**S*",
"guid":"549c755c-b446-4725-bb17-86055197152f",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537301449267",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537301449253",
"enrichmentjoinbolt:joiner:ts":"1537301449258",
"adapter:geoadapter:begin:ts":"1537301449255",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537301449263",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:10:48.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537301449255",
"tos":"0",
"adapter:geoadapter:end:ts":"1537301449255",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537301449260",
"threat:triage:rules:0:score":10,
"timestamp":1537301448000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537301449253",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537301449255",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537301449260",
"adapter:threatinteladapter:begin:ts":"1537301449263",
"tcpflags":"***A****",
"guid":"4a7b511b-96f8-4b43-bb62-0e9d6e9da410",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537301606658",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537301606644",
"enrichmentjoinbolt:joiner:ts":"1537301606650",
"adapter:geoadapter:begin:ts":"1537301606647",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537301606655",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:13:22.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537301606647",
"tos":"0",
"adapter:geoadapter:end:ts":"1537301606647",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537301606652",
"threat:triage:rules:0:score":10,
"timestamp":1537301602000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537301606644",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537301606647",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537301606652",
"adapter:threatinteladapter:begin:ts":"1537301606655",
"tcpflags":"***A**S*",
"guid":"90742c82-c227-46ed-bb6e-b262c51007c2",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537276900749",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537276900736",
"enrichmentjoinbolt:joiner:ts":"1537276900741",
"adapter:geoadapter:begin:ts":"1537276900738",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537276900748",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-13:21:39.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537276900738",
"tos":"0",
"adapter:geoadapter:end:ts":"1537276900739",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537276900743",
"threat:triage:rules:0:score":10,
"timestamp":1537276899000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537276900736",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537276900738",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537276900743",
"adapter:threatinteladapter:begin:ts":"1537276900746",
"tcpflags":"***A****",
"guid":"3a7595f6-6a6d-4b7d-979b-88407df1db2d",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537278576183",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537278576165",
"enrichmentjoinbolt:joiner:ts":"1537278576173",
"adapter:geoadapter:begin:ts":"1537278576168",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537278576179",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-13:49:35.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537278576168",
"tos":"0",
"adapter:geoadapter:end:ts":"1537278576168",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537278576176",
"threat:triage:rules:0:score":10,
"timestamp":1537278575000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537278576165",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537278576168",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537278576176",
"adapter:threatinteladapter:begin:ts":"1537278576179",
"tcpflags":"***A**S*",
"guid":"4f8521ff-179d-467d-864e-206f40f91809",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537278863333",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537278863321",
"enrichmentjoinbolt:joiner:ts":"1537278863326",
"adapter:geoadapter:begin:ts":"1537278863324",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537278863330",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-13:54:22.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537278863324",
"tos":"0",
"adapter:geoadapter:end:ts":"1537278863324",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537278863328",
"threat:triage:rules:0:score":10,
"timestamp":1537278862000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537278863321",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537278863324",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537278863328",
"adapter:threatinteladapter:begin:ts":"1537278863330",
"tcpflags":"***A**S*",
"guid":"3fa2010e-76a0-4285-9eb3-394d240cf4f9",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537280655645",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537280655623",
"enrichmentjoinbolt:joiner:ts":"1537280655629",
"adapter:geoadapter:begin:ts":"1537280655627",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537280655643",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:24:11.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537280655627",
"tos":"0",
"adapter:geoadapter:end:ts":"1537280655627",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537280655637",
"threat:triage:rules:0:score":10,
"timestamp":1537280651000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537280655623",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537280655627",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537280655637",
"adapter:threatinteladapter:begin:ts":"1537280655640",
"tcpflags":"***A**S*",
"guid":"8835c6f7-725f-468c-bccf-10f4ef1fd28d",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537282478521",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537282478506",
"enrichmentjoinbolt:joiner:ts":"1537282478512",
"adapter:geoadapter:begin:ts":"1537282478509",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537282478517",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:54:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537282478509",
"tos":"0",
"adapter:geoadapter:end:ts":"1537282478509",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537282478514",
"threat:triage:rules:0:score":10,
"timestamp":1537282474000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537282478506",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537282478509",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537282478514",
"adapter:threatinteladapter:begin:ts":"1537282478517",
"tcpflags":"***A****",
"guid":"a1166706-b890-451e-bbe3-109bf0c08a9c",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537282713695",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537282713683",
"enrichmentjoinbolt:joiner:ts":"1537282713688",
"adapter:geoadapter:begin:ts":"1537282713685",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537282713692",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:58:32.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537282713685",
"tos":"0",
"adapter:geoadapter:end:ts":"1537282713685",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537282713690",
"threat:triage:rules:0:score":10,
"timestamp":1537282712000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537282713683",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537282713685",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537282713690",
"adapter:threatinteladapter:begin:ts":"1537282713692",
"tcpflags":"***A**S*",
"guid":"d74132e0-eedf-4cdf-bc17-c9e870d54578",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537283204814",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537283204799",
"enrichmentjoinbolt:joiner:ts":"1537283204804",
"adapter:geoadapter:begin:ts":"1537283204802",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537283204812",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-15:06:43.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537283204802",
"tos":"0",
"adapter:geoadapter:end:ts":"1537283204803",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537283204807",
"threat:triage:rules:0:score":10,
"timestamp":1537283203000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537283204799",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537283204802",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537283204807",
"adapter:threatinteladapter:begin:ts":"1537283204809",
"tcpflags":"***A**S*",
"guid":"75415055-8d69-4683-9382-d25c39b68e9f",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537284300507",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537284300495",
"enrichmentjoinbolt:joiner:ts":"1537284300500",
"adapter:geoadapter:begin:ts":"1537284300498",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537284300505",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-15:24:56.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537284300498",
"tos":"0",
"adapter:geoadapter:end:ts":"1537284300498",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537284300502",
"threat:triage:rules:0:score":10,
"timestamp":1537284296000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537284300495",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537284300498",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537284300502",
"adapter:threatinteladapter:begin:ts":"1537284300505",
"tcpflags":"***A**S*",
"guid":"c42433e8-98f3-42dd-9089-6ac96e20095f",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537284659873",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537284659860",
"enrichmentjoinbolt:joiner:ts":"1537284659865",
"adapter:geoadapter:begin:ts":"1537284659862",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537284659870",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-15:30:58.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537284659862",
"tos":"0",
"adapter:geoadapter:end:ts":"1537284659862",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537284659867",
"threat:triage:rules:0:score":10,
"timestamp":1537284658000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537284659860",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537284659862",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537284659867",
"adapter:threatinteladapter:begin:ts":"1537284659870",
"tcpflags":"***A****",
"guid":"2895d881-503d-4092-b172-65dbb5e35ed3",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537296522533",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537296450178",
"enrichmentjoinbolt:joiner:ts":"1537296450183",
"adapter:geoadapter:begin:ts":"1537296450180",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537296522312",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-18:47:29.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537296450179",
"tos":"0",
"adapter:geoadapter:end:ts":"1537296450180",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537296450185",
"threat:triage:rules:0:score":10,
"timestamp":1537296449000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537296450178",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537296450179",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537296450185",
"adapter:threatinteladapter:begin:ts":"1537296522312",
"tcpflags":"***A****",
"guid":"1f236e95-6ae6-443c-98a0-31d4f2c425ed",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537297095805",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537297095791",
"enrichmentjoinbolt:joiner:ts":"1537297095797",
"adapter:geoadapter:begin:ts":"1537297095795",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537297095803",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-18:58:14.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537297095794",
"tos":"0",
"adapter:geoadapter:end:ts":"1537297095795",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537297095801",
"threat:triage:rules:0:score":10,
"timestamp":1537297094000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537297095791",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537297095794",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537297095801",
"adapter:threatinteladapter:begin:ts":"1537297095803",
"tcpflags":"***A**S*",
"guid":"022a9c0c-241f-4cb2-9c0d-1c428a099404",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537299018672",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537299018656",
"enrichmentjoinbolt:joiner:ts":"1537299018664",
"adapter:geoadapter:begin:ts":"1537299018662",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537299018669",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:30:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537299018662",
"tos":"0",
"adapter:geoadapter:end:ts":"1537299018662",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537299018667",
"threat:triage:rules:0:score":10,
"timestamp":1537299017000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537299018656",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537299018662",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537299018667",
"adapter:threatinteladapter:begin:ts":"1537299018669",
"tcpflags":"***A****",
"guid":"25421458-1b16-47fc-b8f5-a7c7a83bf86a",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537301124094",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537301124082",
"enrichmentjoinbolt:joiner:ts":"1537301124086",
"adapter:geoadapter:begin:ts":"1537301124084",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537301124091",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:05:19.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537301124084",
"tos":"0",
"adapter:geoadapter:end:ts":"1537301124084",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537301124089",
"threat:triage:rules:0:score":10,
"timestamp":1537301119000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537301124082",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537301124084",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537301124089",
"adapter:threatinteladapter:begin:ts":"1537301124091",
"tcpflags":"***A****",
"guid":"c48dce90-087a-461e-b408-3270e02fc513",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537301488853",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537301488841",
"enrichmentjoinbolt:joiner:ts":"1537301488846",
"adapter:geoadapter:begin:ts":"1537301488843",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537301488851",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:11:24.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537301488843",
"tos":"0",
"adapter:geoadapter:end:ts":"1537301488843",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537301488848",
"threat:triage:rules:0:score":10,
"timestamp":1537301484000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537301488841",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537301488843",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537301488848",
"adapter:threatinteladapter:begin:ts":"1537301488851",
"tcpflags":"***A**S*",
"guid":"afaa6ea8-f1f2-4806-93ce-e7076c238813",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537301564066",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537301564052",
"enrichmentjoinbolt:joiner:ts":"1537301564058",
"adapter:geoadapter:begin:ts":"1537301564055",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537301564063",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:12:39.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537301564055",
"tos":"0",
"adapter:geoadapter:end:ts":"1537301564055",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537301564061",
"threat:triage:rules:0:score":10,
"timestamp":1537301559000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537301564052",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537301564055",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537301564061",
"adapter:threatinteladapter:begin:ts":"1537301564063",
"tcpflags":"***A**S*",
"guid":"1cc03c24-72d5-46d7-a0d0-136bc63fe0f3",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537302711761",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537302711745",
"enrichmentjoinbolt:joiner:ts":"1537302711750",
"adapter:geoadapter:begin:ts":"1537302711749",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537302711759",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:31:50.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537302711747",
"tos":"0",
"adapter:geoadapter:end:ts":"1537302711749",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537302711754",
"threat:triage:rules:0:score":10,
"timestamp":1537302710000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537302711745",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537302711747",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537302711754",
"adapter:threatinteladapter:begin:ts":"1537302711758",
"tcpflags":"***A**S*",
"guid":"c1e9b8f7-925e-4110-8179-68e953e143d4",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537302827504",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537302827490",
"enrichmentjoinbolt:joiner:ts":"1537302827496",
"adapter:geoadapter:begin:ts":"1537302827493",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537302827501",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:33:43.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537302827493",
"tos":"0",
"adapter:geoadapter:end:ts":"1537302827493",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537302827498",
"threat:triage:rules:0:score":10,
"timestamp":1537302823000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537302827490",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537302827493",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537302827498",
"adapter:threatinteladapter:begin:ts":"1537302827501",
"tcpflags":"***A**S*",
"guid":"04aa400c-855c-4dee-9ea7-eca9842f9932",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537277086360",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537277086347",
"enrichmentjoinbolt:joiner:ts":"1537277086352",
"adapter:geoadapter:begin:ts":"1537277086349",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537277086357",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-13:24:40.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537277086349",
"tos":"0",
"adapter:geoadapter:end:ts":"1537277086349",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537277086355",
"threat:triage:rules:0:score":10,
"timestamp":1537277080000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537277086347",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537277086349",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537277086355",
"adapter:threatinteladapter:begin:ts":"1537277086357",
"tcpflags":"***A**S*",
"guid":"294c987b-da00-421b-bf89-91a1f45ad361",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537277780562",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537277780550",
"enrichmentjoinbolt:joiner:ts":"1537277780555",
"adapter:geoadapter:begin:ts":"1537277780552",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537277780559",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-13:36:19.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537277780552",
"tos":"0",
"adapter:geoadapter:end:ts":"1537277780552",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537277780557",
"threat:triage:rules:0:score":10,
"timestamp":1537277779000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537277780550",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537277780552",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537277780557",
"adapter:threatinteladapter:begin:ts":"1537277780559",
"tcpflags":"***A****",
"guid":"02c92408-826f-4d9c-b9c9-0393dd37d9db",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537279337550",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537279337537",
"enrichmentjoinbolt:joiner:ts":"1537279337542",
"adapter:geoadapter:begin:ts":"1537279337539",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537279337547",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:02:13.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537279337539",
"tos":"0",
"adapter:geoadapter:end:ts":"1537279337539",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537279337544",
"threat:triage:rules:0:score":10,
"timestamp":1537279333000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537279337537",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537279337539",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537279337544",
"adapter:threatinteladapter:begin:ts":"1537279337547",
"tcpflags":"***A****",
"guid":"bd7dba34-35ba-4341-a6a9-e92c75eac21c",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537279651897",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537279651884",
"enrichmentjoinbolt:joiner:ts":"1537279651889",
"adapter:geoadapter:begin:ts":"1537279651886",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537279651894",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:07:30.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537279651886",
"tos":"0",
"adapter:geoadapter:end:ts":"1537279651886",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537279651892",
"threat:triage:rules:0:score":10,
"timestamp":1537279650000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537279651884",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537279651886",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537279651892",
"adapter:threatinteladapter:begin:ts":"1537279651894",
"tcpflags":"***A**S*",
"guid":"4ababe43-0bd4-45aa-9f4f-b6bd951dd5a9",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537281693141",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537281693128",
"enrichmentjoinbolt:joiner:ts":"1537281693133",
"adapter:geoadapter:begin:ts":"1537281693130",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537281693138",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:41:32.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537281693130",
"tos":"0",
"adapter:geoadapter:end:ts":"1537281693130",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537281693136",
"threat:triage:rules:0:score":10,
"timestamp":1537281692000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537281693128",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537281693130",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537281693136",
"adapter:threatinteladapter:begin:ts":"1537281693138",
"tcpflags":"***A****",
"guid":"535f50ea-3b88-4b7d-ada0-76fc4aa2ec95",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537282293139",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537282293129",
"enrichmentjoinbolt:joiner:ts":"1537282293133",
"adapter:geoadapter:begin:ts":"1537282293130",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537282293137",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:51:32.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537282293131",
"tos":"0",
"adapter:geoadapter:end:ts":"1537282293130",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537282293135",
"threat:triage:rules:0:score":10,
"timestamp":1537282292000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537282293129",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537282293131",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537282293135",
"adapter:threatinteladapter:begin:ts":"1537282293137",
"tcpflags":"***A**S*",
"guid":"30f249fc-5a1f-4363-8dba-20530f7f2566",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537282585414",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537282585394",
"enrichmentjoinbolt:joiner:ts":"1537282585399",
"adapter:geoadapter:begin:ts":"1537282585396",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537282585413",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:56:21.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537282585396",
"tos":"0",
"adapter:geoadapter:end:ts":"1537282585397",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537282585402",
"threat:triage:rules:0:score":10,
"timestamp":1537282581000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537282585394",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537282585396",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537282585402",
"adapter:threatinteladapter:begin:ts":"1537282585410",
"tcpflags":"***A**S*",
"guid":"6d0d7638-289b-4e1a-b9f9-b922aa8a97d6",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537282598678",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537282598664",
"enrichmentjoinbolt:joiner:ts":"1537282598670",
"adapter:geoadapter:begin:ts":"1537282598667",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537282598675",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-14:56:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537282598667",
"tos":"0",
"adapter:geoadapter:end:ts":"1537282598667",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537282598672",
"threat:triage:rules:0:score":10,
"timestamp":1537282597000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537282598664",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537282598667",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537282598672",
"adapter:threatinteladapter:begin:ts":"1537282598675",
"tcpflags":"***A****",
"guid":"63e8b82f-f8e6-43c7-97a0-966219bf8651",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537282892585",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537282892572",
"enrichmentjoinbolt:joiner:ts":"1537282892576",
"adapter:geoadapter:begin:ts":"1537282892573",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537282892581",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-15:01:31.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537282892573",
"tos":"0",
"adapter:geoadapter:end:ts":"1537282892573",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537282892578",
"threat:triage:rules:0:score":10,
"timestamp":1537282891000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537282892572",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537282892573",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537282892578",
"adapter:threatinteladapter:begin:ts":"1537282892581",
"tcpflags":"***A**S*",
"guid":"adfd9fc6-3520-4c94-81b0-2d683e51cf37",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537297085181",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537297085168",
"enrichmentjoinbolt:joiner:ts":"1537297085173",
"adapter:geoadapter:begin:ts":"1537297085170",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537297085178",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-18:58:04.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537297085170",
"tos":"0",
"adapter:geoadapter:end:ts":"1537297085170",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537297085175",
"threat:triage:rules:0:score":10,
"timestamp":1537297084000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537297085168",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537297085170",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537297085175",
"adapter:threatinteladapter:begin:ts":"1537297085178",
"tcpflags":"***A**S*",
"guid":"34013b39-e514-41b4-b473-46158d601f44",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537298303311",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BD",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"40",
"enrichmentsplitterbolt:splitter:begin:ts":"1537298303296",
"enrichmentjoinbolt:joiner:ts":"1537298303301",
"adapter:geoadapter:begin:ts":"1537298303298",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C999D",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537298303308",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-19:18:18.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537298303298",
"tos":"0",
"adapter:geoadapter:end:ts":"1537298303298",
"id":"1900",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537298303304",
"threat:triage:rules:0:score":10,
"timestamp":1537298298000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537298303296",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537298303298",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537298303304",
"adapter:threatinteladapter:begin:ts":"1537298303308",
"tcpflags":"***A****",
"guid":"d0ce6a18-3c19-4244-8c8c-42e3ee1fbe2b",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537301038110",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537301038097",
"enrichmentjoinbolt:joiner:ts":"1537301038102",
"adapter:geoadapter:begin:ts":"1537301038099",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537301038109",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-20:03:53.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537301038099",
"tos":"0",
"adapter:geoadapter:end:ts":"1537301038099",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537301038105",
"threat:triage:rules:0:score":10,
"timestamp":1537301033000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537301038097",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537301038099",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537301038105",
"adapter:threatinteladapter:begin:ts":"1537301038109",
"tcpflags":"***A**S*",
"guid":"50a599ce-c0fb-4ce4-a527-84742e60b6b5",
"sig_id":"999158",
"sig_generator":"1"
},
{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"49195",
"threatinteljoinbolt:joiner:ts":"1537304777666",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xC88832BC",
"enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
"dgmlen":"44",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304777652",
"enrichmentjoinbolt:joiner:ts":"1537304777658",
"adapter:geoadapter:begin:ts":"1537304777655",
"tcpwindow":"0xFAF0",
"threat:triage:rules:0:name":null,
"tcpack":"0x522C98B4",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537304777663",
"ip_dst_addr":"192.168.138.158",
"original_string":"09/18/18-21:06:13.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537304777655",
"tos":"0",
"adapter:geoadapter:end:ts":"1537304777655",
"id":"1899",
"enrichments:geo:ip_src_addr:latitude":"48.8582",
"ip_src_addr":"188.165.164.184",
"threatintelsplitterbolt:splitter:end:ts":"1537304777661",
"threat:triage:rules:0:score":10,
"timestamp":1537304773000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537304777652",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304777655",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"ethlen":"0x3C",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537304777661",
"adapter:threatinteladapter:begin:ts":"1537304777663",
"tcpflags":"***A**S*",
"guid":"bebe8215-9915-45f9-bd0f-d48cf8e6505b",
"sig_id":"999158",
"sig_generator":"1"
},
{
"enrichments:geo:ip_dst_addr:locID":"563523",
"bro_timestamp":"1537304979.955487",
"status_code":200,
"enrichments:geo:ip_dst_addr:location_point":"55.7896,38.4467",
"ip_dst_port":80,
"threatinteljoinbolt:joiner:ts":"1537304981038",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981020",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"adapter:geoadapter:begin:ts":"1537304981022",
"enrichments:geo:ip_dst_addr:latitude":"55.7896",
"uid":"CA0G2ASkF1efFirs7",
"resp_mime_types":[
"image/png"
],
"trans_depth":3,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981036",
"original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/button_pay.png tags:[] uid:CA0G2ASkF1efFirs7 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:727 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304979.955487 id.resp_h:95.163.121.204 resp_fuids:[\"F7c5Lp3iMksOUQHIbl\"]",
"ip_dst_addr":"95.163.121.204",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"host":"7oqnsnzwwnm6zb7y.gigapaysun.com",
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"enrichments:geo:ip_dst_addr:longitude":"38.4467",
"user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)",
"resp_fuids":[
"F7c5Lp3iMksOUQHIbl"
],
"timestamp":1537304979955,
"method":"GET",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981020",
"request_body_len":0,
"enrichments:geo:ip_dst_addr:city":"Elektrostal",
"enrichments:geo:ip_dst_addr:postalCode":"144009",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"uri":"/img/button_pay.png",
"metaalerts":[
"ad5cc7ea-5954-479f-8589-51f94b1c2f02"
],
"tags":[
],
"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg",
"alert_status":"OPEN",
"ip_src_port":49210,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981036",
"status_msg":"OK",
"guid":"a44697e2-69d0-4a0c-889d-59a47b68c676",
"enrichments:geo:ip_dst_addr:country":"RU",
"response_body_len":727
}
],
"threat:triage:score":820.0,
"count":82,
"groups":[
"ip_src_addr"
],
"sum":820.0,
"source:type":"metaalert",
"min":10.0,
"median":10.0,
"guid":"ad5cc7ea-5954-479f-8589-51f94b1c2f02",
"timestamp":1537521828936,
"status":"active"
},
"score":1.0,
"index":"metaalert_index"
},
{
"id":"f8078efd-5195-4ef5-bdb5-54cc3d03db73",
"source":{
"enrichments:geo:ip_dst_addr:locID":"5368361",
"bro_timestamp":"1537304979.801853",
"status_code":200,
"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641",
"ip_dst_port":80,
"threatinteljoinbolt:joiner:ts":"1537304981038",
"enrichments:geo:ip_dst_addr:dmaCode":"803",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981020",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"adapter:geoadapter:begin:ts":"1537304981022",
"enrichments:geo:ip_dst_addr:latitude":"34.0494",
"uid":"C6NKjA4tt5Xc1a6uzd",
"resp_mime_types":[
"text/plain"
],
"trans_depth":1,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981036",
"original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9 tags:[] uid:C6NKjA4tt5Xc1a6uzd resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"Fr5Cg02TcSAxFeYoBh\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304979.801853 id.resp_h:72.34.49.86 resp_fuids:[\"FQcLCtotjacEmeBEf\"]",
"ip_dst_addr":"72.34.49.86",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"host":"comarksecurity.com",
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"enrichments:geo:ip_dst_addr:longitude":"-118.2641",
"user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)",
"resp_fuids":[
"FQcLCtotjacEmeBEf"
],
"timestamp":1537304979801,
"method":"POST",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981020",
"request_body_len":110,
"enrichments:geo:ip_dst_addr:city":"Los Angeles",
"enrichments:geo:ip_dst_addr:postalCode":"90014",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"orig_mime_types":[
"text/plain"
],
"uri":"/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9",
"tags":[
],
"alert_status":"OPEN",
"orig_fuids":[
"Fr5Cg02TcSAxFeYoBh"
],
"ip_src_port":49204,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981033",
"status_msg":"OK",
"guid":"f8078efd-5195-4ef5-bdb5-54cc3d03db73",
"enrichments:geo:ip_dst_addr:country":"US",
"response_body_len":14
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"d0926d60-b278-48f7-99c3-1aeced081879",
"source":{
"bro_timestamp":"1537304979.57605",
"ip_dst_port":8080,
"threatinteljoinbolt:joiner:ts":"1537304981035",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981020",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"adapter:geoadapter:begin:ts":"1537304981022",
"uid":"CUrRne3iLIxXavQtci",
"trans_depth":237,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981033",
"original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169374962 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:237 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1537304979.57605 id.resp_h:192.168.66.121",
"ip_dst_addr":"192.168.66.121",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"host":"node1",
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.66.1",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36",
"timestamp":1537304979576,
"method":"GET",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981020",
"request_body_len":0,
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169374962",
"tags":[
],
"referrer":"http://node1:8080/",
"alert_status":"OPEN",
"ip_src_port":50451,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981033",
"guid":"d0926d60-b278-48f7-99c3-1aeced081879",
"response_body_len":0
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"cbcceb89-6ed5-4c08-9a63-9a68fc718142",
"source":{
"enrichments:geo:ip_dst_addr:locID":"2973783",
"bro_timestamp":"1537304979.574995",
"status_code":200,
"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455",
"ip_dst_port":80,
"threatinteljoinbolt:joiner:ts":"1537304981038",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981020",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"adapter:geoadapter:begin:ts":"1537304981022",
"enrichments:geo:ip_dst_addr:latitude":"48.5839",
"uid":"Ccyd7g4svVwuwbA0Td",
"trans_depth":1,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981036",
"original_string":"HTTP | id.orig_p:49196 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?51424ddd486ff06861fceed24e86b329 tags:[] uid:Ccyd7g4svVwuwbA0Td trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304979.574995 id.resp_h:62.75.195.236",
"ip_dst_addr":"62.75.195.236",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"host":"62.75.195.236",
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"enrichments:geo:ip_dst_addr:longitude":"7.7455",
"user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)",
"timestamp":1537304979574,
"method":"GET",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981020",
"request_body_len":0,
"enrichments:geo:ip_dst_addr:city":"Strasbourg",
"enrichments:geo:ip_dst_addr:postalCode":"67100",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"uri":"/?51424ddd486ff06861fceed24e86b329",
"tags":[
],
"ip_src_port":49196,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981036",
"status_msg":"OK",
"guid":"cbcceb89-6ed5-4c08-9a63-9a68fc718142",
"enrichments:geo:ip_dst_addr:country":"FR",
"response_body_len":0
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"2781b7c9-34be-4255-ae79-4a1e7e5f37e2",
"source":{
"enrichments:geo:ip_dst_addr:locID":"5308655",
"bro_timestamp":"1537304979.02948",
"status_code":404,
"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712",
"ip_dst_port":80,
"threatinteljoinbolt:joiner:ts":"1537304981038",
"enrichments:geo:ip_dst_addr:dmaCode":"753",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981020",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"adapter:geoadapter:begin:ts":"1537304981022",
"enrichments:geo:ip_dst_addr:latitude":"33.4499",
"uid":"C5X8cLiUo8znWskj8",
"resp_mime_types":[
"text/html"
],
"trans_depth":1,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981036",
"original_string":"HTTP | id.orig_p:49199 status_code:404 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42 tags:[] uid:C5X8cLiUo8znWskj8 resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FxVqoE45xXkM5ExM21\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304979.02948 id.resp_h:204.152.254.221 resp_fuids:[\"FEccQO3alHYeLjBO3c\"]",
"ip_dst_addr":"204.152.254.221",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"host":"runlove.us",
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"enrichments:geo:ip_dst_addr:longitude":"-112.0712",
"user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)",
"resp_fuids":[
"FEccQO3alHYeLjBO3c"
],
"timestamp":1537304979029,
"method":"POST",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981020",
"request_body_len":96,
"enrichments:geo:ip_dst_addr:city":"Phoenix",
"enrichments:geo:ip_dst_addr:postalCode":"85004",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"orig_mime_types":[
"text/plain"
],
"uri":"/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42",
"tags":[
],
"orig_fuids":[
"FxVqoE45xXkM5ExM21"
],
"ip_src_port":49199,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981036",
"status_msg":"Not Found",
"guid":"2781b7c9-34be-4255-ae79-4a1e7e5f37e2",
"enrichments:geo:ip_dst_addr:country":"US",
"response_body_len":357
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"eda21dfc-47fb-46d3-b6e4-fd2da56d59b8",
"source":{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"50187",
"threatinteljoinbolt:joiner:ts":"1537304978831",
"ethsrc":"08:00:27:E8:B0:7A",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xF503D937",
"dgmlen":"52",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304978818",
"enrichmentjoinbolt:joiner:ts":"1537304978823",
"adapter:geoadapter:begin:ts":"1537304978821",
"tcpwindow":"0x1F5",
"threat:triage:rules:0:name":null,
"tcpack":"0x7B81DBFB",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537304978829",
"ip_dst_addr":"192.168.66.1",
"original_string":"09/18/18-21:09:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.66.121,8080,192.168.66.1,50187,08:00:27:E8:B0:7A,0A:00:27:00:00:00,0x42,***A****,0xF503D937,0x7B81DBFB,,0x1F5,64,0,7564,52,53248,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537304978821",
"tos":"0",
"adapter:geoadapter:end:ts":"1537304978821",
"id":"7564",
"ip_src_addr":"192.168.66.121",
"threatintelsplitterbolt:splitter:end:ts":"1537304978826",
"threat:triage:rules:0:score":10,
"timestamp":1537304977000,
"ethdst":"0A:00:27:00:00:00",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537304978818",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304978821",
"ttl":"64",
"ethlen":"0x42",
"iplen":"53248",
"ip_src_port":"8080",
"threatintelsplitterbolt:splitter:begin:ts":"1537304978826",
"adapter:threatinteladapter:begin:ts":"1537304978829",
"tcpflags":"***A****",
"guid":"eda21dfc-47fb-46d3-b6e4-fd2da56d59b8",
"sig_id":"999158",
"sig_generator":"1"
},
"score":1.0,
"index":"snort_index_2018.09.18.21"
},
{
"id":"89224e12-dd96-465d-8aa2-cf83103147b3",
"source":{
"msg":"'snort test alert'",
"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455",
"dgmlen":"40",
"enrichmentjoinbolt:joiner:ts":"1537304978823",
"adapter:geoadapter:begin:ts":"1537304978821",
"threat:triage:rules:0:name":null,
"tcpack":"0xF1BF08A0",
"protocol":"TCP",
"adapter:threatinteladapter:end:ts":"1537304978829",
"original_string":"09/18/18-21:09:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.138.158,49189,62.75.195.236,80,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0x9DFB1927,0xF1BF08A0,,0xFAF0,128,0,2396,40,40960,,,,",
"adapter:geoadapter:end:ts":"1537304978821",
"id":"2396",
"threat:triage:rules:0:score":10,
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537304978819",
"threat:triage:score":10.0,
"enrichments:geo:ip_dst_addr:city":"Strasbourg",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304978821",
"ethlen":"0x3C",
"adapter:threatinteladapter:begin:ts":"1537304978829",
"tcpflags":"***A****",
"guid":"89224e12-dd96-465d-8aa2-cf83103147b3",
"enrichments:geo:ip_dst_addr:country":"FR",
"enrichments:geo:ip_dst_addr:locID":"2973783",
"sig_rev":"0",
"ip_dst_port":"80",
"threatinteljoinbolt:joiner:ts":"1537304978831",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0x9DFB1927",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304978819",
"tcpwindow":"0xFAF0",
"enrichments:geo:ip_dst_addr:latitude":"48.5839",
"source:type":"snort",
"ip_dst_addr":"62.75.195.236",
"adapter:hostfromjsonlistadapter:end:ts":"1537304978821",
"tos":"0",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304978826",
"enrichments:geo:ip_dst_addr:longitude":"7.7455",
"timestamp":1537304977000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_dst_addr:postalCode":"67100",
"is_alert":"true",
"ttl":"128",
"iplen":"40960",
"ip_src_port":"49189",
"threatintelsplitterbolt:splitter:begin:ts":"1537304978826",
"sig_id":"999158",
"sig_generator":"1"
},
"score":1.0,
"index":"snort_index_2018.09.18.21"
},
{
"id":"9de922ba-f0b2-4315-90c9-4c87b35cfe95",
"source":{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"8080",
"threatinteljoinbolt:joiner:ts":"1537304978832",
"ethsrc":"0A:00:27:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0x836B6E56",
"dgmlen":"608",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304978819",
"enrichmentjoinbolt:joiner:ts":"1537304978823",
"adapter:geoadapter:begin:ts":"1537304978821",
"tcpwindow":"0x1000",
"threat:triage:rules:0:name":null,
"tcpack":"0x8DF89597",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537304978829",
"ip_dst_addr":"192.168.66.121",
"original_string":"09/18/18-21:09:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.66.1,50183,192.168.66.121,8080,0A:00:27:00:00:00,08:00:27:E8:B0:7A,0x26E,***AP***,0x836B6E56,0x8DF89597,,0x1000,64,2,52577,608,98312,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537304978821",
"tos":"2",
"adapter:geoadapter:end:ts":"1537304978821",
"id":"52577",
"ip_src_addr":"192.168.66.1",
"threatintelsplitterbolt:splitter:end:ts":"1537304978826",
"threat:triage:rules:0:score":10,
"timestamp":1537304977000,
"ethdst":"08:00:27:E8:B0:7A",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537304978819",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304978821",
"ttl":"64",
"ethlen":"0x26E",
"iplen":"98312",
"ip_src_port":"50183",
"threatintelsplitterbolt:splitter:begin:ts":"1537304978826",
"adapter:threatinteladapter:begin:ts":"1537304978829",
"tcpflags":"***AP***",
"guid":"9de922ba-f0b2-4315-90c9-4c87b35cfe95",
"sig_id":"999158",
"sig_generator":"1"
},
"score":1.0,
"index":"snort_index_2018.09.18.21"
},
{
"id":"ace88c81-0e6f-457d-8d67-1fc8a07e76d8",
"source":{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"8080",
"threatinteljoinbolt:joiner:ts":"1537304978832",
"ethsrc":"0A:00:27:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0x398326A5",
"dgmlen":"785",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304978819",
"enrichmentjoinbolt:joiner:ts":"1537304978823",
"adapter:geoadapter:begin:ts":"1537304978821",
"tcpwindow":"0x1000",
"threat:triage:rules:0:name":null,
"tcpack":"0xA885FC6A",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537304978829",
"ip_dst_addr":"192.168.66.121",
"original_string":"09/18/18-21:09:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.66.1,50184,192.168.66.121,8080,0A:00:27:00:00:00,08:00:27:E8:B0:7A,0x31F,***AP***,0x398326A5,0xA885FC6A,,0x1000,64,0,43178,785,17420,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537304978821",
"tos":"0",
"adapter:geoadapter:end:ts":"1537304978821",
"id":"43178",
"ip_src_addr":"192.168.66.1",
"threatintelsplitterbolt:splitter:end:ts":"1537304978826",
"threat:triage:rules:0:score":10,
"timestamp":1537304977000,
"ethdst":"08:00:27:E8:B0:7A",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537304978819",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304978821",
"ttl":"64",
"ethlen":"0x31F",
"iplen":"17420",
"ip_src_port":"50184",
"threatintelsplitterbolt:splitter:begin:ts":"1537304978826",
"adapter:threatinteladapter:begin:ts":"1537304978829",
"tcpflags":"***AP***",
"guid":"ace88c81-0e6f-457d-8d67-1fc8a07e76d8",
"sig_id":"999158",
"sig_generator":"1"
},
"score":1.0,
"index":"snort_index_2018.09.18.21"
},
{
"id":"42722a44-e4c1-4287-ad92-347045023c6d",
"source":{
"msg":"'snort test alert'",
"enrichments:geo:ip_src_addr:longitude":"38.4467",
"dgmlen":"44",
"enrichmentjoinbolt:joiner:ts":"1537304978823",
"adapter:geoadapter:begin:ts":"1537304978821",
"threat:triage:rules:0:name":null,
"tcpack":"0x32C0B55F",
"protocol":"TCP",
"adapter:threatinteladapter:end:ts":"1537304978829",
"original_string":"09/18/18-21:09:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,95.163.121.204,80,192.168.138.158,49209,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xF31124B8,0x32C0B55F,,0xFAF0,128,0,2014,44,45056,,,,",
"enrichments:geo:ip_src_addr:locID":"563523",
"adapter:geoadapter:end:ts":"1537304978821",
"id":"2014",
"threat:triage:rules:0:score":10,
"enrichments:geo:ip_src_addr:location_point":"55.7896,38.4467",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537304978818",
"threat:triage:score":10.0,
"adapter:hostfromjsonlistadapter:begin:ts":"1537304978821",
"enrichments:geo:ip_src_addr:postalCode":"144009",
"ethlen":"0x3C",
"adapter:threatinteladapter:begin:ts":"1537304978829",
"tcpflags":"***A**S*",
"guid":"42722a44-e4c1-4287-ad92-347045023c6d",
"sig_rev":"0",
"ip_dst_port":"49209",
"threatinteljoinbolt:joiner:ts":"1537304978831",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xF31124B8",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304978818",
"tcpwindow":"0xFAF0",
"source:type":"snort",
"ip_dst_addr":"192.168.138.158",
"adapter:hostfromjsonlistadapter:end:ts":"1537304978821",
"tos":"0",
"enrichments:geo:ip_src_addr:latitude":"55.7896",
"ip_src_addr":"95.163.121.204",
"threatintelsplitterbolt:splitter:end:ts":"1537304978826",
"timestamp":1537304977000,
"ethdst":"00:00:00:00:00:00",
"is_alert":"true",
"enrichments:geo:ip_src_addr:country":"RU",
"ttl":"128",
"iplen":"45056",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537304978826",
"sig_id":"999158",
"sig_generator":"1",
"enrichments:geo:ip_src_addr:city":"Elektrostal"
},
"score":1.0,
"index":"snort_index_2018.09.18.21"
},
{
"id":"2d57c13a-e663-42fe-b55b-60fe70586fcb",
"source":{
"bro_timestamp":"1537304975.98861",
"ip_dst_port":8080,
"threatinteljoinbolt:joiner:ts":"1537304981029",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981015",
"enrichmentjoinbolt:joiner:ts":"1537304981019",
"adapter:geoadapter:begin:ts":"1537304981017",
"uid":"CUrRne3iLIxXavQtci",
"trans_depth":193,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981027",
"original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169177369 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:193 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1537304975.98861 id.resp_h:192.168.66.121",
"ip_dst_addr":"192.168.66.121",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981017",
"host":"node1",
"adapter:geoadapter:end:ts":"1537304981017",
"ip_src_addr":"192.168.66.1",
"threatintelsplitterbolt:splitter:end:ts":"1537304981022",
"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36",
"timestamp":1537304975988,
"method":"GET",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981015",
"request_body_len":0,
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981017",
"uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169177369",
"tags":[
],
"referrer":"http://node1:8080/",
"ip_src_port":50451,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981022",
"adapter:threatinteladapter:begin:ts":"1537304981027",
"guid":"2d57c13a-e663-42fe-b55b-60fe70586fcb",
"response_body_len":0
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"70a6a54e-7f6f-4250-9304-09242d2b3c95",
"source":{
"bro_timestamp":"1537304975.984151",
"ip_dst_port":8080,
"threatinteljoinbolt:joiner:ts":"1537304981029",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981014",
"enrichmentjoinbolt:joiner:ts":"1537304981019",
"adapter:geoadapter:begin:ts":"1537304981017",
"uid":"CUrRne3iLIxXavQtci",
"trans_depth":214,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981027",
"original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484169312026 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:214 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1537304975.984151 id.resp_h:192.168.66.121",
"ip_dst_addr":"192.168.66.121",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981017",
"host":"node1",
"adapter:geoadapter:end:ts":"1537304981017",
"ip_src_addr":"192.168.66.1",
"threatintelsplitterbolt:splitter:end:ts":"1537304981022",
"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36",
"timestamp":1537304975984,
"method":"GET",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981014",
"request_body_len":0,
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981017",
"uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484169312026",
"tags":[
],
"referrer":"http://node1:8080/",
"ip_src_port":50451,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981022",
"adapter:threatinteladapter:begin:ts":"1537304981027",
"guid":"70a6a54e-7f6f-4250-9304-09242d2b3c95",
"response_body_len":0
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"492d13b0-743c-4b93-9a11-d03a23ec91c3",
"source":{
"bro_timestamp":"1537304975.941663",
"ip_dst_port":8080,
"threatinteljoinbolt:joiner:ts":"1537304981029",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981015",
"enrichmentjoinbolt:joiner:ts":"1537304981019",
"adapter:geoadapter:begin:ts":"1537304981017",
"uid":"CUrRne3iLIxXavQtci",
"trans_depth":158,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981027",
"original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services/KAFKA/components/KAFKA_BROKER?fields=metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesInPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesOutPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/BrokerTopicMetrics/AllTopicsMessagesInPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/controller/KafkaController/ActiveControllerCount[1484165383,1484168983,15],metrics/kafka/controller/ControllerStats/LeaderElectionRateAndTimeMs/1MinuteRate[1484165383,1484168983,15],metrics/kafka/controller/ControllerStats/UncleanLeaderElectionsPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/ReplicaFetcherManager/Replica-MaxLag[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/PartitionCount[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/UnderReplicatedPartitions[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/LeaderCount[1484165383,1484168983,15]&format=null_padding&_=1484168983985 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:158 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1537304975.941663 id.resp_h:192.168.66.121",
"ip_dst_addr":"192.168.66.121",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981017",
"host":"node1",
"adapter:geoadapter:end:ts":"1537304981017",
"ip_src_addr":"192.168.66.1",
"threatintelsplitterbolt:splitter:end:ts":"1537304981022",
"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36",
"timestamp":1537304975941,
"method":"GET",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981015",
"request_body_len":0,
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981017",
"uri":"/api/v1/clusters/metron_cluster/services/KAFKA/components/KAFKA_BROKER?fields=metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesInPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesOutPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/BrokerTopicMetrics/AllTopicsMessagesInPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/controller/KafkaController/ActiveControllerCount[1484165383,1484168983,15],metrics/kafka/controller/ControllerStats/LeaderElectionRateAndTimeMs/1MinuteRate[1484165383,1484168983,15],metrics/kafka/controller/ControllerStats/UncleanLeaderElectionsPerSec/1MinuteRate[1484165383,1484168983,15],metrics/kafka/server/ReplicaFetcherManager/Replica-MaxLag[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/PartitionCount[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/UnderReplicatedPartitions[1484165383,1484168983,15],metrics/kafka/server/ReplicaManager/LeaderCount[1484165383,1484168983,15]&format=null_padding&_=1484168983985",
"tags":[
],
"referrer":"http://node1:8080/",
"ip_src_port":50451,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981022",
"adapter:threatinteladapter:begin:ts":"1537304981027",
"guid":"492d13b0-743c-4b93-9a11-d03a23ec91c3",
"response_body_len":0
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"73405141-b9c0-4272-842b-a4e21d46adad",
"source":{
"TTLs":[
14277.0
],
"qclass_name":"C_INTERNET",
"bro_timestamp":"1537304975.929184",
"qtype_name":"A",
"ip_dst_port":53,
"threatinteljoinbolt:joiner:ts":"1537304981035",
"qtype":1,
"rejected":false,
"answers":[
"95.163.121.204"
],
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981019",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"trans_id":5810,
"adapter:geoadapter:begin:ts":"1537304981022",
"uid":"CnArm31VD2mmBoGuG9",
"protocol":"dns",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981032",
"original_string":"DNS | AA:false TTLs:[14277.0] qclass_name:C_INTERNET id.orig_p:50329 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:7oqnsnzwwnm6zb7y.gigapaysun.com answers:[\"95.163.121.204\"] trans_id:5810 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CnArm31VD2mmBoGuG9 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1537304975.929184 id.resp_h:192.168.138.2",
"ip_dst_addr":"192.168.138.2",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"Z":0,
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"qclass":1,
"timestamp":1537304975929,
"AA":false,
"enrichmentsplitterbolt:splitter:end:ts":"1537304981019",
"query":"7oqnsnzwwnm6zb7y.gigapaysun.com",
"rcode":0,
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"rcode_name":"NOERROR",
"TC":false,
"RA":true,
"RD":true,
"ip_src_port":50329,
"proto":"udp",
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981032",
"guid":"73405141-b9c0-4272-842b-a4e21d46adad"
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"e01a64c4-d7aa-4763-a5f1-08058fd23211",
"source":{
"enrichments:geo:ip_dst_addr:locID":"2973783",
"bro_timestamp":"1537304975.633374",
"status_code":200,
"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455",
"ip_dst_port":80,
"threatinteljoinbolt:joiner:ts":"1537304981035",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981020",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"adapter:geoadapter:begin:ts":"1537304981022",
"enrichments:geo:ip_dst_addr:latitude":"48.5839",
"uid":"CCOkcA3TQkLzkoUtVb",
"trans_depth":1,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981033",
"original_string":"HTTP | id.orig_p:49193 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?34eaf8bd50d85d8c6baacb45f0a7b22e tags:[] uid:CCOkcA3TQkLzkoUtVb trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.633374 id.resp_h:62.75.195.236",
"ip_dst_addr":"62.75.195.236",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"host":"62.75.195.236",
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"enrichments:geo:ip_dst_addr:longitude":"7.7455",
"user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)",
"timestamp":1537304975633,
"method":"GET",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981020",
"request_body_len":0,
"enrichments:geo:ip_dst_addr:city":"Strasbourg",
"enrichments:geo:ip_dst_addr:postalCode":"67100",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"uri":"/?34eaf8bd50d85d8c6baacb45f0a7b22e",
"tags":[
],
"ip_src_port":49193,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981033",
"status_msg":"OK",
"guid":"e01a64c4-d7aa-4763-a5f1-08058fd23211",
"enrichments:geo:ip_dst_addr:country":"FR",
"response_body_len":0
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"ed2bbe5d-860b-4117-aa85-49c7c06029e9",
"source":{
"enrichments:geo:ip_dst_addr:locID":"5308655",
"bro_timestamp":"1537304975.601971",
"status_code":404,
"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712",
"ip_dst_port":80,
"threatinteljoinbolt:joiner:ts":"1537304981035",
"enrichments:geo:ip_dst_addr:dmaCode":"753",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981019",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"adapter:geoadapter:begin:ts":"1537304981022",
"enrichments:geo:ip_dst_addr:latitude":"33.4499",
"uid":"Conlrz3quOfFxQTmne",
"resp_mime_types":[
"text/html"
],
"trans_depth":1,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981033",
"original_string":"HTTP | id.orig_p:49197 status_code:404 method:POST request_body_len:134 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?t=cdcnw7cfz43rmtg tags:[] uid:Conlrz3quOfFxQTmne resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FmqO3a4YSSwzXR3K89\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.601971 id.resp_h:204.152.254.221 resp_fuids:[\"FS2zkb1zoFMai4Wemh\"]",
"ip_dst_addr":"204.152.254.221",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"host":"runlove.us",
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"enrichments:geo:ip_dst_addr:longitude":"-112.0712",
"user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)",
"resp_fuids":[
"FS2zkb1zoFMai4Wemh"
],
"timestamp":1537304975601,
"method":"POST",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981020",
"request_body_len":134,
"enrichments:geo:ip_dst_addr:city":"Phoenix",
"enrichments:geo:ip_dst_addr:postalCode":"85004",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"orig_mime_types":[
"text/plain"
],
"uri":"/wp-content/themes/twentyfifteen/img5.php?t=cdcnw7cfz43rmtg",
"tags":[
],
"orig_fuids":[
"FmqO3a4YSSwzXR3K89"
],
"ip_src_port":49197,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981033",
"status_msg":"Not Found",
"guid":"ed2bbe5d-860b-4117-aa85-49c7c06029e9",
"enrichments:geo:ip_dst_addr:country":"US",
"response_body_len":357
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"6f59f7f3-4f79-4db4-ac3c-73ef7f750ae3",
"source":{
"enrichments:geo:ip_dst_addr:locID":"2973783",
"bro_timestamp":"1537304975.468395",
"status_code":200,
"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455",
"ip_dst_port":80,
"threatinteljoinbolt:joiner:ts":"1537304981035",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981019",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"adapter:geoadapter:begin:ts":"1537304981022",
"enrichments:geo:ip_dst_addr:latitude":"48.5839",
"uid":"CKC27s27NkdWd5dlzh",
"resp_mime_types":[
"application/x-dosexec"
],
"trans_depth":1,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981032",
"original_string":"HTTP | id.orig_p:49189 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b514ee6f0fe486009a6d83b035a4c0bd tags:[] uid:CKC27s27NkdWd5dlzh resp_mime_types:[\"application\\/x-dosexec\"] trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:221184 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.468395 id.resp_h:62.75.195.236 resp_fuids:[\"FwC0pj2qXLNlZWorPe\"]",
"ip_dst_addr":"62.75.195.236",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"host":"62.75.195.236",
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"enrichments:geo:ip_dst_addr:longitude":"7.7455",
"user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)",
"resp_fuids":[
"FwC0pj2qXLNlZWorPe"
],
"timestamp":1537304975468,
"method":"GET",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981019",
"request_body_len":0,
"enrichments:geo:ip_dst_addr:city":"Strasbourg",
"enrichments:geo:ip_dst_addr:postalCode":"67100",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"uri":"/?b514ee6f0fe486009a6d83b035a4c0bd",
"tags":[
],
"ip_src_port":49189,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981032",
"status_msg":"OK",
"guid":"6f59f7f3-4f79-4db4-ac3c-73ef7f750ae3",
"enrichments:geo:ip_dst_addr:country":"FR",
"response_body_len":221184
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"384c0885-1c6d-45b8-9ca4-caca0554af33",
"source":{
"enrichments:geo:ip_dst_addr:locID":"2973783",
"bro_timestamp":"1537304975.402485",
"status_code":200,
"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455",
"ip_dst_port":80,
"threatinteljoinbolt:joiner:ts":"1537304981035",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981019",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"adapter:geoadapter:begin:ts":"1537304981022",
"enrichments:geo:ip_dst_addr:latitude":"48.5839",
"uid":"CJVA893e60mcz43Jrj",
"trans_depth":1,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981032",
"original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CJVA893e60mcz43Jrj trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.402485 id.resp_h:62.75.195.236",
"ip_dst_addr":"62.75.195.236",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"host":"62.75.195.236",
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"enrichments:geo:ip_dst_addr:longitude":"7.7455",
"user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)",
"timestamp":1537304975402,
"method":"GET",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981019",
"request_body_len":0,
"enrichments:geo:ip_dst_addr:city":"Strasbourg",
"enrichments:geo:ip_dst_addr:postalCode":"67100",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"uri":"/?d71e0bd86db9587158745a986a4b3606",
"tags":[
],
"ip_src_port":49192,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981032",
"status_msg":"OK",
"guid":"384c0885-1c6d-45b8-9ca4-caca0554af33",
"enrichments:geo:ip_dst_addr:country":"FR",
"response_body_len":0
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"11cb6a2c-34b3-4e06-b641-779ca2ade6c6",
"source":{
"enrichments:geo:ip_dst_addr:locID":"2973783",
"bro_timestamp":"1537304975.26039",
"status_code":200,
"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455",
"ip_dst_port":80,
"threatinteljoinbolt:joiner:ts":"1537304981035",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981019",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"adapter:geoadapter:begin:ts":"1537304981022",
"enrichments:geo:ip_dst_addr:latitude":"48.5839",
"uid":"CGbTHj2sNiMLcUG4N4",
"resp_mime_types":[
"text/html"
],
"trans_depth":1,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981032",
"original_string":"HTTP | id.orig_p:49184 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?285a4d4e4e5a4d4d4649584c5d43064b4745 tags:[] uid:CGbTHj2sNiMLcUG4N4 resp_mime_types:[\"text\\/html\"] trans_depth:1 host:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:560 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.26039 id.resp_h:62.75.195.236 resp_fuids:[\"FG2Ous4y3FEVzkYyQ3\"]",
"ip_dst_addr":"62.75.195.236",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"host":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in",
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"enrichments:geo:ip_dst_addr:longitude":"7.7455",
"user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)",
"resp_fuids":[
"FG2Ous4y3FEVzkYyQ3"
],
"timestamp":1537304975260,
"method":"GET",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981019",
"request_body_len":0,
"enrichments:geo:ip_dst_addr:city":"Strasbourg",
"enrichments:geo:ip_dst_addr:postalCode":"67100",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"uri":"/?285a4d4e4e5a4d4d4649584c5d43064b4745",
"tags":[
],
"ip_src_port":49184,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981032",
"status_msg":"OK",
"guid":"11cb6a2c-34b3-4e06-b641-779ca2ade6c6",
"enrichments:geo:ip_dst_addr:country":"FR",
"response_body_len":560
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"fbc11406-a465-49ae-9ebd-d75c58011daf",
"source":{
"enrichments:geo:ip_dst_addr:locID":"5308655",
"bro_timestamp":"1537304975.099132",
"status_code":404,
"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712",
"ip_dst_port":80,
"threatinteljoinbolt:joiner:ts":"1537304981035",
"enrichments:geo:ip_dst_addr:dmaCode":"753",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304981019",
"enrichmentjoinbolt:joiner:ts":"1537304981027",
"adapter:geoadapter:begin:ts":"1537304981022",
"enrichments:geo:ip_dst_addr:latitude":"33.4499",
"uid":"CPeJAk1CO2C5jBOZ9",
"resp_mime_types":[
"text/html"
],
"trans_depth":1,
"protocol":"http",
"source:type":"bro",
"adapter:threatinteladapter:end:ts":"1537304981033",
"original_string":"HTTP | id.orig_p:49201 status_code:404 method:POST request_body_len:162 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?u=mfymi71rapdzk tags:[] uid:CPeJAk1CO2C5jBOZ9 resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FNicswKjTl9SXFSH1\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1537304975.099132 id.resp_h:204.152.254.221 resp_fuids:[\"FH8lVp3u9se5nLCWYf\"]",
"ip_dst_addr":"204.152.254.221",
"adapter:hostfromjsonlistadapter:end:ts":"1537304981022",
"host":"runlove.us",
"adapter:geoadapter:end:ts":"1537304981022",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537304981029",
"enrichments:geo:ip_dst_addr:longitude":"-112.0712",
"user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)",
"resp_fuids":[
"FH8lVp3u9se5nLCWYf"
],
"timestamp":1537304975099,
"method":"POST",
"enrichmentsplitterbolt:splitter:end:ts":"1537304981019",
"request_body_len":162,
"enrichments:geo:ip_dst_addr:city":"Phoenix",
"enrichments:geo:ip_dst_addr:postalCode":"85004",
"adapter:hostfromjsonlistadapter:begin:ts":"1537304981022",
"orig_mime_types":[
"text/plain"
],
"uri":"/wp-content/themes/twentyfifteen/img5.php?u=mfymi71rapdzk",
"tags":[
],
"orig_fuids":[
"FNicswKjTl9SXFSH1"
],
"ip_src_port":49201,
"threatintelsplitterbolt:splitter:begin:ts":"1537304981029",
"adapter:threatinteladapter:begin:ts":"1537304981032",
"status_msg":"Not Found",
"guid":"fbc11406-a465-49ae-9ebd-d75c58011daf",
"enrichments:geo:ip_dst_addr:country":"US",
"response_body_len":357
},
"score":1.0,
"index":"bro_index_2018.09.18.21"
},
{
"id":"c84db5f0-b8fd-4293-81e5-2d5a9e2e05aa",
"source":{
"msg":"'snort test alert'",
"enrichments:geo:ip_src_addr:longitude":"7.7455",
"dgmlen":"1407",
"enrichmentjoinbolt:joiner:ts":"1537304978823",
"adapter:geoadapter:begin:ts":"1537304978821",
"threat:triage:rules:0:name":null,
"tcpack":"0x9DFB1927",
"protocol":"TCP",
"adapter:threatinteladapter:end:ts":"1537304978829",
"original_string":"09/18/18-21:09:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,62.75.195.236,80,192.168.138.158,49189,00:00:00:00:00:00,00:00:00:00:00:00,0x58D,***AP***,0xF1BC1268,0x9DFB1927,,0xFAF0,128,0,1722,1407,130068,,,,",
"enrichments:geo:ip_src_addr:locID":"2973783",
"adapter:geoadapter:end:ts":"1537304978821",
"id":"1722",
"threat:triage:rules:0:score":10,
"enrichments:geo:ip_src_addr:location_point":"48.5839,7.7455",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537304978818",
"threat:triage:score":10.0,
"adapter:hostfromjsonlistadapter:begin:ts":"1537304978821",
"enrichments:geo:ip_src_addr:postalCode":"67100",
"ethlen":"0x58D",
"adapter:threatinteladapter:begin:ts":"1537304978829",
"tcpflags":"***AP***",
"guid":"c84db5f0-b8fd-4293-81e5-2d5a9e2e05aa",
"sig_rev":"0",
"ip_dst_port":"49189",
"threatinteljoinbolt:joiner:ts":"1537304978831",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xF1BC1268",
"enrichmentsplitterbolt:splitter:begin:ts":"1537304978818",
"tcpwindow":"0xFAF0",
"source:type":"snort",
"ip_dst_addr":"192.168.138.158",
"adapter:hostfromjsonlistadapter:end:ts":"1537304978821",
"tos":"0",
"enrichments:geo:ip_src_addr:latitude":"48.5839",
"ip_src_addr":"62.75.195.236",
"threatintelsplitterbolt:splitter:end:ts":"1537304978826",
"timestamp":1537304974000,
"ethdst":"00:00:00:00:00:00",
"is_alert":"true",
"enrichments:geo:ip_src_addr:country":"FR",
"ttl":"128",
"iplen":"130068",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537304978826",
"sig_id":"999158",
"sig_generator":"1",
"enrichments:geo:ip_src_addr:city":"Strasbourg"
},
"score":1.0,
"index":"snort_index_2018.09.18.21"
},
{
"id":"ba50bc6e-b1da-4275-ab1e-006d1b44711f",
"source":{
"msg":"'snort test alert'",
"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641",
"dgmlen":"436",
"enrichmentjoinbolt:joiner:ts":"1537449087990",
"adapter:geoadapter:begin:ts":"1537449087985",
"threat:triage:rules:0:name":null,
"tcpack":"0xE263A146",
"protocol":"TCP",
"adapter:threatinteladapter:end:ts":"1537449088001",
"original_string":"09/18/18-21:09:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.138.158,49198,72.34.49.86,80,00:00:00:00:00:00,00:00:00:00:00:00,0x1C2,***AP***,0x24718A4B,0xE263A146,,0xFAF0,128,0,2451,436,184324,,,,",
"adapter:geoadapter:end:ts":"1537449087985",
"id":"2451",
"threat:triage:rules:0:score":10,
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537449087976",
"threat:triage:score":10.0,
"enrichments:geo:ip_dst_addr:city":"Los Angeles",
"adapter:hostfromjsonlistadapter:begin:ts":"1537449087980",
"ethlen":"0x1C2",
"adapter:threatinteladapter:begin:ts":"1537449088001",
"tcpflags":"***AP***",
"guid":"ba50bc6e-b1da-4275-ab1e-006d1b44711f",
"enrichments:geo:ip_dst_addr:country":"US",
"enrichments:geo:ip_dst_addr:locID":"5368361",
"enrichments:geo:ip_dst_addr:dmaCode":"803",
"sig_rev":"0",
"ip_dst_port":"80",
"threatinteljoinbolt:joiner:ts":"1537449088004",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0x24718A4B",
"enrichmentsplitterbolt:splitter:begin:ts":"1537449087976",
"tcpwindow":"0xFAF0",
"enrichments:geo:ip_dst_addr:latitude":"34.0494",
"source:type":"snort",
"ip_dst_addr":"72.34.49.86",
"adapter:hostfromjsonlistadapter:end:ts":"1537449087980",
"tos":"0",
"ip_src_addr":"192.168.138.158",
"threatintelsplitterbolt:splitter:end:ts":"1537449087995",
"enrichments:geo:ip_dst_addr:longitude":"-118.2641",
"timestamp":1537304974000,
"ethdst":"00:00:00:00:00:00",
"enrichments:geo:ip_dst_addr:postalCode":"90014",
"is_alert":"true",
"ttl":"128",
"iplen":"184324",
"ip_src_port":"49198",
"threatintelsplitterbolt:splitter:begin:ts":"1537449087995",
"sig_id":"999158",
"sig_generator":"1"
},
"score":1.0,
"index":"snort_index_2018.09.20.13"
},
{
"id":"34aa9e7a-1643-4e33-831d-061364080490",
"source":{
"msg":"'snort test alert'",
"sig_rev":"0",
"ip_dst_port":"8080",
"threatinteljoinbolt:joiner:ts":"1537449088008",
"ethsrc":"0A:00:27:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xF7B16C0",
"dgmlen":"52",
"enrichmentsplitterbolt:splitter:begin:ts":"1537449087978",
"enrichmentjoinbolt:joiner:ts":"1537449087993",
"adapter:geoadapter:begin:ts":"1537449087985",
"tcpwindow":"0xFF8",
"threat:triage:rules:0:name":null,
"tcpack":"0x7784A578",
"protocol":"TCP",
"source:type":"snort",
"adapter:threatinteladapter:end:ts":"1537449088001",
"ip_dst_addr":"192.168.66.121",
"original_string":"09/18/18-21:09:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,192.168.66.1,50451,192.168.66.121,8080,0A:00:27:00:00:00,08:00:27:E8:B0:7A,0x42,***A****,0xF7B16C0,0x7784A578,,0xFF8,64,0,17011,52,53248,,,,",
"adapter:hostfromjsonlistadapter:end:ts":"1537449087984",
"tos":"0",
"adapter:geoadapter:end:ts":"1537449087985",
"id":"17011",
"ip_src_addr":"192.168.66.1",
"threatintelsplitterbolt:splitter:end:ts":"1537449087995",
"threat:triage:rules:0:score":10,
"timestamp":1537304974000,
"ethdst":"08:00:27:E8:B0:7A",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537449087979",
"threat:triage:score":10.0,
"is_alert":"true",
"adapter:hostfromjsonlistadapter:begin:ts":"1537449087984",
"ttl":"64",
"ethlen":"0x42",
"iplen":"53248",
"ip_src_port":"50451",
"threatintelsplitterbolt:splitter:begin:ts":"1537449087995",
"adapter:threatinteladapter:begin:ts":"1537449088001",
"tcpflags":"***A****",
"guid":"34aa9e7a-1643-4e33-831d-061364080490",
"sig_id":"999158",
"sig_generator":"1"
},
"score":1.0,
"index":"snort_index_2018.09.20.13"
},
{
"id":"336bf8b7-f714-463a-a6f7-c106347df78b",
"source":{
"msg":"'snort test alert'",
"enrichments:geo:ip_src_addr:longitude":"-118.2641",
"dgmlen":"40",
"enrichmentjoinbolt:joiner:ts":"1537449087994",
"enrichments:geo:ip_src_addr:dmaCode":"803",
"adapter:geoadapter:begin:ts":"1537449087990",
"threat:triage:rules:0:name":null,
"tcpack":"0x24718C5E",
"protocol":"TCP",
"adapter:threatinteladapter:end:ts":"1537449088001",
"original_string":"09/18/18-21:09:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,72.34.49.86,80,192.168.138.158,49198,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xE263A234,0x24718C5E,,0xFAEF,128,0,1923,40,40960,,,,",
"enrichments:geo:ip_src_addr:locID":"5368361",
"adapter:geoadapter:end:ts":"1537449087990",
"id":"1923",
"threat:triage:rules:0:score":10,
"enrichments:geo:ip_src_addr:location_point":"34.0494,-118.2641",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537449087985",
"threat:triage:score":10.0,
"adapter:hostfromjsonlistadapter:begin:ts":"1537449087989",
"enrichments:geo:ip_src_addr:postalCode":"90014",
"ethlen":"0x3C",
"adapter:threatinteladapter:begin:ts":"1537449088001",
"tcpflags":"***A****",
"guid":"336bf8b7-f714-463a-a6f7-c106347df78b",
"sig_rev":"0",
"ip_dst_port":"49198",
"threatinteljoinbolt:joiner:ts":"1537449088009",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0xE263A234",
"enrichmentsplitterbolt:splitter:begin:ts":"1537449087985",
"tcpwindow":"0xFAEF",
"source:type":"snort",
"ip_dst_addr":"192.168.138.158",
"adapter:hostfromjsonlistadapter:end:ts":"1537449087989",
"tos":"0",
"enrichments:geo:ip_src_addr:latitude":"34.0494",
"ip_src_addr":"72.34.49.86",
"threatintelsplitterbolt:splitter:end:ts":"1537449087996",
"timestamp":1537304974000,
"ethdst":"00:00:00:00:00:00",
"is_alert":"true",
"enrichments:geo:ip_src_addr:country":"US",
"ttl":"128",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537449087996",
"sig_id":"999158",
"sig_generator":"1",
"enrichments:geo:ip_src_addr:city":"Los Angeles"
},
"score":1.0,
"index":"snort_index_2018.09.20.13"
},
{
"id":"d8875d2a-f911-40b3-825d-33fa66f9c258",
"source":{
"msg":"'snort test alert'",
"enrichments:geo:ip_src_addr:longitude":"38.4467",
"dgmlen":"40",
"enrichmentjoinbolt:joiner:ts":"1537449087997",
"adapter:geoadapter:begin:ts":"1537449087993",
"threat:triage:rules:0:name":null,
"tcpack":"0x63626C24",
"protocol":"TCP",
"adapter:threatinteladapter:end:ts":"1537449088004",
"original_string":"09/18/18-21:09:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,95.163.121.204,80,192.168.138.158,49210,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0x9B7A5688,0x63626C24,,0xFAF0,128,0,2013,40,40960,,,,",
"enrichments:geo:ip_src_addr:locID":"563523",
"adapter:geoadapter:end:ts":"1537449087993",
"id":"2013",
"threat:triage:rules:0:score":10,
"enrichments:geo:ip_src_addr:location_point":"55.7896,38.4467",
"threat:triage:rules:0:reason":null,
"enrichmentsplitterbolt:splitter:end:ts":"1537449087991",
"threat:triage:score":10.0,
"adapter:hostfromjsonlistadapter:begin:ts":"1537449087994",
"enrichments:geo:ip_src_addr:postalCode":"144009",
"ethlen":"0x3C",
"adapter:threatinteladapter:begin:ts":"1537449088004",
"tcpflags":"***A****",
"guid":"d8875d2a-f911-40b3-825d-33fa66f9c258",
"sig_rev":"0",
"ip_dst_port":"49210",
"threatinteljoinbolt:joiner:ts":"1537449088028",
"ethsrc":"00:00:00:00:00:00",
"threat:triage:rules:0:comment":null,
"tcpseq":"0x9B7A5688",
"enrichmentsplitterbolt:splitter:begin:ts":"1537449087991",
"tcpwindow":"0xFAF0",
"source:type":"snort",
"ip_dst_addr":"192.168.138.158",
"adapter:hostfromjsonlistadapter:end:ts":"1537449087994",
"tos":"0",
"enrichments:geo:ip_src_addr:latitude":"55.7896",
"ip_src_addr":"95.163.121.204",
"threatintelsplitterbolt:splitter:end:ts":"1537449088000",
"timestamp":1537304974000,
"ethdst":"00:00:00:00:00:00",
"is_alert":"true",
"enrichments:geo:ip_src_addr:country":"RU",
"ttl":"128",
"iplen":"40960",
"ip_src_port":"80",
"threatintelsplitterbolt:splitter:begin:ts":"1537449088000",
"sig_id":"999158",
"sig_generator":"1",
"enrichments:geo:ip_src_addr:city":"Elektrostal"
},
"score":1.0,
"index":"snort_index_2018.09.20.13"
}
],
"facetCounts":{
"source:type":{
"metaalert":1,
"bro":52319,
"snort":52273
},
"ip_dst_addr":{
"95.163.121.204":15832,
"72.34.49.86":5079,
"192.168.138.158":17989,
"188.165.164.184":995,
"192.168.138.2":6396,
"192.168.66.1":4226,
"62.75.195.236":15813,
"224.0.0.251":4979,
"192.168.66.121":28822,
"204.152.254.221":4461
},
"enrichments:geo:ip_dst_addr:country":{
"RU":15832,
"FR":16808,
"US":9540
},
"ip_src_addr":{
"95.163.121.204":2106,
"72.34.49.86":2284,
"192.168.138.158":48576,
"192.168.138.2":118,
"192.168.66.1":33801,
"62.75.195.236":12552,
"192.168.66.121":4226,
"204.152.254.221":929
}
}
}