| {"create": { "_id": "dcda4423-75f1-8e14-c567-080962fafc47"}} |
| {"threat:triage:score":10,"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325572512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574783","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568547","enrichmentjoinbolt:joiner:ts":"1492671574101","adapter:geoadapter:begin:ts":"1492671572509","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CD23C83kXKw966hJtc","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574780","original_string":"HTTP | id.orig_p:49200 status_code:200 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42 tags:[] uid:CD23C83kXKw966hJtc resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FS7RhoA94CA7tXRH3\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:996 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671501.0 id.resp_h:72.34.49.86 resp_fuids:[\"F3FAZQ2jVEyeqyiQB7\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671573840","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574109","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3FAZQ2jVEyeqyiQB7"],"timestamp":1505325572512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568555","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671568737","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FS7RhoA94CA7tXRH3"],"ip_src_port":49200,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574115","status_msg":"OK","guid":"dcda4423-75f1-8e14-c567-080962fafc47","enrichments:geo:ip_dst_addr:country":"US","response_body_len":996} |
| {"create": { "_id": "350c0e9f-a9db-e100-871f-833cbe5b29d2"}} |
| {"threat:triage:score":9,"bro_timestamp":1505325573512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574785","enrichmentsplitterbolt:splitter:begin:ts":"1492671568556","enrichmentjoinbolt:joiner:ts":"1492671574102","adapter:geoadapter:begin:ts":"1492671573840","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cbhgaw1IVL6NGqHpn2","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574782","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/de.png tags:[] uid:Cbhgaw1IVL6NGqHpn2 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671501.0 id.resp_h:95.163.121.204 resp_fuids:[\"F4cZLM1Rfj48wYg1Pb\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574044","ip_src_addr":"192.168.138.159","threatintelsplitterbolt:splitter:end:ts":"1492671574109","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F4cZLM1Rfj48wYg1Pb"],"timestamp":1505325573512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568556","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/img/flags/de.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49209,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574780","status_msg":"OK","guid":"350c0e9f-a9db-e100-871f-833cbe5b29d2","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":534} |
| {"create": { "_id": "b6fff6b7-9b5f-fe43-986f-dfe99d6b78e0"}} |
| {"threat:triage:score":8,"bro_timestamp":1505325574512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568556","enrichmentjoinbolt:joiner:ts":"1492671574102","adapter:geoadapter:begin:ts":"1492671574045","uid":"CUrRne3iLIxXavQtci","trans_depth":100,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:100 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574109","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325574512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574109","adapter:threatinteladapter:begin:ts":"1492671574782","guid":"b6fff6b7-9b5f-fe43-986f-dfe99d6b78e0","response_body_len":0} |
| {"create": { "_id": "acf5a641-9cdb-d7ec-c309-6ea316e14fbe"}} |
| {"threat:triage:score":7,"bro_timestamp":1505325575512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574804","enrichmentsplitterbolt:splitter:begin:ts":"1492671568557","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","uid":"CUrRne3iLIxXavQtci","trans_depth":201,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:201 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574110","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325575512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","guid":"acf5a641-9cdb-d7ec-c309-6ea316e14fbe","response_body_len":0} |
| {"create": { "_id": "32ac21dc-2d63-922a-859e-7b885d338edb"}} |
| {"threat:triage:score":2,"bro_timestamp":1505325576512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574804","enrichmentsplitterbolt:splitter:begin:ts":"1492671568557","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","uid":"CUrRne3iLIxXavQtci","trans_depth":54,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574801","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168537303 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:54 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671501.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568750","host":"node1","adapter:geoadapter:end:ts":"1492671574046","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574110","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325576512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568557","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168537303","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","guid":"32ac21dc-2d63-922a-859e-7b885d338edb","response_body_len":0} |
| {"create": { "_id": "07b29c29-9ab0-37dd-31d3-08ff19eaa888"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325577512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574805","enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574105","adapter:geoadapter:begin:ts":"1492671574046","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CzXaqT1OEPg60SoJ31","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574802","original_string":"HTTP | id.orig_p:49196 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?51424ddd486ff06861fceed24e86b329 tags:[] uid:CzXaqT1OEPg60SoJ31 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671501.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574047","ip_src_addr":"192.168.138.160","threatintelsplitterbolt:splitter:end:ts":"1492671574110","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325577512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568558","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568750","uri":"/?51424ddd486ff06861fceed24e86b329","tags":[],"ip_src_port":49196,"threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574801","status_msg":"OK","guid":"07b29c29-9ab0-37dd-31d3-08ff19eaa888","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "04a9e4c4-606d-0253-20b4-6e714603c2f2"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325578512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671574806","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574109","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671574047","uid":"CWHzfi498ODM7YJg6b","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574804","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CWHzfi498ODM7YJg6b RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671501.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574110","qclass":1,"timestamp":1505325578512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568558","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574110","adapter:threatinteladapter:begin:ts":"1492671574802","guid":"04a9e4c4-606d-0253-20b4-6e714603c2f2"} |
| {"create": { "_id": "82f8046d-de35-8e8f-3081-bc03b17480dd"}} |
| {"qclass_name":"qclass-32769","bro_timestamp":1505325579512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574807","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568558","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"CgtMqC3lAinR22Xi6c","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:qclass-32769 id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CgtMqC3lAinR22Xi6c RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:32769 ts:1492671501.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.65.1","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qclass":32769,"timestamp":1505325579512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568558","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574804","guid":"82f8046d-de35-8e8f-3081-bc03b17480dd"} |
| {"create": { "_id": "5c1825f6-75a4-4d5c-9961-f9da3abe3aec"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325580512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574809","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568559","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"CEuiK04pVuL2Su5Rqg","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CEuiK04pVuL2Su5Rqg RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671501.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.66.0","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qclass":1,"timestamp":1505325580512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568559","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574806","guid":"5c1825f6-75a4-4d5c-9961-f9da3abe3aec"} |
| {"create": { "_id": "9041285e-94a4-cd90-51f6-4da04a885b53"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325581512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574809","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568559","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574048","uid":"ChMDrL20pLP4UzCncj","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574806","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:ChMDrL20pLP4UzCncj RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671507.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574048","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qclass":1,"timestamp":1505325581512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568559","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574806","guid":"9041285e-94a4-cd90-51f6-4da04a885b53"} |
| {"create": { "_id": "9a969c64-b82c-f2c9-7178-cc001cb011a3"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325582512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574810","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671568561","enrichmentjoinbolt:joiner:ts":"1492671574111","adapter:geoadapter:begin:ts":"1492671574048","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"CdUJwG2Df90m0Y7OSi","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49199 status_code:404 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42 tags:[] uid:CdUJwG2Df90m0Y7OSi resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"Fh9CoH303MQ3vTRjB\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671507.0 id.resp_h:204.152.254.221 resp_fuids:[\"F9iisA25ZMf02F0vS5\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","host":"runlove.us","adapter:geoadapter:end:ts":"1492671574049","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574119","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F9iisA25ZMf02F0vS5"],"timestamp":1505325582512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568561","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["Fh9CoH303MQ3vTRjB"],"ip_src_port":49199,"threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574806","status_msg":"Not Found","guid":"9a969c64-b82c-f2c9-7178-cc001cb011a3","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "e50bb873-94b8-e854-2e67-1ee7b77ac927"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325583512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671574810","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568561","enrichmentjoinbolt:joiner:ts":"1492671574111","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671574049","uid":"CTpa5V317MTyEHxIjf","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CTpa5V317MTyEHxIjf RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671507.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574049","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574119","qclass":1,"timestamp":1505325583512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568561","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574119","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"e50bb873-94b8-e854-2e67-1ee7b77ac927"} |
| {"create": { "_id": "78d8a1bc-de5e-ae2f-e6fd-7118c7316235"}} |
| {"bro_timestamp":1505325584512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574810","enrichmentsplitterbolt:splitter:begin:ts":"1492671568561","enrichmentjoinbolt:joiner:ts":"1492671574115","adapter:geoadapter:begin:ts":"1492671574049","uid":"CUrRne3iLIxXavQtci","trans_depth":97,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters?fields=Clusters/provisioning_state&_=1484168694108 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:97 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671507.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","host":"node1","adapter:geoadapter:end:ts":"1492671574049","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574120","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325584512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568561","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","uri":"/api/v1/clusters?fields=Clusters/provisioning_state&_=1484168694108","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574120","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"78d8a1bc-de5e-ae2f-e6fd-7118c7316235","response_body_len":0} |
| {"create": { "_id": "e71004c5-ea05-020b-dc85-5bc310de7643"}} |
| {"TTLs":[13888],"qclass_name":"C_INTERNET","bro_timestamp":1505325585512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671574810","qtype":1,"rejected":false,"answers":["72.34.49.86"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568566","enrichmentjoinbolt:joiner:ts":"1492671574116","trans_id":41589,"adapter:geoadapter:begin:ts":"1492671574049","uid":"CE6YSn3vJULMx9hAJk","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"DNS | AA:false TTLs:[13888.0] qclass_name:C_INTERNET id.orig_p:56753 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:comarksecurity.com answers:[\"72.34.49.86\"] trans_id:41589 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CE6YSn3vJULMx9hAJk RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671507.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","Z":0,"adapter:geoadapter:end:ts":"1492671574049","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574120","qclass":1,"timestamp":1505325585512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568566","query":"comarksecurity.com","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":56753,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574120","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"e71004c5-ea05-020b-dc85-5bc310de7643"} |
| {"create": { "_id": "7cd91565-132f-3340-db76-3ade5be54a6e"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325586512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574810","enrichmentsplitterbolt:splitter:begin:ts":"1492671568566","enrichmentjoinbolt:joiner:ts":"1492671574116","adapter:geoadapter:begin:ts":"1492671574049","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CnsJ3j4qkyHcpNUuZa","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49196 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?51424ddd486ff06861fceed24e86b329 tags:[] uid:CnsJ3j4qkyHcpNUuZa trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671507.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568751","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574049","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574121","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325586512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568571","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568751","uri":"/?51424ddd486ff06861fceed24e86b329","tags":[],"ip_src_port":49196,"threatintelsplitterbolt:splitter:begin:ts":"1492671574120","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"7cd91565-132f-3340-db76-3ade5be54a6e","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "3df1ef3e-93b8-c678-3067-64e5d40ed54a"}} |
| {"bro_timestamp":1505325587512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574811","enrichmentsplitterbolt:splitter:begin:ts":"1492671568586","enrichmentjoinbolt:joiner:ts":"1492671574116","adapter:geoadapter:begin:ts":"1492671574049","uid":"CUrRne3iLIxXavQtci","trans_depth":41,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168502465 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:41 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671507.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568779","host":"node1","adapter:geoadapter:end:ts":"1492671574049","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574121","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325587512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568586","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568779","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168502465","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574121","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"3df1ef3e-93b8-c678-3067-64e5d40ed54a","response_body_len":0} |
| {"create": { "_id": "9b47e24a-e943-9f28-cd2f-002ca6627943"}} |
| {"bro_timestamp":1505325588512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574811","enrichmentsplitterbolt:splitter:begin:ts":"1492671568586","enrichmentjoinbolt:joiner:ts":"1492671574117","adapter:geoadapter:begin:ts":"1492671574050","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsUjA541poEzvhMfuf","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/11iQmfg tags:[] uid:CsUjA541poEzvhMfuf resp_mime_types:[\"text\\/html\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:3289 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671507.0 id.resp_h:95.163.121.204 resp_fuids:[\"FOov1rV6rL28n8qy1\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568779","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574121","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FOov1rV6rL28n8qy1"],"timestamp":1505325588512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568586","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568779","uri":"/11iQmfg","tags":[],"ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574121","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"9b47e24a-e943-9f28-cd2f-002ca6627943","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":3289} |
| {"create": { "_id": "f84466fa-f4fe-b38f-2cfe-cac4216ced72"}} |
| {"bro_timestamp":1505325589512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574811","enrichmentsplitterbolt:splitter:begin:ts":"1492671568586","enrichmentjoinbolt:joiner:ts":"1492671574117","adapter:geoadapter:begin:ts":"1492671574050","uid":"CUrRne3iLIxXavQtci","trans_depth":211,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/persist/wizard-data?_=1484169260964 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:211 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671507.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568779","host":"node1","adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574121","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325589512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568587","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568779","uri":"/api/v1/persist/wizard-data?_=1484169260964","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574121","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"f84466fa-f4fe-b38f-2cfe-cac4216ced72","response_body_len":0} |
| {"create": { "_id": "5316f324-fd96-2d5c-43ea-4d20ebcfb025"}} |
| {"TTLs":[13888],"qclass_name":"C_INTERNET","bro_timestamp":1505325590512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671574811","qtype":1,"rejected":false,"answers":["72.34.49.86"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568587","enrichmentjoinbolt:joiner:ts":"1492671574118","trans_id":41589,"adapter:geoadapter:begin:ts":"1492671574050","uid":"COWVWoXxyrLnj1cX7","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"DNS | AA:false TTLs:[13888.0] qclass_name:C_INTERNET id.orig_p:56753 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:comarksecurity.com answers:[\"72.34.49.86\"] trans_id:41589 rcode:0 rcode_name:NOERROR TC:false RA:true uid:COWVWoXxyrLnj1cX7 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671514.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568779","Z":0,"adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574121","qclass":1,"timestamp":1505325590512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568587","query":"comarksecurity.com","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568779","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":56753,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574121","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"5316f324-fd96-2d5c-43ea-4d20ebcfb025"} |
| {"create": { "_id": "4cac5e2c-3fcf-0628-494e-b23deb1ebcc6"}} |
| {"bro_timestamp":1505325591512,"status_code":304,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574811","enrichmentsplitterbolt:splitter:begin:ts":"1492671568587","enrichmentjoinbolt:joiner:ts":"1492671574118","adapter:geoadapter:begin:ts":"1492671574050","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CXVtpNU35nZ84YA8","trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49206 status_code:304 method:GET request_body_len:0 id.resp_p:80 uri:/img/style.css tags:[] uid:CXVtpNU35nZ84YA8 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:Not Modified id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671514.0 id.resp_h:95.163.121.204","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568779","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574121","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325591512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568587","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568779","uri":"/img/style.css","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49206,"threatintelsplitterbolt:splitter:begin:ts":"1492671574121","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"Not Modified","guid":"4cac5e2c-3fcf-0628-494e-b23deb1ebcc6","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":0} |
| {"create": { "_id": "71df116d-9985-348a-3b9c-bbe60f1c563e"}} |
| {"bro_timestamp":1505325592512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574811","enrichmentsplitterbolt:splitter:begin:ts":"1492671568588","enrichmentjoinbolt:joiner:ts":"1492671574118","adapter:geoadapter:begin:ts":"1492671574050","uid":"CUrRne3iLIxXavQtci","trans_depth":266,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169506956 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:266 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671514.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568779","host":"node1","adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574121","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325592512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568588","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568779","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169506956","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574121","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"71df116d-9985-348a-3b9c-bbe60f1c563e","response_body_len":0} |
| {"create": { "_id": "a651f7c3-1c6e-1260-44bf-7da97d4966c9"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325593512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574811","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671568588","enrichmentjoinbolt:joiner:ts":"1492671574118","adapter:geoadapter:begin:ts":"1492671574050","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"CY9lhK2A2rSE61rvWi","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49197 status_code:404 method:POST request_body_len:134 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?t=cdcnw7cfz43rmtg tags:[] uid:CY9lhK2A2rSE61rvWi resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"Fpnco91sWiQHlMIGQ4\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671514.0 id.resp_h:204.152.254.221 resp_fuids:[\"FiKhLp4qrWGvpiYadj\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671568779","host":"runlove.us","adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574121","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FiKhLp4qrWGvpiYadj"],"timestamp":1505325593512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568588","request_body_len":134,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671568779","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?t=cdcnw7cfz43rmtg","tags":[],"orig_fuids":["Fpnco91sWiQHlMIGQ4"],"ip_src_port":49197,"threatintelsplitterbolt:splitter:begin:ts":"1492671574121","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"Not Found","guid":"a651f7c3-1c6e-1260-44bf-7da97d4966c9","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "eb54c3fa-c1d9-d27b-998b-e6e02719c3b0"}} |
| {"bro_timestamp":1505325594512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574811","enrichmentsplitterbolt:splitter:begin:ts":"1492671568588","enrichmentjoinbolt:joiner:ts":"1492671574118","adapter:geoadapter:begin:ts":"1492671574050","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CrRM6qLedsBZ3P0d8","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CrRM6qLedsBZ3P0d8 resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671514.0 id.resp_h:95.163.121.204 resp_fuids:[\"FlDlsY39iNQUeDK2Dj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568779","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574121","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FlDlsY39iNQUeDK2Dj"],"timestamp":1505325594512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568588","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568779","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574121","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"eb54c3fa-c1d9-d27b-998b-e6e02719c3b0","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} |
| {"create": { "_id": "a67719ca-9367-599e-7306-139a0af82a22"}} |
| {"bro_timestamp":1505325595512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574811","enrichmentsplitterbolt:splitter:begin:ts":"1492671568589","enrichmentjoinbolt:joiner:ts":"1492671574118","adapter:geoadapter:begin:ts":"1492671574050","uid":"CUrRne3iLIxXavQtci","trans_depth":72,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/persist/wizard-data?_=1484168577645 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:72 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671514.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568779","host":"node1","adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574121","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325595512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568589","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568779","uri":"/api/v1/persist/wizard-data?_=1484168577645","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574121","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"a67719ca-9367-599e-7306-139a0af82a22","response_body_len":0} |
| {"create": { "_id": "ed906df7-27d4-484d-ec74-3a91cc54c2f3"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325596512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574811","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568589","enrichmentjoinbolt:joiner:ts":"1492671574120","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574050","uid":"CoifzG3AcwlRprsVWd","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CoifzG3AcwlRprsVWd RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671514.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568779","Z":0,"adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574122","qclass":1,"timestamp":1505325596512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568589","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568779","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574122","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"ed906df7-27d4-484d-ec74-3a91cc54c2f3"} |
| {"create": { "_id": "cace11d0-cd0a-dccb-d8d8-18b1bd7b9499"}} |
| {"bro_timestamp":1505325597512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574811","enrichmentsplitterbolt:splitter:begin:ts":"1492671568589","enrichmentjoinbolt:joiner:ts":"1492671574122","adapter:geoadapter:begin:ts":"1492671574050","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cm8nbh1mEqDSWqLB61","resp_mime_types":["image/png"],"trans_depth":3,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/button_pay.png tags:[] uid:Cm8nbh1mEqDSWqLB61 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:727 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671514.0 id.resp_h:95.163.121.204 resp_fuids:[\"F4UU9y2L5THk5eQzNl\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574127","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F4UU9y2L5THk5eQzNl"],"timestamp":1505325597512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568598","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","uri":"/img/button_pay.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49210,"threatintelsplitterbolt:splitter:begin:ts":"1492671574127","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"cace11d0-cd0a-dccb-d8d8-18b1bd7b9499","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":727} |
| {"create": { "_id": "219cb2a5-08cf-5953-d776-c483b4a65cfb"}} |
| {"bro_timestamp":1505325598512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574811","enrichmentsplitterbolt:splitter:begin:ts":"1492671568598","enrichmentjoinbolt:joiner:ts":"1492671574123","adapter:geoadapter:begin:ts":"1492671574050","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cdg2Cf1BnvStDcNm44","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:Cdg2Cf1BnvStDcNm44 resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671514.0 id.resp_h:95.163.121.204 resp_fuids:[\"F0ASzM1opxGAKE6oMe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574128","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F0ASzM1opxGAKE6oMe"],"timestamp":1505325598512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568599","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574128","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"219cb2a5-08cf-5953-d776-c483b4a65cfb","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} |
| {"create": { "_id": "66278ca7-da60-a592-1d07-d376a4b50cc2"}} |
| {"bro_timestamp":1505325599512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574812","enrichmentsplitterbolt:splitter:begin:ts":"1492671568599","enrichmentjoinbolt:joiner:ts":"1492671574123","adapter:geoadapter:begin:ts":"1492671574050","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CFP2Yy2RG2OaIaUyXj","resp_mime_types":["text/html"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49209 status_code:200 method:POST request_body_len:14 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/11iQmfg tags:[] uid:CFP2Yy2RG2OaIaUyXj referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"text\\/html\"] trans_depth:2 orig_fuids:[\"F6gXkl3UhcrQFYuUJf\"] host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14641 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671514.0 id.resp_h:95.163.121.204 resp_fuids:[\"FBkU002WomFd5HE3d6\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574050","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574128","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FBkU002WomFd5HE3d6"],"timestamp":1505325599512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568599","request_body_len":14,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","orig_mime_types":["text/plain"],"uri":"/11iQmfg","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","orig_fuids":["F6gXkl3UhcrQFYuUJf"],"ip_src_port":49209,"threatintelsplitterbolt:splitter:begin:ts":"1492671574128","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"66278ca7-da60-a592-1d07-d376a4b50cc2","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":14641} |
| {"create": { "_id": "691dd7e0-5268-43b6-45e9-e8c06d0bbc4c"}} |
| {"bro_timestamp":1505325600512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574812","enrichmentsplitterbolt:splitter:begin:ts":"1492671568599","enrichmentjoinbolt:joiner:ts":"1492671574123","adapter:geoadapter:begin:ts":"1492671574051","uid":"CUrRne3iLIxXavQtci","trans_depth":197,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169211634 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:197 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671521.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"node1","adapter:geoadapter:end:ts":"1492671574051","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574128","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325600512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568602","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169211634","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574128","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"691dd7e0-5268-43b6-45e9-e8c06d0bbc4c","response_body_len":0} |
| {"create": { "_id": "b39dc3ac-dadc-702e-ecff-977d38d77e77"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325601512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671574812","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568603","enrichmentjoinbolt:joiner:ts":"1492671574128","trans_id":62139,"adapter:geoadapter:begin:ts":"1492671574051","uid":"CdZ0AH1QBmDVfSSbR1","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:50683 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:62139 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CdZ0AH1QBmDVfSSbR1 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671521.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","Z":0,"adapter:geoadapter:end:ts":"1492671574051","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574130","qclass":1,"timestamp":1505325601512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568603","query":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":50683,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574130","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"b39dc3ac-dadc-702e-ecff-977d38d77e77"} |
| {"create": { "_id": "afc36901-36b6-845e-6d3c-99d931231ab2"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325602512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574812","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671568615","enrichmentjoinbolt:joiner:ts":"1492671574128","adapter:geoadapter:begin:ts":"1492671574051","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"CXHN1k3JfGhpbuyb5j","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49201 status_code:404 method:POST request_body_len:162 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?u=mfymi71rapdzk tags:[] uid:CXHN1k3JfGhpbuyb5j resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FbYFa74InGlqw9Ruy7\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671521.0 id.resp_h:204.152.254.221 resp_fuids:[\"F7xVXgXCuqJOzIPo4\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"runlove.us","adapter:geoadapter:end:ts":"1492671574051","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574130","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F7xVXgXCuqJOzIPo4"],"timestamp":1505325602512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568616","request_body_len":162,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?u=mfymi71rapdzk","tags":[],"orig_fuids":["FbYFa74InGlqw9Ruy7"],"ip_src_port":49201,"threatintelsplitterbolt:splitter:begin:ts":"1492671574130","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"Not Found","guid":"afc36901-36b6-845e-6d3c-99d931231ab2","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "db56b831-e980-b4fb-8894-b99964c1a624"}} |
| {"bro_timestamp":1505325603512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574812","enrichmentsplitterbolt:splitter:begin:ts":"1492671568616","enrichmentjoinbolt:joiner:ts":"1492671574128","adapter:geoadapter:begin:ts":"1492671574051","uid":"CUrRne3iLIxXavQtci","trans_depth":122,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168786092 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:122 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671521.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"node1","adapter:geoadapter:end:ts":"1492671574051","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574130","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325603512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568616","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168786092","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574130","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"db56b831-e980-b4fb-8894-b99964c1a624","response_body_len":0} |
| {"create": { "_id": "cbae0f03-8fd8-e0ba-7374-2ef56f402108"}} |
| {"bro_timestamp":1505325604512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574812","enrichmentsplitterbolt:splitter:begin:ts":"1492671568616","enrichmentjoinbolt:joiner:ts":"1492671574128","adapter:geoadapter:begin:ts":"1492671574051","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsHRi01CuOHO3HUHWa","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49208 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/picture.php?k=11iqmfg&b7f2a994c3eaaf014608b272c46cf764 tags:[] uid:CsHRi01CuOHO3HUHWa referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:1823 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671521.0 id.resp_h:95.163.121.204 resp_fuids:[\"FYBfM7ON3Ts49il0b\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574051","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574130","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FYBfM7ON3Ts49il0b"],"timestamp":1505325604512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568616","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","uri":"/picture.php?k=11iqmfg&b7f2a994c3eaaf014608b272c46cf764","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49208,"threatintelsplitterbolt:splitter:begin:ts":"1492671574130","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"cbae0f03-8fd8-e0ba-7374-2ef56f402108","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":1823} |
| {"create": { "_id": "526b481a-d778-3939-5606-71b55c3d6459"}} |
| {"TTLs":[13888],"qclass_name":"C_INTERNET","bro_timestamp":1505325605512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671574812","qtype":1,"rejected":false,"answers":["72.34.49.86"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568617","enrichmentjoinbolt:joiner:ts":"1492671574129","trans_id":41589,"adapter:geoadapter:begin:ts":"1492671574051","uid":"C2aVCXZ8ZwWURmVNa","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"DNS | AA:false TTLs:[13888.0] qclass_name:C_INTERNET id.orig_p:56753 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:comarksecurity.com answers:[\"72.34.49.86\"] trans_id:41589 rcode:0 rcode_name:NOERROR TC:false RA:true uid:C2aVCXZ8ZwWURmVNa RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671521.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","Z":0,"adapter:geoadapter:end:ts":"1492671574051","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574132","qclass":1,"timestamp":1505325605512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568617","query":"comarksecurity.com","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":56753,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574132","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"526b481a-d778-3939-5606-71b55c3d6459"} |
| {"create": { "_id": "c894bbcf-3195-0708-aebe-0574cf0cc1fe"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325606512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574812","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568617","enrichmentjoinbolt:joiner:ts":"1492671574129","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574051","uid":"CWyFyi3pl5qWTuUWSh","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CWyFyi3pl5qWTuUWSh RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671521.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","Z":0,"adapter:geoadapter:end:ts":"1492671574051","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574132","qclass":1,"timestamp":1505325606512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568617","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574132","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"c894bbcf-3195-0708-aebe-0574cf0cc1fe"} |
| {"create": { "_id": "0454b31e-ef39-4e6e-200e-be0a711a36e7"}} |
| {"bro_timestamp":1505325607512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574812","enrichmentsplitterbolt:splitter:begin:ts":"1492671568618","enrichmentjoinbolt:joiner:ts":"1492671574129","adapter:geoadapter:begin:ts":"1492671574051","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsHRi01CuOHO3HUHWa","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49208 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/rb.png tags:[] uid:CsHRi01CuOHO3HUHWa referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:237 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671521.0 id.resp_h:95.163.121.204 resp_fuids:[\"Fd2T5m1B2GH6AR453i\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574132","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fd2T5m1B2GH6AR453i"],"timestamp":1505325607512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568618","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","uri":"/img/rb.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49208,"threatintelsplitterbolt:splitter:begin:ts":"1492671574132","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"0454b31e-ef39-4e6e-200e-be0a711a36e7","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":237} |
| {"create": { "_id": "838bd51c-18f2-5d98-bd08-27acc70f0b50"}} |
| {"bro_timestamp":1505325608512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574812","enrichmentsplitterbolt:splitter:begin:ts":"1492671568618","enrichmentjoinbolt:joiner:ts":"1492671574129","adapter:geoadapter:begin:ts":"1492671574052","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CNNAEP790j2AIKc26","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49208 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/rb.png tags:[] uid:CNNAEP790j2AIKc26 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:237 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671521.0 id.resp_h:95.163.121.204 resp_fuids:[\"FfhCkD2xQGeXcAX3ke\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574132","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FfhCkD2xQGeXcAX3ke"],"timestamp":1505325608512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568618","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","uri":"/img/rb.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49208,"threatintelsplitterbolt:splitter:begin:ts":"1492671574132","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"838bd51c-18f2-5d98-bd08-27acc70f0b50","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":237} |
| {"create": { "_id": "ffe41918-3e4f-29e7-f962-0ae625b8de9b"}} |
| {"bro_timestamp":1505325609512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574812","enrichmentsplitterbolt:splitter:begin:ts":"1492671568619","enrichmentjoinbolt:joiner:ts":"1492671574129","adapter:geoadapter:begin:ts":"1492671574052","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CzC9H918QP4fyqqRr3","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CzC9H918QP4fyqqRr3 resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671521.0 id.resp_h:95.163.121.204 resp_fuids:[\"FwQvsb2InGc8pVx8ol\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574132","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FwQvsb2InGc8pVx8ol"],"timestamp":1505325609512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568619","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574132","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"ffe41918-3e4f-29e7-f962-0ae625b8de9b","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} |
| {"create": { "_id": "656581d0-dae9-f228-1135-b6f5a1e3ea1a"}} |
| {"bro_timestamp":1505325610512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574812","enrichmentsplitterbolt:splitter:begin:ts":"1492671568619","enrichmentjoinbolt:joiner:ts":"1492671574129","adapter:geoadapter:begin:ts":"1492671574052","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CvuIYi4rfagsTptajc","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/11iQmfg tags:[] uid:CvuIYi4rfagsTptajc resp_mime_types:[\"text\\/html\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:3289 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671526.0 id.resp_h:95.163.121.204 resp_fuids:[\"FY7vSY2ucYut55IgRa\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574132","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FY7vSY2ucYut55IgRa"],"timestamp":1505325610512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568619","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","uri":"/11iQmfg","tags":[],"ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574132","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"656581d0-dae9-f228-1135-b6f5a1e3ea1a","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":3289} |
| {"create": { "_id": "4bd5a170-e162-bfff-343b-88eceecc5d67"}} |
| {"bro_timestamp":1505325611512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574813","enrichmentsplitterbolt:splitter:begin:ts":"1492671568620","enrichmentjoinbolt:joiner:ts":"1492671574129","adapter:geoadapter:begin:ts":"1492671574052","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C0XtwFSGVX0paqsq9","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/11iQmfg tags:[] uid:C0XtwFSGVX0paqsq9 resp_mime_types:[\"text\\/html\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:3289 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671526.0 id.resp_h:95.163.121.204 resp_fuids:[\"Fmv6Ap2EAcThJKped6\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574132","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fmv6Ap2EAcThJKped6"],"timestamp":1505325611512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568620","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","uri":"/11iQmfg","tags":[],"ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574132","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"OK","guid":"4bd5a170-e162-bfff-343b-88eceecc5d67","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":3289} |
| {"create": { "_id": "ec4b176b-8819-e062-cede-06caa9388021"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325612512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671574813","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568620","enrichmentjoinbolt:joiner:ts":"1492671574129","trans_id":62139,"adapter:geoadapter:begin:ts":"1492671574052","uid":"CDl1jg1lEITOJqfIa1","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:50683 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:62139 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CDl1jg1lEITOJqfIa1 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671526.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","Z":0,"adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574132","qclass":1,"timestamp":1505325612512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568620","query":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":50683,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574132","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"ec4b176b-8819-e062-cede-06caa9388021"} |
| {"create": { "_id": "e63ff7ae-d767-84dc-ef6c-98cddbe0c0b3"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325613512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574813","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568621","enrichmentjoinbolt:joiner:ts":"1492671574130","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574052","uid":"CSpFkT2sFGZoEEZ3gi","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574808","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CSpFkT2sFGZoEEZ3gi RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671526.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","Z":0,"adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574132","qclass":1,"timestamp":1505325613512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568621","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574132","adapter:threatinteladapter:begin:ts":"1492671574808","guid":"e63ff7ae-d767-84dc-ef6c-98cddbe0c0b3"} |
| {"create": { "_id": "d860ac35-13eb-829e-3bd0-77f9e282d571"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325614512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574813","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671568621","enrichmentjoinbolt:joiner:ts":"1492671574132","adapter:geoadapter:begin:ts":"1492671574052","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"COtvV93ruzjPB3wjJj","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49203 status_code:404 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?f=ka6nnuvccqlw9 tags:[] uid:COtvV93ruzjPB3wjJj resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FzOilF3t3TxwUn9Jhj\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671526.0 id.resp_h:204.152.254.221 resp_fuids:[\"FuoApu1vpznnqXsKCa\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671568780","host":"runlove.us","adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574134","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FuoApu1vpznnqXsKCa"],"timestamp":1505325614512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568621","request_body_len":110,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671568780","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?f=ka6nnuvccqlw9","tags":[],"orig_fuids":["FzOilF3t3TxwUn9Jhj"],"ip_src_port":49203,"threatintelsplitterbolt:splitter:begin:ts":"1492671574134","adapter:threatinteladapter:begin:ts":"1492671574808","status_msg":"Not Found","guid":"d860ac35-13eb-829e-3bd0-77f9e282d571","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "8635b11e-44c6-f73a-879a-1fed7f7fb74a"}} |
| {"bro_timestamp":1505325615512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574813","enrichmentsplitterbolt:splitter:begin:ts":"1492671568622","enrichmentjoinbolt:joiner:ts":"1492671574132","adapter:geoadapter:begin:ts":"1492671574052","uid":"CUrRne3iLIxXavQtci","trans_depth":100,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:100 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671526.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"node1","adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574134","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325615512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568622","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168699029","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574134","adapter:threatinteladapter:begin:ts":"1492671574809","guid":"8635b11e-44c6-f73a-879a-1fed7f7fb74a","response_body_len":0} |
| {"create": { "_id": "3c346bf9-bddb-4a0b-7ba4-5fcb04b43210"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325616512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574813","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568622","enrichmentjoinbolt:joiner:ts":"1492671574132","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574052","uid":"CGs8rS1rqhyXRRgA64","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CGs8rS1rqhyXRRgA64 RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671526.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","Z":0,"adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574134","qclass":1,"timestamp":1505325616512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568622","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574134","adapter:threatinteladapter:begin:ts":"1492671574809","guid":"3c346bf9-bddb-4a0b-7ba4-5fcb04b43210"} |
| {"create": { "_id": "c3f2d521-9bdd-5e50-e282-5fc23ebfefca"}} |
| {"bro_timestamp":1505325617512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574813","enrichmentsplitterbolt:splitter:begin:ts":"1492671568623","enrichmentjoinbolt:joiner:ts":"1492671574133","adapter:geoadapter:begin:ts":"1492671574052","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CADL08tgLGLFBBKf5","resp_mime_types":["text/html"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49209 status_code:200 method:POST request_body_len:14 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/11iQmfg tags:[] uid:CADL08tgLGLFBBKf5 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"text\\/html\"] trans_depth:2 orig_fuids:[\"FUBDLE30oXLg8zgoUa\"] host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14641 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671526.0 id.resp_h:95.163.121.204 resp_fuids:[\"F5kYJJVaTZwiIcCV4\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574135","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F5kYJJVaTZwiIcCV4"],"timestamp":1505325617512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568623","request_body_len":14,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","orig_mime_types":["text/plain"],"uri":"/11iQmfg","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","orig_fuids":["FUBDLE30oXLg8zgoUa"],"ip_src_port":49209,"threatintelsplitterbolt:splitter:begin:ts":"1492671574135","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"c3f2d521-9bdd-5e50-e282-5fc23ebfefca","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":14641} |
| {"create": { "_id": "dcc483af-c25f-903f-1606-ef7bb802b652"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325618512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574813","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568623","enrichmentjoinbolt:joiner:ts":"1492671574133","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574052","uid":"Ccxv2ItgictHZsZz9","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:Ccxv2ItgictHZsZz9 RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671526.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","Z":0,"adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574135","qclass":1,"timestamp":1505325618512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568623","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574135","adapter:threatinteladapter:begin:ts":"1492671574809","guid":"dcc483af-c25f-903f-1606-ef7bb802b652"} |
| {"create": { "_id": "c9c72a04-8586-8061-41af-5eda9141318e"}} |
| {"bro_timestamp":1505325619512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574813","enrichmentsplitterbolt:splitter:begin:ts":"1492671568625","enrichmentjoinbolt:joiner:ts":"1492671574133","adapter:geoadapter:begin:ts":"1492671574052","uid":"CUrRne3iLIxXavQtci","trans_depth":165,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169037430 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:165 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671526.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"node1","adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574135","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325619512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568625","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169037430","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574135","adapter:threatinteladapter:begin:ts":"1492671574809","guid":"c9c72a04-8586-8061-41af-5eda9141318e","response_body_len":0} |
| {"create": { "_id": "7772d1d7-e82d-9ed1-b22d-a04c9a24e4a3"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325620512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574813","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568625","enrichmentjoinbolt:joiner:ts":"1492671574133","adapter:geoadapter:begin:ts":"1492671574052","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CMUoMvbIum1O1uS57","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9 tags:[] uid:CMUoMvbIum1O1uS57 resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FlaEHOcQaLEAtIaed\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671529.0 id.resp_h:72.34.49.86 resp_fuids:[\"FCYlMm1TxvluTbQyik\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671574052","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574135","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FCYlMm1TxvluTbQyik"],"timestamp":1505325620512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568625","request_body_len":110,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9","tags":[],"orig_fuids":["FlaEHOcQaLEAtIaed"],"ip_src_port":49204,"threatintelsplitterbolt:splitter:begin:ts":"1492671574135","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"7772d1d7-e82d-9ed1-b22d-a04c9a24e4a3","enrichments:geo:ip_dst_addr:country":"US","response_body_len":14} |
| {"create": { "_id": "d8c81f79-ec2e-35a2-421f-b510f1efd061"}} |
| {"bro_timestamp":1505325621512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574813","enrichmentsplitterbolt:splitter:begin:ts":"1492671568625","enrichmentjoinbolt:joiner:ts":"1492671574133","adapter:geoadapter:begin:ts":"1492671574052","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CBmCBG2XG9D8KFerSi","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CBmCBG2XG9D8KFerSi resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671529.0 id.resp_h:95.163.121.204 resp_fuids:[\"FsRCRQ1rW7SviqZ7rf\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574053","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574136","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FsRCRQ1rW7SviqZ7rf"],"timestamp":1505325621512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568625","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574135","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"d8c81f79-ec2e-35a2-421f-b510f1efd061","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} |
| {"create": { "_id": "3097a3d9-f473-1df3-6a07-0f1cfb870355"}} |
| {"bro_timestamp":1505325622512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichmentsplitterbolt:splitter:begin:ts":"1492671568626","enrichmentjoinbolt:joiner:ts":"1492671574133","adapter:geoadapter:begin:ts":"1492671574053","uid":"CUrRne3iLIxXavQtci","trans_depth":201,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:201 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671529.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"node1","adapter:geoadapter:end:ts":"1492671574053","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574136","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325622512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568626","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169230174","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574136","adapter:threatinteladapter:begin:ts":"1492671574809","guid":"3097a3d9-f473-1df3-6a07-0f1cfb870355","response_body_len":0} |
| {"create": { "_id": "3c2b89fb-3981-2a3a-d1ac-2b2a5d0f5b94"}} |
| {"bro_timestamp":1505325623512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichmentsplitterbolt:splitter:begin:ts":"1492671568627","enrichmentjoinbolt:joiner:ts":"1492671574133","adapter:geoadapter:begin:ts":"1492671574053","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CWVAAu3N3n4JKi32gl","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CWVAAu3N3n4JKi32gl referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671529.0 id.resp_h:95.163.121.204 resp_fuids:[\"FKUGph1sroS9hlMEc1\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574136","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FKUGph1sroS9hlMEc1"],"timestamp":1505325623512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568627","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574136","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"3c2b89fb-3981-2a3a-d1ac-2b2a5d0f5b94","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} |
| {"create": { "_id": "00586e6b-27a4-e1c1-6538-f4817a9310f8"}} |
| {"bro_timestamp":1505325624512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichmentsplitterbolt:splitter:begin:ts":"1492671568627","enrichmentjoinbolt:joiner:ts":"1492671574134","adapter:geoadapter:begin:ts":"1492671574054","uid":"CUrRne3iLIxXavQtci","trans_depth":172,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/alerts?format=groupedSummary&_=1484169098380 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:172 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671529.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"node1","adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574136","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325624512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568627","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/api/v1/clusters/metron_cluster/alerts?format=groupedSummary&_=1484169098380","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574136","adapter:threatinteladapter:begin:ts":"1492671574809","guid":"00586e6b-27a4-e1c1-6538-f4817a9310f8","response_body_len":0} |
| {"create": { "_id": "04a5c3d0-9015-337e-0e3f-7faf17c06fbc"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325625512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671568628","enrichmentjoinbolt:joiner:ts":"1492671574134","adapter:geoadapter:begin:ts":"1492671574054","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"C2BViJ3jLNtLuBPMeb","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49203 status_code:404 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?f=ka6nnuvccqlw9 tags:[] uid:C2BViJ3jLNtLuBPMeb resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FfJ3yZ2bBGoTKRD4Qh\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671529.0 id.resp_h:204.152.254.221 resp_fuids:[\"FlIWPW1bSEgXojv7J5\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"runlove.us","adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574139","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FlIWPW1bSEgXojv7J5"],"timestamp":1505325625512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568628","request_body_len":110,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?f=ka6nnuvccqlw9","tags":[],"orig_fuids":["FfJ3yZ2bBGoTKRD4Qh"],"ip_src_port":49203,"threatintelsplitterbolt:splitter:begin:ts":"1492671574139","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"Not Found","guid":"04a5c3d0-9015-337e-0e3f-7faf17c06fbc","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "b71f085d-6792-b409-e2c8-9ba4904d8fcf"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325626512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671574814","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568628","enrichmentjoinbolt:joiner:ts":"1492671574136","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574054","uid":"CEuiK04pVuL2Su5Rqg","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CEuiK04pVuL2Su5Rqg RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671529.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","Z":0,"adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574139","qclass":1,"timestamp":1505325626512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568629","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574139","adapter:threatinteladapter:begin:ts":"1492671574809","guid":"b71f085d-6792-b409-e2c8-9ba4904d8fcf"} |
| {"create": { "_id": "d3015a11-5fb2-8f92-8adb-bc00b340ae70"}} |
| {"bro_timestamp":1505325627512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichmentsplitterbolt:splitter:begin:ts":"1492671568631","enrichmentjoinbolt:joiner:ts":"1492671574136","adapter:geoadapter:begin:ts":"1492671574054","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CuQjtm2b1ZTs5e0AHj","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/lt.png tags:[] uid:CuQjtm2b1ZTs5e0AHj referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:240 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671529.0 id.resp_h:95.163.121.204 resp_fuids:[\"F39o293n7WwhocflC7\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574139","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F39o293n7WwhocflC7"],"timestamp":1505325627512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568631","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/img/lt.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49210,"threatintelsplitterbolt:splitter:begin:ts":"1492671574139","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"d3015a11-5fb2-8f92-8adb-bc00b340ae70","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":240} |
| {"create": { "_id": "4fed1a89-5e87-ced1-32c4-7df9ecc003ea"}} |
| {"bro_timestamp":1505325628512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichmentsplitterbolt:splitter:begin:ts":"1492671568631","enrichmentjoinbolt:joiner:ts":"1492671574136","adapter:geoadapter:begin:ts":"1492671574054","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C5bRwt31VI5lVPyKZk","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49208 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/picture.php?k=11iqmfg&b7f2a994c3eaaf014608b272c46cf764 tags:[] uid:C5bRwt31VI5lVPyKZk referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:1823 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671529.0 id.resp_h:95.163.121.204 resp_fuids:[\"FD5xp428ZrIzlfIUi6\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574139","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FD5xp428ZrIzlfIUi6"],"timestamp":1505325628512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568631","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/picture.php?k=11iqmfg&b7f2a994c3eaaf014608b272c46cf764","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49208,"threatintelsplitterbolt:splitter:begin:ts":"1492671574139","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"4fed1a89-5e87-ced1-32c4-7df9ecc003ea","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":1823} |
| {"create": { "_id": "b4d6d6fe-326e-271e-aa14-e46d2a46e025"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325629512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568632","enrichmentjoinbolt:joiner:ts":"1492671574136","adapter:geoadapter:begin:ts":"1492671574054","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"Cbe8Jk2tJb38gjFUJ1","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49202 status_code:200 method:POST request_body_len:162 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=mfymi71rapdzk tags:[] uid:Cbe8Jk2tJb38gjFUJ1 resp_mime_types:[\"image\\/png\"] trans_depth:1 orig_fuids:[\"F0mGwV142T4ZO12UIe\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:45662 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671529.0 id.resp_h:72.34.49.86 resp_fuids:[\"FCYJUSdhsQQ0aRjQc\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574139","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FCYJUSdhsQQ0aRjQc"],"timestamp":1505325629512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568632","request_body_len":162,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?u=mfymi71rapdzk","tags":[],"orig_fuids":["F0mGwV142T4ZO12UIe"],"ip_src_port":49202,"threatintelsplitterbolt:splitter:begin:ts":"1492671574139","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"b4d6d6fe-326e-271e-aa14-e46d2a46e025","enrichments:geo:ip_dst_addr:country":"US","response_body_len":45662} |
| {"create": { "_id": "35fb36ac-957e-747f-68a7-f411da0bdcd5"}} |
| {"bro_timestamp":1505325630512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichmentsplitterbolt:splitter:begin:ts":"1492671568632","enrichmentjoinbolt:joiner:ts":"1492671574136","adapter:geoadapter:begin:ts":"1492671574054","uid":"CUrRne3iLIxXavQtci","trans_depth":98,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/alerts?format=groupedSummary&_=1484168696107 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:98 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671533.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"node1","adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574139","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325630512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568632","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/api/v1/clusters/metron_cluster/alerts?format=groupedSummary&_=1484168696107","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574139","adapter:threatinteladapter:begin:ts":"1492671574809","guid":"35fb36ac-957e-747f-68a7-f411da0bdcd5","response_body_len":0} |
| {"create": { "_id": "ca5bde58-a2a5-4826-31c9-22f3a88d2df4"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325631512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichmentsplitterbolt:splitter:begin:ts":"1492671568632","enrichmentjoinbolt:joiner:ts":"1492671574139","adapter:geoadapter:begin:ts":"1492671574054","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CljV2z2E3LqjWHcpQj","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49194 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?60dbe33b908e0086292196ef001816bc tags:[] uid:CljV2z2E3LqjWHcpQj trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671533.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574142","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325631512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568633","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/?60dbe33b908e0086292196ef001816bc","tags":[],"ip_src_port":49194,"threatintelsplitterbolt:splitter:begin:ts":"1492671574142","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"ca5bde58-a2a5-4826-31c9-22f3a88d2df4","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "9bc29607-d87c-0cbf-8759-6c94caecf8d8"}} |
| {"bro_timestamp":1505325632512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichmentsplitterbolt:splitter:begin:ts":"1492671568633","enrichmentjoinbolt:joiner:ts":"1492671574139","adapter:geoadapter:begin:ts":"1492671574054","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CX5zuR35fzQMB5VJmd","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:CX5zuR35fzQMB5VJmd referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671533.0 id.resp_h:95.163.121.204 resp_fuids:[\"FIOBBf4ZHALyEsJ2Bj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568781","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574142","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FIOBBf4ZHALyEsJ2Bj"],"timestamp":1505325632512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568633","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574142","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"9bc29607-d87c-0cbf-8759-6c94caecf8d8","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825} |
| {"create": { "_id": "5d6faf83-8350-a507-8168-01b88a407647"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325633512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichmentsplitterbolt:splitter:begin:ts":"1492671568633","enrichmentjoinbolt:joiner:ts":"1492671574139","adapter:geoadapter:begin:ts":"1492671574054","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CtgWZb2PXZmn3zedn5","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49196 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?51424ddd486ff06861fceed24e86b329 tags:[] uid:CtgWZb2PXZmn3zedn5 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671533.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568782","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574142","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325633512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568633","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568781","uri":"/?51424ddd486ff06861fceed24e86b329","tags":[],"ip_src_port":49196,"threatintelsplitterbolt:splitter:begin:ts":"1492671574142","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"5d6faf83-8350-a507-8168-01b88a407647","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "276968f6-c367-22f0-68cb-28dc75c0be45"}} |
| {"bro_timestamp":1505325634512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574814","enrichmentsplitterbolt:splitter:begin:ts":"1492671568633","enrichmentjoinbolt:joiner:ts":"1492671574139","adapter:geoadapter:begin:ts":"1492671574054","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CemTNB1OFxbrBn2wD2","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49208 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/rb.png tags:[] uid:CemTNB1OFxbrBn2wD2 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:237 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671533.0 id.resp_h:95.163.121.204 resp_fuids:[\"FOoUNQ3OUe0r3e9Ewa\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568782","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574054","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574142","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FOoUNQ3OUe0r3e9Ewa"],"timestamp":1505325634512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568633","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568782","uri":"/img/rb.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49208,"threatintelsplitterbolt:splitter:begin:ts":"1492671574142","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"276968f6-c367-22f0-68cb-28dc75c0be45","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":237} |
| {"create": { "_id": "7022e863-5ecf-c712-c580-dc3c1fb629ed"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325635512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671568633","enrichmentjoinbolt:joiner:ts":"1492671574139","adapter:geoadapter:begin:ts":"1492671574056","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"CDW8Tf2Tcs6fh21wG2","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49199 status_code:404 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42 tags:[] uid:CDW8Tf2Tcs6fh21wG2 resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FkHP9x3nWdAJWySSUf\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671533.0 id.resp_h:204.152.254.221 resp_fuids:[\"FJOPgf2GhG5SBYMCo7\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671568782","host":"runlove.us","adapter:geoadapter:end:ts":"1492671574056","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574142","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FJOPgf2GhG5SBYMCo7"],"timestamp":1505325635512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568634","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671568782","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FkHP9x3nWdAJWySSUf"],"ip_src_port":49199,"threatintelsplitterbolt:splitter:begin:ts":"1492671574142","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"Not Found","guid":"7022e863-5ecf-c712-c580-dc3c1fb629ed","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "e80d87ef-df95-2462-f96b-6aa5a7c3accf"}} |
| {"bro_timestamp":1505325636512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichmentsplitterbolt:splitter:begin:ts":"1492671568635","enrichmentjoinbolt:joiner:ts":"1492671574139","adapter:geoadapter:begin:ts":"1492671574056","uid":"CUrRne3iLIxXavQtci","trans_depth":86,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168658027 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:86 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671533.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568782","host":"node1","adapter:geoadapter:end:ts":"1492671574056","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574142","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325636512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568782","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168658027","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574142","adapter:threatinteladapter:begin:ts":"1492671574809","guid":"e80d87ef-df95-2462-f96b-6aa5a7c3accf","response_body_len":0} |
| {"create": { "_id": "e2883424-fa0a-0aeb-dfec-c579bb8b0606"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325637512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichmentsplitterbolt:splitter:begin:ts":"1492671568636","enrichmentjoinbolt:joiner:ts":"1492671574140","adapter:geoadapter:begin:ts":"1492671574056","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CSZGWzOpHh37HkTs7","resp_mime_types":["application/x-dosexec"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574809","original_string":"HTTP | id.orig_p:49189 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b514ee6f0fe486009a6d83b035a4c0bd tags:[] uid:CSZGWzOpHh37HkTs7 resp_mime_types:[\"application\\/x-dosexec\"] trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:221184 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671533.0 id.resp_h:62.75.195.236 resp_fuids:[\"Fnyu9V38mPKx7PVFu\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568782","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574056","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574142","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fnyu9V38mPKx7PVFu"],"timestamp":1505325637512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568636","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568782","uri":"/?b514ee6f0fe486009a6d83b035a4c0bd","tags":[],"ip_src_port":49189,"threatintelsplitterbolt:splitter:begin:ts":"1492671574142","adapter:threatinteladapter:begin:ts":"1492671574809","status_msg":"OK","guid":"e2883424-fa0a-0aeb-dfec-c579bb8b0606","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":221184} |
| {"create": { "_id": "e1bb1291-a876-bef6-c2cb-a63efcd23ab5"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325638512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568636","enrichmentjoinbolt:joiner:ts":"1492671574140","adapter:geoadapter:begin:ts":"1492671574056","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CASPqs1DhEHZgCPLa","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574810","original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9 tags:[] uid:CASPqs1DhEHZgCPLa resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FgkKvs3qD38TFCz0Q2\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671538.0 id.resp_h:72.34.49.86 resp_fuids:[\"Fn2jde3p1Jnb8twdVd\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671568782","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671574056","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574142","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fn2jde3p1Jnb8twdVd"],"timestamp":1505325638512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568636","request_body_len":110,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671568782","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9","tags":[],"orig_fuids":["FgkKvs3qD38TFCz0Q2"],"ip_src_port":49204,"threatintelsplitterbolt:splitter:begin:ts":"1492671574142","adapter:threatinteladapter:begin:ts":"1492671574810","status_msg":"OK","guid":"e1bb1291-a876-bef6-c2cb-a63efcd23ab5","enrichments:geo:ip_dst_addr:country":"US","response_body_len":14} |
| {"create": { "_id": "a6ba10f1-fa6d-6af8-6eaa-ff041c327459"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325639512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichmentsplitterbolt:splitter:begin:ts":"1492671568637","enrichmentjoinbolt:joiner:ts":"1492671574140","adapter:geoadapter:begin:ts":"1492671574057","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CwyaRc2wG9ffpXxjh4","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574810","original_string":"HTTP | id.orig_p:49193 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?34eaf8bd50d85d8c6baacb45f0a7b22e tags:[] uid:CwyaRc2wG9ffpXxjh4 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671538.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568782","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574057","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574142","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325639512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568637","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568782","uri":"/?34eaf8bd50d85d8c6baacb45f0a7b22e","tags":[],"ip_src_port":49193,"threatintelsplitterbolt:splitter:begin:ts":"1492671574142","adapter:threatinteladapter:begin:ts":"1492671574810","status_msg":"OK","guid":"a6ba10f1-fa6d-6af8-6eaa-ff041c327459","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "2cea3c49-ba67-37e1-083f-c9052321a1ac"}} |
| {"bro_timestamp":1505325640512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichmentsplitterbolt:splitter:begin:ts":"1492671568637","enrichmentjoinbolt:joiner:ts":"1492671574140","adapter:geoadapter:begin:ts":"1492671574057","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CX9L2c29ZYGsLN10n5","resp_mime_types":["image/png"],"trans_depth":3,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574810","original_string":"HTTP | id.orig_p:49206 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/fr.png tags:[] uid:CX9L2c29ZYGsLN10n5 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:694 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671538.0 id.resp_h:95.163.121.204 resp_fuids:[\"FQud741KYsSDYdh3sk\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568782","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574057","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574144","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FQud741KYsSDYdh3sk"],"timestamp":1505325640512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568637","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568782","uri":"/img/flags/fr.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49206,"threatintelsplitterbolt:splitter:begin:ts":"1492671574144","adapter:threatinteladapter:begin:ts":"1492671574810","status_msg":"OK","guid":"2cea3c49-ba67-37e1-083f-c9052321a1ac","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":694} |
| {"create": { "_id": "eac4f0f8-ba96-2075-bbb2-d46188a09e92"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325641512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichmentsplitterbolt:splitter:begin:ts":"1492671568637","enrichmentjoinbolt:joiner:ts":"1492671574140","adapter:geoadapter:begin:ts":"1492671574057","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CsWciw2WfERVM0Aczg","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574810","original_string":"HTTP | id.orig_p:49188 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/aa25f5fe2875e3d0a244e6969e589cc4 tags:[] uid:CsWciw2WfERVM0Aczg trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:861 ts:1492671538.0 id.resp_h:62.75.195.236 resp_fuids:[\"Fvq86i4oLSojHBFLSj\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568782","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574057","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574144","enrichments:geo:ip_dst_addr:longitude":"7.7455","resp_fuids":["Fvq86i4oLSojHBFLSj"],"timestamp":1505325641512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568637","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568782","uri":"/aa25f5fe2875e3d0a244e6969e589cc4","tags":[],"ip_src_port":49188,"threatintelsplitterbolt:splitter:begin:ts":"1492671574144","adapter:threatinteladapter:begin:ts":"1492671574810","status_msg":"OK","guid":"eac4f0f8-ba96-2075-bbb2-d46188a09e92","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":861} |
| {"create": { "_id": "7bbc498d-9663-6045-b2e6-1ecdf8c5bda5"}} |
| {"bro_timestamp":1505325642512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichmentsplitterbolt:splitter:begin:ts":"1492671568637","enrichmentjoinbolt:joiner:ts":"1492671574140","adapter:geoadapter:begin:ts":"1492671574057","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsUjA541poEzvhMfuf","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574810","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:CsUjA541poEzvhMfuf referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671538.0 id.resp_h:95.163.121.204 resp_fuids:[\"FelBi52nX055gNTqoh\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568782","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574057","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574144","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FelBi52nX055gNTqoh"],"timestamp":1505325642512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568638","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568782","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574144","adapter:threatinteladapter:begin:ts":"1492671574810","status_msg":"OK","guid":"7bbc498d-9663-6045-b2e6-1ecdf8c5bda5","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825} |
| {"create": { "_id": "1307d8f4-a58e-ef6d-bf24-383f3d269689"}} |
| {"bro_timestamp":1505325643512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichmentsplitterbolt:splitter:begin:ts":"1492671568639","enrichmentjoinbolt:joiner:ts":"1492671574141","adapter:geoadapter:begin:ts":"1492671574058","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CUWAsk4O3FbNIIxfqb","resp_mime_types":["image/png"],"trans_depth":3,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574810","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/button_pay.png tags:[] uid:CUWAsk4O3FbNIIxfqb referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:727 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671538.0 id.resp_h:95.163.121.204 resp_fuids:[\"FR5q0Q3NKAR0LRB4a5\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568782","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574058","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574144","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FR5q0Q3NKAR0LRB4a5"],"timestamp":1505325643512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568639","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568782","uri":"/img/button_pay.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49210,"threatintelsplitterbolt:splitter:begin:ts":"1492671574144","adapter:threatinteladapter:begin:ts":"1492671574810","status_msg":"OK","guid":"1307d8f4-a58e-ef6d-bf24-383f3d269689","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":727} |
| {"create": { "_id": "105529cb-27db-f794-3cff-4f61b58237cc"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325644512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671568639","enrichmentjoinbolt:joiner:ts":"1492671574141","adapter:geoadapter:begin:ts":"1492671574058","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CYC0lF1gGmlZw4JZr5","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574810","original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9 tags:[] uid:CYC0lF1gGmlZw4JZr5 resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FTlq7Q27qBUyVxzvA2\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671538.0 id.resp_h:72.34.49.86 resp_fuids:[\"FHCnuf3IGp6U1VT6de\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671568788","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671574058","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574144","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FHCnuf3IGp6U1VT6de"],"timestamp":1505325644512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568639","request_body_len":110,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671568788","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9","tags":[],"orig_fuids":["FTlq7Q27qBUyVxzvA2"],"ip_src_port":49204,"threatintelsplitterbolt:splitter:begin:ts":"1492671574144","adapter:threatinteladapter:begin:ts":"1492671574810","status_msg":"OK","guid":"105529cb-27db-f794-3cff-4f61b58237cc","enrichments:geo:ip_dst_addr:country":"US","response_body_len":14} |
| {"create": { "_id": "4f767e44-b781-da3d-511c-6dad0746cabe"}} |
| {"bro_timestamp":1505325645512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichmentsplitterbolt:splitter:begin:ts":"1492671568639","enrichmentjoinbolt:joiner:ts":"1492671574141","adapter:geoadapter:begin:ts":"1492671574058","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CXVtpNU35nZ84YA8","resp_mime_types":["image/png"],"trans_depth":3,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574810","original_string":"HTTP | id.orig_p:49206 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/fr.png tags:[] uid:CXVtpNU35nZ84YA8 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:694 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671538.0 id.resp_h:95.163.121.204 resp_fuids:[\"Fj5prf70hSFvmNwE3\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568788","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574058","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574144","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fj5prf70hSFvmNwE3"],"timestamp":1505325645512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568639","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568788","uri":"/img/flags/fr.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49206,"threatintelsplitterbolt:splitter:begin:ts":"1492671574144","adapter:threatinteladapter:begin:ts":"1492671574810","status_msg":"OK","guid":"4f767e44-b781-da3d-511c-6dad0746cabe","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":694} |
| {"create": { "_id": "5c6c6f81-88b0-7c6c-2766-1b4c7393e457"}} |
| {"bro_timestamp":1505325646512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichmentsplitterbolt:splitter:begin:ts":"1492671568639","enrichmentjoinbolt:joiner:ts":"1492671574141","adapter:geoadapter:begin:ts":"1492671574058","uid":"CUrRne3iLIxXavQtci","trans_depth":7,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574810","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168368293 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:7 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671538.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568788","host":"node1","adapter:geoadapter:end:ts":"1492671574058","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574144","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325646512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568639","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568788","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168368293","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574144","adapter:threatinteladapter:begin:ts":"1492671574810","guid":"5c6c6f81-88b0-7c6c-2766-1b4c7393e457","response_body_len":0} |
| {"create": { "_id": "836c9257-8cbb-4add-85e9-47f0d4455fdd"}} |
| {"bro_timestamp":1505325647512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichmentsplitterbolt:splitter:begin:ts":"1492671568639","enrichmentjoinbolt:joiner:ts":"1492671574141","adapter:geoadapter:begin:ts":"1492671574058","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CJrk5v3c22q4zxMBQj","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574810","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:CJrk5v3c22q4zxMBQj referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671546.0 id.resp_h:95.163.121.204 resp_fuids:[\"Fmti0b4vOhTx1qdUkk\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568788","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574058","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574144","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fmti0b4vOhTx1qdUkk"],"timestamp":1505325647512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568639","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568788","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574144","adapter:threatinteladapter:begin:ts":"1492671574810","status_msg":"OK","guid":"836c9257-8cbb-4add-85e9-47f0d4455fdd","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825} |
| {"create": { "_id": "ac530d59-294e-4fff-a995-59448b4a60e0"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325648512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574815","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671568639","enrichmentjoinbolt:joiner:ts":"1492671574141","adapter:geoadapter:begin:ts":"1492671574058","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"Cr63YM2djCpEnHMiEl","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574811","original_string":"HTTP | id.orig_p:49199 status_code:404 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42 tags:[] uid:Cr63YM2djCpEnHMiEl resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FiRbGlo97391DOPp5\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671546.0 id.resp_h:204.152.254.221 resp_fuids:[\"FWSZsS3RRqBz43ZAk8\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671568788","host":"runlove.us","adapter:geoadapter:end:ts":"1492671574058","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574144","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FWSZsS3RRqBz43ZAk8"],"timestamp":1505325648512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568640","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671568788","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FiRbGlo97391DOPp5"],"ip_src_port":49199,"threatintelsplitterbolt:splitter:begin:ts":"1492671574144","adapter:threatinteladapter:begin:ts":"1492671574810","status_msg":"Not Found","guid":"ac530d59-294e-4fff-a995-59448b4a60e0","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "5404950f-95d0-5ce8-a7e9-eb86ce704b22"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325649512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574816","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671568641","enrichmentjoinbolt:joiner:ts":"1492671574142","adapter:geoadapter:begin:ts":"1492671574058","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"CKR3CG3OQzJ6QCAATk","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574811","original_string":"HTTP | id.orig_p:49197 status_code:404 method:POST request_body_len:134 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?t=cdcnw7cfz43rmtg tags:[] uid:CKR3CG3OQzJ6QCAATk resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"F6Wiss1BK8Me0CYdla\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671546.0 id.resp_h:204.152.254.221 resp_fuids:[\"Fxibze4CH3z7P5IKM3\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671568788","host":"runlove.us","adapter:geoadapter:end:ts":"1492671574058","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574146","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fxibze4CH3z7P5IKM3"],"timestamp":1505325649512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568641","request_body_len":134,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671568788","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?t=cdcnw7cfz43rmtg","tags":[],"orig_fuids":["F6Wiss1BK8Me0CYdla"],"ip_src_port":49197,"threatintelsplitterbolt:splitter:begin:ts":"1492671574146","adapter:threatinteladapter:begin:ts":"1492671574811","status_msg":"Not Found","guid":"5404950f-95d0-5ce8-a7e9-eb86ce704b22","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "c27f0bd2-35c3-1052-f56e-ca697eaf8692"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325650512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574816","enrichmentsplitterbolt:splitter:begin:ts":"1492671568641","enrichmentjoinbolt:joiner:ts":"1492671574143","adapter:geoadapter:begin:ts":"1492671574058","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CeScgBTiBLSNBBT39","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574811","original_string":"HTTP | id.orig_p:49191 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?3a08b0be8322c244f5a1cb9c1057d941 tags:[] uid:CeScgBTiBLSNBBT39 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671546.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568788","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574058","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574146","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325650512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568641","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568788","uri":"/?3a08b0be8322c244f5a1cb9c1057d941","tags":[],"ip_src_port":49191,"threatintelsplitterbolt:splitter:begin:ts":"1492671574146","adapter:threatinteladapter:begin:ts":"1492671574811","status_msg":"OK","guid":"c27f0bd2-35c3-1052-f56e-ca697eaf8692","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "96cebaa7-94bb-a84a-b9c5-8f34c362d346"}} |
| {"bro_timestamp":1505325651512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574816","enrichmentsplitterbolt:splitter:begin:ts":"1492671568641","enrichmentjoinbolt:joiner:ts":"1492671574143","adapter:geoadapter:begin:ts":"1492671574058","uid":"CUrRne3iLIxXavQtci","trans_depth":266,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574811","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169506956 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:266 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671546.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568789","host":"node1","adapter:geoadapter:end:ts":"1492671574059","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574146","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325651512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568641","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568788","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484169506956","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574146","adapter:threatinteladapter:begin:ts":"1492671574811","guid":"96cebaa7-94bb-a84a-b9c5-8f34c362d346","response_body_len":0} |
| {"create": { "_id": "e871e0f0-dff2-0225-48bf-c601cef17d32"}} |
| {"bro_timestamp":1505325652512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574816","enrichmentsplitterbolt:splitter:begin:ts":"1492671568641","enrichmentjoinbolt:joiner:ts":"1492671574143","adapter:geoadapter:begin:ts":"1492671574059","uid":"CUrRne3iLIxXavQtci","trans_depth":196,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574811","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components?host_components/HostRoles/stale_configs=true&fields=host_components/HostRoles/display_name,host_components/HostRoles/service_name,host_components/HostRoles/state,host_components/HostRoles/maintenance_state,host_components/HostRoles/host_name,host_components/HostRoles/stale_configs,host_components/HostRoles/desired_admin_state&minimal_response=true&_=1484169194170 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:196 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671546.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568789","host":"node1","adapter:geoadapter:end:ts":"1492671574059","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574146","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325652512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568641","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568789","uri":"/api/v1/clusters/metron_cluster/components?host_components/HostRoles/stale_configs=true&fields=host_components/HostRoles/display_name,host_components/HostRoles/service_name,host_components/HostRoles/state,host_components/HostRoles/maintenance_state,host_components/HostRoles/host_name,host_components/HostRoles/stale_configs,host_components/HostRoles/desired_admin_state&minimal_response=true&_=1484169194170","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574146","adapter:threatinteladapter:begin:ts":"1492671574811","guid":"e871e0f0-dff2-0225-48bf-c601cef17d32","response_body_len":0} |
| {"create": { "_id": "6722fd2e-2bcf-94b8-2304-170179a45021"}} |
| {"bro_timestamp":1505325653512,"enrichments:geo:ip_dst_addr:location_point":"48.8582,2.3387000000000002","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671574816","enrichmentsplitterbolt:splitter:begin:ts":"1492671568641","enrichmentjoinbolt:joiner:ts":"1492671574143","adapter:geoadapter:begin:ts":"1492671574059","enrichments:geo:ip_dst_addr:latitude":"48.8582","uid":"C39FlL2c0uv8vkFPcj","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574812","original_string":"HTTP | id.orig_p:49195 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:C39FlL2c0uv8vkFPcj trans_depth:1 host:ip-addr.es id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671546.0 id.resp_h:188.165.164.184","ip_dst_addr":"188.165.164.184","adapter:hostfromjsonlistadapter:end:ts":"1492671568789","host":"ip-addr.es","adapter:geoadapter:end:ts":"1492671574060","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574146","enrichments:geo:ip_dst_addr:longitude":"2.3387000000000002","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325653512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568642","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568789","uri":"/","tags":[],"ip_src_port":49195,"threatintelsplitterbolt:splitter:begin:ts":"1492671574146","adapter:threatinteladapter:begin:ts":"1492671574811","guid":"6722fd2e-2bcf-94b8-2304-170179a45021","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "25479eb0-c7c7-5e5a-12ab-02276ae153d7"}} |
| {"TTLs":[21599],"qclass_name":"C_INTERNET","bro_timestamp":1505325654512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671574816","qtype":1,"rejected":false,"answers":["188.165.164.184"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568642","enrichmentjoinbolt:joiner:ts":"1492671574143","trans_id":15553,"adapter:geoadapter:begin:ts":"1492671574060","uid":"C0zadr4MkQXXg3R6ad","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574812","original_string":"DNS | AA:false TTLs:[21599.0] qclass_name:C_INTERNET id.orig_p:53571 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ip-addr.es answers:[\"188.165.164.184\"] trans_id:15553 rcode:0 rcode_name:NOERROR TC:false RA:true uid:C0zadr4MkQXXg3R6ad RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671546.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568789","Z":0,"adapter:geoadapter:end:ts":"1492671574060","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574146","qclass":1,"timestamp":1505325654512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568642","query":"ip-addr.es","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568789","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":53571,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574146","adapter:threatinteladapter:begin:ts":"1492671574812","guid":"25479eb0-c7c7-5e5a-12ab-02276ae153d7"} |
| {"create": { "_id": "c8847776-96f2-0913-3248-a0fef41609e0"}} |
| {"TTLs":[13888],"qclass_name":"C_INTERNET","bro_timestamp":1505325655512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671574816","qtype":1,"rejected":false,"answers":["72.34.49.86"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568642","enrichmentjoinbolt:joiner:ts":"1492671574143","trans_id":41589,"adapter:geoadapter:begin:ts":"1492671574060","uid":"C6c8hg32qEYIeCOwDi","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574812","original_string":"DNS | AA:false TTLs:[13888.0] qclass_name:C_INTERNET id.orig_p:56753 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:comarksecurity.com answers:[\"72.34.49.86\"] trans_id:41589 rcode:0 rcode_name:NOERROR TC:false RA:true uid:C6c8hg32qEYIeCOwDi RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671546.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568789","Z":0,"adapter:geoadapter:end:ts":"1492671574060","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574146","qclass":1,"timestamp":1505325655512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568642","query":"comarksecurity.com","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568789","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":56753,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574146","adapter:threatinteladapter:begin:ts":"1492671574812","guid":"c8847776-96f2-0913-3248-a0fef41609e0"} |
| {"create": { "_id": "7ec013c4-7290-3cb6-40ea-2ebe65a855ba"}} |
| {"bro_timestamp":1505325656512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671574816","enrichmentsplitterbolt:splitter:begin:ts":"1492671568643","enrichmentjoinbolt:joiner:ts":"1492671574143","adapter:geoadapter:begin:ts":"1492671574060","uid":"CUrRne3iLIxXavQtci","trans_depth":265,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574812","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169506643 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:265 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671546.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568789","host":"node1","adapter:geoadapter:end:ts":"1492671574060","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574146","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325656512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568644","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568789","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169506643","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574146","adapter:threatinteladapter:begin:ts":"1492671574812","guid":"7ec013c4-7290-3cb6-40ea-2ebe65a855ba","response_body_len":0} |
| {"create": { "_id": "436b9ecf-b09e-caea-36e2-555f1ece4c4d"}} |
| {"bro_timestamp":1505325657512,"enrichments:geo:ip_dst_addr:location_point":"48.8582,2.3387000000000002","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575515","enrichmentsplitterbolt:splitter:begin:ts":"1492671568788","enrichmentjoinbolt:joiner:ts":"1492671574167","adapter:geoadapter:begin:ts":"1492671574074","enrichments:geo:ip_dst_addr:latitude":"48.8582","uid":"CU1z6c1RbgzgRhb2E3","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574843","original_string":"HTTP | id.orig_p:49195 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CU1z6c1RbgzgRhb2E3 trans_depth:1 host:ip-addr.es id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671554.0 id.resp_h:188.165.164.184","ip_dst_addr":"188.165.164.184","adapter:hostfromjsonlistadapter:end:ts":"1492671568792","host":"ip-addr.es","adapter:geoadapter:end:ts":"1492671574074","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574169","enrichments:geo:ip_dst_addr:longitude":"2.3387000000000002","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325657512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568788","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568792","uri":"/","tags":[],"ip_src_port":49195,"threatintelsplitterbolt:splitter:begin:ts":"1492671574169","adapter:threatinteladapter:begin:ts":"1492671574843","guid":"436b9ecf-b09e-caea-36e2-555f1ece4c4d","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "2a2b06eb-400f-c507-b945-5b155d13fcd2"}} |
| {"bro_timestamp":1505325658512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575516","enrichmentsplitterbolt:splitter:begin:ts":"1492671568788","enrichmentjoinbolt:joiner:ts":"1492671574167","adapter:geoadapter:begin:ts":"1492671574074","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C44cvO2JD3km4NbaWh","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574843","original_string":"HTTP | id.orig_p:49208 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/picture.php?k=11iqmfg&b7f2a994c3eaaf014608b272c46cf764 tags:[] uid:C44cvO2JD3km4NbaWh referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:1823 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671554.0 id.resp_h:95.163.121.204 resp_fuids:[\"FhRTyj3btp3PGq6e3i\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568792","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574074","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574170","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FhRTyj3btp3PGq6e3i"],"timestamp":1505325658512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568788","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568792","uri":"/picture.php?k=11iqmfg&b7f2a994c3eaaf014608b272c46cf764","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49208,"threatintelsplitterbolt:splitter:begin:ts":"1492671574170","adapter:threatinteladapter:begin:ts":"1492671574843","status_msg":"OK","guid":"2a2b06eb-400f-c507-b945-5b155d13fcd2","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":1823} |
| {"create": { "_id": "29ffaeb4-e448-5a15-dbe9-1836822e5f81"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325659512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575516","enrichmentsplitterbolt:splitter:begin:ts":"1492671568788","enrichmentjoinbolt:joiner:ts":"1492671574167","adapter:geoadapter:begin:ts":"1492671574074","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CNmv5s4LmmiJIhME3d","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574843","original_string":"HTTP | id.orig_p:49188 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/aa25f5fe2875e3d0a244e6969e589cc4 tags:[] uid:CNmv5s4LmmiJIhME3d trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:861 ts:1492671554.0 id.resp_h:62.75.195.236 resp_fuids:[\"Fvjtbc3XoGcayyMOr9\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671568792","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574074","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574170","enrichments:geo:ip_dst_addr:longitude":"7.7455","resp_fuids":["Fvjtbc3XoGcayyMOr9"],"timestamp":1505325659512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568789","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671568792","uri":"/aa25f5fe2875e3d0a244e6969e589cc4","tags":[],"ip_src_port":49188,"threatintelsplitterbolt:splitter:begin:ts":"1492671574170","adapter:threatinteladapter:begin:ts":"1492671574843","status_msg":"OK","guid":"29ffaeb4-e448-5a15-dbe9-1836822e5f81","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":861} |
| {"create": { "_id": "f8677e0d-96d2-149f-1d2f-99c74b30ea04"}} |
| {"bro_timestamp":1505325660512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575516","enrichmentsplitterbolt:splitter:begin:ts":"1492671568789","enrichmentjoinbolt:joiner:ts":"1492671574167","adapter:geoadapter:begin:ts":"1492671574074","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C14cvnIlEsHBG3Z38","resp_mime_types":["image/png"],"trans_depth":3,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574843","original_string":"HTTP | id.orig_p:49206 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/fr.png tags:[] uid:C14cvnIlEsHBG3Z38 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:694 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671554.0 id.resp_h:95.163.121.204 resp_fuids:[\"FLQVM824yWu4FxLw36\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568792","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574074","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574170","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FLQVM824yWu4FxLw36"],"timestamp":1505325660512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568789","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568792","uri":"/img/flags/fr.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49206,"threatintelsplitterbolt:splitter:begin:ts":"1492671574170","adapter:threatinteladapter:begin:ts":"1492671574843","status_msg":"OK","guid":"f8677e0d-96d2-149f-1d2f-99c74b30ea04","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":694} |
| {"create": { "_id": "754b4f63-3515-5d77-5be0-4fb39678207f"}} |
| {"bro_timestamp":1505325661512,"ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671575516","rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568789","enrichmentjoinbolt:joiner:ts":"1492671574167","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574074","uid":"C3QPod359M6DzOHhOj","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574843","original_string":"DNS | AA:false id.orig_p:5353 rejected:false id.resp_p:5353 trans_id:0 TC:false RA:false uid:C3QPod359M6DzOHhOj RD:false proto:udp id.orig_h:192.168.66.1 Z:0 ts:1492671554.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568792","Z":0,"adapter:geoadapter:end:ts":"1492671574074","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574170","timestamp":1505325661512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568789","adapter:hostfromjsonlistadapter:begin:ts":"1492671568792","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574170","adapter:threatinteladapter:begin:ts":"1492671574843","guid":"754b4f63-3515-5d77-5be0-4fb39678207f"} |
| {"create": { "_id": "3346e339-ec54-791f-f587-563e069330c9"}} |
| {"bro_timestamp":1505325662512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575516","enrichmentsplitterbolt:splitter:begin:ts":"1492671568789","enrichmentjoinbolt:joiner:ts":"1492671574167","adapter:geoadapter:begin:ts":"1492671574074","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CMjnK83zsAY1br4M6","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/lt.png tags:[] uid:CMjnK83zsAY1br4M6 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:240 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671554.0 id.resp_h:95.163.121.204 resp_fuids:[\"FarJps4Vh6oNRv5Xhk\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568792","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574074","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574170","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FarJps4Vh6oNRv5Xhk"],"timestamp":1505325662512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568789","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568792","uri":"/img/lt.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49210,"threatintelsplitterbolt:splitter:begin:ts":"1492671574170","adapter:threatinteladapter:begin:ts":"1492671574843","status_msg":"OK","guid":"3346e339-ec54-791f-f587-563e069330c9","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":240} |
| {"create": { "_id": "d9430af3-e7e8-439a-6a8a-359a18600ab2"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325663512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671575516","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568789","enrichmentjoinbolt:joiner:ts":"1492671574167","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574074","uid":"COEONg3mQ4Em0mL7Cl","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:COEONg3mQ4Em0mL7Cl RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671554.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568792","Z":0,"adapter:geoadapter:end:ts":"1492671574074","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574170","qclass":1,"timestamp":1505325663512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568789","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568792","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574170","adapter:threatinteladapter:begin:ts":"1492671574844","guid":"d9430af3-e7e8-439a-6a8a-359a18600ab2"} |
| {"create": { "_id": "cb218e41-a5ee-02de-4c9b-6f32a1daad08"}} |
| {"bro_timestamp":1505325664512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575516","enrichmentsplitterbolt:splitter:begin:ts":"1492671568789","enrichmentjoinbolt:joiner:ts":"1492671574169","adapter:geoadapter:begin:ts":"1492671574074","uid":"CUrRne3iLIxXavQtci","trans_depth":248,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169420210 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:248 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671554.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568792","host":"node1","adapter:geoadapter:end:ts":"1492671574074","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574170","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325664512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568790","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568792","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484169420210","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574170","adapter:threatinteladapter:begin:ts":"1492671574844","guid":"cb218e41-a5ee-02de-4c9b-6f32a1daad08","response_body_len":0} |
| {"create": { "_id": "0807042c-8533-d560-a920-70734c1b3167"}} |
| {"bro_timestamp":1505325665512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575516","enrichmentsplitterbolt:splitter:begin:ts":"1492671568790","enrichmentjoinbolt:joiner:ts":"1492671574171","adapter:geoadapter:begin:ts":"1492671574074","uid":"CUrRne3iLIxXavQtci","trans_depth":225,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/persist/wizard-data?_=1484169340974 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:225 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671554.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568792","host":"node1","adapter:geoadapter:end:ts":"1492671574074","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574173","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325665512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568790","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568792","uri":"/api/v1/persist/wizard-data?_=1484169340974","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574173","adapter:threatinteladapter:begin:ts":"1492671574844","guid":"0807042c-8533-d560-a920-70734c1b3167","response_body_len":0} |
| {"create": { "_id": "bd83ca65-b047-f5ad-c1de-ea81f3c00526"}} |
| {"bro_timestamp":1505325666512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575516","enrichmentsplitterbolt:splitter:begin:ts":"1492671568790","enrichmentjoinbolt:joiner:ts":"1492671574171","adapter:geoadapter:begin:ts":"1492671574074","uid":"CUrRne3iLIxXavQtci","trans_depth":72,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/persist/wizard-data?_=1484168577645 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:72 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671554.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671568792","host":"node1","adapter:geoadapter:end:ts":"1492671574074","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574173","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325666512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568790","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568792","uri":"/api/v1/persist/wizard-data?_=1484168577645","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574173","adapter:threatinteladapter:begin:ts":"1492671574844","guid":"bd83ca65-b047-f5ad-c1de-ea81f3c00526","response_body_len":0} |
| {"create": { "_id": "74ad6556-b8c2-effa-378a-72324f6047c1"}} |
| {"bro_timestamp":1505325667512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575529","enrichmentsplitterbolt:splitter:begin:ts":"1492671568798","enrichmentjoinbolt:joiner:ts":"1492671574172","adapter:geoadapter:begin:ts":"1492671574075","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CS0Klt2K17mwMP7vhk","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49206 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/it.png tags:[] uid:CS0Klt2K17mwMP7vhk referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:552 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671562.0 id.resp_h:95.163.121.204 resp_fuids:[\"FKWiBF1Gy8wGBGhBf8\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568804","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574075","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574174","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FKWiBF1Gy8wGBGhBf8"],"timestamp":1505325667512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568798","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568804","uri":"/img/flags/it.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49206,"threatintelsplitterbolt:splitter:begin:ts":"1492671574174","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"74ad6556-b8c2-effa-378a-72324f6047c1","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":552} |
| {"create": { "_id": "cc3c77f0-3ac7-46e9-9d9b-7cdc3beda877"}} |
| {"bro_timestamp":1505325668512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575529","enrichmentsplitterbolt:splitter:begin:ts":"1492671568798","enrichmentjoinbolt:joiner:ts":"1492671574172","adapter:geoadapter:begin:ts":"1492671574075","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CXVtpNU35nZ84YA8","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49206 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/it.png tags:[] uid:CXVtpNU35nZ84YA8 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:552 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671562.0 id.resp_h:95.163.121.204 resp_fuids:[\"FE3NDt4dkZHIZkCnUe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568804","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574075","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574174","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FE3NDt4dkZHIZkCnUe"],"timestamp":1505325668512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568798","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568804","uri":"/img/flags/it.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49206,"threatintelsplitterbolt:splitter:begin:ts":"1492671574174","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"cc3c77f0-3ac7-46e9-9d9b-7cdc3beda877","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":552} |
| {"create": { "_id": "5cfff1c7-6bfc-4e8c-93f8-a1ef3d766fc7"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325669512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575529","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671568798","enrichmentjoinbolt:joiner:ts":"1492671574172","adapter:geoadapter:begin:ts":"1492671574075","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"Cy2mng1LLFX5PNxO27","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49197 status_code:404 method:POST request_body_len:134 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?t=cdcnw7cfz43rmtg tags:[] uid:Cy2mng1LLFX5PNxO27 resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FWlGTC25yZRLFJhet7\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671562.0 id.resp_h:204.152.254.221 resp_fuids:[\"FfpeV9JgbBDipuG63\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671568804","host":"runlove.us","adapter:geoadapter:end:ts":"1492671574075","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574174","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FfpeV9JgbBDipuG63"],"timestamp":1505325669512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671568798","request_body_len":134,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671568804","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?t=cdcnw7cfz43rmtg","tags":[],"orig_fuids":["FWlGTC25yZRLFJhet7"],"ip_src_port":49197,"threatintelsplitterbolt:splitter:begin:ts":"1492671574174","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"Not Found","guid":"5cfff1c7-6bfc-4e8c-93f8-a1ef3d766fc7","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "abfb2447-1e9b-1eeb-214d-bfd88cf43009"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325670512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575529","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671568799","enrichmentjoinbolt:joiner:ts":"1492671574174","trans_id":62139,"adapter:geoadapter:begin:ts":"1492671574075","uid":"Czlibt2NgLkfLp7FPh","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:50683 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:62139 rcode:0 rcode_name:NOERROR TC:false RA:true uid:Czlibt2NgLkfLp7FPh RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671562.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568805","Z":0,"adapter:geoadapter:end:ts":"1492671574075","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574177","qclass":1,"timestamp":1505325670512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568799","query":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568805","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":50683,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574177","adapter:threatinteladapter:begin:ts":"1492671574844","guid":"abfb2447-1e9b-1eeb-214d-bfd88cf43009"} |
| {"create": { "_id": "9a943c94-c666-4ccf-4089-da3b9046b782"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325671512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671575529","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568799","enrichmentjoinbolt:joiner:ts":"1492671574175","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574075","uid":"C9ZUYJ3kuk3bQNmZme","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:C9ZUYJ3kuk3bQNmZme RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671562.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568805","Z":0,"adapter:geoadapter:end:ts":"1492671574075","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574177","qclass":1,"timestamp":1505325671512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568799","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568805","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574177","adapter:threatinteladapter:begin:ts":"1492671574844","guid":"9a943c94-c666-4ccf-4089-da3b9046b782"} |
| {"create": { "_id": "da5f10fd-d07f-5e3b-9f06-339a40b97a5f"}} |
| {"bro_timestamp":1505325672512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575529","enrichmentsplitterbolt:splitter:begin:ts":"1492671568801","enrichmentjoinbolt:joiner:ts":"1492671574175","adapter:geoadapter:begin:ts":"1492671574075","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C1qlzE2SalKbpWSJGi","resp_mime_types":["image/png"],"trans_depth":3,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49210 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/button_pay.png tags:[] uid:C1qlzE2SalKbpWSJGi referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:727 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671562.0 id.resp_h:95.163.121.204 resp_fuids:[\"Fd2ecB4nK7EKV7lLA1\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671568805","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574075","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574177","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fd2ecB4nK7EKV7lLA1"],"timestamp":1505325672512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671568802","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568805","uri":"/img/button_pay.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49210,"threatintelsplitterbolt:splitter:begin:ts":"1492671574177","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"da5f10fd-d07f-5e3b-9f06-339a40b97a5f","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":727} |
| {"create": { "_id": "60568306-7621-d894-78ad-5f203e1c800d"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325673512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575529","qtype":1,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568802","enrichmentjoinbolt:joiner:ts":"1492671574175","trans_id":6088,"adapter:geoadapter:begin:ts":"1492671574075","uid":"CrZmAM1y0LRV8rfzV4","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:50509 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:kritischerkonsum.uni-koeln.de trans_id:6088 rcode:0 rcode_name:NOERROR TC:false RA:false uid:CrZmAM1y0LRV8rfzV4 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671562.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568805","Z":0,"adapter:geoadapter:end:ts":"1492671574075","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574177","qclass":1,"timestamp":1505325673512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568802","query":"kritischerkonsum.uni-koeln.de","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568805","rcode_name":"NOERROR","TC":false,"RA":false,"RD":true,"ip_src_port":50509,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574177","adapter:threatinteladapter:begin:ts":"1492671574844","guid":"60568306-7621-d894-78ad-5f203e1c800d"} |
| {"create": { "_id": "251f102f-98c2-16ba-e928-bfe325e26f09"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325674512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575529","qtype":1,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568802","enrichmentjoinbolt:joiner:ts":"1492671574175","trans_id":6088,"adapter:geoadapter:begin:ts":"1492671574075","uid":"C1kooa4oht2CzL3bFe","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:50509 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:kritischerkonsum.uni-koeln.de trans_id:6088 rcode:0 rcode_name:NOERROR TC:false RA:false uid:C1kooa4oht2CzL3bFe RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671562.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671568805","Z":0,"adapter:geoadapter:end:ts":"1492671574075","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574177","qclass":1,"timestamp":1505325674512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568802","query":"kritischerkonsum.uni-koeln.de","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671568805","rcode_name":"NOERROR","TC":false,"RA":false,"RD":true,"ip_src_port":50509,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574177","adapter:threatinteladapter:begin:ts":"1492671574844","guid":"251f102f-98c2-16ba-e928-bfe325e26f09"} |
| {"create": { "_id": "f39dc401-32e5-7f01-79bf-c61f9cf02cd9"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325675512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671575529","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671568802","enrichmentjoinbolt:joiner:ts":"1492671574175","trans_id":0,"adapter:geoadapter:begin:ts":"1492671574075","uid":"CC18jH3AC7y8NPST2b","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CC18jH3AC7y8NPST2b RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671562.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671568805","Z":0,"adapter:geoadapter:end:ts":"1492671574075","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574177","qclass":1,"timestamp":1505325675512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671568802","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671568805","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574177","adapter:threatinteladapter:begin:ts":"1492671574844","guid":"f39dc401-32e5-7f01-79bf-c61f9cf02cd9"} |
| {"create": { "_id": "72f00fcd-2347-d75b-5c0a-08086f9e2a23"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325676512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569374","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CHVSUC3iOxb3UpVxWd","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49194 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?60dbe33b908e0086292196ef001816bc tags:[] uid:CHVSUC3iOxb3UpVxWd trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569378","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574181","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325676512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569375","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569378","uri":"/?60dbe33b908e0086292196ef001816bc","tags":[],"ip_src_port":49194,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"72f00fcd-2347-d75b-5c0a-08086f9e2a23","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "dcb3afed-1b68-d88a-7adb-f38183867920"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325677512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569382","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CZOU9CQKfQzbTKGZ8","resp_mime_types":["application/x-shockwave-flash"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CZOU9CQKfQzbTKGZ8 referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236 resp_fuids:[\"F95sxB3DPck4oMGLmc\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F95sxB3DPck4oMGLmc"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569382","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49185,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"dcb3afed-1b68-d88a-7adb-f38183867920","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":8973} |
| {"create": { "_id": "50d6e395-0f31-a9c3-143e-25d7f44aadde"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325678512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"Cn2j4crCA6ckU3XP5","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49190 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b2566564b3ba1a38e61c83957a7dbcd5 tags:[] uid:Cn2j4crCA6ckU3XP5 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325678512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569383","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/?b2566564b3ba1a38e61c83957a7dbcd5","tags":[],"ip_src_port":49190,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"50d6e395-0f31-a9c3-143e-25d7f44aadde","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "e90a5ca0-599d-05f2-18c4-13b563606f2e"}} |
| {"bro_timestamp":1505325679512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cx8Ucg1r67RywyWab1","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:Cx8Ucg1r67RywyWab1 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"F3XRx03OXSVJ1iQGhe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3XRx03OXSVJ1iQGhe"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"e90a5ca0-599d-05f2-18c4-13b563606f2e","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} |
| {"create": { "_id": "fdb3c737-37fb-8bdf-6ace-78e8c41972a7"}} |
| {"bro_timestamp":1505325680512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569384","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","uid":"CUrRne3iLIxXavQtci","trans_depth":32,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168473040 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:32 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671567.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"node1","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574182","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325680512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168473040","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574845","guid":"fdb3c737-37fb-8bdf-6ace-78e8c41972a7","response_body_len":0} |
| {"create": { "_id": "735fcf0d-58f6-1b6a-9e33-8d94bc5a1be0"}} |
| {"bro_timestamp":1505325681512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569387","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","uid":"CUrRne3iLIxXavQtci","trans_depth":22,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168417107 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:22 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671567.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671569389","host":"node1","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574182","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325681512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569387","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569389","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168417107","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"735fcf0d-58f6-1b6a-9e33-8d94bc5a1be0","response_body_len":0} |
| {"create": { "_id": "09552ace-9c09-8069-a3f0-73e146579030"}} |
| {"bro_timestamp":1505325682512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569388","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C5UfKV32U65H7ojqJd","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:C5UfKV32U65H7ojqJd referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"FZKJP2gGkPyTrWpLe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569392","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZKJP2gGkPyTrWpLe"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569388","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569391","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"09552ace-9c09-8069-a3f0-73e146579030","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825} |
| {"create": { "_id": "1ff42d27-d69b-eab5-a2ca-7875ebf8336e"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325683512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575571","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671569393","enrichmentjoinbolt:joiner:ts":"1492671574179","trans_id":62139,"adapter:geoadapter:begin:ts":"1492671574077","uid":"C1fDU21X4Ys3xP7137","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:50683 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:62139 rcode:0 rcode_name:NOERROR TC:false RA:true uid:C1fDU21X4Ys3xP7137 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671567.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671569395","Z":0,"adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","qclass":1,"timestamp":1505325683512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671569393","query":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569395","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":50683,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"1ff42d27-d69b-eab5-a2ca-7875ebf8336e"} |
| {"create": { "_id": "ae14f2cf-6cc5-941f-2c98-9ce9b6e0bf81"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325684512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575571","qtype":1,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671569399","enrichmentjoinbolt:joiner:ts":"1492671574179","trans_id":6088,"adapter:geoadapter:begin:ts":"1492671574077","uid":"CqrOfMusHaczrDBz8","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:50509 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:kritischerkonsum.uni-koeln.de trans_id:6088 rcode:0 rcode_name:NOERROR TC:false RA:false uid:CqrOfMusHaczrDBz8 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671567.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671569401","Z":0,"adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","qclass":1,"timestamp":1505325684512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671569399","query":"kritischerkonsum.uni-koeln.de","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569401","rcode_name":"NOERROR","TC":false,"RA":false,"RD":true,"ip_src_port":50509,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"ae14f2cf-6cc5-941f-2c98-9ce9b6e0bf81"} |
| {"create": { "_id": "a105fca8-ec40-a98f-b64e-06e4d97a800f"}} |
| {"bro_timestamp":1505325685512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573715","enrichmentjoinbolt:joiner:ts":"1492671574181","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsUjA541poEzvhMfuf","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CsUjA541poEzvhMfuf referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"FGcm94EWzm8st4LQj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573729","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FGcm94EWzm8st4LQj"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573715","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573729","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"a105fca8-ec40-a98f-b64e-06e4d97a800f","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} |
| {"create": { "_id": "52ad66d7-80e8-9174-17f4-9b8e6e61fbc1"}} |
| {"bro_timestamp":1505325686512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573812","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CFbOTR2z2k8dUYUMmi","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CFbOTR2z2k8dUYUMmi resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"F73miB3YQ8nA17F2Te\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573815","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F73miB3YQ8nA17F2Te"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573812","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"52ad66d7-80e8-9174-17f4-9b8e6e61fbc1","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} |
| {"create": { "_id": "ba44eb73-69d8-ccd2-f08b-636f9c15b261"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325687512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573813","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CLKLkp1z9ZWAE0eou","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49186 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CLKLkp1z9ZWAE0eou referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"text\\/html\"] trans_depth:1 host:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:121635 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:62.75.195.236 resp_fuids:[\"FrcnSsZqVzpjB9o3j\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671573817","host":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FrcnSsZqVzpjB9o3j"],"timestamp":1505325687512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573813","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49186,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"ba44eb73-69d8-ccd2-f08b-636f9c15b261","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":121635} |
| {"create": { "_id": "6a437817-ef04-e264-2eef-5edd0b37d280"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325688512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573836","enrichmentjoinbolt:joiner:ts":"1492671574183","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"C7A9tv3exoi6fTWTbl","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49196 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?51424ddd486ff06861fceed24e86b329 tags:[] uid:C7A9tv3exoi6fTWTbl trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671573839","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325688512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573836","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671573839","uri":"/?51424ddd486ff06861fceed24e86b329","tags":[],"ip_src_port":49196,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"6a437817-ef04-e264-2eef-5edd0b37d280","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "6c56ef40-fc4c-66cd-e832-58255c95e80f"}} |
| {"bro_timestamp":1505325689512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575626","enrichmentsplitterbolt:splitter:begin:ts":"1492671573836","enrichmentjoinbolt:joiner:ts":"1492671574183","adapter:geoadapter:begin:ts":"1492671574077","uid":"CUrRne3iLIxXavQtci","trans_depth":101,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168700983 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:101 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671571.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671573839","host":"node1","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574186","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325689512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573836","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573839","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168700983","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"6c56ef40-fc4c-66cd-e832-58255c95e80f","response_body_len":0} |
| {"create": { "_id": "6bdea3e8-ff6e-92c5-22df-d6cb4bcd0816"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325690512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575626","enrichmentsplitterbolt:splitter:begin:ts":"1492671573836","enrichmentjoinbolt:joiner:ts":"1492671574183","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CizKum4RA7hB0qFURb","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49184 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?285a4d4e4e5a4d4d4649584c5d43064b4745 tags:[] uid:CizKum4RA7hB0qFURb resp_mime_types:[\"text\\/html\"] trans_depth:1 host:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:560 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:62.75.195.236 resp_fuids:[\"FoD83I2imv5L3WZMge\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671573839","host":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574187","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FoD83I2imv5L3WZMge"],"timestamp":1505325690512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573836","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671573839","uri":"/?285a4d4e4e5a4d4d4649584c5d43064b4745","tags":[],"ip_src_port":49184,"threatintelsplitterbolt:splitter:begin:ts":"1492671574187","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"6bdea3e8-ff6e-92c5-22df-d6cb4bcd0816","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":560} |
| {"create": { "_id": "f0b63cc6-10cf-12b2-998f-2705eff1af37"}} |
| {"bro_timestamp":1505325691512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575626","enrichmentsplitterbolt:splitter:begin:ts":"1492671573836","enrichmentjoinbolt:joiner:ts":"1492671574183","adapter:geoadapter:begin:ts":"1492671574077","uid":"CUrRne3iLIxXavQtci","trans_depth":267,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?ServiceComponentInfo/component_name=APP_TIMELINE_SERVER|ServiceComponentInfo/category=MASTER&fields=ServiceComponentInfo/service_name,host_components/HostRoles/display_name,host_components/HostRoles/host_name,host_components/HostRoles/state,host_components/HostRoles/maintenance_state,host_components/HostRoles/stale_configs,host_components/HostRoles/ha_state,host_components/HostRoles/desired_admin_state,,host_components/metrics/jvm/memHeapUsedM,host_components/metrics/jvm/HeapMemoryMax,host_components/metrics/jvm/HeapMemoryUsed,host_components/metrics/jvm/memHeapCommittedM,host_components/metrics/mapred/jobtracker/trackers_decommissioned,host_components/metrics/cpu/cpu_wio,host_components/metrics/rpc/client/RpcQueueTime_avg_time,host_components/metrics/dfs/FSNamesystem/*,host_components/metrics/dfs/namenode/Version,host_components/metrics/dfs/namenode/LiveNodes,host_components/metrics/dfs/namenode/DeadNodes,host_components/metrics/dfs/namenode/DecomNodes,host_components/metrics/dfs/namenode/TotalFiles,host_components/metrics/dfs/namenode/UpgradeFinalized,host_components/metrics/dfs/namenode/Safemode,host_components/metrics/runtime/StartTime,host_components/metrics/hbase/master/IsActiveMaster,host_components/metrics/hbase/master/MasterStartTime,host_components/metrics/hbase/master/MasterActiveTime,host_components/metrics/hbase/master/AverageLoad,host_components/metrics/master/AssignmentManger/ritCount,metrics/api/v1/cluster/summary,metrics/api/v1/topology/summary,metrics/api/v1/nimbus/summary,host_components/metrics/yarn/Queue,host_components/metrics/yarn/ClusterMetrics/NumActiveNMs,host_components/metrics/yarn/ClusterMetrics/NumLostNMs,host_components/metrics/yarn/ClusterMetrics/NumUnhealthyNMs,host_components/metrics/yarn/ClusterMetrics/NumRebootedNMs,host_components/metrics/yarn/ClusterMetrics/NumDecommissionedNMs&minimal_response=true&_=1484169508347 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:267 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671571.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671573839","host":"node1","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574187","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325691512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573836","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573839","uri":"/api/v1/clusters/metron_cluster/components/?ServiceComponentInfo/component_name=APP_TIMELINE_SERVER|ServiceComponentInfo/category=MASTER&fields=ServiceComponentInfo/service_name,host_components/HostRoles/display_name,host_components/HostRoles/host_name,host_components/HostRoles/state,host_components/HostRoles/maintenance_state,host_components/HostRoles/stale_configs,host_components/HostRoles/ha_state,host_components/HostRoles/desired_admin_state,,host_components/metrics/jvm/memHeapUsedM,host_components/metrics/jvm/HeapMemoryMax,host_components/metrics/jvm/HeapMemoryUsed,host_components/metrics/jvm/memHeapCommittedM,host_components/metrics/mapred/jobtracker/trackers_decommissioned,host_components/metrics/cpu/cpu_wio,host_components/metrics/rpc/client/RpcQueueTime_avg_time,host_components/metrics/dfs/FSNamesystem/*,host_components/metrics/dfs/namenode/Version,host_components/metrics/dfs/namenode/LiveNodes,host_components/metrics/dfs/namenode/DeadNodes,host_components/metrics/dfs/namenode/DecomNodes,host_components/metrics/dfs/namenode/TotalFiles,host_components/metrics/dfs/namenode/UpgradeFinalized,host_components/metrics/dfs/namenode/Safemode,host_components/metrics/runtime/StartTime,host_components/metrics/hbase/master/IsActiveMaster,host_components/metrics/hbase/master/MasterStartTime,host_components/metrics/hbase/master/MasterActiveTime,host_components/metrics/hbase/master/AverageLoad,host_components/metrics/master/AssignmentManger/ritCount,metrics/api/v1/cluster/summary,metrics/api/v1/topology/summary,metrics/api/v1/nimbus/summary,host_components/metrics/yarn/Queue,host_components/metrics/yarn/ClusterMetrics/NumActiveNMs,host_components/metrics/yarn/ClusterMetrics/NumLostNMs,host_components/metrics/yarn/ClusterMetrics/NumUnhealthyNMs,host_components/metrics/yarn/ClusterMetrics/NumRebootedNMs,host_components/metrics/yarn/ClusterMetrics/NumDecommissionedNMs&minimal_response=true&_=1484169508347","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574187","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"f0b63cc6-10cf-12b2-998f-2705eff1af37","response_body_len":0} |
| {"create": { "_id": "8eb077ae-3e8b-2bce-d0d1-c8b77fed1ab4"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325692512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575626","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671573836","enrichmentjoinbolt:joiner:ts":"1492671574183","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"C3u5Pq3rzUhwMB2ASh","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49199 status_code:404 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42 tags:[] uid:C3u5Pq3rzUhwMB2ASh resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"F23yAu1z7fwGC3ET1f\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:204.152.254.221 resp_fuids:[\"FaYkgYA4xB0uugYb2\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671573839","host":"runlove.us","adapter:geoadapter:end:ts":"1492671574078","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574187","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FaYkgYA4xB0uugYb2"],"timestamp":1505325692512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671573836","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671573839","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["F23yAu1z7fwGC3ET1f"],"ip_src_port":49199,"threatintelsplitterbolt:splitter:begin:ts":"1492671574187","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"Not Found","guid":"8eb077ae-3e8b-2bce-d0d1-c8b77fed1ab4","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "b37b463f-0386-3f6d-b9de-b253b0630093"}} |
| {"bro_timestamp":1505325693512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575626","enrichmentsplitterbolt:splitter:begin:ts":"1492671573836","enrichmentjoinbolt:joiner:ts":"1492671574184","adapter:geoadapter:begin:ts":"1492671574078","uid":"CUrRne3iLIxXavQtci","trans_depth":93,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168677471 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:93 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671571.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671573839","host":"node1","adapter:geoadapter:end:ts":"1492671574078","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574187","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325693512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573837","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573839","uri":"/api/v1/clusters/metron_cluster/components/?fields=ServiceComponentInfo/service_name,ServiceComponentInfo/category,ServiceComponentInfo/installed_count,ServiceComponentInfo/started_count,ServiceComponentInfo/init_count,ServiceComponentInfo/install_failed_count,ServiceComponentInfo/unknown_count,ServiceComponentInfo/total_count,ServiceComponentInfo/display_name,host_components/HostRoles/host_name&minimal_response=true&_=1484168677471","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574187","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"b37b463f-0386-3f6d-b9de-b253b0630093","response_body_len":0} |
| {"create": { "_id": "da975b10-d204-949d-3af7-64eb9d81fdf8"}} |
| {"TTLs":[13888],"qclass_name":"C_INTERNET","bro_timestamp":1505325694512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671579865","qtype":1,"rejected":false,"answers":["72.34.49.86"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671579840","enrichmentjoinbolt:joiner:ts":"1492671579850","trans_id":41589,"adapter:geoadapter:begin:ts":"1492671579843","uid":"C3eXwv2xg8aIqeOLCg","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671579855","original_string":"DNS | AA:false TTLs:[13888.0] qclass_name:C_INTERNET id.orig_p:56753 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:comarksecurity.com answers:[\"72.34.49.86\"] trans_id:41589 rcode:0 rcode_name:NOERROR TC:false RA:true uid:C3eXwv2xg8aIqeOLCg RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671576.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671579843","Z":0,"adapter:geoadapter:end:ts":"1492671579843","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671579852","qclass":1,"timestamp":1505325694512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671579840","query":"comarksecurity.com","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671579843","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":56753,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671579852","adapter:threatinteladapter:begin:ts":"1492671579855","guid":"da975b10-d204-949d-3af7-64eb9d81fdf8"} |
| {"create": { "_id": "71945287-a8c8-2dad-aaee-096b9aef52d1"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325695512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671579865","enrichmentsplitterbolt:splitter:begin:ts":"1492671579840","enrichmentjoinbolt:joiner:ts":"1492671579850","adapter:geoadapter:begin:ts":"1492671579843","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"C06A6B2DDhvUjCxbTg","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671579855","original_string":"HTTP | id.orig_p:49190 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b2566564b3ba1a38e61c83957a7dbcd5 tags:[] uid:C06A6B2DDhvUjCxbTg trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671576.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671579843","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671579843","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671579852","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325695512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671579840","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671579843","uri":"/?b2566564b3ba1a38e61c83957a7dbcd5","tags":[],"ip_src_port":49190,"threatintelsplitterbolt:splitter:begin:ts":"1492671579852","adapter:threatinteladapter:begin:ts":"1492671579855","status_msg":"OK","guid":"71945287-a8c8-2dad-aaee-096b9aef52d1","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "3415b333-4f63-7d03-cd0f-f00c8639d3b0"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325696512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671579867","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671579841","enrichmentjoinbolt:joiner:ts":"1492671579850","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671579843","uid":"CXiPrelEswy2Vy506","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671579866","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CXiPrelEswy2Vy506 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671576.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671579843","Z":0,"adapter:geoadapter:end:ts":"1492671579843","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671579852","qclass":1,"timestamp":1505325696512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671579841","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671579843","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671579852","adapter:threatinteladapter:begin:ts":"1492671579855","guid":"3415b333-4f63-7d03-cd0f-f00c8639d3b0"} |
| {"create": { "_id": "e4734d5e-8221-460d-a2e5-6afbafe7cd96"}} |
| {"bro_timestamp":1505325697512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671579867","enrichmentsplitterbolt:splitter:begin:ts":"1492671579841","enrichmentjoinbolt:joiner:ts":"1492671579850","adapter:geoadapter:begin:ts":"1492671579844","uid":"CUrRne3iLIxXavQtci","trans_depth":79,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671579866","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/persist/wizard-data?_=1484168597134 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:79 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671576.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671579843","host":"node1","adapter:geoadapter:end:ts":"1492671579844","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671579852","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325697512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671579841","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671579843","uri":"/api/v1/persist/wizard-data?_=1484168597134","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671579852","adapter:threatinteladapter:begin:ts":"1492671579866","guid":"e4734d5e-8221-460d-a2e5-6afbafe7cd96","response_body_len":0} |
| {"create": { "_id": "2681ed49-bb4c-8807-9b0e-69c33a80d429"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325698512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671579877","enrichmentsplitterbolt:splitter:begin:ts":"1492671579860","enrichmentjoinbolt:joiner:ts":"1492671579865","adapter:geoadapter:begin:ts":"1492671579862","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CW5RvsMStnenkVMN9","resp_mime_types":["application/x-dosexec"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671579870","original_string":"HTTP | id.orig_p:49189 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b514ee6f0fe486009a6d83b035a4c0bd tags:[] uid:CW5RvsMStnenkVMN9 resp_mime_types:[\"application\\/x-dosexec\"] trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:221184 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671576.0 id.resp_h:62.75.195.236 resp_fuids:[\"FJbBkl1yTXU8JMGR4l\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671579862","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671579862","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671579868","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FJbBkl1yTXU8JMGR4l"],"timestamp":1505325698512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671579860","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671579862","uri":"/?b514ee6f0fe486009a6d83b035a4c0bd","tags":[],"ip_src_port":49189,"threatintelsplitterbolt:splitter:begin:ts":"1492671579868","adapter:threatinteladapter:begin:ts":"1492671579870","status_msg":"OK","guid":"2681ed49-bb4c-8807-9b0e-69c33a80d429","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":221184} |
| {"create": { "_id": "0a98f4c6-d1cb-695e-a6ce-a480d9eaff84"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325699512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671579881","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671579865","enrichmentjoinbolt:joiner:ts":"1492671579870","trans_id":62139,"adapter:geoadapter:begin:ts":"1492671579868","uid":"CdZ0AH1QBmDVfSSbR1","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671579877","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:50683 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:62139 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CdZ0AH1QBmDVfSSbR1 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671576.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671579868","Z":0,"adapter:geoadapter:end:ts":"1492671579868","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671579875","qclass":1,"timestamp":1505325699512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671579865","query":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671579868","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":50683,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671579875","adapter:threatinteladapter:begin:ts":"1492671579877","guid":"0a98f4c6-d1cb-695e-a6ce-a480d9eaff84"} |
| {"create": { "_id": "5e255288-6706-a88a-78fb-0479a33633da"}} |
| {"bro_timestamp":1505325700512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671579941","enrichmentsplitterbolt:splitter:begin:ts":"1492671579925","enrichmentjoinbolt:joiner:ts":"1492671579931","adapter:geoadapter:begin:ts":"1492671579928","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CXVtpNU35nZ84YA8","resp_mime_types":["image/png"],"trans_depth":3,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671579938","original_string":"HTTP | id.orig_p:49206 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/fr.png tags:[] uid:CXVtpNU35nZ84YA8 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:3 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:694 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671576.0 id.resp_h:95.163.121.204 resp_fuids:[\"Fj5prf70hSFvmNwE3\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671579928","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671579928","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671579933","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fj5prf70hSFvmNwE3"],"timestamp":1505325700512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671579925","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671579928","uri":"/img/flags/fr.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49206,"threatintelsplitterbolt:splitter:begin:ts":"1492671579933","adapter:threatinteladapter:begin:ts":"1492671579938","status_msg":"OK","guid":"5e255288-6706-a88a-78fb-0479a33633da","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":694} |
| {"create": { "_id": "1315deaf-3634-0f88-f49c-d58e95e57e70"}} |
| {"bro_timestamp":1505325701512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671579941","enrichmentsplitterbolt:splitter:begin:ts":"1492671579925","enrichmentjoinbolt:joiner:ts":"1492671579931","adapter:geoadapter:begin:ts":"1492671579928","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CodIOCgeqZXqVSCg6","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671579938","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CodIOCgeqZXqVSCg6 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671576.0 id.resp_h:95.163.121.204 resp_fuids:[\"Ft8inr3vk76ny20gZ2\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671579928","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671579928","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671579933","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Ft8inr3vk76ny20gZ2"],"timestamp":1505325701512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671579925","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671579928","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671579933","adapter:threatinteladapter:begin:ts":"1492671579938","status_msg":"OK","guid":"1315deaf-3634-0f88-f49c-d58e95e57e70","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} |
| {"create": { "_id": "a34767eb-4e08-da6e-6289-8cddb3a698bf"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325702512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671583960","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671583947","enrichmentjoinbolt:joiner:ts":"1492671583953","trans_id":18350,"adapter:geoadapter:begin:ts":"1492671583950","uid":"Ctahny1SAJIPESqly2","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671583957","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:60078 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:18350 rcode:0 rcode_name:NOERROR TC:false RA:true uid:Ctahny1SAJIPESqly2 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671582.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671583950","Z":0,"adapter:geoadapter:end:ts":"1492671583950","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671583955","qclass":1,"timestamp":1505325702512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671583947","query":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671583950","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":60078,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671583955","adapter:threatinteladapter:begin:ts":"1492671583957","guid":"a34767eb-4e08-da6e-6289-8cddb3a698bf"} |
| {"create": { "_id": "e7232351-acd8-0887-1b90-6e94013b116e"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325703512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671583978","enrichmentsplitterbolt:splitter:begin:ts":"1492671583963","enrichmentjoinbolt:joiner:ts":"1492671583969","adapter:geoadapter:begin:ts":"1492671583966","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"Cc6ah61Auo5Q5S9oA7","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671583975","original_string":"HTTP | id.orig_p:49190 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b2566564b3ba1a38e61c83957a7dbcd5 tags:[] uid:Cc6ah61Auo5Q5S9oA7 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671582.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671583966","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671583966","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671583971","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325703512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671583963","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671583966","uri":"/?b2566564b3ba1a38e61c83957a7dbcd5","tags":[],"ip_src_port":49190,"threatintelsplitterbolt:splitter:begin:ts":"1492671583971","adapter:threatinteladapter:begin:ts":"1492671583975","status_msg":"OK","guid":"e7232351-acd8-0887-1b90-6e94013b116e","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "707dcc7c-b175-3499-0f69-8b9056331f16"}} |
| {"bro_timestamp":1505325704512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671583978","enrichmentsplitterbolt:splitter:begin:ts":"1492671583963","enrichmentjoinbolt:joiner:ts":"1492671583970","adapter:geoadapter:begin:ts":"1492671583966","uid":"CUrRne3iLIxXavQtci","trans_depth":115,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671583976","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168753105 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:115 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671582.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671583966","host":"node1","adapter:geoadapter:end:ts":"1492671583966","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671583971","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325704512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671583963","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671583966","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168753105","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671583971","adapter:threatinteladapter:begin:ts":"1492671583976","guid":"707dcc7c-b175-3499-0f69-8b9056331f16","response_body_len":0} |
| {"create": { "_id": "500eb5e2-676c-2001-93d5-5537b0f98772"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325705512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671583978","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671583963","enrichmentjoinbolt:joiner:ts":"1492671583970","adapter:geoadapter:begin:ts":"1492671583966","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CMipoZ3HSfc13OCrqc","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671583976","original_string":"HTTP | id.orig_p:49202 status_code:200 method:POST request_body_len:162 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=mfymi71rapdzk tags:[] uid:CMipoZ3HSfc13OCrqc resp_mime_types:[\"image\\/png\"] trans_depth:1 orig_fuids:[\"F4M5Od2l4nUNvzVQt6\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:45662 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671582.0 id.resp_h:72.34.49.86 resp_fuids:[\"FZVjnb28KmH9pX5L71\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671583966","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671583966","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671583971","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZVjnb28KmH9pX5L71"],"timestamp":1505325705512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671583963","request_body_len":162,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671583966","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?u=mfymi71rapdzk","tags":[],"orig_fuids":["F4M5Od2l4nUNvzVQt6"],"ip_src_port":49202,"threatintelsplitterbolt:splitter:begin:ts":"1492671583971","adapter:threatinteladapter:begin:ts":"1492671583976","status_msg":"OK","guid":"500eb5e2-676c-2001-93d5-5537b0f98772","enrichments:geo:ip_dst_addr:country":"US","response_body_len":45662} |
| {"create": { "_id": "36194c56-7f1f-a302-ce60-cb56e61a299c"}} |
| {"bro_timestamp":1505325706512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671583980","enrichmentsplitterbolt:splitter:begin:ts":"1492671583963","enrichmentjoinbolt:joiner:ts":"1492671583970","adapter:geoadapter:begin:ts":"1492671583966","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cxo2i52HmVbQpiKMQ4","resp_mime_types":["text/html"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671583977","original_string":"HTTP | id.orig_p:49209 status_code:200 method:POST request_body_len:14 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/11iQmfg tags:[] uid:Cxo2i52HmVbQpiKMQ4 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"text\\/html\"] trans_depth:2 orig_fuids:[\"FUkFxk1Y288ejveaRk\"] host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14641 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671582.0 id.resp_h:95.163.121.204 resp_fuids:[\"FGxUguvIeTeXrSqp1\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671583966","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671583966","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671583973","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FGxUguvIeTeXrSqp1"],"timestamp":1505325706512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671583963","request_body_len":14,"adapter:hostfromjsonlistadapter:begin:ts":"1492671583966","orig_mime_types":["text/plain"],"uri":"/11iQmfg","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","orig_fuids":["FUkFxk1Y288ejveaRk"],"ip_src_port":49209,"threatintelsplitterbolt:splitter:begin:ts":"1492671583973","adapter:threatinteladapter:begin:ts":"1492671583977","status_msg":"OK","guid":"36194c56-7f1f-a302-ce60-cb56e61a299c","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":14641} |
| {"create": { "_id": "d887fe69-ce1b-4764-755c-602fdba06dbc"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325707512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671583980","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671583964","enrichmentjoinbolt:joiner:ts":"1492671583970","trans_id":0,"adapter:geoadapter:begin:ts":"1492671583966","uid":"C8f2de1xQPeJGJIFn3","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671583977","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:C8f2de1xQPeJGJIFn3 RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671582.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671583966","Z":0,"adapter:geoadapter:end:ts":"1492671583966","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671583973","qclass":1,"timestamp":1505325707512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671583964","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671583966","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671583973","adapter:threatinteladapter:begin:ts":"1492671583977","guid":"d887fe69-ce1b-4764-755c-602fdba06dbc"} |
| {"create": { "_id": "06e70f55-434b-cdde-8892-b4f486927126"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325708512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671583980","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671583964","enrichmentjoinbolt:joiner:ts":"1492671583970","adapter:geoadapter:begin:ts":"1492671583966","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"Cla9QF2FiQvwcZp8ol","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671583977","original_string":"HTTP | id.orig_p:49201 status_code:404 method:POST request_body_len:162 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?u=mfymi71rapdzk tags:[] uid:Cla9QF2FiQvwcZp8ol resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"FSvRt73AWDL2IY6vmb\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671582.0 id.resp_h:204.152.254.221 resp_fuids:[\"Fav9N61XYiIapb8Chl\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671583966","host":"runlove.us","adapter:geoadapter:end:ts":"1492671583966","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671583973","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fav9N61XYiIapb8Chl"],"timestamp":1505325708512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671583964","request_body_len":162,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671583966","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?u=mfymi71rapdzk","tags":[],"orig_fuids":["FSvRt73AWDL2IY6vmb"],"ip_src_port":49201,"threatintelsplitterbolt:splitter:begin:ts":"1492671583973","adapter:threatinteladapter:begin:ts":"1492671583977","status_msg":"Not Found","guid":"06e70f55-434b-cdde-8892-b4f486927126","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "5816dfd1-ba52-3510-5a47-dd6c49111e84"}} |
| {"bro_timestamp":1505325709512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671583980","enrichmentsplitterbolt:splitter:begin:ts":"1492671583965","enrichmentjoinbolt:joiner:ts":"1492671583972","adapter:geoadapter:begin:ts":"1492671583967","uid":"CUrRne3iLIxXavQtci","trans_depth":137,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671583977","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168913989 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:137 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671582.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671583967","host":"node1","adapter:geoadapter:end:ts":"1492671583967","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671583974","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325709512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671583965","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671583967","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168913989","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671583974","adapter:threatinteladapter:begin:ts":"1492671583977","guid":"5816dfd1-ba52-3510-5a47-dd6c49111e84","response_body_len":0} |
| {"create": { "_id": "5729d489-72e7-548a-1783-ab36157ced23"}} |
| {"bro_timestamp":1505325710512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671583980","enrichmentsplitterbolt:splitter:begin:ts":"1492671583966","enrichmentjoinbolt:joiner:ts":"1492671583972","adapter:geoadapter:begin:ts":"1492671583969","uid":"CUrRne3iLIxXavQtci","trans_depth":60,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671583977","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/desired_configs/cluster-env&_=1484168550793 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:60 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671582.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671583969","host":"node1","adapter:geoadapter:end:ts":"1492671583969","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671583974","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325710512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671583966","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671583969","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/desired_configs/cluster-env&_=1484168550793","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671583974","adapter:threatinteladapter:begin:ts":"1492671583977","guid":"5729d489-72e7-548a-1783-ab36157ced23","response_body_len":0} |
| {"create": { "_id": "48fc3a55-4302-8cad-0872-fe3479974d34"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325711512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671587421","enrichmentsplitterbolt:splitter:begin:ts":"1492671587404","enrichmentjoinbolt:joiner:ts":"1492671587414","adapter:geoadapter:begin:ts":"1492671587407","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CUkdxduXvsIGZb5J5","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671587419","original_string":"HTTP | id.orig_p:49186 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CUkdxduXvsIGZb5J5 referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"text\\/html\"] trans_depth:1 host:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:121635 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671586.0 id.resp_h:62.75.195.236 resp_fuids:[\"Fej3YQ2lu18ZR1j7Y7\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671587409","host":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671587407","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671587416","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fej3YQ2lu18ZR1j7Y7"],"timestamp":1505325711512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671587404","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671587409","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49186,"threatintelsplitterbolt:splitter:begin:ts":"1492671587416","adapter:threatinteladapter:begin:ts":"1492671587419","status_msg":"OK","guid":"48fc3a55-4302-8cad-0872-fe3479974d34","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":121635} |
| {"create": { "_id": "fd5dc2af-ab74-3068-050f-f901f7ebfa75"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325712512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671587421","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671587404","enrichmentjoinbolt:joiner:ts":"1492671587414","adapter:geoadapter:begin:ts":"1492671587407","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CIUgIH1yPiYbwdKim6","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671587419","original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9 tags:[] uid:CIUgIH1yPiYbwdKim6 resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FE8ori10gRf69hMDP8\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671586.0 id.resp_h:72.34.49.86 resp_fuids:[\"Fq66rI2S28km4wNg93\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671587409","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671587407","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671587416","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["Fq66rI2S28km4wNg93"],"timestamp":1505325712512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671587404","request_body_len":110,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671587409","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9","tags":[],"orig_fuids":["FE8ori10gRf69hMDP8"],"ip_src_port":49204,"threatintelsplitterbolt:splitter:begin:ts":"1492671587416","adapter:threatinteladapter:begin:ts":"1492671587419","status_msg":"OK","guid":"fd5dc2af-ab74-3068-050f-f901f7ebfa75","enrichments:geo:ip_dst_addr:country":"US","response_body_len":14} |
| {"create": { "_id": "e38be207-b9b2-7430-d5b4-2160a43e3378"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325713512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671587422","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671587406","enrichmentjoinbolt:joiner:ts":"1492671587415","trans_id":0,"adapter:geoadapter:begin:ts":"1492671587409","uid":"CWyFyi3pl5qWTuUWSh","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671587420","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CWyFyi3pl5qWTuUWSh RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671586.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671587409","Z":0,"adapter:geoadapter:end:ts":"1492671587409","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671587417","qclass":1,"timestamp":1505325713512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671587407","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671587409","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671587417","adapter:threatinteladapter:begin:ts":"1492671587420","guid":"e38be207-b9b2-7430-d5b4-2160a43e3378"} |
| {"create": { "_id": "5690946b-aefc-5b72-ae0c-474ab9094a7c"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325714512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671587426","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671587414","enrichmentjoinbolt:joiner:ts":"1492671587419","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671587416","uid":"Ca9cAC4yGPL6am4yZc","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671587424","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:Ca9cAC4yGPL6am4yZc RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671586.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671587416","Z":0,"adapter:geoadapter:end:ts":"1492671587416","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671587421","qclass":1,"timestamp":1505325714512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671587414","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671587416","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671587421","adapter:threatinteladapter:begin:ts":"1492671587423","guid":"5690946b-aefc-5b72-ae0c-474ab9094a7c"} |
| {"create": { "_id": "eba8eccb-babc-e3aa-40e7-ee0005325a90"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325715512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671587426","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671587414","enrichmentjoinbolt:joiner:ts":"1492671587419","trans_id":0,"adapter:geoadapter:begin:ts":"1492671587416","uid":"CeViBZ1CapumWgfFd3","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671587424","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CeViBZ1CapumWgfFd3 RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671586.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671587416","Z":0,"adapter:geoadapter:end:ts":"1492671587416","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671587421","qclass":1,"timestamp":1505325715512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671587414","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671587416","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671587421","adapter:threatinteladapter:begin:ts":"1492671587424","guid":"eba8eccb-babc-e3aa-40e7-ee0005325a90"} |
| {"create": { "_id": "27d3ead6-04a0-e2dc-3ba2-8a0dd40de7af"}} |
| {"TTLs":[14069],"qclass_name":"C_INTERNET","bro_timestamp":1505325716512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671587426","qtype":1,"rejected":false,"answers":["204.152.254.221"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671587414","enrichmentjoinbolt:joiner:ts":"1492671587419","trans_id":23625,"adapter:geoadapter:begin:ts":"1492671587416","uid":"CihBJY3TNk4IgI36kf","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671587424","original_string":"DNS | AA:false TTLs:[14069.0] qclass_name:C_INTERNET id.orig_p:61720 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:runlove.us answers:[\"204.152.254.221\"] trans_id:23625 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CihBJY3TNk4IgI36kf RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671586.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671587416","Z":0,"adapter:geoadapter:end:ts":"1492671587416","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671587421","qclass":1,"timestamp":1505325716512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671587414","query":"runlove.us","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671587416","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":61720,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671587421","adapter:threatinteladapter:begin:ts":"1492671587424","guid":"27d3ead6-04a0-e2dc-3ba2-8a0dd40de7af"} |
| {"create": { "_id": "65082865-7231-ee29-cb10-d544fba2b612"}} |
| {"bro_timestamp":1505325717512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671587427","enrichmentsplitterbolt:splitter:begin:ts":"1492671587415","enrichmentjoinbolt:joiner:ts":"1492671587420","adapter:geoadapter:begin:ts":"1492671587417","uid":"CUrRne3iLIxXavQtci","trans_depth":147,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671587425","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/persist/wizard-data?_=1484168947101 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:147 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671586.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671587417","host":"node1","adapter:geoadapter:end:ts":"1492671587417","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671587422","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325717512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671587415","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671587417","uri":"/api/v1/persist/wizard-data?_=1484168947101","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671587422","adapter:threatinteladapter:begin:ts":"1492671587425","guid":"65082865-7231-ee29-cb10-d544fba2b612","response_body_len":0} |
| {"create": { "_id": "fff34dd0-9f4a-da6a-1af4-84855e9bc419"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325718512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671591278","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671591261","enrichmentjoinbolt:joiner:ts":"1492671591270","adapter:geoadapter:begin:ts":"1492671591265","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"CdUJwG2Df90m0Y7OSi","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671591276","original_string":"HTTP | id.orig_p:49199 status_code:404 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42 tags:[] uid:CdUJwG2Df90m0Y7OSi resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"Fh9CoH303MQ3vTRjB\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671589.0 id.resp_h:204.152.254.221 resp_fuids:[\"F9iisA25ZMf02F0vS5\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671591265","host":"runlove.us","adapter:geoadapter:end:ts":"1492671591265","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671591274","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F9iisA25ZMf02F0vS5"],"timestamp":1505325718512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671591261","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671591265","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["Fh9CoH303MQ3vTRjB"],"ip_src_port":49199,"threatintelsplitterbolt:splitter:begin:ts":"1492671591274","adapter:threatinteladapter:begin:ts":"1492671591276","status_msg":"Not Found","guid":"fff34dd0-9f4a-da6a-1af4-84855e9bc419","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "adca96e3-1fb2-fe9b-baff-73979bf0b5f1"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325719512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671591278","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671591262","enrichmentjoinbolt:joiner:ts":"1492671591270","trans_id":0,"adapter:geoadapter:begin:ts":"1492671591265","uid":"Cx7bil4EcuyIC1pVvb","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671591276","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:Cx7bil4EcuyIC1pVvb RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671589.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671591265","Z":0,"adapter:geoadapter:end:ts":"1492671591265","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671591274","qclass":1,"timestamp":1505325719512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671591262","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671591265","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671591274","adapter:threatinteladapter:begin:ts":"1492671591276","guid":"adca96e3-1fb2-fe9b-baff-73979bf0b5f1"} |
| {"create": { "_id": "c935cefb-f5af-b1a8-b44e-db30cbbc71ff"}} |
| {"bro_timestamp":1505325720512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671591283","enrichmentsplitterbolt:splitter:begin:ts":"1492671591270","enrichmentjoinbolt:joiner:ts":"1492671591276","adapter:geoadapter:begin:ts":"1492671591273","uid":"CUrRne3iLIxXavQtci","trans_depth":42,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671591281","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/persist/wizard-data?_=1484168505053 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:42 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671589.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671591273","host":"node1","adapter:geoadapter:end:ts":"1492671591273","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671591278","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325720512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671591270","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671591273","uri":"/api/v1/persist/wizard-data?_=1484168505053","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671591278","adapter:threatinteladapter:begin:ts":"1492671591281","guid":"c935cefb-f5af-b1a8-b44e-db30cbbc71ff","response_body_len":0} |
| {"create": { "_id": "42f4ce28-8287-953e-a295-28b3d575b507"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325721512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671591283","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671591270","enrichmentjoinbolt:joiner:ts":"1492671591276","trans_id":0,"adapter:geoadapter:begin:ts":"1492671591273","uid":"CiQU4p2wRpvv10aeJc","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671591281","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CiQU4p2wRpvv10aeJc RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671589.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671591273","Z":0,"adapter:geoadapter:end:ts":"1492671591273","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671591278","qclass":1,"timestamp":1505325721512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671591270","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671591273","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671591278","adapter:threatinteladapter:begin:ts":"1492671591281","guid":"42f4ce28-8287-953e-a295-28b3d575b507"} |
| {"create": { "_id": "001b5451-6e62-a13a-ef6f-4a38ec4221ee"}} |
| {"bro_timestamp":1505325722512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671591283","enrichmentsplitterbolt:splitter:begin:ts":"1492671591271","enrichmentjoinbolt:joiner:ts":"1492671591276","adapter:geoadapter:begin:ts":"1492671591273","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"ClNvrm11cIpvatxVR2","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671591281","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:ClNvrm11cIpvatxVR2 resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671589.0 id.resp_h:95.163.121.204 resp_fuids:[\"FlIiHFeqqHoJP0GH4\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671591273","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671591273","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671591278","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FlIiHFeqqHoJP0GH4"],"timestamp":1505325722512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671591271","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671591273","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671591278","adapter:threatinteladapter:begin:ts":"1492671591281","status_msg":"OK","guid":"001b5451-6e62-a13a-ef6f-4a38ec4221ee","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} |
| {"create": { "_id": "aed3d10f-b99b-6370-6b51-ff8b8a139f25"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325723512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671591283","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671591271","enrichmentjoinbolt:joiner:ts":"1492671591276","trans_id":0,"adapter:geoadapter:begin:ts":"1492671591273","uid":"CkwtUK1ANyyZwj0PW1","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671591281","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:CkwtUK1ANyyZwj0PW1 RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671589.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671591273","Z":0,"adapter:geoadapter:end:ts":"1492671591273","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671591278","qclass":1,"timestamp":1505325723512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671591271","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671591273","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671591278","adapter:threatinteladapter:begin:ts":"1492671591281","guid":"aed3d10f-b99b-6370-6b51-ff8b8a139f25"} |
| {"create": { "_id": "2cc174d7-c049-aaf4-d0d6-138073777309"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325724512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671591283","enrichmentsplitterbolt:splitter:begin:ts":"1492671591271","enrichmentjoinbolt:joiner:ts":"1492671591276","adapter:geoadapter:begin:ts":"1492671591273","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CciqtZ3RI6woDv54qc","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671591281","original_string":"HTTP | id.orig_p:49196 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?51424ddd486ff06861fceed24e86b329 tags:[] uid:CciqtZ3RI6woDv54qc trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671589.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671591273","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671591273","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671591278","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325724512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671591271","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671591273","uri":"/?51424ddd486ff06861fceed24e86b329","tags":[],"ip_src_port":49196,"threatintelsplitterbolt:splitter:begin:ts":"1492671591278","adapter:threatinteladapter:begin:ts":"1492671591281","status_msg":"OK","guid":"2cc174d7-c049-aaf4-d0d6-138073777309","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "57cbd0d2-a0da-6d5f-dbb5-0b8e708f3cb6"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325725512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671591283","enrichmentsplitterbolt:splitter:begin:ts":"1492671591271","enrichmentjoinbolt:joiner:ts":"1492671591276","adapter:geoadapter:begin:ts":"1492671591273","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CKk1ea2VbK77VNpnz1","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671591281","original_string":"HTTP | id.orig_p:49186 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CKk1ea2VbK77VNpnz1 referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"text\\/html\"] trans_depth:1 host:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:121635 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671589.0 id.resp_h:62.75.195.236 resp_fuids:[\"F9bUtO6Cmh60Iu1Xj\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671591273","host":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671591273","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671591278","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F9bUtO6Cmh60Iu1Xj"],"timestamp":1505325725512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671591271","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671591273","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49186,"threatintelsplitterbolt:splitter:begin:ts":"1492671591278","adapter:threatinteladapter:begin:ts":"1492671591281","status_msg":"OK","guid":"57cbd0d2-a0da-6d5f-dbb5-0b8e708f3cb6","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":121635} |
| {"create": { "_id": "00814048-dee4-c3ad-5483-f4c9e6f27800"}} |
| {"bro_timestamp":1505325726512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671591285","enrichmentsplitterbolt:splitter:begin:ts":"1492671591272","enrichmentjoinbolt:joiner:ts":"1492671591277","adapter:geoadapter:begin:ts":"1492671591274","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CDRWth1RkZQBuVOyX2","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671591282","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CDRWth1RkZQBuVOyX2 resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671589.0 id.resp_h:95.163.121.204 resp_fuids:[\"FJygKu2sv9kbVQLbhh\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671591274","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671591274","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671591279","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FJygKu2sv9kbVQLbhh"],"timestamp":1505325726512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671591272","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671591274","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671591279","adapter:threatinteladapter:begin:ts":"1492671591282","status_msg":"OK","guid":"00814048-dee4-c3ad-5483-f4c9e6f27800","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} |
| {"create": { "_id": "3cf6c636-ea29-4654-1632-c38a2c130f1c"}} |
| {"bro_timestamp":1505325727512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594637","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CVxPm9xkzN80U39i9","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CVxPm9xkzN80U39i9 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FOUZap2sbK6jyWeLZ8\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594637","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594644","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FOUZap2sbK6jyWeLZ8"],"timestamp":1505325727512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","status_msg":"OK","guid":"3cf6c636-ea29-4654-1632-c38a2c130f1c","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} |
| {"create": { "_id": "fd436051-cfdd-c29a-e07c-a08a83740b23"}} |
| {"bro_timestamp":1505325728512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","uid":"CUrRne3iLIxXavQtci","trans_depth":241,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:241 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671593.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"node1","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671594645","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"fd436051-cfdd-c29a-e07c-a08a83740b23","response_body_len":0} |
| {"create": { "_id": "d41c8e3b-0b86-9084-2f6a-82db51a337fe"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325729512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"C5DBCB4BP3zJovMQlf","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9 tags:[] uid:C5DBCB4BP3zJovMQlf resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FMZdAx3UlrSOgAQdsj\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:72.34.49.86 resp_fuids:[\"FtEGkz1CUNMfkJKrZh\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FtEGkz1CUNMfkJKrZh"],"timestamp":1505325729512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":110,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9","tags":[],"orig_fuids":["FMZdAx3UlrSOgAQdsj"],"ip_src_port":49204,"threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","status_msg":"OK","guid":"d41c8e3b-0b86-9084-2f6a-82db51a337fe","enrichments:geo:ip_dst_addr:country":"US","response_body_len":14} |
| {"create": { "_id": "777d9c8c-4c97-08bd-09ba-66e9366cccd5"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325730512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594649","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","trans_id":18350,"adapter:geoadapter:begin:ts":"1492671594638","uid":"CLv9mm30dHjZkUTCSl","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:60078 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:18350 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CLv9mm30dHjZkUTCSl RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671594638","Z":0,"adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","qclass":1,"timestamp":1505363380000,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594635","query":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":60078,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"777d9c8c-4c97-08bd-09ba-66e9366cccd5"} |
| {"create": { "_id": "0e99ba49-46a8-8efe-098f-15456c107bc9"}} |
| {"bro_timestamp":1505325731512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594650","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CrRM6qLedsBZ3P0d8","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594648","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CrRM6qLedsBZ3P0d8 resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FlDlsY39iNQUeDK2Dj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594638","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594646","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FlDlsY39iNQUeDK2Dj"],"timestamp":1505325731512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671594646","adapter:threatinteladapter:begin:ts":"1492671594648","status_msg":"OK","guid":"0e99ba49-46a8-8efe-098f-15456c107bc9","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} |
| {"create": { "_id": "e9a942f0-9410-a2ef-79d3-297448ca7a9a"}} |
| {"bro_timestamp":1505325732512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594650","enrichmentsplitterbolt:splitter:begin:ts":"1492671594637","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594639","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CnSEYgebsnSclYt96","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594648","original_string":"HTTP | id.orig_p:49206 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/style.css tags:[] uid:CnSEYgebsnSclYt96 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"text\\/plain\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:4492 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"F3C3dl1uR9Wzd4W5k2\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594639","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594639","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594646","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3C3dl1uR9Wzd4W5k2"],"timestamp":1505325732512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594637","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594639","uri":"/img/style.css","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49206,"threatintelsplitterbolt:splitter:begin:ts":"1492671594646","adapter:threatinteladapter:begin:ts":"1492671594648","status_msg":"OK","guid":"e9a942f0-9410-a2ef-79d3-297448ca7a9a","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":4492} |
| {"create": { "_id": "cadf2f10-468c-2ad9-625c-39dce0668ea0"}} |
| {"bro_timestamp":1505325733512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cxo2i52HmVbQpiKMQ4","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/de.png tags:[] uid:Cxo2i52HmVbQpiKMQ4 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FPOfpJ1mfdIRvALw8j\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594643","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FPOfpJ1mfdIRvALw8j"],"timestamp":1505325733512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594643","uri":"/img/flags/de.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49209,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid":"cadf2f10-468c-2ad9-625c-39dce0668ea0","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":534} |
| {"create": { "_id": "becc5966-68a2-e67d-3493-b7bc9514e3c9"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325734512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CydFJ34ePzeFrkKCMc","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CydFJ34ePzeFrkKCMc trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671594644","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671594644","uri":"/?d71e0bd86db9587158745a986a4b3606","tags":[],"ip_src_port":49192,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid":"becc5966-68a2-e67d-3493-b7bc9514e3c9","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
| {"create": { "_id": "4d864bb0-0cb1-4005-f707-c62f7b0e7264"}} |
| {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325735512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594671","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594655","enrichmentjoinbolt:joiner:ts":"1492671594661","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671594657","uid":"CgJVs33o5YodJJYQyk","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594667","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CgJVs33o5YodJJYQyk RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671594657","Z":0,"adapter:geoadapter:end:ts":"1492671594657","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594664","qclass":1,"timestamp":1505363380000,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594655","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594657","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594664","adapter:threatinteladapter:begin:ts":"1492671594667","guid":"4d864bb0-0cb1-4005-f707-c62f7b0e7264"} |
| {"create": { "_id": "4c732cb0-05cc-bdb4-9898-886a93129aba"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325736512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CvI6xrY2n5mRaFjFa","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:49200 status_code:200 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42 tags:[] uid:CvI6xrY2n5mRaFjFa resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FE73U6RnooUIz1k3l\"] host:comarksecurity.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:996 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671596.0 id.resp_h:72.34.49.86 resp_fuids:[\"FbCMi2mD3uLfGjK7j\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671598098","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FbCMi2mD3uLfGjK7j"],"timestamp":1505325736512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671598092","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FE73U6RnooUIz1k3l"],"ip_src_port":49200,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","status_msg":"OK","guid":"4c732cb0-05cc-bdb4-9898-886a93129aba","enrichments:geo:ip_dst_addr:country":"US","response_body_len":996} |
| {"create": { "_id": "cb6a4983-48ac-4c00-2f44-9d1bd9b50575"}} |
| {"bro_timestamp":1505325737512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","uid":"CUrRne3iLIxXavQtci","trans_depth":118,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:118 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671596.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","host":"node1","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"cb6a4983-48ac-4c00-2f44-9d1bd9b50575","response_body_len":0} |
| {"create": { "_id": "a5e95569-a9ee-c024-ace7-7d0e2613b29a"}} |
| {"qclass_name":"C_INTERNET","bro_timestamp":1505325738512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671598104","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","trans_id":0,"adapter:geoadapter:begin:ts":"1492671598093","uid":"Cx7bil4EcuyIC1pVvb","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:Cx7bil4EcuyIC1pVvb RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671596.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","Z":0,"adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","qclass":1,"timestamp":1505325738512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671598090","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"a5e95569-a9ee-c024-ace7-7d0e2613b29a"} |
| {"create": { "_id": "fa91598f-51b2-2b60-11f2-6fbabc162b7e"}} |
| {"enrichments:geo:ip_dst_addr:locID":"5308655","bro_timestamp":1505325739512,"status_code":404,"enrichments:geo:ip_dst_addr:location_point":"33.4499,-112.0712","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichments:geo:ip_dst_addr:dmaCode":"753","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","enrichments:geo:ip_dst_addr:latitude":"33.4499","uid":"C3u5Pq3rzUhwMB2ASh","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:49199 status_code:404 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42 tags:[] uid:C3u5Pq3rzUhwMB2ASh resp_mime_types:[\"text\\/html\"] trans_depth:1 orig_fuids:[\"F23yAu1z7fwGC3ET1f\"] host:runlove.us status_msg:Not Found id.orig_h:192.168.138.158 response_body_len:357 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671596.0 id.resp_h:204.152.254.221 resp_fuids:[\"FaYkgYA4xB0uugYb2\"]","ip_dst_addr":"204.152.254.221","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","host":"runlove.us","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671598098","enrichments:geo:ip_dst_addr:longitude":"-112.0712","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FaYkgYA4xB0uugYb2"],"timestamp":1505325739512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Phoenix","enrichments:geo:ip_dst_addr:postalCode":"85004","adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/twentyfifteen/img5.php?l=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["F23yAu1z7fwGC3ET1f"],"ip_src_port":49199,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","status_msg":"Not Found","guid":"fa91598f-51b2-2b60-11f2-6fbabc162b7e","enrichments:geo:ip_dst_addr:country":"US","response_body_len":357} |
| {"create": { "_id": "c4c5e418-3938-099e-bb0d-37028a98dca8"}} |
| {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325740512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671598145","enrichmentsplitterbolt:splitter:begin:ts":"1492671598131","enrichmentjoinbolt:joiner:ts":"1492671598136","adapter:geoadapter:begin:ts":"1492671598134","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"C0e83h7ywPQy36qB8","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598142","original_string":"HTTP | id.orig_p:49190 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b2566564b3ba1a38e61c83957a7dbcd5 tags:[] uid:C0e83h7ywPQy36qB8 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671596.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671598134","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671598134","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671598139","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325740512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671598131","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671598134","uri":"/?b2566564b3ba1a38e61c83957a7dbcd5","tags":[],"ip_src_port":49190,"threatintelsplitterbolt:splitter:begin:ts":"1492671598139","adapter:threatinteladapter:begin:ts":"1492671598142","status_msg":"OK","guid":"c4c5e418-3938-099e-bb0d-37028a98dca8","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} |
