eve.json - Suricata - Open Information Security Foundation

Support #1532 » eve.json

hao chen, 10/15/2015 11:30 AM

    
    {"timestamp":"2015-10-16T00:21:57.256063","pcap_cnt":1,"event_type":"dns","src_ip":"192.168.2.4","src_port":31332,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40793,"rrname":"start.ubuntu.com","rrtype":"A"}}

    {"timestamp":"2015-10-16T00:21:57.256093","pcap_cnt":2,"event_type":"dns","src_ip":"192.168.2.4","src_port":14094,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63592,"rrname":"start.ubuntu.com","rrtype":"AAAA"}}

    {"timestamp":"2015-10-16T00:21:57.256063","pcap_cnt":1,"event_type":"dns","src_ip":"192.168.2.4","src_port":31332,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":40793,"rrname":"start.ubuntu.com","rrtype":"A","ttl":752,"rdata":"91.189.89.240"}}

    {"timestamp":"2015-10-16T00:21:58.845739","pcap_cnt":34,"event_type":"dns","src_ip":"192.168.2.4","src_port":24658,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26456,"rrname":"shop.ubuntu.com","rrtype":"AAAA"}}

    {"timestamp":"2015-10-16T00:21:57.256093","pcap_cnt":2,"event_type":"dns","src_ip":"192.168.2.4","src_port":14094,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":63592,"rrname":"ubuntu.com","rrtype":"SOA","ttl":3600}}

    {"timestamp":"2015-10-16T00:21:57.256063","pcap_cnt":1,"event_type":"dns","src_ip":"192.168.2.4","src_port":31332,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":40793,"rrname":"start.ubuntu.com","rrtype":"A","ttl":752,"rdata":"91.189.90.40"}}

    {"timestamp":"2015-10-16T00:21:57.464326","pcap_cnt":6,"event_type":"dns","src_ip":"192.168.2.4","src_port":43356,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":215,"rrname":"tiles.services.mozilla.com","rrtype":"A"}}

    {"timestamp":"2015-10-16T00:21:58.691935","pcap_cnt":29,"event_type":"dns","src_ip":"192.168.2.4","src_port":18490,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32360,"rrname":"help.ubuntu.com","rrtype":"A"}}

    {"timestamp":"2015-10-16T00:21:57.464326","pcap_cnt":6,"event_type":"dns","src_ip":"192.168.2.4","src_port":43356,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":215,"rrname":"tiles.services.mozilla.com","rrtype":"CNAME","ttl":85}}

    {"timestamp":"2015-10-16T00:21:57.464326","pcap_cnt":6,"event_type":"dns","src_ip":"192.168.2.4","src_port":43356,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":215,"rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":77,"rdata":"52.26.119.85"}}

    {"timestamp":"2015-10-16T00:21:58.691935","pcap_cnt":29,"event_type":"dns","src_ip":"192.168.2.4","src_port":18490,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":32360,"rrname":"help.ubuntu.com","rrtype":"A","ttl":752,"rdata":"91.189.90.250"}}

    {"timestamp":"2015-10-16T00:22:00.827033","pcap_cnt":46,"event_type":"dns","src_ip":"192.168.2.4","src_port":11052,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32131,"rrname":"www.freescale.com","rrtype":"AAAA"}}

    {"timestamp":"2015-10-16T00:21:58.691935","pcap_cnt":29,"event_type":"dns","src_ip":"192.168.2.4","src_port":18490,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":32360,"rrname":"help.ubuntu.com","rrtype":"A","ttl":752,"rdata":"91.189.89.239"}}

    {"timestamp":"2015-10-16T00:21:57.464360","pcap_cnt":7,"event_type":"dns","src_ip":"192.168.2.4","src_port":8052,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51621,"rrname":"tiles.services.mozilla.com","rrtype":"AAAA"}}

    {"timestamp":"2015-10-16T00:21:57.464326","pcap_cnt":6,"event_type":"dns","src_ip":"192.168.2.4","src_port":43356,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":215,"rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":77,"rdata":"54.186.148.25"}}

    {"timestamp":"2015-10-16T00:22:00.827033","pcap_cnt":46,"event_type":"dns","src_ip":"192.168.2.4","src_port":11052,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":32131,"rrname":"www.freescale.com","rrtype":"CNAME","ttl":4221}}

    {"timestamp":"2015-10-16T00:22:00.826986","pcap_cnt":45,"event_type":"dns","src_ip":"192.168.2.4","src_port":42681,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12409,"rrname":"www.freescale.com","rrtype":"A"}}

    {"timestamp":"2015-10-16T00:21:58.998654","pcap_cnt":41,"event_type":"dns","src_ip":"192.168.2.4","src_port":25178,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14227,"rrname":"shop.ubuntu.com","rrtype":"A"}}

    {"timestamp":"2015-10-16T00:22:00.827033","pcap_cnt":46,"event_type":"dns","src_ip":"192.168.2.4","src_port":11052,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":32131,"rrname":"wildcard.freescale.com.edgekey.net","rrtype":"CNAME","ttl":26721}}

    {"timestamp":"2015-10-16T00:21:58.998654","pcap_cnt":41,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":25178,"proto":"UDP","dns":{"type":"answer","id":14227,"rrname":"shop.ubuntu.com","rrtype":"A","ttl":752,"rdata":"85.13.206.219"}}

    {"timestamp":"2015-10-16T00:22:00.826986","pcap_cnt":45,"event_type":"dns","src_ip":"192.168.2.4","src_port":42681,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":12409,"rrname":"www.freescale.com","rrtype":"CNAME","ttl":4220}}

    {"timestamp":"2015-10-16T00:21:57.464360","pcap_cnt":7,"event_type":"dns","src_ip":"192.168.2.4","src_port":8052,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":51621,"rrname":"tiles.services.mozilla.com","rrtype":"CNAME","ttl":85}}

    {"timestamp":"2015-10-16T00:22:00.826986","pcap_cnt":45,"event_type":"dns","src_ip":"192.168.2.4","src_port":42681,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":12409,"rrname":"wildcard.freescale.com.edgekey.net","rrtype":"CNAME","ttl":26720}}

    {"timestamp":"2015-10-16T00:21:58.691962","pcap_cnt":30,"event_type":"dns","src_ip":"192.168.2.4","src_port":14299,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21529,"rrname":"help.ubuntu.com","rrtype":"AAAA"}}

    {"timestamp":"2015-10-16T00:22:00.826986","pcap_cnt":45,"event_type":"dns","src_ip":"192.168.2.4","src_port":42681,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":12409,"rrname":"wildcard.freescale.com.edgekey.net.globalredir.akadns.net","rrtype":"CNAME","ttl":4220}}

    {"timestamp":"2015-10-16T00:21:57.464360","pcap_cnt":7,"event_type":"dns","src_ip":"192.168.2.4","src_port":8052,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":51621,"rrname":"r53-2.services.mozilla.com","rrtype":"SOA","ttl":102}}

    {"timestamp":"2015-10-16T00:22:00.826986","pcap_cnt":45,"event_type":"dns","src_ip":"192.168.2.4","src_port":42681,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":12409,"rrname":"e7735.ca2.s.tl88.net","rrtype":"A","ttl":27,"rdata":"219.154.70.21"}}

    {"timestamp":"2015-10-16T00:21:58.691962","pcap_cnt":30,"event_type":"dns","src_ip":"192.168.2.4","src_port":14299,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":21529,"rrname":"ubuntu.com","rrtype":"SOA","ttl":3600}}

    {"timestamp":"2015-10-16T00:22:00.827033","pcap_cnt":46,"event_type":"dns","src_ip":"192.168.2.4","src_port":11052,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":32131,"rrname":"wildcard.freescale.com.edgekey.net.globalredir.akadns.net","rrtype":"CNAME","ttl":4221}}

    {"timestamp":"2015-10-16T00:21:58.845739","pcap_cnt":34,"event_type":"dns","src_ip":"192.168.2.4","src_port":24658,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":26456,"rrname":"ubuntu.com","rrtype":"SOA","ttl":3600}}

    {"timestamp":"2015-10-16T00:21:58.999128","pcap_cnt":43,"event_type":"dns","src_ip":"192.168.2.4","src_port":40347,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55035,"rrname":"www.ubuntu.com","rrtype":"A"}}

    {"timestamp":"2015-10-16T00:21:58.680582","pcap_cnt":25,"event_type":"dns","src_ip":"192.168.2.4","src_port":40158,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8265,"rrname":"www.google.com","rrtype":"A"}}

    {"timestamp":"2015-10-16T00:21:57.256063","pcap_cnt":1,"event_type":"dns","src_ip":"192.168.2.4","src_port":31332,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":40793,"rrname":"start.ubuntu.com","rrtype":"A","ttl":752,"rdata":"91.189.90.41"}}

    {"timestamp":"2015-10-16T00:21:57.464326","pcap_cnt":6,"event_type":"dns","src_ip":"192.168.2.4","src_port":43356,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":215,"rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":77,"rdata":"54.187.97.23"}}

    {"timestamp":"2015-10-16T00:21:58.999128","pcap_cnt":43,"event_type":"dns","src_ip":"192.168.2.4","src_port":40347,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":55035,"rrname":"www.ubuntu.com","rrtype":"A","ttl":752,"rdata":"91.189.90.58"}}

    {"timestamp":"2015-10-16T00:22:00.827033","pcap_cnt":46,"event_type":"dns","src_ip":"192.168.2.4","src_port":11052,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":32131,"rrname":"ca2.s.tl88.net","rrtype":"SOA","ttl":1000}}

    {"timestamp":"2015-10-16T00:22:02.281781","pcap_cnt":106,"event_type":"dns","src_ip":"192.168.2.4","src_port":8147,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57526,"rrname":"ocsp.digicert.com","rrtype":"A"}}

    {"timestamp":"2015-10-16T00:21:57.256063","pcap_cnt":1,"event_type":"dns","src_ip":"192.168.2.4","src_port":31332,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":40793,"rrname":"start.ubuntu.com","rrtype":"A","ttl":752,"rdata":"91.189.89.88"}}

    {"timestamp":"2015-10-16T00:21:57.464326","pcap_cnt":6,"event_type":"dns","src_ip":"192.168.2.4","src_port":43356,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":215,"rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":77,"rdata":"54.191.219.103"}}

    {"timestamp":"2015-10-16T00:22:02.281781","pcap_cnt":106,"event_type":"dns","src_ip":"192.168.2.4","src_port":8147,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":57526,"rrname":"ocsp.digicert.com","rrtype":"CNAME","ttl":37349}}

    {"timestamp":"2015-10-16T00:21:57.464326","pcap_cnt":6,"event_type":"dns","src_ip":"192.168.2.4","src_port":43356,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":215,"rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":77,"rdata":"52.25.89.207"}}

    {"timestamp":"2015-10-16T00:22:02.281781","pcap_cnt":106,"event_type":"dns","src_ip":"192.168.2.4","src_port":8147,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":57526,"rrname":"cs9.wac.phicdn.net","rrtype":"A","ttl":3855,"rdata":"117.18.237.29"}}

    {"timestamp":"2015-10-16T00:21:57.464326","pcap_cnt":6,"event_type":"dns","src_ip":"192.168.2.4","src_port":43356,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":215,"rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":77,"rdata":"52.25.98.110"}}

    {"timestamp":"2015-10-16T00:21:57.464326","pcap_cnt":6,"event_type":"dns","src_ip":"192.168.2.4","src_port":43356,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":215,"rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":77,"rdata":"52.25.118.147"}}

    {"timestamp":"2015-10-16T00:21:57.464326","pcap_cnt":6,"event_type":"dns","src_ip":"192.168.2.4","src_port":43356,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":215,"rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":77,"rdata":"52.26.72.94"}}

    {"timestamp":"2015-10-16T00:22:01.621191","pcap_cnt":52,"event_type":"dns","src_ip":"192.168.2.4","src_port":56221,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46996,"rrname":"www.ubuntu.com","rrtype":"AAAA"}}

    {"timestamp":"2015-10-16T00:22:02.688556","pcap_cnt":407,"event_type":"dns","src_ip":"192.168.2.4","src_port":64667,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4946,"rrname":"ocsp.digicert.com","rrtype":"AAAA"}}

    {"timestamp":"2015-10-16T00:22:02.688573","pcap_cnt":408,"event_type":"dns","src_ip":"192.168.2.4","src_port":4246,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56139,"rrname":"safebrowsing.google.com","rrtype":"AAAA"}}

    {"timestamp":"2015-10-16T00:22:01.621191","pcap_cnt":52,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":56221,"proto":"UDP","dns":{"type":"answer","id":46996,"rrname":"www.ubuntu.com","rrtype":"SOA","ttl":3600}}

    {"timestamp":"2015-10-16T00:22:02.688556","pcap_cnt":407,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":64667,"proto":"UDP","dns":{"type":"answer","id":4946,"rrname":"ocsp.digicert.com","rrtype":"CNAME","ttl":37349}}

    {"timestamp":"2015-10-16T00:22:02.688573","pcap_cnt":408,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":4246,"proto":"UDP","dns":{"type":"answer","id":56139,"rrname":"safebrowsing.google.com","rrtype":"CNAME","ttl":50722}}

    {"timestamp":"2015-10-16T00:22:02.688556","pcap_cnt":407,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":64667,"proto":"UDP","dns":{"type":"answer","id":4946,"rrname":"wac.phicdn.net","rrtype":"SOA","ttl":600}}

    {"timestamp":"2015-10-16T00:22:02.688573","pcap_cnt":408,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":4246,"proto":"UDP","dns":{"type":"answer","id":56139,"rrname":"sb.l.google.com","rrtype":"AAAA","ttl":225,"rdata":"2404:6800:4005:080b:0000:0000:0000:200e"}}

    {"timestamp":"2015-10-16T00:21:58.680582","pcap_cnt":25,"event_type":"dns","src_ip":"192.168.2.4","src_port":40158,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":8265,"rrname":"www.google.com","rrtype":"A","ttl":288,"rdata":"216.58.221.36"}}

    {"timestamp":"2015-10-16T00:21:58.680609","pcap_cnt":26,"event_type":"dns","src_ip":"192.168.2.4","src_port":53170,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53744,"rrname":"www.google.com","rrtype":"AAAA"}}

    {"timestamp":"2015-10-16T00:21:58.622834","pcap_cnt":24,"event_type":"http","src_ip":"192.168.2.4","src_port":39792,"dest_ip":"91.189.89.240","dest_port":80,"proto":"TCP","http":{"hostname":"start.ubuntu.com","url":"\/15.04\/Google\/?sourceid=hp","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":"304","length":0}}

    {"timestamp":"2015-10-16T00:21:58.680609","pcap_cnt":26,"event_type":"dns","src_ip":"192.168.2.4","src_port":53170,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":53744,"rrname":"www.google.com","rrtype":"AAAA","ttl":298,"rdata":"2404:6800:4005:0800:0000:0000:0000:2004"}}

    {"timestamp":"2015-10-16T00:22:02.410473","pcap_cnt":177,"event_type":"dns","src_ip":"192.168.2.4","src_port":18223,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59605,"rrname":"self-repair.mozilla.org","rrtype":"A"}}

    {"timestamp":"2015-10-16T00:22:02.410473","pcap_cnt":177,"event_type":"dns","src_ip":"192.168.2.4","src_port":18223,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":59605,"rrname":"self-repair.mozilla.org","rrtype":"CNAME","ttl":55}}

    {"timestamp":"2015-10-16T00:22:02.410473","pcap_cnt":177,"event_type":"dns","src_ip":"192.168.2.4","src_port":18223,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"answer","id":59605,"rrname":"d22io8ipz38kkf.cloudfront.net","rrtype":"A","ttl":2109,"rdata":"243.185.187.39"}}

    {"timestamp":"2015-10-16T00:22:02.369718","pcap_cnt":145,"event_type":"alert","src_ip":"219.154.70.21","src_port":80,"dest_ip":"192.168.2.4","dest_port":35994,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":20,"rev":2,"signature":"FILE pdf claimed","category":"","severity":3}}

    {"timestamp":"2015-10-16T00:22:02.857390","pcap_cnt":607,"event_type":"http","src_ip":"192.168.2.4","src_port":53309,"dest_ip":"117.18.237.29","dest_port":80,"proto":"TCP","http":{"hostname":"ocsp.digicert.com","url":"\/","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0","http_content_type":"application\/ocsp-response","http_method":"POST","protocol":"HTTP\/1.1","status":"200","length":471}}

    {"timestamp":"2015-10-16T00:22:02.857390","pcap_cnt":607,"event_type":"fileinfo","src_ip":"192.168.2.4","src_port":53309,"dest_ip":"117.18.237.29","dest_port":80,"proto":"TCP","http":{"url":"\/","hostname":"ocsp.digicert.com","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0"},"fileinfo":{"filename":"\/","magic":"data","state":"CLOSED","md5":"b99a062803cb1502e572279e0295bcaf","stored":false,"size":83}}

    {"timestamp":"2015-10-16T00:22:02.280527","pcap_cnt":103,"event_type":"tls","src_ip":"192.168.2.4","src_port":52252,"dest_ip":"52.26.119.85","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=CA, L=Mountain View, O=Mozilla Foundation, CN=*.services.mozilla.com","issuerdn":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","fingerprint":"d3:62:4f:e8:cb:24:f8:a7:94:d6:27:2d:e3:06:f5:88:f5:16:7e:4d","version":"TLS 1.2"}}

    {"timestamp":"2015-10-16T00:22:02.478839","pcap_cnt":279,"event_type":"http","src_ip":"192.168.2.4","src_port":35994,"dest_ip":"219.154.70.21","dest_port":80,"proto":"TCP","http":{"hostname":"www.freescale.com","url":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0","http_content_type":"application\/pdf","http_method":"GET","protocol":"HTTP\/1.1","status":"206","length":65536}}

    {"timestamp":"2015-10-16T00:22:02.002793","pcap_cnt":59,"event_type":"alert","src_ip":"219.154.70.21","src_port":80,"dest_ip":"192.168.2.4","dest_port":35993,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":20,"rev":2,"signature":"FILE pdf claimed","category":"","severity":3}}

    {"timestamp":"2015-10-16T00:22:02.542682","pcap_cnt":310,"event_type":"alert","src_ip":"219.154.70.21","src_port":80,"dest_ip":"192.168.2.4","dest_port":35994,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":20,"rev":2,"signature":"FILE pdf claimed","category":"","severity":3}}

    {"timestamp":"2015-10-16T00:22:02.542682","pcap_cnt":310,"event_type":"fileinfo","src_ip":"219.154.70.21","src_port":80,"dest_ip":"192.168.2.4","dest_port":35994,"proto":"TCP","http":{"url":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","hostname":"www.freescale.com","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0"},"fileinfo":{"filename":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","magic":"PDF document, version 1.4","state":"CLOSED","md5":"0a7dec81641dec8692b91b9d0f2d4a11","stored":false,"size":65536}}

    {"timestamp":"2015-10-16T00:22:03.995280","pcap_cnt":1480,"event_type":"dns","src_ip":"192.168.2.4","src_port":14604,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":24488,"rrname":"self-repair.mozilla.org","rrtype":"AAAA"}}

    {"timestamp":"2015-10-16T00:22:03.995280","pcap_cnt":1480,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":14604,"proto":"UDP","dns":{"type":"answer","id":24488,"rrname":"self-repair.mozilla.org","rrtype":"CNAME","ttl":54}}

    {"timestamp":"2015-10-16T00:22:04.082827","pcap_cnt":1614,"event_type":"http","src_ip":"192.168.2.4","src_port":35995,"dest_ip":"219.154.70.21","dest_port":80,"proto":"TCP","http":{"hostname":"www.freescale.com","url":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0","http_content_type":"application\/pdf","http_method":"GET","protocol":"HTTP\/1.1","status":"206","length":65536}}

    {"timestamp":"2015-10-16T00:22:04.083967","pcap_cnt":1632,"event_type":"http","src_ip":"192.168.2.4","src_port":35994,"dest_ip":"219.154.70.21","dest_port":80,"proto":"TCP","http":{"hostname":"www.freescale.com","url":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0","http_content_type":"application\/pdf","http_method":"GET","protocol":"HTTP\/1.1","status":"206","length":6849}}

    {"timestamp":"2015-10-16T00:22:04.180140","pcap_cnt":1650,"event_type":"dns","src_ip":"192.168.2.4","src_port":12600,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20479,"rrname":"tiles-cloudfront.cdn.mozilla.net","rrtype":"A"}}

    {"timestamp":"2015-10-16T00:22:04.180140","pcap_cnt":1650,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":12600,"proto":"UDP","dns":{"type":"answer","id":20479,"rrname":"tiles-cloudfront.cdn.mozilla.net","rrtype":"CNAME","ttl":377}}

    {"timestamp":"2015-10-16T00:22:04.180140","pcap_cnt":1650,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":12600,"proto":"UDP","dns":{"type":"answer","id":20479,"rrname":"dcky6u1m8u6el.cloudfront.net","rrtype":"A","ttl":77,"rdata":"54.230.156.109"}}

    {"timestamp":"2015-10-16T00:22:04.180140","pcap_cnt":1650,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":12600,"proto":"UDP","dns":{"type":"answer","id":20479,"rrname":"dcky6u1m8u6el.cloudfront.net","rrtype":"A","ttl":77,"rdata":"54.192.158.70"}}

    {"timestamp":"2015-10-16T00:22:15.144712","pcap_cnt":1708,"event_type":"fileinfo","src_ip":"219.154.70.21","src_port":80,"dest_ip":"192.168.2.4","dest_port":35995,"proto":"TCP","http":{"url":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","hostname":"www.freescale.com","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0"},"fileinfo":{"filename":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","magic":"ASCII text, with very long lines, with no line terminators","state":"CLOSED","md5":"636503684228c41d873c04b0ee4dccb5","stored":false,"size":65536}}

    {"timestamp":"2015-10-16T00:22:04.180140","pcap_cnt":1650,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":12600,"proto":"UDP","dns":{"type":"answer","id":20479,"rrname":"dcky6u1m8u6el.cloudfront.net","rrtype":"A","ttl":77,"rdata":"54.230.156.7"}}

    {"timestamp":"2015-10-16T00:22:04.180140","pcap_cnt":1650,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":12600,"proto":"UDP","dns":{"type":"answer","id":20479,"rrname":"dcky6u1m8u6el.cloudfront.net","rrtype":"A","ttl":77,"rdata":"54.230.156.41"}}

    {"timestamp":"2015-10-16T00:22:04.180140","pcap_cnt":1650,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":12600,"proto":"UDP","dns":{"type":"answer","id":20479,"rrname":"dcky6u1m8u6el.cloudfront.net","rrtype":"A","ttl":77,"rdata":"54.230.156.57"}}

    {"timestamp":"2015-10-16T00:22:04.180140","pcap_cnt":1650,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":12600,"proto":"UDP","dns":{"type":"answer","id":20479,"rrname":"dcky6u1m8u6el.cloudfront.net","rrtype":"A","ttl":77,"rdata":"54.230.156.62"}}

    {"timestamp":"2015-10-16T00:22:04.180140","pcap_cnt":1650,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":12600,"proto":"UDP","dns":{"type":"answer","id":20479,"rrname":"dcky6u1m8u6el.cloudfront.net","rrtype":"A","ttl":77,"rdata":"54.230.156.70"}}

    {"timestamp":"2015-10-16T00:22:04.180140","pcap_cnt":1650,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":12600,"proto":"UDP","dns":{"type":"answer","id":20479,"rrname":"dcky6u1m8u6el.cloudfront.net","rrtype":"A","ttl":77,"rdata":"54.230.156.80"}}

    {"timestamp":"2015-10-16T00:22:04.932783","pcap_cnt":1665,"event_type":"tls","src_ip":"192.168.2.4","src_port":33645,"dest_ip":"54.230.156.109","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=CA, L=Mountain View, O=Mozilla Corporation, CN=*.cdn.mozilla.net","issuerdn":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","fingerprint":"58:17:3d:eb:94:10:44:27:ad:37:ea:91:fa:60:27:18:3b:e3:5b:e1","version":"TLS 1.2"}}

    {"timestamp":"2015-10-16T00:22:04.580066","pcap_cnt":1653,"event_type":"dns","src_ip":"192.168.2.4","src_port":43883,"dest_ip":"192.168.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":24142,"rrname":"tiles-cloudfront.cdn.mozilla.net","rrtype":"AAAA"}}

    {"timestamp":"2015-10-16T00:22:04.580066","pcap_cnt":1653,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":43883,"proto":"UDP","dns":{"type":"answer","id":24142,"rrname":"tiles-cloudfront.cdn.mozilla.net","rrtype":"CNAME","ttl":377}}

    {"timestamp":"2015-10-16T00:22:04.580066","pcap_cnt":1653,"event_type":"dns","src_ip":"192.168.2.1","src_port":53,"dest_ip":"192.168.2.4","dest_port":43883,"proto":"UDP","dns":{"type":"answer","id":24142,"rrname":"dcky6u1m8u6el.cloudfront.net","rrtype":"SOA","ttl":59}}

    {"timestamp":"2015-10-16T00:22:15.144826","pcap_cnt":1709,"event_type":"fileinfo","src_ip":"219.154.70.21","src_port":80,"dest_ip":"192.168.2.4","dest_port":35994,"proto":"TCP","http":{"url":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","hostname":"www.freescale.com","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0"},"fileinfo":{"filename":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","magic":"ASCII text, with CRLF, LF line terminators","state":"CLOSED","md5":"cf4da8d3b6ddb267e2347002351eddc1","stored":false,"size":6849}}

    {"timestamp":"2015-10-16T00:22:12.937343","pcap_cnt":1696,"event_type":"fileinfo","src_ip":"117.18.237.29","src_port":80,"dest_ip":"192.168.2.4","dest_port":53309,"proto":"TCP","http":{"url":"\/","hostname":"ocsp.digicert.com","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0"},"fileinfo":{"filename":"\/","magic":"data","state":"CLOSED","md5":"53a0706aafc39d176ccfa452d4ec3465","stored":false,"size":471}}

    {"timestamp":"2015-10-16T00:22:04.084686","pcap_cnt":1643,"event_type":"http","src_ip":"192.168.2.4","src_port":35993,"dest_ip":"219.154.70.21","dest_port":80,"proto":"TCP","http":{"hostname":"www.freescale.com","url":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0","http_content_type":"application\/pdf","http_method":"GET","protocol":"HTTP\/1.1","status":"200","length":793281}}

    {"timestamp":"2015-10-16T00:22:04.179869","pcap_cnt":1647,"event_type":"alert","src_ip":"219.154.70.21","src_port":80,"dest_ip":"192.168.2.4","dest_port":35993,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":20,"rev":2,"signature":"FILE pdf claimed","category":"","severity":3}}

    {"timestamp":"2015-10-16T00:22:04.179869","pcap_cnt":1647,"event_type":"fileinfo","src_ip":"219.154.70.21","src_port":80,"dest_ip":"192.168.2.4","dest_port":35993,"proto":"TCP","http":{"url":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","hostname":"www.freescale.com","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0"},"fileinfo":{"filename":"\/files\/analog\/doc\/data_sheet\/MC145018.pdf","magic":"PDF document, version 1.4","state":"CLOSED","md5":"069e4cfea127d9969ab8e419b2be3e41","stored":false,"size":793281}}

    {"timestamp":"2015-10-16T00:22:04.219580","pcap_cnt":1651,"event_type":"http","src_ip":"192.168.2.4","src_port":35993,"dest_ip":"219.154.70.21","dest_port":80,"proto":"TCP","http":{"hostname":"www.freescale.com","url":"\/favicon.ico","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0","http_content_type":"image\/x-icon","http_method":"GET","protocol":"HTTP\/1.1","status":"200","length":366}}

    {"timestamp":"2015-10-16T00:22:14.245677","pcap_cnt":1701,"event_type":"fileinfo","src_ip":"219.154.70.21","src_port":80,"dest_ip":"192.168.2.4","dest_port":35993,"proto":"TCP","http":{"url":"\/favicon.ico","hostname":"www.freescale.com","http_user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko\/20100101 Firefox\/41.0"},"fileinfo":{"filename":"\/favicon.ico","magic":"MS Windows icon resource - 1 icon, 16x16","state":"CLOSED","md5":"c40812b90df8880b944ba11fd365d623","stored":false,"size":1150}}

« Previous
1
…
3
4
5
6
7
…
10
Next »

(5-5/10)

Project

General

Profile

Suricata

Support #1532 » eve.json