{"timestamp":"2016-05-27T00:56:11.501610-0600","flow_id":3137425770,"pcap_cnt":4,"event_type":"alert","src_ip":"10.16.1.11","src_port":46652,"dest_ip":"82.165.177.154","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"www.testmyids.com","url":"\/","http_user_agent":"curl\/7.43.0","http_method":"GET","protocol":"HTTP\/1.1","length":0}}
{"timestamp":"2016-05-27T00:56:11.701195-0600","flow_id":3137425770,"pcap_cnt":6,"event_type":"alert","src_ip":"82.165.177.154","src_port":80,"dest_ip":"10.16.1.11","dest_port":46652,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2100498,"rev":7,"signature":"GPL ATTACK_RESPONSE id check returned root","category":"Potentially Bad Traffic","severity":2},"http":{"hostname":"www.testmyids.com","url":"\/","http_user_agent":"curl\/7.43.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":39}}
{"timestamp":"2016-05-27T00:56:11.900879-0600","flow_id":3137425770,"pcap_cnt":9,"event_type":"alert","src_ip":"82.165.177.154","src_port":80,"dest_ip":"10.16.1.11","dest_port":46652,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2100498,"rev":7,"signature":"GPL ATTACK_RESPONSE id check returned root","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2016-05-27T00:56:11.900923-0600","flow_id":3137425770,"event_type":"alert","src_ip":"82.165.177.154","src_port":80,"dest_ip":"10.16.1.11","dest_port":46652,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2100498,"rev":7,"signature":"GPL ATTACK_RESPONSE id check returned root","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2016-05-27T00:56:11.900923-0600","flow_id":3137425770,"event_type":"alert","src_ip":"82.165.177.154","src_port":80,"dest_ip":"10.16.1.11","dest_port":46652,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2100498,"rev":7,"signature":"GPL ATTACK_RESPONSE id check returned root","category":"Potentially Bad Traffic","severity":2}}