Project

General

Profile

Download (4.76 KB)

Bug #1862 » eve.json

The output. - Jason Ish, 08/14/2016 06:47 PM

 
{"timestamp":"2016-05-27T00:56:11.501610-0600","flow_id":3137425770,"pcap_cnt":4,"event_type":"alert","src_ip":"10.16.1.11","src_port":46652,"dest_ip":"82.165.177.154","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"www.testmyids.com","url":"\/","http_user_agent":"curl\/7.43.0","http_method":"GET","protocol":"HTTP\/1.1","length":0}}
{"timestamp":"2016-05-27T00:56:11.701195-0600","flow_id":3137425770,"pcap_cnt":6,"event_type":"alert","src_ip":"82.165.177.154","src_port":80,"dest_ip":"10.16.1.11","dest_port":46652,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2100498,"rev":7,"signature":"GPL ATTACK_RESPONSE id check returned root","category":"Potentially Bad Traffic","severity":2},"http":{"hostname":"www.testmyids.com","url":"\/","http_user_agent":"curl\/7.43.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":39}}
{"timestamp":"2016-05-27T00:56:11.701195-0600","flow_id":3137425770,"pcap_cnt":6,"event_type":"http","src_ip":"10.16.1.11","src_port":46652,"dest_ip":"82.165.177.154","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.testmyids.com","url":"\/","http_user_agent":"curl\/7.43.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":39}}
{"timestamp":"2016-05-27T00:56:11.701195-0600","flow_id":3137425770,"pcap_cnt":6,"event_type":"fileinfo","src_ip":"82.165.177.154","src_port":80,"dest_ip":"10.16.1.11","dest_port":46652,"proto":"TCP","http":{"hostname":"www.testmyids.com","url":"\/","http_user_agent":"curl\/7.43.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":39},"app_proto":"http","fileinfo":{"filename":"\/","state":"CLOSED","stored":false,"size":39,"tx_id":0}}
{"timestamp":"2016-05-27T00:56:11.900879-0600","flow_id":3137425770,"pcap_cnt":9,"event_type":"alert","src_ip":"82.165.177.154","src_port":80,"dest_ip":"10.16.1.11","dest_port":46652,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2100498,"rev":7,"signature":"GPL ATTACK_RESPONSE id check returned root","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2016-05-27T00:56:11.900923-0600","flow_id":3137425770,"event_type":"alert","src_ip":"82.165.177.154","src_port":80,"dest_ip":"10.16.1.11","dest_port":46652,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2100498,"rev":7,"signature":"GPL ATTACK_RESPONSE id check returned root","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2016-05-27T00:56:11.900923-0600","flow_id":3137425770,"event_type":"alert","src_ip":"82.165.177.154","src_port":80,"dest_ip":"10.16.1.11","dest_port":46652,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2100498,"rev":7,"signature":"GPL ATTACK_RESPONSE id check returned root","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2016-05-27T00:56:11.900923-0600","flow_id":3137425770,"event_type":"flow","src_ip":"10.16.1.11","src_port":46652,"dest_ip":"82.165.177.154","dest_port":80,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":6,"pkts_toclient":4,"bytes_toserver":425,"bytes_toclient":495,"start":"2016-05-27T00:56:11.304062-0600","end":"2016-05-27T00:56:11.900923-0600","age":0,"state":"closed","reason":"shutdown"},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed"}}
{"timestamp":"2016-08-14T17:43:17.857389-0600","event_type":"stats","stats":{"uptime":0,"decoder":{"pkts":10,"bytes":920,"invalid":0,"ipv4":10,"ipv6":0,"ethernet":10,"raw":0,"null":0,"sll":0,"tcp":10,"udp":0,"sctp":0,"icmpv4":0,"icmpv6":0,"ppp":0,"pppoe":0,"gre":0,"vlan":0,"vlan_qinq":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":92,"max_pkt_size":313,"erspan":0,"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0}},"flow":{"memcap":0,"spare":10000,"emerg_mode_entered":0,"emerg_mode_over":0,"tcp_reuse":0,"memuse":7154600},"defrag":{"ipv4":{"fragments":0,"reassembled":0,"timeouts":0},"ipv6":{"fragments":0,"reassembled":0,"timeouts":0},"max_frag_hits":0},"stream":{"3whs_ack_in_wrong_dir":0,"3whs_async_wrong_seq":0,"3whs_right_seq_wrong_ack_evasion":0},"tcp":{"sessions":1,"ssn_memcap_drop":0,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"no_flow":0,"syn":1,"synack":1,"rst":0,"segment_memcap_drop":0,"stream_depth_reached":0,"reassembly_gap":0,"memuse":4718400,"reassembly_memuse":12320544},"detect":{"alert":5,"mpm_list":0,"nonmpm_list":0,"fnonmpm_list":0,"match_list":0},"flow_mgr":{"closed_pruned":0,"new_pruned":0,"est_pruned":0},"dns":{"memuse":0,"memcap_state":0,"memcap_global":0},"http":{"memuse":0,"memcap":0}}}
(3-3/3)