Project

General

Profile

Download (388 KB)

Feature #3663 » eve.json

Konstantin Klinger, 04/23/2020 07:13 AM

 
{"timestamp":"2010-08-21T04:10:40.051082+0200","flow_id":2169942931720074,"pcap_cnt":1,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"dns":{"query":[{"type":"query","id":4784,"rrname":"vaaaakardli.pirate.sea","rrtype":"NULL","tx_id":0}]},"app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":82,"bytes_toclient":0,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.051082+0200","flow_id":2169942931720074,"pcap_cnt":1,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4784,"rrname":"vaaaakardli.pirate.sea","rrtype":"NULL","tx_id":0}}
{"timestamp":"2010-08-21T04:10:40.051175+0200","flow_id":2169942931720074,"pcap_cnt":2,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":4784,"flags":"8400","qr":true,"aa":true,"rrname":"vaaaakardli.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"vaaaakardli.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.051979+0200","flow_id":2169942931720074,"pcap_cnt":3,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":2,"pkts_toclient":1,"bytes_toserver":185,"bytes_toclient":103,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.051979+0200","flow_id":2169942931720074,"pcap_cnt":3,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12511,"rrname":"laegpumiplhhpz12ynd1efljwlkjcgwy.pirate.sea","rrtype":"NULL","tx_id":2}}
{"timestamp":"2010-08-21T04:10:40.052258+0200","flow_id":2169942931720074,"pcap_cnt":4,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":12511,"flags":"8400","qr":true,"aa":true,"rrname":"laegpumiplhhpz12ynd1efljwlkjcgwy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"laegpumiplhhpz12ynd1efljwlkjcgwy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.057774+0200","flow_id":2169942931720074,"pcap_cnt":5,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":3,"pkts_toclient":2,"bytes_toserver":273,"bytes_toclient":247,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.057774+0200","flow_id":2169942931720074,"pcap_cnt":5,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20238,"rrname":"yrbi02.pirate.sea","rrtype":"NULL","tx_id":4}}
{"timestamp":"2010-08-21T04:10:40.057973+0200","flow_id":2169942931720074,"pcap_cnt":6,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":20238,"flags":"8400","qr":true,"aa":true,"rrname":"yrbi02.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"yrbi02.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.058185+0200","flow_id":2169942931720074,"pcap_cnt":7,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":396,"bytes_toclient":384,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.058185+0200","flow_id":2169942931720074,"pcap_cnt":7,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27965,"rrname":"zi03aA-Aaahhh-Drink-mal-ein-J\\xe4germeister-.pirate.sea","rrtype":"NULL","tx_id":6}}
{"timestamp":"2010-08-21T04:10:40.058315+0200","flow_id":2169942931720074,"pcap_cnt":8,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":27965,"flags":"8400","qr":true,"aa":true,"rrname":"zi03aA-Aaahhh-Drink-mal-ein-J\\xe4germeister-.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"zi03aA-Aaahhh-Drink-mal-ein-J\\xe4germeister-.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.058430+0200","flow_id":2169942931720074,"pcap_cnt":9,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":5,"pkts_toclient":4,"bytes_toserver":528,"bytes_toclient":550,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.058430+0200","flow_id":2169942931720074,"pcap_cnt":9,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35692,"rrname":"zi04aA-La-fl\\xfbte-na\\xefve-fran\\xe7aise-est-retir\\xe9-\\xe0-Cr\\xe8te.pirate.sea","rrtype":"NULL","tx_id":8}}
{"timestamp":"2010-08-21T04:10:40.058542+0200","flow_id":2169942931720074,"pcap_cnt":10,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":35692,"flags":"8400","qr":true,"aa":true,"rrname":"zi04aA-La-fl\\xfbte-na\\xefve-fran\\xe7aise-est-retir\\xe9-\\xe0-Cr\\xe8te.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"zi04aA-La-fl\\xfbte-na\\xefve-fran\\xe7aise-est-retir\\xe9-\\xe0-Cr\\xe8te.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.058649+0200","flow_id":2169942931720074,"pcap_cnt":11,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":6,"pkts_toclient":5,"bytes_toserver":666,"bytes_toclient":734,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.058649+0200","flow_id":2169942931720074,"pcap_cnt":11,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":6,"pkts_toclient":5,"bytes_toserver":666,"bytes_toclient":734,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:40.058649+0200","flow_id":2169942931720074,"pcap_cnt":11,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43419,"rrname":"zi05aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ.pirate.sea","rrtype":"NULL","tx_id":10}}
{"timestamp":"2010-08-21T04:10:40.058759+0200","flow_id":2169942931720074,"pcap_cnt":12,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":43419,"flags":"8400","qr":true,"aa":true,"rrname":"zi05aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"zi05aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.058865+0200","flow_id":2169942931720074,"pcap_cnt":13,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":7,"pkts_toclient":6,"bytes_toserver":784,"bytes_toclient":930,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.058865+0200","flow_id":2169942931720074,"pcap_cnt":13,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51146,"rrname":"zi1aaA0123456789\\xbc\\xbd\\xbe\\xbf\\xc0\\xc1\\xc2\\xc3\\xc4\\xc5\\xc6\\xc7\\xc8\\xc9\\xca\\xcb\\xcc\\xcd\\xce\\xcf.pirate.sea","rrtype":"NULL","tx_id":12}}
{"timestamp":"2010-08-21T04:10:40.058974+0200","flow_id":2169942931720074,"pcap_cnt":14,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":51146,"flags":"8400","qr":true,"aa":true,"rrname":"zi1aaA0123456789\\xbc\\xbd\\xbe\\xbf\\xc0\\xc1\\xc2\\xc3\\xc4\\xc5\\xc6\\xc7\\xc8\\xc9\\xca\\xcb\\xcc\\xcd\\xce\\xcf.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"zi1aaA0123456789\\xbc\\xbd\\xbe\\xbf\\xc0\\xc1\\xc2\\xc3\\xc4\\xc5\\xc6\\xc7\\xc8\\xc9\\xca\\xcb\\xcc\\xcd\\xce\\xcf.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.059078+0200","flow_id":2169942931720074,"pcap_cnt":15,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":8,"pkts_toclient":7,"bytes_toserver":918,"bytes_toclient":1086,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.059078+0200","flow_id":2169942931720074,"pcap_cnt":15,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58873,"rrname":"zi1baA\\xd0\\xd1\\xd2\\xd3\\xd4\\xd5\\xd6\\xd7\\xd8\\xd9\\xda\\xdb\\xdc\\xdd\\xde\\xdf\\xe0\\xe1\\xe2\\xe3\\xe4\\xe5\\xe6\\xe7\\xe8\\xe9\\xea\\xeb\\xec\\xed\\xee\\xef\\xf0\\xf1\\xf2\\xf3\\xf4\\xf5\\xf6\\xf7\\xf8\\xf9\\xfa\\xfb\\xfc\\xfd.pirate.sea","rrtype":"NULL","tx_id":14}}
{"timestamp":"2010-08-21T04:10:40.059186+0200","flow_id":2169942931720074,"pcap_cnt":16,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":58873,"flags":"8400","qr":true,"aa":true,"rrname":"zi1baA\\xd0\\xd1\\xd2\\xd3\\xd4\\xd5\\xd6\\xd7\\xd8\\xd9\\xda\\xdb\\xdc\\xdd\\xde\\xdf\\xe0\\xe1\\xe2\\xe3\\xe4\\xe5\\xe6\\xe7\\xe8\\xe9\\xea\\xeb\\xec\\xed\\xee\\xef\\xf0\\xf1\\xf2\\xf3\\xf4\\xf5\\xf6\\xf7\\xf8\\xf9\\xfa\\xfb\\xfc\\xfd.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"zi1baA\\xd0\\xd1\\xd2\\xd3\\xd4\\xd5\\xd6\\xd7\\xd8\\xd9\\xda\\xdb\\xdc\\xdd\\xde\\xdf\\xe0\\xe1\\xe2\\xe3\\xe4\\xe5\\xe6\\xe7\\xe8\\xe9\\xea\\xeb\\xec\\xed\\xee\\xef\\xf0\\xf1\\xf2\\xf3\\xf4\\xf5\\xf6\\xf7\\xf8\\xf9\\xfa\\xfb\\xfc\\xfd.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.059287+0200","flow_id":2169942931720074,"pcap_cnt":17,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":9,"pkts_toclient":8,"bytes_toserver":1006,"bytes_toclient":1274,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.059287+0200","flow_id":2169942931720074,"pcap_cnt":17,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1064,"rrname":"sbhi1c.pirate.sea","rrtype":"NULL","tx_id":16}}
{"timestamp":"2010-08-21T04:10:40.059416+0200","flow_id":2169942931720074,"pcap_cnt":18,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":1064,"flags":"8400","qr":true,"aa":true,"rrname":"sbhi1c.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"sbhi1c.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.059569+0200","flow_id":2169942931720074,"pcap_cnt":19,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":10,"pkts_toclient":9,"bytes_toserver":1094,"bytes_toclient":1370,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.059569+0200","flow_id":2169942931720074,"pcap_cnt":19,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8791,"rrname":"obsi1d.pirate.sea","rrtype":"NULL","tx_id":18}}
{"timestamp":"2010-08-21T04:10:40.060002+0200","flow_id":2169942931720074,"pcap_cnt":20,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":8791,"flags":"8400","qr":true,"aa":true,"rrname":"obsi1d.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"obsi1d.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.060014+0200","flow_id":2169942931720074,"pcap_cnt":21,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":11,"pkts_toclient":10,"bytes_toserver":1182,"bytes_toclient":1465,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.060014+0200","flow_id":2169942931720074,"pcap_cnt":21,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16518,"rrname":"obli1e.pirate.sea","rrtype":"NULL","tx_id":20}}
{"timestamp":"2010-08-21T04:10:40.060179+0200","flow_id":2169942931720074,"pcap_cnt":22,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":16518,"flags":"8400","qr":true,"aa":true,"rrname":"obli1e.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"obli1e.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.060328+0200","flow_id":2169942931720074,"pcap_cnt":23,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":12,"pkts_toclient":11,"bytes_toserver":1505,"bytes_toclient":1558,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.060328+0200","flow_id":2169942931720074,"pcap_cnt":23,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":12,"pkts_toclient":11,"bytes_toserver":1505,"bytes_toclient":1558,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:40.060328+0200","flow_id":2169942931720074,"pcap_cnt":23,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":24245,"rrname":"rcyadY\\xc6\\xea\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y.\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7.S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S.\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4.Rv\\xc8\\xe3.pirate.sea","rrtype":"NULL","tx_id":22}}
{"timestamp":"2010-08-21T04:10:40.060673+0200","flow_id":2169942931720074,"pcap_cnt":24,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":24245,"flags":"8400","qr":true,"aa":true,"rrname":"rcyadY\\xc6\\xea\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y.\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7.S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S.\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4.Rv\\xc8\\xe3.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"rcyadY\\xc6\\xea\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y.\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7.S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S.\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4Rv\\xc8\\xe3Y\\xd7S\\xd4.Rv\\xc8\\xe3.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.060775+0200","flow_id":2169942931720074,"pcap_cnt":25,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":13,"pkts_toclient":12,"bytes_toserver":1828,"bytes_toclient":2650,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.060775+0200","flow_id":2169942931720074,"pcap_cnt":25,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":13,"pkts_toclient":12,"bytes_toserver":1828,"bytes_toclient":2650,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:40.060775+0200","flow_id":2169942931720074,"pcap_cnt":25,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31972,"rrname":"rdeadZi\\xea\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Z.z\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz.\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca.\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4.Zz\\xca\\xe4.pirate.sea","rrtype":"NULL","tx_id":24}}
{"timestamp":"2010-08-21T04:10:40.060900+0200","flow_id":2169942931720074,"pcap_cnt":26,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":31972,"flags":"8400","qr":true,"aa":true,"rrname":"rdeadZi\\xea\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Z.z\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz.\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca.\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4.Zz\\xca\\xe4.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"rdeadZi\\xea\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Z.z\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz.\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca.\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4Zz\\xca\\xe4.Zz\\xca\\xe4.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:40.061020+0200","flow_id":2169942931720074,"pcap_cnt":27,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":14,"pkts_toclient":13,"bytes_toserver":2151,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:40.061020+0200","flow_id":2169942931720074,"pcap_cnt":27,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":14,"pkts_toclient":13,"bytes_toserver":2151,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:40.061020+0200","flow_id":2169942931720074,"pcap_cnt":27,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39699,"rrname":"rdkadZ\\xc6\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z.\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7.\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea.\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf47D\\xcc\\xe5Z\\xd7\\xea\\xf4.7D\\xcc\\xe5.pirate.sea","rrtype":"NULL","tx_id":26}}
{"timestamp":"2010-08-21T04:10:41.062684+0200","flow_id":2169942931720074,"pcap_cnt":28,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":15,"pkts_toclient":13,"bytes_toserver":2474,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:41.062684+0200","flow_id":2169942931720074,"pcap_cnt":28,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":15,"pkts_toclient":13,"bytes_toserver":2474,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:41.062684+0200","flow_id":2169942931720074,"pcap_cnt":28,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":47426,"rrname":"rdkad0i\\xebg\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60.Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60A.ng\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60An.g\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang\\xc1H\\xce\\xe60Ang.\\xc1H\\xce\\xe6.pirate.sea","rrtype":"NULL","tx_id":27}}
{"timestamp":"2010-08-21T04:10:42.064975+0200","flow_id":2169942931720074,"pcap_cnt":29,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":16,"pkts_toclient":13,"bytes_toserver":2797,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:42.064975+0200","flow_id":2169942931720074,"pcap_cnt":29,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":16,"pkts_toclient":13,"bytes_toserver":2797,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:42.064975+0200","flow_id":2169942931720074,"pcap_cnt":29,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55153,"rrname":"rdkad0\\xc6\\xebw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70.\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8.Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8T.w\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw\\xc9L\\xd0\\xe70\\xd8Tw.\\xc9L\\xd0\\xe7.pirate.sea","rrtype":"NULL","tx_id":28}}
{"timestamp":"2010-08-21T04:10:43.066440+0200","flow_id":2169942931720074,"pcap_cnt":30,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":17,"pkts_toclient":13,"bytes_toserver":3120,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:43.066440+0200","flow_id":2169942931720074,"pcap_cnt":30,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":17,"pkts_toclient":13,"bytes_toserver":3120,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:43.066440+0200","flow_id":2169942931720074,"pcap_cnt":30,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62880,"rrname":"rdhad1i\\xebM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81.A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A.\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcb.M\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM\\xd1P\\xd2\\xe81A\\xcbM.\\xd1P\\xd2\\xe8.pirate.sea","rrtype":"NULL","tx_id":29}}
{"timestamp":"2010-08-21T04:10:44.069406+0200","flow_id":2169942931720074,"pcap_cnt":31,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":18,"pkts_toclient":13,"bytes_toserver":3443,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:44.069406+0200","flow_id":2169942931720074,"pcap_cnt":31,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":18,"pkts_toclient":13,"bytes_toserver":3443,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:44.069406+0200","flow_id":2169942931720074,"pcap_cnt":31,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5071,"rrname":"rdhad1\\xc6\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91.\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8.\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb.2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2.\\xd9T\\xd4\\xe9.pirate.sea","rrtype":"NULL","tx_id":30}}
{"timestamp":"2010-08-21T04:10:45.071860+0200","flow_id":2169942931720074,"pcap_cnt":34,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":19,"pkts_toclient":13,"bytes_toserver":3766,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:45.071860+0200","flow_id":2169942931720074,"pcap_cnt":34,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":19,"pkts_toclient":13,"bytes_toserver":3766,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:45.071860+0200","flow_id":2169942931720074,"pcap_cnt":34,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12798,"rrname":"rdhad2i\\xeb\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2.Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2B.n\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn.\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4\\xe1X\\xd6\\xea2Bn\\xc4.\\xe1X\\xd6\\xea.pirate.sea","rrtype":"NULL","tx_id":31}}
{"timestamp":"2010-08-21T04:10:46.074582+0200","flow_id":2169942931720074,"pcap_cnt":35,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":20,"pkts_toclient":13,"bytes_toserver":4089,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:46.074582+0200","flow_id":2169942931720074,"pcap_cnt":35,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":20,"pkts_toclient":13,"bytes_toserver":4089,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:46.074582+0200","flow_id":2169942931720074,"pcap_cnt":35,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20525,"rrname":"rdfqd2\\xc6\\xeb\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2.\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9.T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T.\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4\\xe91\\xd8\\xeb2\\xd9T\\xd4.\\xe91\\xd8\\xeb.pirate.sea","rrtype":"NULL","tx_id":32}}
{"timestamp":"2010-08-21T04:10:47.077373+0200","flow_id":2169942931720074,"pcap_cnt":36,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":21,"pkts_toclient":13,"bytes_toserver":4412,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:47.077373+0200","flow_id":2169942931720074,"pcap_cnt":36,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":21,"pkts_toclient":13,"bytes_toserver":4412,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:47.077373+0200","flow_id":2169942931720074,"pcap_cnt":36,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28252,"rrname":"rdfqd3i\\xeb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3.B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B.\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb.\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4\\xf15\\xda\\xec3B\\xcb\\xe4.\\xf15\\xda\\xec.pirate.sea","rrtype":"NULL","tx_id":33}}
{"timestamp":"2010-08-21T04:10:48.079264+0200","flow_id":2169942931720074,"pcap_cnt":37,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":22,"pkts_toclient":13,"bytes_toserver":4735,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:48.079264+0200","flow_id":2169942931720074,"pcap_cnt":37,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":22,"pkts_toclient":13,"bytes_toserver":4735,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:48.079264+0200","flow_id":2169942931720074,"pcap_cnt":37,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35979,"rrname":"rdfqd3\\xc6\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3.\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9.\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb.\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4\\xf99\\xdc\\xed3\\xd9\\xeb\\xf4.\\xf99\\xdc\\xed.pirate.sea","rrtype":"NULL","tx_id":34}}
{"timestamp":"2010-08-21T04:10:49.081172+0200","flow_id":2169942931720074,"pcap_cnt":38,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":23,"pkts_toclient":13,"bytes_toserver":5058,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:49.081172+0200","flow_id":2169942931720074,"pcap_cnt":38,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":23,"pkts_toclient":13,"bytes_toserver":5058,"bytes_toclient":4126,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:49.081172+0200","flow_id":2169942931720074,"pcap_cnt":38,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43706,"rrname":"rdeyd4i\\xechd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4.Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4C.ohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Co.hd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Coh.d\\xbf\\xde\\xee.pirate.sea","rrtype":"NULL","tx_id":35}}
{"timestamp":"2010-08-21T04:10:49.081404+0200","flow_id":2169942931720074,"pcap_cnt":39,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":43706,"flags":"8400","qr":true,"aa":true,"rrname":"rdeyd4i\\xechd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4.Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4C.ohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Co.hd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Coh.d\\xbf\\xde\\xee.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"rdeyd4i\\xechd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4.Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4C.ohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Co.hd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Cohd\\xbf\\xde\\xee4Coh.d\\xbf\\xde\\xee.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:49.081621+0200","flow_id":2169942931720074,"pcap_cnt":40,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":24,"pkts_toclient":14,"bytes_toserver":5381,"bytes_toclient":5626,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:49.081621+0200","flow_id":2169942931720074,"pcap_cnt":40,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":24,"pkts_toclient":14,"bytes_toserver":5381,"bytes_toclient":5626,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:49.081621+0200","flow_id":2169942931720074,"pcap_cnt":40,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51433,"rrname":"rdfed4\\xc6\\xecxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4.\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xda.Uxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaU.xl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUx.l\\xc3\\xe0\\xef.pirate.sea","rrtype":"NULL","tx_id":37}}
{"timestamp":"2010-08-21T04:10:49.081808+0200","flow_id":2169942931720074,"pcap_cnt":41,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":51433,"flags":"8400","qr":true,"aa":true,"rrname":"rdfed4\\xc6\\xecxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4.\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xda.Uxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaU.xl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUx.l\\xc3\\xe0\\xef.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"rdfed4\\xc6\\xecxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4.\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xda.Uxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaU.xl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUxl\\xc3\\xe0\\xef4\\xdaUx.l\\xc3\\xe0\\xef.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:49.082021+0200","flow_id":2169942931720074,"pcap_cnt":42,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":25,"pkts_toclient":15,"bytes_toserver":5472,"bytes_toclient":7138,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:49.082021+0200","flow_id":2169942931720074,"pcap_cnt":42,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59160,"rrname":"naeckei1s.pirate.sea","rrtype":"NULL","tx_id":39}}
{"timestamp":"2010-08-21T04:10:49.082149+0200","flow_id":2169942931720074,"pcap_cnt":43,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":59160,"flags":"8400","qr":true,"aa":true,"rrname":"naeckei1s.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"naeckei1s.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:49.084061+0200","flow_id":2169942931720074,"pcap_cnt":44,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":26,"pkts_toclient":16,"bytes_toserver":5562,"bytes_toclient":7232,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:49.084061+0200","flow_id":2169942931720074,"pcap_cnt":44,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1351,"rrname":"paeacg2y.pirate.sea","rrtype":"NULL","tx_id":41}}
{"timestamp":"2010-08-21T04:10:53.046975+0200","flow_id":2169942931720074,"pcap_cnt":47,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":27,"pkts_toclient":16,"bytes_toserver":5728,"bytes_toclient":7232,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.046975+0200","flow_id":2169942931720074,"pcap_cnt":47,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":27,"pkts_toclient":16,"bytes_toserver":5728,"bytes_toclient":7232,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.046975+0200","flow_id":2169942931720074,"pcap_cnt":47,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9078,"rrname":"1eaba82\\xca2hb\\xbe\\xeeY\\xd6wgi\\xcf\\xe2\\xde4yp1\\xccC\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fx\\xf3VAacc\\xf1aH\\xe2\\xdb\\xeezmgln\\xbe\\xefXy.CUdn\\xc0\\xfbXcIMZr\\xcc\\xe4caBz\\xde\\xd0\\xce.pirate.sea","rrtype":"NULL","tx_id":42}}
{"timestamp":"2010-08-21T04:10:53.047387+0200","flow_id":2169942931720074,"pcap_cnt":48,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":1351,"flags":"8400","qr":true,"aa":true,"rrname":"paeacg2y.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeacg2y.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.047832+0200","flow_id":2169942931720074,"pcap_cnt":49,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":28,"pkts_toclient":17,"bytes_toserver":5888,"bytes_toclient":7397,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.047832+0200","flow_id":2169942931720074,"pcap_cnt":49,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":28,"pkts_toclient":17,"bytes_toserver":5888,"bytes_toclient":7397,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.047832+0200","flow_id":2169942931720074,"pcap_cnt":49,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16805,"rrname":"1ibbb82\\xca2hb\\xbe\\xeeY\\xd6ggi\\xcf\\xea\\xde4yp9\\xccO\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fx\\xf3V\\xe53\\xd2\\xe4\\xf40mc\\xc1\\xf1ej\\xdeWzm\\xc4hl.\\xbe\\xfbX\\xd7Snb\\xbf\\xec\\xbefA\\xd6A\\xd7.pirate.sea","rrtype":"NULL","tx_id":44}}
{"timestamp":"2010-08-21T04:10:53.068938+0200","flow_id":2169942931720074,"pcap_cnt":50,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":9078,"flags":"8400","qr":true,"aa":true,"rrname":"1eaba82\\xca2hb\\xbe\\xeeY\\xd6wgi\\xcf\\xe2\\xde4yp1\\xccC\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fx\\xf3VAacc\\xf1aH\\xe2\\xdb\\xeezmgln\\xbe\\xefXy.CUdn\\xc0\\xfbXcIMZr\\xcc\\xe4caBz\\xde\\xd0\\xce.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1eaba82\\xca2hb\\xbe\\xeeY\\xd6wgi\\xcf\\xe2\\xde4yp1\\xccC\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fx\\xf3VAacc\\xf1aH\\xe2\\xdb\\xeezmgln\\xbe\\xefXy.CUdn\\xc0\\xfbXcIMZr\\xcc\\xe4caBz\\xde\\xd0\\xce.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.069314+0200","flow_id":2169942931720074,"pcap_cnt":51,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":29,"pkts_toclient":18,"bytes_toserver":6211,"bytes_toclient":7566,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.069314+0200","flow_id":2169942931720074,"pcap_cnt":51,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":29,"pkts_toclient":18,"bytes_toserver":6211,"bytes_toclient":7566,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.069314+0200","flow_id":2169942931720074,"pcap_cnt":51,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":24532,"rrname":"1mbac82\\xd0\\xdbv\\xfb\\xd4tW\\xc5a\\xedhF\\xd8L\\xe9\\xd0\\xfd6Xy\\xca\\xc8\\xc1\\xd3l\\xdeJU\\xd6MU0\\xcdbZl\\xbe\\xc8\\xc6\\xc3\\xcfw\\xebcgohAZK\\xda\\xec\\xeb\\xc7\\xc0.\\xd0\\xe9V\\xdef\\xe3\\xe8\\xe7W\\xe6\\xd5l\\xc5rqG\\xc6W5zGO\\xdaQDcs6\\xc2G6\\xe8rUnh\\xfbb\\xbfL\\xd6\\xc2\\xc1\\xcc\\xf6y\\xf0ol\\xe3\\xfb\\xfdF\\xf18\\xf5\\xfa.aHr7b1G\\xde\\xc3LN\\xc53\\xe0K8tgh\\xfb\\xc7\\xbdx7\\xc9\\xd8\\xed\\xf6\\xf7\\xf1\\xfb\\xf1\\xc5\\xd6\\xfdMh\\xf3\\xd7a\\xc0cu3b\\xfbr\\xc07\\xfc\\xdaGa\\xedOg\\xd1.N\\xddT\\xeaj\\xdb\\xc1\\xf1\\xf6M\\xf4nU\\xe9\\xdar\\xbd\\xf1\\xc8\\xe5Me64uSHivWqw\\xf9\\xfc\\xe9\\xe0\\xd5pig\\xd9Q\\xd1J\\xc8wS\\xf3\\xe75\\xd2\\xebB\\xd3\\xf3\\xcf\\xc7.U\\xd30\\xcf.pirate.sea","rrtype":"NULL","tx_id":46}}
{"timestamp":"2010-08-21T04:10:53.069596+0200","flow_id":2169942931720074,"pcap_cnt":52,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":16805,"flags":"8400","qr":true,"aa":true,"rrname":"1ibbb82\\xca2hb\\xbe\\xeeY\\xd6ggi\\xcf\\xea\\xde4yp9\\xccO\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fx\\xf3V\\xe53\\xd2\\xe4\\xf40mc\\xc1\\xf1ej\\xdeWzm\\xc4hl.\\xbe\\xfbX\\xd7Snb\\xbf\\xec\\xbefA\\xd6A\\xd7.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1ibbb82\\xca2hb\\xbe\\xeeY\\xd6ggi\\xcf\\xea\\xde4yp9\\xccO\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fx\\xf3V\\xe53\\xd2\\xe4\\xf40mc\\xc1\\xf1ej\\xdeWzm\\xc4hl.\\xbe\\xfbX\\xd7Snb\\xbf\\xec\\xbefA\\xd6A\\xd7.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.070276+0200","flow_id":2169942931720074,"pcap_cnt":53,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":30,"pkts_toclient":19,"bytes_toserver":6534,"bytes_toclient":7729,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.070276+0200","flow_id":2169942931720074,"pcap_cnt":53,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":30,"pkts_toclient":19,"bytes_toserver":6534,"bytes_toclient":7729,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.070276+0200","flow_id":2169942931720074,"pcap_cnt":53,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32259,"rrname":"1mjadx\\xea\\xec\\xc1lE\\xd6y\\xe9\\xf4URk\\xd1Z\\xd0\\xc9m\\xd42\\xc7a\\xeeDQ\\xe6\\xc4Y\\xe4\\xf11X\\xcc\\xfb\\xda\\xdfKdT\\xcb\\xe0pV\\xc9\\xfb\\xeb\\xf8\\xc7\\xfd\\xddCl\\xfd\\xfb9\\xc0\\xe2.\\xfc\\xd8\\xfc7\\xde\\xec\\xdf\\xdbH\\xc91Bg\\xfd\\xec\\xe1\\xef\\xf1\\xbd\\xe9p\\xd5i\\xbcv\\xbe\\xd2G\\xddd\\xe0\\xdap\\xef2kI\\xed3e\\xc63ej\\xbei\\xe0\\xc5H\\xf4QI\\xf2D\\xea7f.\\xc3W\\xfc\\xdae\\xfb\\xf7\\xd7HS\\xc2\\xbd\\xe0A\\xbdB\\xf4\\xf4j\\xf5\\xd4\\xc2S\\xfb\\xdec\\xd2dd\\xf2\\xc1\\xf6ei\\xf6l0\\xd6Z\\xccDU\\xe64\\xd8\\xf1\\xefB\\xe3\\xf7\\xe61\\xde\\xc8a\\xe6i.o\\xe6M\\xed\\xbfdnA\\xe0\\xbe\\xedG\\xe6gAv\\xcbAz\\xfc\\xe1\\xdd2\\xfcl\\xe6a\\xca\\xcdQk\\xf1N01RnQtswP\\xe3Z\\xd0\\xf7\\xd4\\xc7K\\xcd7\\xc7m\\xc8x\\xc3c.I\\xddw\\xe9.pirate.sea","rrtype":"NULL","tx_id":48}}
{"timestamp":"2010-08-21T04:10:53.071357+0200","flow_id":2169942931720074,"pcap_cnt":54,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":24532,"flags":"8400","qr":true,"aa":true,"rrname":"1mbac82\\xd0\\xdbv\\xfb\\xd4tW\\xc5a\\xedhF\\xd8L\\xe9\\xd0\\xfd6Xy\\xca\\xc8\\xc1\\xd3l\\xdeJU\\xd6MU0\\xcdbZl\\xbe\\xc8\\xc6\\xc3\\xcfw\\xebcgohAZK\\xda\\xec\\xeb\\xc7\\xc0.\\xd0\\xe9V\\xdef\\xe3\\xe8\\xe7W\\xe6\\xd5l\\xc5rqG\\xc6W5zGO\\xdaQDcs6\\xc2G6\\xe8rUnh\\xfbb\\xbfL\\xd6\\xc2\\xc1\\xcc\\xf6y\\xf0ol\\xe3\\xfb\\xfdF\\xf18\\xf5\\xfa.aHr7b1G\\xde\\xc3LN\\xc53\\xe0K8tgh\\xfb\\xc7\\xbdx7\\xc9\\xd8\\xed\\xf6\\xf7\\xf1\\xfb\\xf1\\xc5\\xd6\\xfdMh\\xf3\\xd7a\\xc0cu3b\\xfbr\\xc07\\xfc\\xdaGa\\xedOg\\xd1.N\\xddT\\xeaj\\xdb\\xc1\\xf1\\xf6M\\xf4nU\\xe9\\xdar\\xbd\\xf1\\xc8\\xe5Me64uSHivWqw\\xf9\\xfc\\xe9\\xe0\\xd5pig\\xd9Q\\xd1J\\xc8wS\\xf3\\xe75\\xd2\\xebB\\xd3\\xf3\\xcf\\xc7.U\\xd30\\xcf.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1mbac82\\xd0\\xdbv\\xfb\\xd4tW\\xc5a\\xedhF\\xd8L\\xe9\\xd0\\xfd6Xy\\xca\\xc8\\xc1\\xd3l\\xdeJU\\xd6MU0\\xcdbZl\\xbe\\xc8\\xc6\\xc3\\xcfw\\xebcgohAZK\\xda\\xec\\xeb\\xc7\\xc0.\\xd0\\xe9V\\xdef\\xe3\\xe8\\xe7W\\xe6\\xd5l\\xc5rqG\\xc6W5zGO\\xdaQDcs6\\xc2G6\\xe8rUnh\\xfbb\\xbfL\\xd6\\xc2\\xc1\\xcc\\xf6y\\xf0ol\\xe3\\xfb\\xfdF\\xf18\\xf5\\xfa.aHr7b1G\\xde\\xc3LN\\xc53\\xe0K8tgh\\xfb\\xc7\\xbdx7\\xc9\\xd8\\xed\\xf6\\xf7\\xf1\\xfb\\xf1\\xc5\\xd6\\xfdMh\\xf3\\xd7a\\xc0cu3b\\xfbr\\xc07\\xfc\\xdaGa\\xedOg\\xd1.N\\xddT\\xeaj\\xdb\\xc1\\xf1\\xf6M\\xf4nU\\xe9\\xdar\\xbd\\xf1\\xc8\\xe5Me64uSHivWqw\\xf9\\xfc\\xe9\\xe0\\xd5pig\\xd9Q\\xd1J\\xc8wS\\xf3\\xe75\\xd2\\xebB\\xd3\\xf3\\xcf\\xc7.U\\xd30\\xcf.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.071524+0200","flow_id":2169942931720074,"pcap_cnt":55,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":31,"pkts_toclient":20,"bytes_toserver":6775,"bytes_toclient":8055,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.071524+0200","flow_id":2169942931720074,"pcap_cnt":55,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":31,"pkts_toclient":20,"bytes_toserver":6775,"bytes_toclient":8055,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.071524+0200","flow_id":2169942931720074,"pcap_cnt":55,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39986,"rrname":"1mrbe\\xd4\\xf3N\\xbf\\xe0\\xc67\\xf2\\xcf\\xfa\\xe6jp\\xf8EX\\xf37JT0FX\\xbdL\\xebl\\xea\\xfbh\\xc82\\xc6Q\\xe2\\xeb\\xc5v\\xc2\\xdcP\\xccy\\xf1PEcn\\xe3t\\xfc\\xfae\\xfbD\\xf5\\xde.\\xe5\\xddE\\xc3\\xe4\\xees\\xc2\\xc8ZX\\xe5\\xc6udBQM98m\\xf9\\xe3X8G\\xbe\\xfcVX\\xd6lD8\\xe5\\xd3\\xbe\\xcax\\xcb\\xe1\\xdc7au2RO\\xd7\\xf3\\xde7\\xedz\\xc3jm.\\xbf\\xf3B2\\xd6\\xca\\xcc\\xecJ\\xe8\\xde\\xc5\\xdb\\xc1\\xe0Dm\\xe0\\xee\\xc8M5\\xe7Za\\xc8g\\xcc\\xfa\\xceh\\xfa\\xde\\xfc5\\xc5S\\xd3.pirate.sea","rrtype":"NULL","tx_id":50}}
{"timestamp":"2010-08-21T04:10:53.071870+0200","flow_id":2169942931720074,"pcap_cnt":56,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":32259,"flags":"8400","qr":true,"aa":true,"rrname":"1mjadx\\xea\\xec\\xc1lE\\xd6y\\xe9\\xf4URk\\xd1Z\\xd0\\xc9m\\xd42\\xc7a\\xeeDQ\\xe6\\xc4Y\\xe4\\xf11X\\xcc\\xfb\\xda\\xdfKdT\\xcb\\xe0pV\\xc9\\xfb\\xeb\\xf8\\xc7\\xfd\\xddCl\\xfd\\xfb9\\xc0\\xe2.\\xfc\\xd8\\xfc7\\xde\\xec\\xdf\\xdbH\\xc91Bg\\xfd\\xec\\xe1\\xef\\xf1\\xbd\\xe9p\\xd5i\\xbcv\\xbe\\xd2G\\xddd\\xe0\\xdap\\xef2kI\\xed3e\\xc63ej\\xbei\\xe0\\xc5H\\xf4QI\\xf2D\\xea7f.\\xc3W\\xfc\\xdae\\xfb\\xf7\\xd7HS\\xc2\\xbd\\xe0A\\xbdB\\xf4\\xf4j\\xf5\\xd4\\xc2S\\xfb\\xdec\\xd2dd\\xf2\\xc1\\xf6ei\\xf6l0\\xd6Z\\xccDU\\xe64\\xd8\\xf1\\xefB\\xe3\\xf7\\xe61\\xde\\xc8a\\xe6i.o\\xe6M\\xed\\xbfdnA\\xe0\\xbe\\xedG\\xe6gAv\\xcbAz\\xfc\\xe1\\xdd2\\xfcl\\xe6a\\xca\\xcdQk\\xf1N01RnQtswP\\xe3Z\\xd0\\xf7\\xd4\\xc7K\\xcd7\\xc7m\\xc8x\\xc3c.I\\xddw\\xe9.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1mjadx\\xea\\xec\\xc1lE\\xd6y\\xe9\\xf4URk\\xd1Z\\xd0\\xc9m\\xd42\\xc7a\\xeeDQ\\xe6\\xc4Y\\xe4\\xf11X\\xcc\\xfb\\xda\\xdfKdT\\xcb\\xe0pV\\xc9\\xfb\\xeb\\xf8\\xc7\\xfd\\xddCl\\xfd\\xfb9\\xc0\\xe2.\\xfc\\xd8\\xfc7\\xde\\xec\\xdf\\xdbH\\xc91Bg\\xfd\\xec\\xe1\\xef\\xf1\\xbd\\xe9p\\xd5i\\xbcv\\xbe\\xd2G\\xddd\\xe0\\xdap\\xef2kI\\xed3e\\xc63ej\\xbei\\xe0\\xc5H\\xf4QI\\xf2D\\xea7f.\\xc3W\\xfc\\xdae\\xfb\\xf7\\xd7HS\\xc2\\xbd\\xe0A\\xbdB\\xf4\\xf4j\\xf5\\xd4\\xc2S\\xfb\\xdec\\xd2dd\\xf2\\xc1\\xf6ei\\xf6l0\\xd6Z\\xccDU\\xe64\\xd8\\xf1\\xefB\\xe3\\xf7\\xe61\\xde\\xc8a\\xe6i.o\\xe6M\\xed\\xbfdnA\\xe0\\xbe\\xedG\\xe6gAv\\xcbAz\\xfc\\xe1\\xdd2\\xfcl\\xe6a\\xca\\xcdQk\\xf1N01RnQtswP\\xe3Z\\xd0\\xf7\\xd4\\xc7K\\xcd7\\xc7m\\xc8x\\xc3c.I\\xddw\\xe9.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.074402+0200","flow_id":2169942931720074,"pcap_cnt":57,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":32,"pkts_toclient":21,"bytes_toserver":7098,"bytes_toclient":8444,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.074402+0200","flow_id":2169942931720074,"pcap_cnt":57,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":32,"pkts_toclient":21,"bytes_toserver":7098,"bytes_toclient":8444,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.074402+0200","flow_id":2169942931720074,"pcap_cnt":57,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":47713,"rrname":"1qcaf82\\xca2hb\\xbe\\xeeY\\xd6zwq\\xcf\\xe8\\xde4yp\\xbc\\xd4S\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf2\\xe1\\xe73\\xd2\\xe4\\xf40mc\\xc1\\xd1\\xee\\xc9\\xbeWzm\\xc4hl.\\xbe\\xfbX\\xd9Snb\\xbf\\xec\\xcc3\\xde\\xeeWy\\xeawdb\\xc9\\xeej2zbF2\\xbf\\xc2\\xe1a\\xbea\\xe2W\\xbf\\xcad\\xcbcaOWYymh8\\xbf\\xce\\xe2\\xbf\\xd6mgJ\\xc6.t\\xee\\xc7Z\\xbcGsa\\xf2\\xc2h\\xd6q\\xf5GQj\\xde\\xcbb\\xd6bh\\xf0G\\xe5p\\xcdem\\xf37EC3A5F\\xc4iz\\xca\\xc4af\\xe4e\\xce\\xc7\\xd9\\xcc4F\\xe2yS\\xbe.e\\xe6hs3eY\\xc4kb\\xe2o\\xe6I\\xc6H\\xfa\\xcdz\\xdf\\xf1\\xdfZDw\\xe1\\xbfg\\xf0g\\xde\\xf1K\\xd1\\xc3c\\xe81HONm\\xc4\\xd9f\\xbe\\xdeWxR5\\xfa\\xc8\\xd3RXx.Q\\xe3Lr.pirate.sea","rrtype":"NULL","tx_id":52}}
{"timestamp":"2010-08-21T04:10:53.075300+0200","flow_id":2169942931720074,"pcap_cnt":58,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":39986,"flags":"8400","qr":true,"aa":true,"rrname":"1mrbe\\xd4\\xf3N\\xbf\\xe0\\xc67\\xf2\\xcf\\xfa\\xe6jp\\xf8EX\\xf37JT0FX\\xbdL\\xebl\\xea\\xfbh\\xc82\\xc6Q\\xe2\\xeb\\xc5v\\xc2\\xdcP\\xccy\\xf1PEcn\\xe3t\\xfc\\xfae\\xfbD\\xf5\\xde.\\xe5\\xddE\\xc3\\xe4\\xees\\xc2\\xc8ZX\\xe5\\xc6udBQM98m\\xf9\\xe3X8G\\xbe\\xfcVX\\xd6lD8\\xe5\\xd3\\xbe\\xcax\\xcb\\xe1\\xdc7au2RO\\xd7\\xf3\\xde7\\xedz\\xc3jm.\\xbf\\xf3B2\\xd6\\xca\\xcc\\xecJ\\xe8\\xde\\xc5\\xdb\\xc1\\xe0Dm\\xe0\\xee\\xc8M5\\xe7Za\\xc8g\\xcc\\xfa\\xceh\\xfa\\xde\\xfc5\\xc5S\\xd3.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1mrbe\\xd4\\xf3N\\xbf\\xe0\\xc67\\xf2\\xcf\\xfa\\xe6jp\\xf8EX\\xf37JT0FX\\xbdL\\xebl\\xea\\xfbh\\xc82\\xc6Q\\xe2\\xeb\\xc5v\\xc2\\xdcP\\xccy\\xf1PEcn\\xe3t\\xfc\\xfae\\xfbD\\xf5\\xde.\\xe5\\xddE\\xc3\\xe4\\xees\\xc2\\xc8ZX\\xe5\\xc6udBQM98m\\xf9\\xe3X8G\\xbe\\xfcVX\\xd6lD8\\xe5\\xd3\\xbe\\xcax\\xcb\\xe1\\xdc7au2RO\\xd7\\xf3\\xde7\\xedz\\xc3jm.\\xbf\\xf3B2\\xd6\\xca\\xcc\\xecJ\\xe8\\xde\\xc5\\xdb\\xc1\\xe0Dm\\xe0\\xee\\xc8M5\\xe7Za\\xc8g\\xcc\\xfa\\xceh\\xfa\\xde\\xfc5\\xc5S\\xd3.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.075431+0200","flow_id":2169942931720074,"pcap_cnt":59,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":33,"pkts_toclient":22,"bytes_toserver":7325,"bytes_toclient":8688,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.075431+0200","flow_id":2169942931720074,"pcap_cnt":59,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":33,"pkts_toclient":22,"bytes_toserver":7325,"bytes_toclient":8688,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.075431+0200","flow_id":2169942931720074,"pcap_cnt":59,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55440,"rrname":"1qkbg2\\xdd\\xc9P\\xd1\\xd3\\xe2\\xdcDIy\\xdfrWR\\xd4gdi\\xd1\\xdfqXbkipW\\xbf\\xedduej\\xe4\\xbee\\xf3H\\xcaH\\xde\\xc0u\\xc04\\xee\\xbe\\xeacS\\xe2H\\xe0\\xc0d\\xf2.HcH\\xee\\xc8y\\xbe5W\\xc0Cs4\\xdeN\\xdfcI4c4\\xcf\\xe3q\\xeeHcHE4G\\xf4beYu\\xf0Gb6q\\xc1q\\xf6LmGC\\xd6H2jCWt\\xee\\xdf.aQa\\xcdu\\xf7KmaS\\xc6K\\xf4I\\xdet\\xbeag4\\xe9\\xf9ya.pirate.sea","rrtype":"NULL","tx_id":54}}
{"timestamp":"2010-08-21T04:10:53.077216+0200","flow_id":2169942931720074,"pcap_cnt":60,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":47713,"flags":"8400","qr":true,"aa":true,"rrname":"1qcaf82\\xca2hb\\xbe\\xeeY\\xd6zwq\\xcf\\xe8\\xde4yp\\xbc\\xd4S\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf2\\xe1\\xe73\\xd2\\xe4\\xf40mc\\xc1\\xd1\\xee\\xc9\\xbeWzm\\xc4hl.\\xbe\\xfbX\\xd9Snb\\xbf\\xec\\xcc3\\xde\\xeeWy\\xeawdb\\xc9\\xeej2zbF2\\xbf\\xc2\\xe1a\\xbea\\xe2W\\xbf\\xcad\\xcbcaOWYymh8\\xbf\\xce\\xe2\\xbf\\xd6mgJ\\xc6.t\\xee\\xc7Z\\xbcGsa\\xf2\\xc2h\\xd6q\\xf5GQj\\xde\\xcbb\\xd6bh\\xf0G\\xe5p\\xcdem\\xf37EC3A5F\\xc4iz\\xca\\xc4af\\xe4e\\xce\\xc7\\xd9\\xcc4F\\xe2yS\\xbe.e\\xe6hs3eY\\xc4kb\\xe2o\\xe6I\\xc6H\\xfa\\xcdz\\xdf\\xf1\\xdfZDw\\xe1\\xbfg\\xf0g\\xde\\xf1K\\xd1\\xc3c\\xe81HONm\\xc4\\xd9f\\xbe\\xdeWxR5\\xfa\\xc8\\xd3RXx.Q\\xe3Lr.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1qcaf82\\xca2hb\\xbe\\xeeY\\xd6zwq\\xcf\\xe8\\xde4yp\\xbc\\xd4S\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf2\\xe1\\xe73\\xd2\\xe4\\xf40mc\\xc1\\xd1\\xee\\xc9\\xbeWzm\\xc4hl.\\xbe\\xfbX\\xd9Snb\\xbf\\xec\\xcc3\\xde\\xeeWy\\xeawdb\\xc9\\xeej2zbF2\\xbf\\xc2\\xe1a\\xbea\\xe2W\\xbf\\xcad\\xcbcaOWYymh8\\xbf\\xce\\xe2\\xbf\\xd6mgJ\\xc6.t\\xee\\xc7Z\\xbcGsa\\xf2\\xc2h\\xd6q\\xf5GQj\\xde\\xcbb\\xd6bh\\xf0G\\xe5p\\xcdem\\xf37EC3A5F\\xc4iz\\xca\\xc4af\\xe4e\\xce\\xc7\\xd9\\xcc4F\\xe2yS\\xbe.e\\xe6hs3eY\\xc4kb\\xe2o\\xe6I\\xc6H\\xfa\\xcdz\\xdf\\xf1\\xdfZDw\\xe1\\xbfg\\xf0g\\xde\\xf1K\\xd1\\xc3c\\xe81HONm\\xc4\\xd9f\\xbe\\xdeWxR5\\xfa\\xc8\\xd3RXx.Q\\xe3Lr.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.077766+0200","flow_id":2169942931720074,"pcap_cnt":61,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":34,"pkts_toclient":23,"bytes_toserver":7648,"bytes_toclient":9078,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.077766+0200","flow_id":2169942931720074,"pcap_cnt":61,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":34,"pkts_toclient":23,"bytes_toserver":7648,"bytes_toclient":9078,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.077766+0200","flow_id":2169942931720074,"pcap_cnt":61,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63167,"rrname":"1udah82\\xd2\\xd3A1\\xd4tO\\xc3h\\xd57y\\xe3D\\xe2\\xcf\\xf07L\\xc3iTDA\\xcc\\xc0kq\\xca\\xe7\\xccf\\xc6Mfsq\\xd7\\xc4im\\xc0mu\\xda\\xc8M\\xd8\\xc8\\xd9Lfdj6.\\xda\\xf4\\xcf\\xd9p\\xfbaf\\xc3\\xfc\\xd24\\xcf5Q\\xdd\\xe6hWU\\xdculG\\xc3\\xec\\xe3kh\\xdf\\xcbEj\\xe0k2\\xccl\\xbc\\xca\\xcc\\xeb\\xfc\\xf3\\xe5\\xcd\\xdam\\xf1\\xcdW\\xf7\\xbf\\xdev\\xebx.ZNph\\xd3F\\xdc\\xd7CzHQe\\xbc\\xdc\\xf2\\xd9\\xf0\\xe5\\xdd\\xea\\xdd\\xfdF\\xc4\\xe1L\\xe4q\\xbf9\\xc5\\xe2du\\xc7q\\xfa\\xd3\\xc6\\xfc\\xf8\\xf0Z\\xde\\xf0\\xdb\\xd8py\\xeej\\xfd\\xeacOK.r7t\\xca\\xe9\\xbfE\\xe1V\\xc3Oef\\xbe\\xd1\\xbdL\\xd2Gi\\xbdK\\xc1Jd\\xdf\\xd5\\xd4s\\xfcJ\\xe7\\xd1\\xfa\\xddM\\xde\\xf1\\xcc\\xd8e\\xfd\\xfbV\\xd1Qj\\xcb\\xc1\\xd4\\xde\\xf5\\xe5bU\\xc6\\xe4.\\xc5\\xd7I\\xea.pirate.sea","rrtype":"NULL","tx_id":56}}
{"timestamp":"2010-08-21T04:10:53.078009+0200","flow_id":2169942931720074,"pcap_cnt":62,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":55440,"flags":"8400","qr":true,"aa":true,"rrname":"1qkbg2\\xdd\\xc9P\\xd1\\xd3\\xe2\\xdcDIy\\xdfrWR\\xd4gdi\\xd1\\xdfqXbkipW\\xbf\\xedduej\\xe4\\xbee\\xf3H\\xcaH\\xde\\xc0u\\xc04\\xee\\xbe\\xeacS\\xe2H\\xe0\\xc0d\\xf2.HcH\\xee\\xc8y\\xbe5W\\xc0Cs4\\xdeN\\xdfcI4c4\\xcf\\xe3q\\xeeHcHE4G\\xf4beYu\\xf0Gb6q\\xc1q\\xf6LmGC\\xd6H2jCWt\\xee\\xdf.aQa\\xcdu\\xf7KmaS\\xc6K\\xf4I\\xdet\\xbeag4\\xe9\\xf9ya.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1qkbg2\\xdd\\xc9P\\xd1\\xd3\\xe2\\xdcDIy\\xdfrWR\\xd4gdi\\xd1\\xdfqXbkipW\\xbf\\xedduej\\xe4\\xbee\\xf3H\\xcaH\\xde\\xc0u\\xc04\\xee\\xbe\\xeacS\\xe2H\\xe0\\xc0d\\xf2.HcH\\xee\\xc8y\\xbe5W\\xc0Cs4\\xdeN\\xdfcI4c4\\xcf\\xe3q\\xeeHcHE4G\\xf4beYu\\xf0Gb6q\\xc1q\\xf6LmGC\\xd6H2jCWt\\xee\\xdf.aQa\\xcdu\\xf7KmaS\\xc6K\\xf4I\\xdet\\xbeag4\\xe9\\xf9ya.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.079163+0200","flow_id":2169942931720074,"pcap_cnt":63,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":35,"pkts_toclient":24,"bytes_toserver":7971,"bytes_toclient":9308,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.079163+0200","flow_id":2169942931720074,"pcap_cnt":63,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":35,"pkts_toclient":24,"bytes_toserver":7971,"bytes_toclient":9308,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.079163+0200","flow_id":2169942931720074,"pcap_cnt":63,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5358,"rrname":"1ulai\\xbfcZ\\xc7\\xfau\\xc3Rx\\xf7g\\xc1\\xde4\\xf62J9Q\\xc01WF\\xf72Ql\\xe6\\xf6\\xd2Vbw\\xd6\\xfd\\xd0\\xc13\\xecO\\xf4\\xc2\\xf23\\xdaISG\\xd5\\xf9O\\xd4R\\xebd\\xe7\\xc7.d\\xda\\xbc\\xc8n\\xc7\\xf6c4\\xf0\\xf6hw\\xd8Pe\\xcbA\\xbc\\xf7\\xfd\\xd2R\\xbfY\\xc2\\xef\\xc7JZ\\xf7k\\xd1Ff\\xde\\xc88\\xea\\xc6\\xd8ja\\xdfOQ\\xd3\\xbcaO7o\\xf7\\xfa\\xe5\\xd2L.\\xc35\\xf4\\xe6Y\\xf5\\xc2\\xe22k\\xe0\\xf5\\xbf\\xc0\\xfa\\xd5\\xd4\\xfbFL39\\xe4\\xcf\\xd6\\xd9l2\\xf4\\xfc\\xbd\\xe6\\xf9\\xd4\\xc7\\xe1\\xe8\\xc5\\xd3\\xe4\\xef\\xd6\\xeb\\xd4\\xe9\\xf8\\xd4\\xbf\\xf4\\xfd\\xea\\xe4\\xc0\\xd9\\xc9cM.\\xc9v2b\\xbc\\xebQ\\xe9t\\xbd\\xbc\\xe67hy\\xe6H2X\\xd5x\\xf1Q\\xe7\\xe9\\xcdl4\\xe1my\\xe8lPy\\xbe\\xf1gM\\xd3W\\xcfG\\xf0g\\xe8\\xd9aAPs\\xc6\\xf9B\\xc3\\xd7X.S\\xecJ\\xf4.pirate.sea","rrtype":"NULL","tx_id":58}}
{"timestamp":"2010-08-21T04:10:53.079949+0200","flow_id":2169942931720074,"pcap_cnt":64,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":63167,"flags":"8400","qr":true,"aa":true,"rrname":"1udah82\\xd2\\xd3A1\\xd4tO\\xc3h\\xd57y\\xe3D\\xe2\\xcf\\xf07L\\xc3iTDA\\xcc\\xc0kq\\xca\\xe7\\xccf\\xc6Mfsq\\xd7\\xc4im\\xc0mu\\xda\\xc8M\\xd8\\xc8\\xd9Lfdj6.\\xda\\xf4\\xcf\\xd9p\\xfbaf\\xc3\\xfc\\xd24\\xcf5Q\\xdd\\xe6hWU\\xdculG\\xc3\\xec\\xe3kh\\xdf\\xcbEj\\xe0k2\\xccl\\xbc\\xca\\xcc\\xeb\\xfc\\xf3\\xe5\\xcd\\xdam\\xf1\\xcdW\\xf7\\xbf\\xdev\\xebx.ZNph\\xd3F\\xdc\\xd7CzHQe\\xbc\\xdc\\xf2\\xd9\\xf0\\xe5\\xdd\\xea\\xdd\\xfdF\\xc4\\xe1L\\xe4q\\xbf9\\xc5\\xe2du\\xc7q\\xfa\\xd3\\xc6\\xfc\\xf8\\xf0Z\\xde\\xf0\\xdb\\xd8py\\xeej\\xfd\\xeacOK.r7t\\xca\\xe9\\xbfE\\xe1V\\xc3Oef\\xbe\\xd1\\xbdL\\xd2Gi\\xbdK\\xc1Jd\\xdf\\xd5\\xd4s\\xfcJ\\xe7\\xd1\\xfa\\xddM\\xde\\xf1\\xcc\\xd8e\\xfd\\xfbV\\xd1Qj\\xcb\\xc1\\xd4\\xde\\xf5\\xe5bU\\xc6\\xe4.\\xc5\\xd7I\\xea.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1udah82\\xd2\\xd3A1\\xd4tO\\xc3h\\xd57y\\xe3D\\xe2\\xcf\\xf07L\\xc3iTDA\\xcc\\xc0kq\\xca\\xe7\\xccf\\xc6Mfsq\\xd7\\xc4im\\xc0mu\\xda\\xc8M\\xd8\\xc8\\xd9Lfdj6.\\xda\\xf4\\xcf\\xd9p\\xfbaf\\xc3\\xfc\\xd24\\xcf5Q\\xdd\\xe6hWU\\xdculG\\xc3\\xec\\xe3kh\\xdf\\xcbEj\\xe0k2\\xccl\\xbc\\xca\\xcc\\xeb\\xfc\\xf3\\xe5\\xcd\\xdam\\xf1\\xcdW\\xf7\\xbf\\xdev\\xebx.ZNph\\xd3F\\xdc\\xd7CzHQe\\xbc\\xdc\\xf2\\xd9\\xf0\\xe5\\xdd\\xea\\xdd\\xfdF\\xc4\\xe1L\\xe4q\\xbf9\\xc5\\xe2du\\xc7q\\xfa\\xd3\\xc6\\xfc\\xf8\\xf0Z\\xde\\xf0\\xdb\\xd8py\\xeej\\xfd\\xeacOK.r7t\\xca\\xe9\\xbfE\\xe1V\\xc3Oef\\xbe\\xd1\\xbdL\\xd2Gi\\xbdK\\xc1Jd\\xdf\\xd5\\xd4s\\xfcJ\\xe7\\xd1\\xfa\\xddM\\xde\\xf1\\xcc\\xd8e\\xfd\\xfbV\\xd1Qj\\xcb\\xc1\\xd4\\xde\\xf5\\xe5bU\\xc6\\xe4.\\xc5\\xd7I\\xea.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.079962+0200","flow_id":2169942931720074,"pcap_cnt":65,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":36,"pkts_toclient":25,"bytes_toserver":8184,"bytes_toclient":9634,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.079962+0200","flow_id":2169942931720074,"pcap_cnt":65,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":36,"pkts_toclient":25,"bytes_toserver":8184,"bytes_toclient":9634,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.079962+0200","flow_id":2169942931720074,"pcap_cnt":65,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13085,"rrname":"1utbj\\xfd\\xea8\\xd3\\xea\\xd02\\xbf\\xd4RbeRXU\\xfdQig\\xfaC\\xc6C\\xdai\\xecITG\\xe4YX\\xe4\\xbe\\xbdsiWxY\\xfcx\\xf7\\xd69Xq\\xc6j\\xe4\\xce0b\\xca\\xd19u.J3\\xc3\\xbe\\xdfY\\xcf\\xc3\\xd4\\xd0y\\xe9D\\xbdo\\xd7C\\xfcE\\xe0n\\xd7\\xcc\\xe1\\xea\\xfa\\xf8FY\\xd0\\xf67n5P\\xf25\\xcd\\xcdI\\xf4G\\xdc\\xcdo\\xfcEIhg3\\xf2tokz\\xef.\\xc9\\xed\\xc5\\xe6o6W3j\\xee.pirate.sea","rrtype":"NULL","tx_id":60}}
{"timestamp":"2010-08-21T04:10:53.080465+0200","flow_id":2169942931720074,"pcap_cnt":66,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":5358,"flags":"8400","qr":true,"aa":true,"rrname":"1ulai\\xbfcZ\\xc7\\xfau\\xc3Rx\\xf7g\\xc1\\xde4\\xf62J9Q\\xc01WF\\xf72Ql\\xe6\\xf6\\xd2Vbw\\xd6\\xfd\\xd0\\xc13\\xecO\\xf4\\xc2\\xf23\\xdaISG\\xd5\\xf9O\\xd4R\\xebd\\xe7\\xc7.d\\xda\\xbc\\xc8n\\xc7\\xf6c4\\xf0\\xf6hw\\xd8Pe\\xcbA\\xbc\\xf7\\xfd\\xd2R\\xbfY\\xc2\\xef\\xc7JZ\\xf7k\\xd1Ff\\xde\\xc88\\xea\\xc6\\xd8ja\\xdfOQ\\xd3\\xbcaO7o\\xf7\\xfa\\xe5\\xd2L.\\xc35\\xf4\\xe6Y\\xf5\\xc2\\xe22k\\xe0\\xf5\\xbf\\xc0\\xfa\\xd5\\xd4\\xfbFL39\\xe4\\xcf\\xd6\\xd9l2\\xf4\\xfc\\xbd\\xe6\\xf9\\xd4\\xc7\\xe1\\xe8\\xc5\\xd3\\xe4\\xef\\xd6\\xeb\\xd4\\xe9\\xf8\\xd4\\xbf\\xf4\\xfd\\xea\\xe4\\xc0\\xd9\\xc9cM.\\xc9v2b\\xbc\\xebQ\\xe9t\\xbd\\xbc\\xe67hy\\xe6H2X\\xd5x\\xf1Q\\xe7\\xe9\\xcdl4\\xe1my\\xe8lPy\\xbe\\xf1gM\\xd3W\\xcfG\\xf0g\\xe8\\xd9aAPs\\xc6\\xf9B\\xc3\\xd7X.S\\xecJ\\xf4.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1ulai\\xbfcZ\\xc7\\xfau\\xc3Rx\\xf7g\\xc1\\xde4\\xf62J9Q\\xc01WF\\xf72Ql\\xe6\\xf6\\xd2Vbw\\xd6\\xfd\\xd0\\xc13\\xecO\\xf4\\xc2\\xf23\\xdaISG\\xd5\\xf9O\\xd4R\\xebd\\xe7\\xc7.d\\xda\\xbc\\xc8n\\xc7\\xf6c4\\xf0\\xf6hw\\xd8Pe\\xcbA\\xbc\\xf7\\xfd\\xd2R\\xbfY\\xc2\\xef\\xc7JZ\\xf7k\\xd1Ff\\xde\\xc88\\xea\\xc6\\xd8ja\\xdfOQ\\xd3\\xbcaO7o\\xf7\\xfa\\xe5\\xd2L.\\xc35\\xf4\\xe6Y\\xf5\\xc2\\xe22k\\xe0\\xf5\\xbf\\xc0\\xfa\\xd5\\xd4\\xfbFL39\\xe4\\xcf\\xd6\\xd9l2\\xf4\\xfc\\xbd\\xe6\\xf9\\xd4\\xc7\\xe1\\xe8\\xc5\\xd3\\xe4\\xef\\xd6\\xeb\\xd4\\xe9\\xf8\\xd4\\xbf\\xf4\\xfd\\xea\\xe4\\xc0\\xd9\\xc9cM.\\xc9v2b\\xbc\\xebQ\\xe9t\\xbd\\xbc\\xe67hy\\xe6H2X\\xd5x\\xf1Q\\xe7\\xe9\\xcdl4\\xe1my\\xe8lPy\\xbe\\xf1gM\\xd3W\\xcfG\\xf0g\\xe8\\xd9aAPs\\xc6\\xf9B\\xc3\\xd7X.S\\xecJ\\xf4.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.080617+0200","flow_id":2169942931720074,"pcap_cnt":67,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":37,"pkts_toclient":26,"bytes_toserver":8462,"bytes_toclient":10024,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.080617+0200","flow_id":2169942931720074,"pcap_cnt":67,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":37,"pkts_toclient":26,"bytes_toserver":8462,"bytes_toclient":10024,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.080617+0200","flow_id":2169942931720074,"pcap_cnt":67,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20812,"rrname":"1yebk82\\xbf\\xd6\\xe7\\xf2D\\xbf4hin\\xfb\\xbdQp\\xf8\\xf28K\\xf8\\xeaK3\\xc6ymld\\xd0Iyo\\xeef\\xd3\\xe5aVDyI\\xd7\\xd4\\xe1\\xc2dRf\\xccai\\xd8\\xd5\\xc2cd.IH\\xe4\\xf9\\xea\\xdcp\\xbc5\\xccjX\\xde\\xc4\\xf1\\xed\\xd6Sp\\xd1\\xd8c8N\\xf9\\xcc\\xd9V\\xf98\\xfd\\xcb\\xddRrD\\xd9oP\\xc2\\xbcaC\\xf1Dm\\xf2n\\xefF\\xe0\\xd8\\xe4\\xbfc\\xc75.wLM\\xc74I\\xd0\\xe4\\xe763\\xcf\\xebUu\\xc1G\\xf8AK\\xc1\\xd6\\xc1O\\xd6\\xcavAjd\\xc3\\xd3\\xe1\\xca\\xd6rPOPO\\xe7\\xe2\\xc0sgMw\\xe1i\\xd7\\xd64\\xe0KlkR.\\xd5\\xd2\\xf6\\xdf\\xd4\\xdf\\xf7SA\\xcdG\\xbcui\\xc4\\xf9a.pirate.sea","rrtype":"NULL","tx_id":62}}
{"timestamp":"2010-08-21T04:10:53.080889+0200","flow_id":2169942931720074,"pcap_cnt":68,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":13085,"flags":"8400","qr":true,"aa":true,"rrname":"1utbj\\xfd\\xea8\\xd3\\xea\\xd02\\xbf\\xd4RbeRXU\\xfdQig\\xfaC\\xc6C\\xdai\\xecITG\\xe4YX\\xe4\\xbe\\xbdsiWxY\\xfcx\\xf7\\xd69Xq\\xc6j\\xe4\\xce0b\\xca\\xd19u.J3\\xc3\\xbe\\xdfY\\xcf\\xc3\\xd4\\xd0y\\xe9D\\xbdo\\xd7C\\xfcE\\xe0n\\xd7\\xcc\\xe1\\xea\\xfa\\xf8FY\\xd0\\xf67n5P\\xf25\\xcd\\xcdI\\xf4G\\xdc\\xcdo\\xfcEIhg3\\xf2tokz\\xef.\\xc9\\xed\\xc5\\xe6o6W3j\\xee.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1utbj\\xfd\\xea8\\xd3\\xea\\xd02\\xbf\\xd4RbeRXU\\xfdQig\\xfaC\\xc6C\\xdai\\xecITG\\xe4YX\\xe4\\xbe\\xbdsiWxY\\xfcx\\xf7\\xd69Xq\\xc6j\\xe4\\xce0b\\xca\\xd19u.J3\\xc3\\xbe\\xdfY\\xcf\\xc3\\xd4\\xd0y\\xe9D\\xbdo\\xd7C\\xfcE\\xe0n\\xd7\\xcc\\xe1\\xea\\xfa\\xf8FY\\xd0\\xf67n5P\\xf25\\xcd\\xcdI\\xf4G\\xdc\\xcdo\\xfcEIhg3\\xf2tokz\\xef.\\xc9\\xed\\xc5\\xe6o6W3j\\xee.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.084368+0200","flow_id":2169942931720074,"pcap_cnt":69,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":20812,"flags":"8400","qr":true,"aa":true,"rrname":"1yebk82\\xbf\\xd6\\xe7\\xf2D\\xbf4hin\\xfb\\xbdQp\\xf8\\xf28K\\xf8\\xeaK3\\xc6ymld\\xd0Iyo\\xeef\\xd3\\xe5aVDyI\\xd7\\xd4\\xe1\\xc2dRf\\xccai\\xd8\\xd5\\xc2cd.IH\\xe4\\xf9\\xea\\xdcp\\xbc5\\xccjX\\xde\\xc4\\xf1\\xed\\xd6Sp\\xd1\\xd8c8N\\xf9\\xcc\\xd9V\\xf98\\xfd\\xcb\\xddRrD\\xd9oP\\xc2\\xbcaC\\xf1Dm\\xf2n\\xefF\\xe0\\xd8\\xe4\\xbfc\\xc75.wLM\\xc74I\\xd0\\xe4\\xe763\\xcf\\xebUu\\xc1G\\xf8AK\\xc1\\xd6\\xc1O\\xd6\\xcavAjd\\xc3\\xd3\\xe1\\xca\\xd6rPOPO\\xe7\\xe2\\xc0sgMw\\xe1i\\xd7\\xd64\\xe0KlkR.\\xd5\\xd2\\xf6\\xdf\\xd4\\xdf\\xf7SA\\xcdG\\xbcui\\xc4\\xf9a.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1yebk82\\xbf\\xd6\\xe7\\xf2D\\xbf4hin\\xfb\\xbdQp\\xf8\\xf28K\\xf8\\xeaK3\\xc6ymld\\xd0Iyo\\xeef\\xd3\\xe5aVDyI\\xd7\\xd4\\xe1\\xc2dRf\\xccai\\xd8\\xd5\\xc2cd.IH\\xe4\\xf9\\xea\\xdcp\\xbc5\\xccjX\\xde\\xc4\\xf1\\xed\\xd6Sp\\xd1\\xd8c8N\\xf9\\xcc\\xd9V\\xf98\\xfd\\xcb\\xddRrD\\xd9oP\\xc2\\xbcaC\\xf1Dm\\xf2n\\xefF\\xe0\\xd8\\xe4\\xbfc\\xc75.wLM\\xc74I\\xd0\\xe4\\xe763\\xcf\\xebUu\\xc1G\\xf8AK\\xc1\\xd6\\xc1O\\xd6\\xcavAjd\\xc3\\xd3\\xe1\\xca\\xd6rPOPO\\xe7\\xe2\\xc0sgMw\\xe1i\\xd7\\xd64\\xe0KlkR.\\xd5\\xd2\\xf6\\xdf\\xd4\\xdf\\xf7SA\\xcdG\\xbcui\\xc4\\xf9a.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.084726+0200","flow_id":2169942931720074,"pcap_cnt":70,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":38,"pkts_toclient":28,"bytes_toserver":8552,"bytes_toclient":10775,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.084726+0200","flow_id":2169942931720074,"pcap_cnt":70,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28539,"rrname":"pafqcg3a.pirate.sea","rrtype":"NULL","tx_id":65}}
{"timestamp":"2010-08-21T04:10:53.084755+0200","flow_id":2169942931720074,"pcap_cnt":71,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":39,"pkts_toclient":28,"bytes_toserver":8714,"bytes_toclient":10775,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.084755+0200","flow_id":2169942931720074,"pcap_cnt":71,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":39,"pkts_toclient":28,"bytes_toserver":8714,"bytes_toclient":10775,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.084755+0200","flow_id":2169942931720074,"pcap_cnt":71,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36266,"rrname":"12gbl82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xde\\xde4yp9\\xcca\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf3\\xd2\\xdc\\xeb\\xe6ydhQ2\\xc7\\xbf\\xbe\\xe2YyCU.dv\\xc4\\xf9WYehM\\xbeqdByoSa.pirate.sea","rrtype":"NULL","tx_id":66}}
{"timestamp":"2010-08-21T04:10:53.093688+0200","flow_id":2169942931720074,"pcap_cnt":72,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":28539,"flags":"8400","qr":true,"aa":true,"rrname":"pafqcg3a.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqcg3a.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.097921+0200","flow_id":2169942931720074,"pcap_cnt":73,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":36266,"flags":"8400","qr":true,"aa":true,"rrname":"12gbl82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xde\\xde4yp9\\xcca\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf3\\xd2\\xdc\\xeb\\xe6ydhQ2\\xc7\\xbf\\xbe\\xe2YyCU.dv\\xc4\\xf9WYehM\\xbeqdByoSa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"12gbl82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xde\\xde4yp9\\xcca\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf3\\xd2\\xdc\\xeb\\xe6ydhQ2\\xc7\\xbf\\xbe\\xe2YyCU.dv\\xc4\\xf9WYehM\\xbeqdByoSa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.098228+0200","flow_id":2169942931720074,"pcap_cnt":74,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":40,"pkts_toclient":30,"bytes_toserver":8804,"bytes_toclient":11643,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.098228+0200","flow_id":2169942931720074,"pcap_cnt":74,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43993,"rrname":"paeacg3i.pirate.sea","rrtype":"NULL","tx_id":69}}
{"timestamp":"2010-08-21T04:10:53.098674+0200","flow_id":2169942931720074,"pcap_cnt":75,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":43993,"flags":"8400","qr":true,"aa":true,"rrname":"paeacg3i.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeacg3i.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.098682+0200","flow_id":2169942931720074,"pcap_cnt":76,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":41,"pkts_toclient":31,"bytes_toserver":8966,"bytes_toclient":11939,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.098682+0200","flow_id":2169942931720074,"pcap_cnt":76,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":41,"pkts_toclient":31,"bytes_toserver":8966,"bytes_toclient":11939,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.098682+0200","flow_id":2169942931720074,"pcap_cnt":76,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51720,"rrname":"1aabm82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe6\\xde4yp1\\xcc8\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf3\\xd2\\xfd\\xecOydh7\\xc4\\xd4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGd\\xdb0pR\\xbe.pirate.sea","rrtype":"NULL","tx_id":71}}
{"timestamp":"2010-08-21T04:10:53.107361+0200","flow_id":2169942931720074,"pcap_cnt":77,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":42,"pkts_toclient":31,"bytes_toserver":9128,"bytes_toclient":11939,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.107361+0200","flow_id":2169942931720074,"pcap_cnt":77,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":42,"pkts_toclient":31,"bytes_toserver":9128,"bytes_toclient":11939,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.107361+0200","flow_id":2169942931720074,"pcap_cnt":77,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59447,"rrname":"1abbn82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe6\\xde4yp1\\xcc8\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf3\\xd2\\xfd\\xecOydh7\\xc4\\xd4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGd\\xdb0pR\\xbe.pirate.sea","rrtype":"NULL","tx_id":72}}
{"timestamp":"2010-08-21T04:10:53.107674+0200","flow_id":2169942931720074,"pcap_cnt":78,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":51720,"flags":"8400","qr":true,"aa":true,"rrname":"1aabm82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe6\\xde4yp1\\xcc8\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf3\\xd2\\xfd\\xecOydh7\\xc4\\xd4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGd\\xdb0pR\\xbe.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1aabm82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe6\\xde4yp1\\xcc8\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf3\\xd2\\xfd\\xecOydh7\\xc4\\xd4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGd\\xdb0pR\\xbe.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.114194+0200","flow_id":2169942931720074,"pcap_cnt":79,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":59447,"flags":"8400","qr":true,"aa":true,"rrname":"1abbn82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe6\\xde4yp1\\xcc8\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf3\\xd2\\xfd\\xecOydh7\\xc4\\xd4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGd\\xdb0pR\\xbe.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1abbn82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe6\\xde4yp1\\xcc8\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf3\\xd2\\xfd\\xecOydh7\\xc4\\xd4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGd\\xdb0pR\\xbe.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.114207+0200","flow_id":2169942931720074,"pcap_cnt":80,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":43,"pkts_toclient":33,"bytes_toserver":9290,"bytes_toclient":12334,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.114207+0200","flow_id":2169942931720074,"pcap_cnt":80,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":43,"pkts_toclient":33,"bytes_toserver":9290,"bytes_toclient":12334,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.114207+0200","flow_id":2169942931720074,"pcap_cnt":80,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1638,"rrname":"1ebbo82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe2\\xde4yp1\\xccC\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf30\\xee\\xd2\\xbeWfn\\xc1g\\xe4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGdv\\xeeoSa.pirate.sea","rrtype":"NULL","tx_id":75}}
{"timestamp":"2010-08-21T04:10:53.120781+0200","flow_id":2169942931720074,"pcap_cnt":81,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":44,"pkts_toclient":33,"bytes_toserver":9452,"bytes_toclient":12334,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.120781+0200","flow_id":2169942931720074,"pcap_cnt":81,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":44,"pkts_toclient":33,"bytes_toserver":9452,"bytes_toclient":12334,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.120781+0200","flow_id":2169942931720074,"pcap_cnt":81,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9365,"rrname":"1ecbp82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe2\\xde4yp1\\xccC\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf30\\xee\\xd2\\xbeWfn\\xc1g\\xe4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGdv\\xeeoSa.pirate.sea","rrtype":"NULL","tx_id":76}}
{"timestamp":"2010-08-21T04:10:53.120995+0200","flow_id":2169942931720074,"pcap_cnt":82,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":1638,"flags":"8400","qr":true,"aa":true,"rrname":"1ebbo82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe2\\xde4yp1\\xccC\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf30\\xee\\xd2\\xbeWfn\\xc1g\\xe4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGdv\\xeeoSa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1ebbo82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe2\\xde4yp1\\xccC\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf30\\xee\\xd2\\xbeWfn\\xc1g\\xe4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGdv\\xeeoSa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.132080+0200","flow_id":2169942931720074,"pcap_cnt":83,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":9365,"flags":"8400","qr":true,"aa":true,"rrname":"1ecbp82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe2\\xde4yp1\\xccC\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf30\\xee\\xd2\\xbeWfn\\xc1g\\xe4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGdv\\xeeoSa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1ecbp82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe2\\xde4yp1\\xccC\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf30\\xee\\xd2\\xbeWfn\\xc1g\\xe4\\xe1b\\xbe\\xdeY5\\xda.gln\\xfc\\xde\\xe4ioTaGdv\\xeeoSa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.133522+0200","flow_id":2169942931720074,"pcap_cnt":84,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":45,"pkts_toclient":35,"bytes_toserver":9542,"bytes_toclient":12729,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.133522+0200","flow_id":2169942931720074,"pcap_cnt":84,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":17092,"rrname":"paeycg3q.pirate.sea","rrtype":"NULL","tx_id":79}}
{"timestamp":"2010-08-21T04:10:53.153020+0200","flow_id":2169942931720074,"pcap_cnt":85,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":17092,"flags":"8400","qr":true,"aa":true,"rrname":"paeycg3q.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeycg3q.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.153362+0200","flow_id":2169942931720074,"pcap_cnt":86,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":46,"pkts_toclient":36,"bytes_toserver":9749,"bytes_toclient":12887,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.153362+0200","flow_id":2169942931720074,"pcap_cnt":86,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":46,"pkts_toclient":36,"bytes_toserver":9749,"bytes_toclient":12887,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.153362+0200","flow_id":2169942931720074,"pcap_cnt":86,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":24819,"rrname":"1iebq82\\xca2hb\\xbe\\xeeY\\xd6rg0\\xcf\\xea\\xde4ypX\\xccy\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf30\\xee\\xd2\\xbeWLm\\xc1\\xe4\\xc0\\xdf\\xbe\\xe2YyCU.dv\\xc4\\xf8\\xeeWehw\\xc4tz\\xc0\\xce\\xf1yoJ\\xf2\\xca\\xc7\\xc1\\xceWl5S\\xf79\\xc1OX\\xc2mTO\\xbf\\xbe\\xe2Wo4n\\xc4dd\\xc2\\xd42ym\\xc3s\\xdeaad.t\\xefPO.pirate.sea","rrtype":"NULL","tx_id":81}}
{"timestamp":"2010-08-21T04:10:53.154126+0200","flow_id":2169942931720074,"pcap_cnt":87,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":24819,"flags":"8400","qr":true,"aa":true,"rrname":"1iebq82\\xca2hb\\xbe\\xeeY\\xd6rg0\\xcf\\xea\\xde4ypX\\xccy\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf30\\xee\\xd2\\xbeWLm\\xc1\\xe4\\xc0\\xdf\\xbe\\xe2YyCU.dv\\xc4\\xf8\\xeeWehw\\xc4tz\\xc0\\xce\\xf1yoJ\\xf2\\xca\\xc7\\xc1\\xceWl5S\\xf79\\xc1OX\\xc2mTO\\xbf\\xbe\\xe2Wo4n\\xc4dd\\xc2\\xd42ym\\xc3s\\xdeaad.t\\xefPO.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1iebq82\\xca2hb\\xbe\\xeeY\\xd6rg0\\xcf\\xea\\xde4ypX\\xccy\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf5x\\xdf30\\xee\\xd2\\xbeWLm\\xc1\\xe4\\xc0\\xdf\\xbe\\xe2YyCU.dv\\xc4\\xf8\\xeeWehw\\xc4tz\\xc0\\xce\\xf1yoJ\\xf2\\xca\\xc7\\xc1\\xceWl5S\\xf79\\xc1OX\\xc2mTO\\xbf\\xbe\\xe2Wo4n\\xc4dd\\xc2\\xd42ym\\xc3s\\xdeaad.t\\xefPO.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.154342+0200","flow_id":2169942931720074,"pcap_cnt":88,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":47,"pkts_toclient":37,"bytes_toserver":9911,"bytes_toclient":13190,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.154342+0200","flow_id":2169942931720074,"pcap_cnt":88,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":47,"pkts_toclient":37,"bytes_toserver":9911,"bytes_toclient":13190,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.154342+0200","flow_id":2169942931720074,"pcap_cnt":88,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32546,"rrname":"1mfbr82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe0\\xde4yp1\\xccm\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf2\\xd5\\xfb30\\xee\\xddGWfn\\xc1g\\xf2H\\xbe\\xe2YyCU.dv\\xc4\\xf8\\xeeWehE\\xbeadBeoSa.pirate.sea","rrtype":"NULL","tx_id":83}}
{"timestamp":"2010-08-21T04:10:53.172892+0200","flow_id":2169942931720074,"pcap_cnt":89,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":32546,"flags":"8400","qr":true,"aa":true,"rrname":"1mfbr82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe0\\xde4yp1\\xccm\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf2\\xd5\\xfb30\\xee\\xddGWfn\\xc1g\\xf2H\\xbe\\xe2YyCU.dv\\xc4\\xf8\\xeeWehE\\xbeadBeoSa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1mfbr82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe0\\xde4yp1\\xccm\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf2\\xd5\\xfb30\\xee\\xddGWfn\\xc1g\\xf2H\\xbe\\xe2YyCU.dv\\xc4\\xf8\\xeeWehE\\xbeadBeoSa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.173935+0200","flow_id":2169942931720074,"pcap_cnt":90,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":48,"pkts_toclient":38,"bytes_toserver":10115,"bytes_toclient":13355,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.173935+0200","flow_id":2169942931720074,"pcap_cnt":90,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":48,"pkts_toclient":38,"bytes_toserver":10115,"bytes_toclient":13355,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.173935+0200","flow_id":2169942931720074,"pcap_cnt":90,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40273,"rrname":"1qfbs82\\xca2hb\\xbe\\xeeY\\xd6rge\\xcf\\xe8\\xde4ypX\\xcc4\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf2\\xd5\\xfb30\\xee\\xddGWLn\\xc1\\xdeEH\\xbe\\xe2YyCU.dv\\xc4\\xf8\\xeeYehE\\xc4dz\\xc0\\xce\\xeeyoJ\\xf2\\xca\\xc7\\xc1\\xceWl5S\\xf79\\xc1OX\\xf6m\\xfbO\\xbf\\xbe\\xe2Wo4n\\xc4dv\\xc6\\xd4W4a\\xbed5\\xe8kl.\\xbe.pirate.sea","rrtype":"NULL","tx_id":85}}
{"timestamp":"2010-08-21T04:10:53.174098+0200","flow_id":2169942931720074,"pcap_cnt":91,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":40273,"flags":"8400","qr":true,"aa":true,"rrname":"1qfbs82\\xca2hb\\xbe\\xeeY\\xd6rge\\xcf\\xe8\\xde4ypX\\xcc4\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf2\\xd5\\xfb30\\xee\\xddGWLn\\xc1\\xdeEH\\xbe\\xe2YyCU.dv\\xc4\\xf8\\xeeYehE\\xc4dz\\xc0\\xce\\xeeyoJ\\xf2\\xca\\xc7\\xc1\\xceWl5S\\xf79\\xc1OX\\xf6m\\xfbO\\xbf\\xbe\\xe2Wo4n\\xc4dv\\xc6\\xd4W4a\\xbed5\\xe8kl.\\xbe.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1qfbs82\\xca2hb\\xbe\\xeeY\\xd6rge\\xcf\\xe8\\xde4ypX\\xcc4\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf2\\xd5\\xfb30\\xee\\xddGWLn\\xc1\\xdeEH\\xbe\\xe2YyCU.dv\\xc4\\xf8\\xeeYehE\\xc4dz\\xc0\\xce\\xeeyoJ\\xf2\\xca\\xc7\\xc1\\xceWl5S\\xf79\\xc1OX\\xf6m\\xfbO\\xbf\\xbe\\xe2Wo4n\\xc4dv\\xc6\\xd4W4a\\xbed5\\xe8kl.\\xbe.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.174344+0200","flow_id":2169942931720074,"pcap_cnt":92,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":49,"pkts_toclient":39,"bytes_toserver":10277,"bytes_toclient":13627,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.174344+0200","flow_id":2169942931720074,"pcap_cnt":92,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":49,"pkts_toclient":39,"bytes_toserver":10277,"bytes_toclient":13627,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.174344+0200","flow_id":2169942931720074,"pcap_cnt":92,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48000,"rrname":"1ugbt82\\xca2hb\\xbe\\xee\\xec\\xee8m\\xccd\\xbf\\xbe\\xeeiFpqcViom\\xe0dyP\\xeci7\\xcatc\\xeeP\\xd2\\xe638mGel\\xc20I\\xf7\\xe1W\\xd2S8\\xc4c.\\xcapk\\xd0Z\\xe2\\xd2\\xde\\xd0\\xbeqf\\xc5ktz\\xbe.pirate.sea","rrtype":"NULL","tx_id":87}}
{"timestamp":"2010-08-21T04:10:53.191820+0200","flow_id":2169942931720074,"pcap_cnt":93,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":48000,"flags":"8400","qr":true,"aa":true,"rrname":"1ugbt82\\xca2hb\\xbe\\xee\\xec\\xee8m\\xccd\\xbf\\xbe\\xeeiFpqcViom\\xe0dyP\\xeci7\\xcatc\\xeeP\\xd2\\xe638mGel\\xc20I\\xf7\\xe1W\\xd2S8\\xc4c.\\xcapk\\xd0Z\\xe2\\xd2\\xde\\xd0\\xbeqf\\xc5ktz\\xbe.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1ugbt82\\xca2hb\\xbe\\xee\\xec\\xee8m\\xccd\\xbf\\xbe\\xeeiFpqcViom\\xe0dyP\\xeci7\\xcatc\\xeeP\\xd2\\xe638mGel\\xc20I\\xf7\\xe1W\\xd2S8\\xc4c.\\xcapk\\xd0Z\\xe2\\xd2\\xde\\xd0\\xbeqf\\xc5ktz\\xbe.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.193970+0200","flow_id":2169942931720074,"pcap_cnt":94,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":50,"pkts_toclient":40,"bytes_toserver":10440,"bytes_toclient":13792,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.193970+0200","flow_id":2169942931720074,"pcap_cnt":94,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":50,"pkts_toclient":40,"bytes_toserver":10440,"bytes_toclient":13792,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:53.193970+0200","flow_id":2169942931720074,"pcap_cnt":94,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55727,"rrname":"1ygbu82\\xca2hb\\xbe\\xee\\xec\\xee8m\\xccd\\xbf\\xbe\\xeeiFpqcViom\\xe0dyP\\xeci7\\xcatc\\xef\\xc7\\xd6\\xde38m\\xe4dbW\\xce\\xccP\\xdbh\\xe0n\\xc1\\xcf\\xdf.\\xe8aaY\\xbcQ\\xc7\\xcdk\\xc9c\\xc6c\\xd9\\xbfj\\xca\\xde.pirate.sea","rrtype":"NULL","tx_id":89}}
{"timestamp":"2010-08-21T04:10:53.194120+0200","flow_id":2169942931720074,"pcap_cnt":95,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":55727,"flags":"8400","qr":true,"aa":true,"rrname":"1ygbu82\\xca2hb\\xbe\\xee\\xec\\xee8m\\xccd\\xbf\\xbe\\xeeiFpqcViom\\xe0dyP\\xeci7\\xcatc\\xef\\xc7\\xd6\\xde38m\\xe4dbW\\xce\\xccP\\xdbh\\xe0n\\xc1\\xcf\\xdf.\\xe8aaY\\xbcQ\\xc7\\xcdk\\xc9c\\xc6c\\xd9\\xbfj\\xca\\xde.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1ygbu82\\xca2hb\\xbe\\xee\\xec\\xee8m\\xccd\\xbf\\xbe\\xeeiFpqcViom\\xe0dyP\\xeci7\\xcatc\\xef\\xc7\\xd6\\xde38m\\xe4dbW\\xce\\xccP\\xdbh\\xe0n\\xc1\\xcf\\xdf.\\xe8aaY\\xbcQ\\xc7\\xcdk\\xc9c\\xc6c\\xd9\\xbfj\\xca\\xde.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.201905+0200","flow_id":2169942931720074,"pcap_cnt":96,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":51,"pkts_toclient":41,"bytes_toserver":10530,"bytes_toclient":14023,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.201905+0200","flow_id":2169942931720074,"pcap_cnt":96,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63454,"rrname":"pafycg3y.pirate.sea","rrtype":"NULL","tx_id":91}}
{"timestamp":"2010-08-21T04:10:53.211404+0200","flow_id":2169942931720074,"pcap_cnt":97,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":63454,"flags":"8400","qr":true,"aa":true,"rrname":"pafycg3y.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafycg3y.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.216722+0200","flow_id":2169942931720074,"pcap_cnt":98,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":52,"pkts_toclient":42,"bytes_toserver":10620,"bytes_toclient":14180,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.216722+0200","flow_id":2169942931720074,"pcap_cnt":98,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5645,"rrname":"paeacg4a.pirate.sea","rrtype":"NULL","tx_id":93}}
{"timestamp":"2010-08-21T04:10:53.216859+0200","flow_id":2169942931720074,"pcap_cnt":99,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":5645,"flags":"8400","qr":true,"aa":true,"rrname":"paeacg4a.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeacg4a.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.222525+0200","flow_id":2169942931720074,"pcap_cnt":100,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":53,"pkts_toclient":43,"bytes_toserver":10710,"bytes_toclient":14338,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.222525+0200","flow_id":2169942931720074,"pcap_cnt":100,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13372,"rrname":"paeicg4i.pirate.sea","rrtype":"NULL","tx_id":95}}
{"timestamp":"2010-08-21T04:10:53.232369+0200","flow_id":2169942931720074,"pcap_cnt":101,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":13372,"flags":"8400","qr":true,"aa":true,"rrname":"paeicg4i.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeicg4i.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.238571+0200","flow_id":2169942931720074,"pcap_cnt":102,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":54,"pkts_toclient":44,"bytes_toserver":10800,"bytes_toclient":14496,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.238571+0200","flow_id":2169942931720074,"pcap_cnt":102,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21099,"rrname":"paeqcg4q.pirate.sea","rrtype":"NULL","tx_id":97}}
{"timestamp":"2010-08-21T04:10:53.251980+0200","flow_id":2169942931720074,"pcap_cnt":103,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":21099,"flags":"8400","qr":true,"aa":true,"rrname":"paeqcg4q.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqcg4q.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.258753+0200","flow_id":2169942931720074,"pcap_cnt":104,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":55,"pkts_toclient":45,"bytes_toserver":10890,"bytes_toclient":14654,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.258753+0200","flow_id":2169942931720074,"pcap_cnt":104,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28826,"rrname":"paeycg4y.pirate.sea","rrtype":"NULL","tx_id":99}}
{"timestamp":"2010-08-21T04:10:53.272842+0200","flow_id":2169942931720074,"pcap_cnt":105,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":28826,"flags":"8400","qr":true,"aa":true,"rrname":"paeycg4y.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeycg4y.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.278433+0200","flow_id":2169942931720074,"pcap_cnt":106,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":56,"pkts_toclient":46,"bytes_toserver":10980,"bytes_toclient":14812,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.278433+0200","flow_id":2169942931720074,"pcap_cnt":106,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36553,"rrname":"pafacg5a.pirate.sea","rrtype":"NULL","tx_id":101}}
{"timestamp":"2010-08-21T04:10:53.293917+0200","flow_id":2169942931720074,"pcap_cnt":107,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":36553,"flags":"8400","qr":true,"aa":true,"rrname":"pafacg5a.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafacg5a.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.300664+0200","flow_id":2169942931720074,"pcap_cnt":108,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":57,"pkts_toclient":47,"bytes_toserver":11070,"bytes_toclient":14970,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.300664+0200","flow_id":2169942931720074,"pcap_cnt":108,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44280,"rrname":"paficg5i.pirate.sea","rrtype":"NULL","tx_id":103}}
{"timestamp":"2010-08-21T04:10:53.311187+0200","flow_id":2169942931720074,"pcap_cnt":109,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":44280,"flags":"8400","qr":true,"aa":true,"rrname":"paficg5i.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paficg5i.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.316793+0200","flow_id":2169942931720074,"pcap_cnt":110,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":58,"pkts_toclient":48,"bytes_toserver":11160,"bytes_toclient":15128,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.316793+0200","flow_id":2169942931720074,"pcap_cnt":110,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":52007,"rrname":"pafqcg5q.pirate.sea","rrtype":"NULL","tx_id":105}}
{"timestamp":"2010-08-21T04:10:53.332141+0200","flow_id":2169942931720074,"pcap_cnt":111,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":52007,"flags":"8400","qr":true,"aa":true,"rrname":"pafqcg5q.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqcg5q.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.338614+0200","flow_id":2169942931720074,"pcap_cnt":112,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":59,"pkts_toclient":49,"bytes_toserver":11250,"bytes_toclient":15286,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.338614+0200","flow_id":2169942931720074,"pcap_cnt":112,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59734,"rrname":"pafycg5y.pirate.sea","rrtype":"NULL","tx_id":107}}
{"timestamp":"2010-08-21T04:10:53.351689+0200","flow_id":2169942931720074,"pcap_cnt":113,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":59734,"flags":"8400","qr":true,"aa":true,"rrname":"pafycg5y.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafycg5y.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.358060+0200","flow_id":2169942931720074,"pcap_cnt":114,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":60,"pkts_toclient":50,"bytes_toserver":11340,"bytes_toclient":15444,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.358060+0200","flow_id":2169942931720074,"pcap_cnt":114,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1925,"rrname":"paeachaa.pirate.sea","rrtype":"NULL","tx_id":109}}
{"timestamp":"2010-08-21T04:10:53.373369+0200","flow_id":2169942931720074,"pcap_cnt":115,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":1925,"flags":"8400","qr":true,"aa":true,"rrname":"paeachaa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachaa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.378844+0200","flow_id":2169942931720074,"pcap_cnt":116,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":61,"pkts_toclient":51,"bytes_toserver":11430,"bytes_toclient":15602,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.378844+0200","flow_id":2169942931720074,"pcap_cnt":116,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9652,"rrname":"paeichai.pirate.sea","rrtype":"NULL","tx_id":111}}
{"timestamp":"2010-08-21T04:10:53.391292+0200","flow_id":2169942931720074,"pcap_cnt":117,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":9652,"flags":"8400","qr":true,"aa":true,"rrname":"paeichai.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichai.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.397188+0200","flow_id":2169942931720074,"pcap_cnt":118,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":62,"pkts_toclient":52,"bytes_toserver":11520,"bytes_toclient":15760,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.397188+0200","flow_id":2169942931720074,"pcap_cnt":118,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":17379,"rrname":"paeqchaq.pirate.sea","rrtype":"NULL","tx_id":113}}
{"timestamp":"2010-08-21T04:10:53.412316+0200","flow_id":2169942931720074,"pcap_cnt":119,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":17379,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchaq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchaq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.417819+0200","flow_id":2169942931720074,"pcap_cnt":120,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":63,"pkts_toclient":53,"bytes_toserver":11610,"bytes_toclient":15918,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.417819+0200","flow_id":2169942931720074,"pcap_cnt":120,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":25106,"rrname":"paeychay.pirate.sea","rrtype":"NULL","tx_id":115}}
{"timestamp":"2010-08-21T04:10:53.431550+0200","flow_id":2169942931720074,"pcap_cnt":121,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":25106,"flags":"8400","qr":true,"aa":true,"rrname":"paeychay.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychay.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.437902+0200","flow_id":2169942931720074,"pcap_cnt":122,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":64,"pkts_toclient":54,"bytes_toserver":11700,"bytes_toclient":16076,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.437902+0200","flow_id":2169942931720074,"pcap_cnt":122,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32833,"rrname":"pafachba.pirate.sea","rrtype":"NULL","tx_id":117}}
{"timestamp":"2010-08-21T04:10:53.452534+0200","flow_id":2169942931720074,"pcap_cnt":123,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":32833,"flags":"8400","qr":true,"aa":true,"rrname":"pafachba.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachba.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.457976+0200","flow_id":2169942931720074,"pcap_cnt":124,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":65,"pkts_toclient":55,"bytes_toserver":11790,"bytes_toclient":16234,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.457976+0200","flow_id":2169942931720074,"pcap_cnt":124,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40560,"rrname":"pafichbi.pirate.sea","rrtype":"NULL","tx_id":119}}
{"timestamp":"2010-08-21T04:10:53.473345+0200","flow_id":2169942931720074,"pcap_cnt":125,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":40560,"flags":"8400","qr":true,"aa":true,"rrname":"pafichbi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichbi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.479179+0200","flow_id":2169942931720074,"pcap_cnt":126,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":66,"pkts_toclient":56,"bytes_toserver":11880,"bytes_toclient":16392,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.479179+0200","flow_id":2169942931720074,"pcap_cnt":126,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48287,"rrname":"pafqchbq.pirate.sea","rrtype":"NULL","tx_id":121}}
{"timestamp":"2010-08-21T04:10:53.492565+0200","flow_id":2169942931720074,"pcap_cnt":127,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":48287,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchbq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchbq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.498200+0200","flow_id":2169942931720074,"pcap_cnt":128,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":67,"pkts_toclient":57,"bytes_toserver":11970,"bytes_toclient":16570,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.498200+0200","flow_id":2169942931720074,"pcap_cnt":128,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56014,"rrname":"pafychby.pirate.sea","rrtype":"NULL","tx_id":123}}
{"timestamp":"2010-08-21T04:10:53.512193+0200","flow_id":2169942931720074,"pcap_cnt":129,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":56014,"flags":"8400","qr":true,"aa":true,"rrname":"pafychby.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychby.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.519096+0200","flow_id":2169942931720074,"pcap_cnt":130,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":68,"pkts_toclient":58,"bytes_toserver":12060,"bytes_toclient":16749,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.519096+0200","flow_id":2169942931720074,"pcap_cnt":130,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63741,"rrname":"paeachca.pirate.sea","rrtype":"NULL","tx_id":125}}
{"timestamp":"2010-08-21T04:10:53.533467+0200","flow_id":2169942931720074,"pcap_cnt":131,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":63741,"flags":"8400","qr":true,"aa":true,"rrname":"paeachca.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachca.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.540213+0200","flow_id":2169942931720074,"pcap_cnt":132,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":69,"pkts_toclient":59,"bytes_toserver":12150,"bytes_toclient":16927,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.540213+0200","flow_id":2169942931720074,"pcap_cnt":132,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5932,"rrname":"paeichci.pirate.sea","rrtype":"NULL","tx_id":127}}
{"timestamp":"2010-08-21T04:10:53.554147+0200","flow_id":2169942931720074,"pcap_cnt":133,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":5932,"flags":"8400","qr":true,"aa":true,"rrname":"paeichci.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichci.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.559625+0200","flow_id":2169942931720074,"pcap_cnt":134,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":70,"pkts_toclient":60,"bytes_toserver":12240,"bytes_toclient":17105,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.559625+0200","flow_id":2169942931720074,"pcap_cnt":134,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13659,"rrname":"paeqchcq.pirate.sea","rrtype":"NULL","tx_id":129}}
{"timestamp":"2010-08-21T04:10:53.571779+0200","flow_id":2169942931720074,"pcap_cnt":135,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":13659,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchcq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchcq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.578131+0200","flow_id":2169942931720074,"pcap_cnt":136,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":71,"pkts_toclient":61,"bytes_toserver":12330,"bytes_toclient":17283,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.578131+0200","flow_id":2169942931720074,"pcap_cnt":136,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21386,"rrname":"paeychcy.pirate.sea","rrtype":"NULL","tx_id":131}}
{"timestamp":"2010-08-21T04:10:53.591982+0200","flow_id":2169942931720074,"pcap_cnt":137,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":21386,"flags":"8400","qr":true,"aa":true,"rrname":"paeychcy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychcy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.598269+0200","flow_id":2169942931720074,"pcap_cnt":138,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":72,"pkts_toclient":62,"bytes_toserver":12420,"bytes_toclient":17462,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.598269+0200","flow_id":2169942931720074,"pcap_cnt":138,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29113,"rrname":"pafachda.pirate.sea","rrtype":"NULL","tx_id":133}}
{"timestamp":"2010-08-21T04:10:53.612648+0200","flow_id":2169942931720074,"pcap_cnt":139,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":29113,"flags":"8400","qr":true,"aa":true,"rrname":"pafachda.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachda.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.618795+0200","flow_id":2169942931720074,"pcap_cnt":140,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":73,"pkts_toclient":63,"bytes_toserver":12510,"bytes_toclient":17641,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.618795+0200","flow_id":2169942931720074,"pcap_cnt":140,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36840,"rrname":"pafichdi.pirate.sea","rrtype":"NULL","tx_id":135}}
{"timestamp":"2010-08-21T04:10:53.633268+0200","flow_id":2169942931720074,"pcap_cnt":141,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":36840,"flags":"8400","qr":true,"aa":true,"rrname":"pafichdi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichdi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.638541+0200","flow_id":2169942931720074,"pcap_cnt":142,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":74,"pkts_toclient":64,"bytes_toserver":12600,"bytes_toclient":17820,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.638541+0200","flow_id":2169942931720074,"pcap_cnt":142,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44567,"rrname":"pafqchdq.pirate.sea","rrtype":"NULL","tx_id":137}}
{"timestamp":"2010-08-21T04:10:53.654574+0200","flow_id":2169942931720074,"pcap_cnt":143,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":44567,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchdq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchdq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.660260+0200","flow_id":2169942931720074,"pcap_cnt":144,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":75,"pkts_toclient":65,"bytes_toserver":12690,"bytes_toclient":17998,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.660260+0200","flow_id":2169942931720074,"pcap_cnt":144,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":52294,"rrname":"pafychdy.pirate.sea","rrtype":"NULL","tx_id":139}}
{"timestamp":"2010-08-21T04:10:53.671444+0200","flow_id":2169942931720074,"pcap_cnt":145,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":52294,"flags":"8400","qr":true,"aa":true,"rrname":"pafychdy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychdy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.676908+0200","flow_id":2169942931720074,"pcap_cnt":146,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":76,"pkts_toclient":66,"bytes_toserver":12780,"bytes_toclient":18176,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.676908+0200","flow_id":2169942931720074,"pcap_cnt":146,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60021,"rrname":"paeachea.pirate.sea","rrtype":"NULL","tx_id":141}}
{"timestamp":"2010-08-21T04:10:53.692505+0200","flow_id":2169942931720074,"pcap_cnt":147,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":60021,"flags":"8400","qr":true,"aa":true,"rrname":"paeachea.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachea.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.699684+0200","flow_id":2169942931720074,"pcap_cnt":148,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":77,"pkts_toclient":67,"bytes_toserver":12870,"bytes_toclient":18355,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.699684+0200","flow_id":2169942931720074,"pcap_cnt":148,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2212,"rrname":"paeichei.pirate.sea","rrtype":"NULL","tx_id":143}}
{"timestamp":"2010-08-21T04:10:53.711612+0200","flow_id":2169942931720074,"pcap_cnt":149,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":2212,"flags":"8400","qr":true,"aa":true,"rrname":"paeichei.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichei.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.718247+0200","flow_id":2169942931720074,"pcap_cnt":150,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":78,"pkts_toclient":68,"bytes_toserver":12960,"bytes_toclient":18534,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.718247+0200","flow_id":2169942931720074,"pcap_cnt":150,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9939,"rrname":"paeqcheq.pirate.sea","rrtype":"NULL","tx_id":145}}
{"timestamp":"2010-08-21T04:10:53.733307+0200","flow_id":2169942931720074,"pcap_cnt":151,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":9939,"flags":"8400","qr":true,"aa":true,"rrname":"paeqcheq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqcheq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.739270+0200","flow_id":2169942931720074,"pcap_cnt":152,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":79,"pkts_toclient":69,"bytes_toserver":13050,"bytes_toclient":18713,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.739270+0200","flow_id":2169942931720074,"pcap_cnt":152,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":17666,"rrname":"paeychey.pirate.sea","rrtype":"NULL","tx_id":147}}
{"timestamp":"2010-08-21T04:10:53.752377+0200","flow_id":2169942931720074,"pcap_cnt":153,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":17666,"flags":"8400","qr":true,"aa":true,"rrname":"paeychey.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychey.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.758181+0200","flow_id":2169942931720074,"pcap_cnt":154,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":80,"pkts_toclient":70,"bytes_toserver":13140,"bytes_toclient":18892,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.758181+0200","flow_id":2169942931720074,"pcap_cnt":154,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":25393,"rrname":"pafachfa.pirate.sea","rrtype":"NULL","tx_id":149}}
{"timestamp":"2010-08-21T04:10:53.772698+0200","flow_id":2169942931720074,"pcap_cnt":155,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":25393,"flags":"8400","qr":true,"aa":true,"rrname":"pafachfa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachfa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.778372+0200","flow_id":2169942931720074,"pcap_cnt":156,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":81,"pkts_toclient":71,"bytes_toserver":13230,"bytes_toclient":19071,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.778372+0200","flow_id":2169942931720074,"pcap_cnt":156,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33120,"rrname":"pafichfi.pirate.sea","rrtype":"NULL","tx_id":151}}
{"timestamp":"2010-08-21T04:10:53.792331+0200","flow_id":2169942931720074,"pcap_cnt":157,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":33120,"flags":"8400","qr":true,"aa":true,"rrname":"pafichfi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichfi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.797835+0200","flow_id":2169942931720074,"pcap_cnt":158,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":82,"pkts_toclient":72,"bytes_toserver":13320,"bytes_toclient":19250,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.797835+0200","flow_id":2169942931720074,"pcap_cnt":158,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40847,"rrname":"pafqchfq.pirate.sea","rrtype":"NULL","tx_id":153}}
{"timestamp":"2010-08-21T04:10:53.812207+0200","flow_id":2169942931720074,"pcap_cnt":159,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":40847,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchfq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchfq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.819384+0200","flow_id":2169942931720074,"pcap_cnt":160,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":83,"pkts_toclient":73,"bytes_toserver":13410,"bytes_toclient":19429,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.819384+0200","flow_id":2169942931720074,"pcap_cnt":160,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48574,"rrname":"pafychfy.pirate.sea","rrtype":"NULL","tx_id":155}}
{"timestamp":"2010-08-21T04:10:53.830843+0200","flow_id":2169942931720074,"pcap_cnt":161,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":48574,"flags":"8400","qr":true,"aa":true,"rrname":"pafychfy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychfy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.836217+0200","flow_id":2169942931720074,"pcap_cnt":162,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":84,"pkts_toclient":74,"bytes_toserver":13500,"bytes_toclient":19608,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.836217+0200","flow_id":2169942931720074,"pcap_cnt":162,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56301,"rrname":"paeachga.pirate.sea","rrtype":"NULL","tx_id":157}}
{"timestamp":"2010-08-21T04:10:53.851852+0200","flow_id":2169942931720074,"pcap_cnt":163,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":56301,"flags":"8400","qr":true,"aa":true,"rrname":"paeachga.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachga.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.857797+0200","flow_id":2169942931720074,"pcap_cnt":164,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":85,"pkts_toclient":75,"bytes_toserver":13590,"bytes_toclient":19787,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.857797+0200","flow_id":2169942931720074,"pcap_cnt":164,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64028,"rrname":"paeichgi.pirate.sea","rrtype":"NULL","tx_id":159}}
{"timestamp":"2010-08-21T04:10:53.872502+0200","flow_id":2169942931720074,"pcap_cnt":165,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":64028,"flags":"8400","qr":true,"aa":true,"rrname":"paeichgi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichgi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.877911+0200","flow_id":2169942931720074,"pcap_cnt":166,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":86,"pkts_toclient":76,"bytes_toserver":13680,"bytes_toclient":19966,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.877911+0200","flow_id":2169942931720074,"pcap_cnt":166,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6219,"rrname":"paeqchgq.pirate.sea","rrtype":"NULL","tx_id":161}}
{"timestamp":"2010-08-21T04:10:53.891781+0200","flow_id":2169942931720074,"pcap_cnt":167,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":6219,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchgq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchgq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.898069+0200","flow_id":2169942931720074,"pcap_cnt":168,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":87,"pkts_toclient":77,"bytes_toserver":13770,"bytes_toclient":20145,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.898069+0200","flow_id":2169942931720074,"pcap_cnt":168,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13946,"rrname":"paeychgy.pirate.sea","rrtype":"NULL","tx_id":163}}
{"timestamp":"2010-08-21T04:10:53.912457+0200","flow_id":2169942931720074,"pcap_cnt":169,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":13946,"flags":"8400","qr":true,"aa":true,"rrname":"paeychgy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychgy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.920176+0200","flow_id":2169942931720074,"pcap_cnt":170,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":88,"pkts_toclient":78,"bytes_toserver":13860,"bytes_toclient":20324,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.920176+0200","flow_id":2169942931720074,"pcap_cnt":170,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21673,"rrname":"pafachha.pirate.sea","rrtype":"NULL","tx_id":165}}
{"timestamp":"2010-08-21T04:10:53.932052+0200","flow_id":2169942931720074,"pcap_cnt":171,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":21673,"flags":"8400","qr":true,"aa":true,"rrname":"pafachha.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachha.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.938353+0200","flow_id":2169942931720074,"pcap_cnt":172,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":89,"pkts_toclient":79,"bytes_toserver":13950,"bytes_toclient":20503,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.938353+0200","flow_id":2169942931720074,"pcap_cnt":172,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29400,"rrname":"pafichhi.pirate.sea","rrtype":"NULL","tx_id":167}}
{"timestamp":"2010-08-21T04:10:53.952392+0200","flow_id":2169942931720074,"pcap_cnt":173,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":29400,"flags":"8400","qr":true,"aa":true,"rrname":"pafichhi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichhi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.958078+0200","flow_id":2169942931720074,"pcap_cnt":174,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":90,"pkts_toclient":80,"bytes_toserver":14040,"bytes_toclient":20682,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.958078+0200","flow_id":2169942931720074,"pcap_cnt":174,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37127,"rrname":"pafqchhq.pirate.sea","rrtype":"NULL","tx_id":169}}
{"timestamp":"2010-08-21T04:10:53.973560+0200","flow_id":2169942931720074,"pcap_cnt":175,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":37127,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchhq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchhq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.980130+0200","flow_id":2169942931720074,"pcap_cnt":176,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":91,"pkts_toclient":81,"bytes_toserver":14130,"bytes_toclient":20863,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.980130+0200","flow_id":2169942931720074,"pcap_cnt":176,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44854,"rrname":"pafychhy.pirate.sea","rrtype":"NULL","tx_id":171}}
{"timestamp":"2010-08-21T04:10:53.991035+0200","flow_id":2169942931720074,"pcap_cnt":177,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":44854,"flags":"8400","qr":true,"aa":true,"rrname":"pafychhy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychhy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:53.998273+0200","flow_id":2169942931720074,"pcap_cnt":178,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":92,"pkts_toclient":82,"bytes_toserver":14220,"bytes_toclient":21042,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:53.998273+0200","flow_id":2169942931720074,"pcap_cnt":178,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":52581,"rrname":"paeachia.pirate.sea","rrtype":"NULL","tx_id":173}}
{"timestamp":"2010-08-21T04:10:54.013036+0200","flow_id":2169942931720074,"pcap_cnt":179,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":52581,"flags":"8400","qr":true,"aa":true,"rrname":"paeachia.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachia.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.019106+0200","flow_id":2169942931720074,"pcap_cnt":180,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":93,"pkts_toclient":83,"bytes_toserver":14310,"bytes_toclient":21221,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.019106+0200","flow_id":2169942931720074,"pcap_cnt":180,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60308,"rrname":"paeichii.pirate.sea","rrtype":"NULL","tx_id":175}}
{"timestamp":"2010-08-21T04:10:54.032071+0200","flow_id":2169942931720074,"pcap_cnt":181,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":60308,"flags":"8400","qr":true,"aa":true,"rrname":"paeichii.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichii.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.038818+0200","flow_id":2169942931720074,"pcap_cnt":182,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":94,"pkts_toclient":84,"bytes_toserver":14400,"bytes_toclient":21400,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.038818+0200","flow_id":2169942931720074,"pcap_cnt":182,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2499,"rrname":"paeqchiq.pirate.sea","rrtype":"NULL","tx_id":177}}
{"timestamp":"2010-08-21T04:10:54.051720+0200","flow_id":2169942931720074,"pcap_cnt":183,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":2499,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchiq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchiq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.057676+0200","flow_id":2169942931720074,"pcap_cnt":184,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":95,"pkts_toclient":85,"bytes_toserver":14490,"bytes_toclient":21579,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.057676+0200","flow_id":2169942931720074,"pcap_cnt":184,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10226,"rrname":"paeychiy.pirate.sea","rrtype":"NULL","tx_id":179}}
{"timestamp":"2010-08-21T04:10:54.072739+0200","flow_id":2169942931720074,"pcap_cnt":185,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":10226,"flags":"8400","qr":true,"aa":true,"rrname":"paeychiy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychiy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.079613+0200","flow_id":2169942931720074,"pcap_cnt":186,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":96,"pkts_toclient":86,"bytes_toserver":14580,"bytes_toclient":21758,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.079613+0200","flow_id":2169942931720074,"pcap_cnt":186,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":17953,"rrname":"pafachja.pirate.sea","rrtype":"NULL","tx_id":181}}
{"timestamp":"2010-08-21T04:10:54.092805+0200","flow_id":2169942931720074,"pcap_cnt":187,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":17953,"flags":"8400","qr":true,"aa":true,"rrname":"pafachja.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachja.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.099929+0200","flow_id":2169942931720074,"pcap_cnt":188,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":97,"pkts_toclient":87,"bytes_toserver":14670,"bytes_toclient":21937,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.099929+0200","flow_id":2169942931720074,"pcap_cnt":188,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":25680,"rrname":"pafichji.pirate.sea","rrtype":"NULL","tx_id":183}}
{"timestamp":"2010-08-21T04:10:54.111622+0200","flow_id":2169942931720074,"pcap_cnt":189,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":25680,"flags":"8400","qr":true,"aa":true,"rrname":"pafichji.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichji.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.117725+0200","flow_id":2169942931720074,"pcap_cnt":190,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":98,"pkts_toclient":88,"bytes_toserver":14760,"bytes_toclient":22116,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.117725+0200","flow_id":2169942931720074,"pcap_cnt":190,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33407,"rrname":"pafqchjq.pirate.sea","rrtype":"NULL","tx_id":185}}
{"timestamp":"2010-08-21T04:10:54.131647+0200","flow_id":2169942931720074,"pcap_cnt":191,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":33407,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchjq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchjq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.138548+0200","flow_id":2169942931720074,"pcap_cnt":192,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":99,"pkts_toclient":89,"bytes_toserver":14850,"bytes_toclient":22295,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.138548+0200","flow_id":2169942931720074,"pcap_cnt":192,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41134,"rrname":"pafychjy.pirate.sea","rrtype":"NULL","tx_id":187}}
{"timestamp":"2010-08-21T04:10:54.152179+0200","flow_id":2169942931720074,"pcap_cnt":193,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":41134,"flags":"8400","qr":true,"aa":true,"rrname":"pafychjy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychjy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.157948+0200","flow_id":2169942931720074,"pcap_cnt":194,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":100,"pkts_toclient":90,"bytes_toserver":14940,"bytes_toclient":22474,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.157948+0200","flow_id":2169942931720074,"pcap_cnt":194,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48861,"rrname":"paeachka.pirate.sea","rrtype":"NULL","tx_id":189}}
{"timestamp":"2010-08-21T04:10:54.172896+0200","flow_id":2169942931720074,"pcap_cnt":195,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":48861,"flags":"8400","qr":true,"aa":true,"rrname":"paeachka.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachka.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.178532+0200","flow_id":2169942931720074,"pcap_cnt":196,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":101,"pkts_toclient":91,"bytes_toserver":15030,"bytes_toclient":22653,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.178532+0200","flow_id":2169942931720074,"pcap_cnt":196,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56588,"rrname":"paeichki.pirate.sea","rrtype":"NULL","tx_id":191}}
{"timestamp":"2010-08-21T04:10:54.191208+0200","flow_id":2169942931720074,"pcap_cnt":197,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":56588,"flags":"8400","qr":true,"aa":true,"rrname":"paeichki.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichki.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.198328+0200","flow_id":2169942931720074,"pcap_cnt":198,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":102,"pkts_toclient":92,"bytes_toserver":15120,"bytes_toclient":22832,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.198328+0200","flow_id":2169942931720074,"pcap_cnt":198,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64315,"rrname":"paeqchkq.pirate.sea","rrtype":"NULL","tx_id":193}}
{"timestamp":"2010-08-21T04:10:54.211838+0200","flow_id":2169942931720074,"pcap_cnt":199,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":64315,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchkq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchkq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.217950+0200","flow_id":2169942931720074,"pcap_cnt":200,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":103,"pkts_toclient":93,"bytes_toserver":15210,"bytes_toclient":23011,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.217950+0200","flow_id":2169942931720074,"pcap_cnt":200,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6506,"rrname":"paeychky.pirate.sea","rrtype":"NULL","tx_id":195}}
{"timestamp":"2010-08-21T04:10:54.233573+0200","flow_id":2169942931720074,"pcap_cnt":201,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":6506,"flags":"8400","qr":true,"aa":true,"rrname":"paeychky.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychky.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.239830+0200","flow_id":2169942931720074,"pcap_cnt":202,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":104,"pkts_toclient":94,"bytes_toserver":15300,"bytes_toclient":23190,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.239830+0200","flow_id":2169942931720074,"pcap_cnt":202,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14233,"rrname":"pafachla.pirate.sea","rrtype":"NULL","tx_id":197}}
{"timestamp":"2010-08-21T04:10:54.252781+0200","flow_id":2169942931720074,"pcap_cnt":203,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":14233,"flags":"8400","qr":true,"aa":true,"rrname":"pafachla.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachla.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.258334+0200","flow_id":2169942931720074,"pcap_cnt":204,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":105,"pkts_toclient":95,"bytes_toserver":15390,"bytes_toclient":23369,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.258334+0200","flow_id":2169942931720074,"pcap_cnt":204,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21960,"rrname":"pafichli.pirate.sea","rrtype":"NULL","tx_id":199}}
{"timestamp":"2010-08-21T04:10:54.270942+0200","flow_id":2169942931720074,"pcap_cnt":205,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":21960,"flags":"8400","qr":true,"aa":true,"rrname":"pafichli.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichli.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.277307+0200","flow_id":2169942931720074,"pcap_cnt":206,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":106,"pkts_toclient":96,"bytes_toserver":15480,"bytes_toclient":23548,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.277307+0200","flow_id":2169942931720074,"pcap_cnt":206,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29687,"rrname":"pafqchlq.pirate.sea","rrtype":"NULL","tx_id":201}}
{"timestamp":"2010-08-21T04:10:54.291985+0200","flow_id":2169942931720074,"pcap_cnt":207,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":29687,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchlq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchlq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.298101+0200","flow_id":2169942931720074,"pcap_cnt":208,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":107,"pkts_toclient":97,"bytes_toserver":15570,"bytes_toclient":23727,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.298101+0200","flow_id":2169942931720074,"pcap_cnt":208,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37414,"rrname":"pafychly.pirate.sea","rrtype":"NULL","tx_id":203}}
{"timestamp":"2010-08-21T04:10:54.313189+0200","flow_id":2169942931720074,"pcap_cnt":209,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":37414,"flags":"8400","qr":true,"aa":true,"rrname":"pafychly.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychly.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.319221+0200","flow_id":2169942931720074,"pcap_cnt":210,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":108,"pkts_toclient":98,"bytes_toserver":15660,"bytes_toclient":23906,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.319221+0200","flow_id":2169942931720074,"pcap_cnt":210,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45141,"rrname":"paeachma.pirate.sea","rrtype":"NULL","tx_id":205}}
{"timestamp":"2010-08-21T04:10:54.331914+0200","flow_id":2169942931720074,"pcap_cnt":211,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":45141,"flags":"8400","qr":true,"aa":true,"rrname":"paeachma.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachma.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.337637+0200","flow_id":2169942931720074,"pcap_cnt":212,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":109,"pkts_toclient":99,"bytes_toserver":15750,"bytes_toclient":24085,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.337637+0200","flow_id":2169942931720074,"pcap_cnt":212,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":52868,"rrname":"paeichmi.pirate.sea","rrtype":"NULL","tx_id":207}}
{"timestamp":"2010-08-21T04:10:54.351812+0200","flow_id":2169942931720074,"pcap_cnt":213,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":52868,"flags":"8400","qr":true,"aa":true,"rrname":"paeichmi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichmi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.358780+0200","flow_id":2169942931720074,"pcap_cnt":214,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":110,"pkts_toclient":100,"bytes_toserver":15840,"bytes_toclient":24264,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.358780+0200","flow_id":2169942931720074,"pcap_cnt":214,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60595,"rrname":"paeqchmq.pirate.sea","rrtype":"NULL","tx_id":209}}
{"timestamp":"2010-08-21T04:10:54.370690+0200","flow_id":2169942931720074,"pcap_cnt":215,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":60595,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchmq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchmq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.377421+0200","flow_id":2169942931720074,"pcap_cnt":216,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":111,"pkts_toclient":101,"bytes_toserver":15930,"bytes_toclient":24443,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.377421+0200","flow_id":2169942931720074,"pcap_cnt":216,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2786,"rrname":"paeychmy.pirate.sea","rrtype":"NULL","tx_id":211}}
{"timestamp":"2010-08-21T04:10:54.390969+0200","flow_id":2169942931720074,"pcap_cnt":217,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":2786,"flags":"8400","qr":true,"aa":true,"rrname":"paeychmy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychmy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.399096+0200","flow_id":2169942931720074,"pcap_cnt":218,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":112,"pkts_toclient":102,"bytes_toserver":16020,"bytes_toclient":24622,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.399096+0200","flow_id":2169942931720074,"pcap_cnt":218,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10513,"rrname":"pafachna.pirate.sea","rrtype":"NULL","tx_id":213}}
{"timestamp":"2010-08-21T04:10:54.411966+0200","flow_id":2169942931720074,"pcap_cnt":219,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":10513,"flags":"8400","qr":true,"aa":true,"rrname":"pafachna.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachna.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.417403+0200","flow_id":2169942931720074,"pcap_cnt":220,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":113,"pkts_toclient":103,"bytes_toserver":16110,"bytes_toclient":24801,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.417403+0200","flow_id":2169942931720074,"pcap_cnt":220,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18240,"rrname":"pafichni.pirate.sea","rrtype":"NULL","tx_id":215}}
{"timestamp":"2010-08-21T04:10:54.433160+0200","flow_id":2169942931720074,"pcap_cnt":221,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":18240,"flags":"8400","qr":true,"aa":true,"rrname":"pafichni.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichni.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.439093+0200","flow_id":2169942931720074,"pcap_cnt":222,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":114,"pkts_toclient":104,"bytes_toserver":16200,"bytes_toclient":24980,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.439093+0200","flow_id":2169942931720074,"pcap_cnt":222,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":25967,"rrname":"pafqchnq.pirate.sea","rrtype":"NULL","tx_id":217}}
{"timestamp":"2010-08-21T04:10:54.451886+0200","flow_id":2169942931720074,"pcap_cnt":223,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":25967,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchnq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchnq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.458588+0200","flow_id":2169942931720074,"pcap_cnt":224,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":115,"pkts_toclient":105,"bytes_toserver":16290,"bytes_toclient":25159,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.458588+0200","flow_id":2169942931720074,"pcap_cnt":224,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33694,"rrname":"pafychny.pirate.sea","rrtype":"NULL","tx_id":219}}
{"timestamp":"2010-08-21T04:10:54.473106+0200","flow_id":2169942931720074,"pcap_cnt":225,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":33694,"flags":"8400","qr":true,"aa":true,"rrname":"pafychny.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychny.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.479316+0200","flow_id":2169942931720074,"pcap_cnt":226,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":116,"pkts_toclient":106,"bytes_toserver":16380,"bytes_toclient":25338,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.479316+0200","flow_id":2169942931720074,"pcap_cnt":226,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41421,"rrname":"paeachoa.pirate.sea","rrtype":"NULL","tx_id":221}}
{"timestamp":"2010-08-21T04:10:54.492214+0200","flow_id":2169942931720074,"pcap_cnt":227,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":41421,"flags":"8400","qr":true,"aa":true,"rrname":"paeachoa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachoa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.498108+0200","flow_id":2169942931720074,"pcap_cnt":228,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":117,"pkts_toclient":107,"bytes_toserver":16470,"bytes_toclient":25517,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.498108+0200","flow_id":2169942931720074,"pcap_cnt":228,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49148,"rrname":"paeichoi.pirate.sea","rrtype":"NULL","tx_id":223}}
{"timestamp":"2010-08-21T04:10:54.511712+0200","flow_id":2169942931720074,"pcap_cnt":229,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":49148,"flags":"8400","qr":true,"aa":true,"rrname":"paeichoi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichoi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.517972+0200","flow_id":2169942931720074,"pcap_cnt":230,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":118,"pkts_toclient":108,"bytes_toserver":16560,"bytes_toclient":25696,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.517972+0200","flow_id":2169942931720074,"pcap_cnt":230,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56875,"rrname":"paeqchoq.pirate.sea","rrtype":"NULL","tx_id":225}}
{"timestamp":"2010-08-21T04:10:54.532676+0200","flow_id":2169942931720074,"pcap_cnt":231,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":56875,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchoq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchoq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.539071+0200","flow_id":2169942931720074,"pcap_cnt":232,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":119,"pkts_toclient":109,"bytes_toserver":16650,"bytes_toclient":25877,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.539071+0200","flow_id":2169942931720074,"pcap_cnt":232,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64602,"rrname":"paeychoy.pirate.sea","rrtype":"NULL","tx_id":227}}
{"timestamp":"2010-08-21T04:10:54.553821+0200","flow_id":2169942931720074,"pcap_cnt":233,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":64602,"flags":"8400","qr":true,"aa":true,"rrname":"paeychoy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychoy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.559167+0200","flow_id":2169942931720074,"pcap_cnt":234,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":120,"pkts_toclient":110,"bytes_toserver":16740,"bytes_toclient":26056,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.559167+0200","flow_id":2169942931720074,"pcap_cnt":234,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6793,"rrname":"pafachpa.pirate.sea","rrtype":"NULL","tx_id":229}}
{"timestamp":"2010-08-21T04:10:54.572581+0200","flow_id":2169942931720074,"pcap_cnt":235,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":6793,"flags":"8400","qr":true,"aa":true,"rrname":"pafachpa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachpa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.579272+0200","flow_id":2169942931720074,"pcap_cnt":236,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":121,"pkts_toclient":111,"bytes_toserver":16830,"bytes_toclient":26235,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.579272+0200","flow_id":2169942931720074,"pcap_cnt":236,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14520,"rrname":"pafichpi.pirate.sea","rrtype":"NULL","tx_id":231}}
{"timestamp":"2010-08-21T04:10:54.592248+0200","flow_id":2169942931720074,"pcap_cnt":237,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":14520,"flags":"8400","qr":true,"aa":true,"rrname":"pafichpi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichpi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.598486+0200","flow_id":2169942931720074,"pcap_cnt":238,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":122,"pkts_toclient":112,"bytes_toserver":16920,"bytes_toclient":26414,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.598486+0200","flow_id":2169942931720074,"pcap_cnt":238,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22247,"rrname":"pafqchpq.pirate.sea","rrtype":"NULL","tx_id":233}}
{"timestamp":"2010-08-21T04:10:54.612534+0200","flow_id":2169942931720074,"pcap_cnt":239,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":22247,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchpq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchpq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.618225+0200","flow_id":2169942931720074,"pcap_cnt":240,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":123,"pkts_toclient":113,"bytes_toserver":17010,"bytes_toclient":26593,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.618225+0200","flow_id":2169942931720074,"pcap_cnt":240,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29974,"rrname":"pafychpy.pirate.sea","rrtype":"NULL","tx_id":235}}
{"timestamp":"2010-08-21T04:10:54.632217+0200","flow_id":2169942931720074,"pcap_cnt":241,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":29974,"flags":"8400","qr":true,"aa":true,"rrname":"pafychpy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychpy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.638859+0200","flow_id":2169942931720074,"pcap_cnt":242,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":124,"pkts_toclient":114,"bytes_toserver":17100,"bytes_toclient":26772,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.638859+0200","flow_id":2169942931720074,"pcap_cnt":242,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37701,"rrname":"paeachqa.pirate.sea","rrtype":"NULL","tx_id":237}}
{"timestamp":"2010-08-21T04:10:54.652993+0200","flow_id":2169942931720074,"pcap_cnt":243,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":37701,"flags":"8400","qr":true,"aa":true,"rrname":"paeachqa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachqa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.658629+0200","flow_id":2169942931720074,"pcap_cnt":244,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":125,"pkts_toclient":115,"bytes_toserver":17190,"bytes_toclient":26953,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.658629+0200","flow_id":2169942931720074,"pcap_cnt":244,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45428,"rrname":"paeichqi.pirate.sea","rrtype":"NULL","tx_id":239}}
{"timestamp":"2010-08-21T04:10:54.673141+0200","flow_id":2169942931720074,"pcap_cnt":245,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":45428,"flags":"8400","qr":true,"aa":true,"rrname":"paeichqi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichqi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.679175+0200","flow_id":2169942931720074,"pcap_cnt":246,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":126,"pkts_toclient":116,"bytes_toserver":17280,"bytes_toclient":27132,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.679175+0200","flow_id":2169942931720074,"pcap_cnt":246,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53155,"rrname":"paeqchqq.pirate.sea","rrtype":"NULL","tx_id":241}}
{"timestamp":"2010-08-21T04:10:54.692292+0200","flow_id":2169942931720074,"pcap_cnt":247,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":53155,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchqq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchqq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.697629+0200","flow_id":2169942931720074,"pcap_cnt":248,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":127,"pkts_toclient":117,"bytes_toserver":17370,"bytes_toclient":27311,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.697629+0200","flow_id":2169942931720074,"pcap_cnt":248,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60882,"rrname":"paeychqy.pirate.sea","rrtype":"NULL","tx_id":243}}
{"timestamp":"2010-08-21T04:10:54.711401+0200","flow_id":2169942931720074,"pcap_cnt":249,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":60882,"flags":"8400","qr":true,"aa":true,"rrname":"paeychqy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychqy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.717523+0200","flow_id":2169942931720074,"pcap_cnt":250,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":128,"pkts_toclient":118,"bytes_toserver":17460,"bytes_toclient":27490,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.717523+0200","flow_id":2169942931720074,"pcap_cnt":250,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3073,"rrname":"pafachra.pirate.sea","rrtype":"NULL","tx_id":245}}
{"timestamp":"2010-08-21T04:10:54.732709+0200","flow_id":2169942931720074,"pcap_cnt":251,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":3073,"flags":"8400","qr":true,"aa":true,"rrname":"pafachra.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachra.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.737852+0200","flow_id":2169942931720074,"pcap_cnt":252,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":129,"pkts_toclient":119,"bytes_toserver":17550,"bytes_toclient":27669,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.737852+0200","flow_id":2169942931720074,"pcap_cnt":252,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10800,"rrname":"pafichri.pirate.sea","rrtype":"NULL","tx_id":247}}
{"timestamp":"2010-08-21T04:10:54.754303+0200","flow_id":2169942931720074,"pcap_cnt":253,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":10800,"flags":"8400","qr":true,"aa":true,"rrname":"pafichri.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichri.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.760371+0200","flow_id":2169942931720074,"pcap_cnt":254,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":130,"pkts_toclient":120,"bytes_toserver":17640,"bytes_toclient":27847,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.760371+0200","flow_id":2169942931720074,"pcap_cnt":254,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18527,"rrname":"pafqchrq.pirate.sea","rrtype":"NULL","tx_id":249}}
{"timestamp":"2010-08-21T04:10:54.773086+0200","flow_id":2169942931720074,"pcap_cnt":255,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":18527,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchrq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchrq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.778683+0200","flow_id":2169942931720074,"pcap_cnt":256,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":131,"pkts_toclient":121,"bytes_toserver":17730,"bytes_toclient":28026,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.778683+0200","flow_id":2169942931720074,"pcap_cnt":256,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26254,"rrname":"pafychry.pirate.sea","rrtype":"NULL","tx_id":251}}
{"timestamp":"2010-08-21T04:10:54.792246+0200","flow_id":2169942931720074,"pcap_cnt":257,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":26254,"flags":"8400","qr":true,"aa":true,"rrname":"pafychry.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychry.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.797980+0200","flow_id":2169942931720074,"pcap_cnt":258,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":132,"pkts_toclient":122,"bytes_toserver":17820,"bytes_toclient":28205,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.797980+0200","flow_id":2169942931720074,"pcap_cnt":258,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33981,"rrname":"paeachsa.pirate.sea","rrtype":"NULL","tx_id":253}}
{"timestamp":"2010-08-21T04:10:54.812448+0200","flow_id":2169942931720074,"pcap_cnt":259,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":33981,"flags":"8400","qr":true,"aa":true,"rrname":"paeachsa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachsa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.819408+0200","flow_id":2169942931720074,"pcap_cnt":260,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":133,"pkts_toclient":123,"bytes_toserver":17910,"bytes_toclient":28384,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.819408+0200","flow_id":2169942931720074,"pcap_cnt":260,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41708,"rrname":"paeichsi.pirate.sea","rrtype":"NULL","tx_id":255}}
{"timestamp":"2010-08-21T04:10:54.831043+0200","flow_id":2169942931720074,"pcap_cnt":261,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":41708,"flags":"8400","qr":true,"aa":true,"rrname":"paeichsi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichsi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.836505+0200","flow_id":2169942931720074,"pcap_cnt":262,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":134,"pkts_toclient":124,"bytes_toserver":18000,"bytes_toclient":28562,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.836505+0200","flow_id":2169942931720074,"pcap_cnt":262,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49435,"rrname":"paeqchsq.pirate.sea","rrtype":"NULL","tx_id":257}}
{"timestamp":"2010-08-21T04:10:54.851839+0200","flow_id":2169942931720074,"pcap_cnt":263,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":49435,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchsq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchsq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.857804+0200","flow_id":2169942931720074,"pcap_cnt":264,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":135,"pkts_toclient":125,"bytes_toserver":18090,"bytes_toclient":28741,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.857804+0200","flow_id":2169942931720074,"pcap_cnt":264,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57162,"rrname":"paeychsy.pirate.sea","rrtype":"NULL","tx_id":259}}
{"timestamp":"2010-08-21T04:10:54.872421+0200","flow_id":2169942931720074,"pcap_cnt":265,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":57162,"flags":"8400","qr":true,"aa":true,"rrname":"paeychsy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychsy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.878127+0200","flow_id":2169942931720074,"pcap_cnt":266,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":136,"pkts_toclient":126,"bytes_toserver":18180,"bytes_toclient":28920,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.878127+0200","flow_id":2169942931720074,"pcap_cnt":266,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64889,"rrname":"pafachta.pirate.sea","rrtype":"NULL","tx_id":261}}
{"timestamp":"2010-08-21T04:10:54.892311+0200","flow_id":2169942931720074,"pcap_cnt":267,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":64889,"flags":"8400","qr":true,"aa":true,"rrname":"pafachta.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachta.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.898831+0200","flow_id":2169942931720074,"pcap_cnt":268,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":137,"pkts_toclient":127,"bytes_toserver":18270,"bytes_toclient":29099,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.898831+0200","flow_id":2169942931720074,"pcap_cnt":268,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7080,"rrname":"pafichti.pirate.sea","rrtype":"NULL","tx_id":263}}
{"timestamp":"2010-08-21T04:10:54.912374+0200","flow_id":2169942931720074,"pcap_cnt":269,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":7080,"flags":"8400","qr":true,"aa":true,"rrname":"pafichti.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichti.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.918044+0200","flow_id":2169942931720074,"pcap_cnt":270,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":138,"pkts_toclient":128,"bytes_toserver":18360,"bytes_toclient":29278,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.918044+0200","flow_id":2169942931720074,"pcap_cnt":270,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14807,"rrname":"pafqchtq.pirate.sea","rrtype":"NULL","tx_id":265}}
{"timestamp":"2010-08-21T04:10:54.931589+0200","flow_id":2169942931720074,"pcap_cnt":271,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":14807,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchtq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchtq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.936982+0200","flow_id":2169942931720074,"pcap_cnt":272,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":139,"pkts_toclient":129,"bytes_toserver":18450,"bytes_toclient":29457,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.936982+0200","flow_id":2169942931720074,"pcap_cnt":272,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22534,"rrname":"pafychty.pirate.sea","rrtype":"NULL","tx_id":267}}
{"timestamp":"2010-08-21T04:10:54.952089+0200","flow_id":2169942931720074,"pcap_cnt":273,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":22534,"flags":"8400","qr":true,"aa":true,"rrname":"pafychty.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychty.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.957451+0200","flow_id":2169942931720074,"pcap_cnt":274,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":140,"pkts_toclient":130,"bytes_toserver":18540,"bytes_toclient":29635,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.957451+0200","flow_id":2169942931720074,"pcap_cnt":274,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30261,"rrname":"paeachua.pirate.sea","rrtype":"NULL","tx_id":269}}
{"timestamp":"2010-08-21T04:10:54.972817+0200","flow_id":2169942931720074,"pcap_cnt":275,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":30261,"flags":"8400","qr":true,"aa":true,"rrname":"paeachua.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachua.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.978116+0200","flow_id":2169942931720074,"pcap_cnt":276,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":141,"pkts_toclient":131,"bytes_toserver":18630,"bytes_toclient":29814,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.978116+0200","flow_id":2169942931720074,"pcap_cnt":276,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37988,"rrname":"paeichui.pirate.sea","rrtype":"NULL","tx_id":271}}
{"timestamp":"2010-08-21T04:10:54.992510+0200","flow_id":2169942931720074,"pcap_cnt":277,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":37988,"flags":"8400","qr":true,"aa":true,"rrname":"paeichui.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichui.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:54.998231+0200","flow_id":2169942931720074,"pcap_cnt":278,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":142,"pkts_toclient":132,"bytes_toserver":18720,"bytes_toclient":29992,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:54.998231+0200","flow_id":2169942931720074,"pcap_cnt":278,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45715,"rrname":"paeqchuq.pirate.sea","rrtype":"NULL","tx_id":273}}
{"timestamp":"2010-08-21T04:10:55.013082+0200","flow_id":2169942931720074,"pcap_cnt":279,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":45715,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchuq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchuq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.019322+0200","flow_id":2169942931720074,"pcap_cnt":280,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":143,"pkts_toclient":133,"bytes_toserver":18810,"bytes_toclient":30171,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.019322+0200","flow_id":2169942931720074,"pcap_cnt":280,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53442,"rrname":"paeychuy.pirate.sea","rrtype":"NULL","tx_id":275}}
{"timestamp":"2010-08-21T04:10:55.031088+0200","flow_id":2169942931720074,"pcap_cnt":281,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":53442,"flags":"8400","qr":true,"aa":true,"rrname":"paeychuy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychuy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.039958+0200","flow_id":2169942931720074,"pcap_cnt":282,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":144,"pkts_toclient":134,"bytes_toserver":18900,"bytes_toclient":30350,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.039958+0200","flow_id":2169942931720074,"pcap_cnt":282,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":61169,"rrname":"pafachva.pirate.sea","rrtype":"NULL","tx_id":277}}
{"timestamp":"2010-08-21T04:10:55.052135+0200","flow_id":2169942931720074,"pcap_cnt":283,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":61169,"flags":"8400","qr":true,"aa":true,"rrname":"pafachva.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachva.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.057424+0200","flow_id":2169942931720074,"pcap_cnt":284,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":145,"pkts_toclient":135,"bytes_toserver":18990,"bytes_toclient":30529,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.057424+0200","flow_id":2169942931720074,"pcap_cnt":284,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3360,"rrname":"pafichvi.pirate.sea","rrtype":"NULL","tx_id":279}}
{"timestamp":"2010-08-21T04:10:55.074007+0200","flow_id":2169942931720074,"pcap_cnt":285,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":3360,"flags":"8400","qr":true,"aa":true,"rrname":"pafichvi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichvi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.081290+0200","flow_id":2169942931720074,"pcap_cnt":286,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":146,"pkts_toclient":136,"bytes_toserver":19080,"bytes_toclient":30708,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.081290+0200","flow_id":2169942931720074,"pcap_cnt":286,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11087,"rrname":"pafqchvq.pirate.sea","rrtype":"NULL","tx_id":281}}
{"timestamp":"2010-08-21T04:10:55.092487+0200","flow_id":2169942931720074,"pcap_cnt":287,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":11087,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchvq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchvq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.098618+0200","flow_id":2169942931720074,"pcap_cnt":288,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":147,"pkts_toclient":137,"bytes_toserver":19170,"bytes_toclient":30887,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.098618+0200","flow_id":2169942931720074,"pcap_cnt":288,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18814,"rrname":"pafychvy.pirate.sea","rrtype":"NULL","tx_id":283}}
{"timestamp":"2010-08-21T04:10:55.112694+0200","flow_id":2169942931720074,"pcap_cnt":289,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":18814,"flags":"8400","qr":true,"aa":true,"rrname":"pafychvy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychvy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.119336+0200","flow_id":2169942931720074,"pcap_cnt":290,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":148,"pkts_toclient":138,"bytes_toserver":19260,"bytes_toclient":31066,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.119336+0200","flow_id":2169942931720074,"pcap_cnt":290,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26541,"rrname":"paeachwa.pirate.sea","rrtype":"NULL","tx_id":285}}
{"timestamp":"2010-08-21T04:10:55.131850+0200","flow_id":2169942931720074,"pcap_cnt":291,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":26541,"flags":"8400","qr":true,"aa":true,"rrname":"paeachwa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachwa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.138536+0200","flow_id":2169942931720074,"pcap_cnt":292,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":149,"pkts_toclient":139,"bytes_toserver":19350,"bytes_toclient":31244,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.138536+0200","flow_id":2169942931720074,"pcap_cnt":292,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":34268,"rrname":"paeichwi.pirate.sea","rrtype":"NULL","tx_id":287}}
{"timestamp":"2010-08-21T04:10:55.152580+0200","flow_id":2169942931720074,"pcap_cnt":293,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":34268,"flags":"8400","qr":true,"aa":true,"rrname":"paeichwi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichwi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.158273+0200","flow_id":2169942931720074,"pcap_cnt":294,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":150,"pkts_toclient":140,"bytes_toserver":19440,"bytes_toclient":31423,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.158273+0200","flow_id":2169942931720074,"pcap_cnt":294,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41995,"rrname":"paeqchwq.pirate.sea","rrtype":"NULL","tx_id":289}}
{"timestamp":"2010-08-21T04:10:55.172183+0200","flow_id":2169942931720074,"pcap_cnt":295,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":41995,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchwq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchwq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.178897+0200","flow_id":2169942931720074,"pcap_cnt":296,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":151,"pkts_toclient":141,"bytes_toserver":19530,"bytes_toclient":31602,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.178897+0200","flow_id":2169942931720074,"pcap_cnt":296,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49722,"rrname":"paeychwy.pirate.sea","rrtype":"NULL","tx_id":291}}
{"timestamp":"2010-08-21T04:10:55.192018+0200","flow_id":2169942931720074,"pcap_cnt":297,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":49722,"flags":"8400","qr":true,"aa":true,"rrname":"paeychwy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychwy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.197610+0200","flow_id":2169942931720074,"pcap_cnt":298,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":152,"pkts_toclient":142,"bytes_toserver":19620,"bytes_toclient":31781,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.197610+0200","flow_id":2169942931720074,"pcap_cnt":298,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57449,"rrname":"pafachxa.pirate.sea","rrtype":"NULL","tx_id":293}}
{"timestamp":"2010-08-21T04:10:55.212156+0200","flow_id":2169942931720074,"pcap_cnt":299,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":57449,"flags":"8400","qr":true,"aa":true,"rrname":"pafachxa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachxa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.217835+0200","flow_id":2169942931720074,"pcap_cnt":300,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":153,"pkts_toclient":143,"bytes_toserver":19710,"bytes_toclient":31960,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.217835+0200","flow_id":2169942931720074,"pcap_cnt":300,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":65176,"rrname":"pafichxi.pirate.sea","rrtype":"NULL","tx_id":295}}
{"timestamp":"2010-08-21T04:10:55.232348+0200","flow_id":2169942931720074,"pcap_cnt":301,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":65176,"flags":"8400","qr":true,"aa":true,"rrname":"pafichxi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichxi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.238627+0200","flow_id":2169942931720074,"pcap_cnt":302,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":154,"pkts_toclient":144,"bytes_toserver":19800,"bytes_toclient":32139,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.238627+0200","flow_id":2169942931720074,"pcap_cnt":302,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7367,"rrname":"pafqchxq.pirate.sea","rrtype":"NULL","tx_id":297}}
{"timestamp":"2010-08-21T04:10:55.253385+0200","flow_id":2169942931720074,"pcap_cnt":303,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":7367,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchxq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchxq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.258613+0200","flow_id":2169942931720074,"pcap_cnt":304,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":155,"pkts_toclient":145,"bytes_toserver":19890,"bytes_toclient":32317,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.258613+0200","flow_id":2169942931720074,"pcap_cnt":304,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15094,"rrname":"pafychxy.pirate.sea","rrtype":"NULL","tx_id":299}}
{"timestamp":"2010-08-21T04:10:55.272671+0200","flow_id":2169942931720074,"pcap_cnt":305,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":15094,"flags":"8400","qr":true,"aa":true,"rrname":"pafychxy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychxy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.278743+0200","flow_id":2169942931720074,"pcap_cnt":306,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":156,"pkts_toclient":146,"bytes_toserver":19980,"bytes_toclient":32496,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.278743+0200","flow_id":2169942931720074,"pcap_cnt":306,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22821,"rrname":"paeachya.pirate.sea","rrtype":"NULL","tx_id":301}}
{"timestamp":"2010-08-21T04:10:55.292290+0200","flow_id":2169942931720074,"pcap_cnt":307,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":22821,"flags":"8400","qr":true,"aa":true,"rrname":"paeachya.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeachya.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.297979+0200","flow_id":2169942931720074,"pcap_cnt":308,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":157,"pkts_toclient":147,"bytes_toserver":20070,"bytes_toclient":32675,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.297979+0200","flow_id":2169942931720074,"pcap_cnt":308,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30548,"rrname":"paeichyi.pirate.sea","rrtype":"NULL","tx_id":303}}
{"timestamp":"2010-08-21T04:10:55.312184+0200","flow_id":2169942931720074,"pcap_cnt":309,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":30548,"flags":"8400","qr":true,"aa":true,"rrname":"paeichyi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeichyi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.317538+0200","flow_id":2169942931720074,"pcap_cnt":310,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":158,"pkts_toclient":148,"bytes_toserver":20160,"bytes_toclient":32854,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.317538+0200","flow_id":2169942931720074,"pcap_cnt":310,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38275,"rrname":"paeqchyq.pirate.sea","rrtype":"NULL","tx_id":305}}
{"timestamp":"2010-08-21T04:10:55.332240+0200","flow_id":2169942931720074,"pcap_cnt":311,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":38275,"flags":"8400","qr":true,"aa":true,"rrname":"paeqchyq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqchyq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.337899+0200","flow_id":2169942931720074,"pcap_cnt":312,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":159,"pkts_toclient":149,"bytes_toserver":20250,"bytes_toclient":33033,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.337899+0200","flow_id":2169942931720074,"pcap_cnt":312,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46002,"rrname":"paeychyy.pirate.sea","rrtype":"NULL","tx_id":307}}
{"timestamp":"2010-08-21T04:10:55.352433+0200","flow_id":2169942931720074,"pcap_cnt":313,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":46002,"flags":"8400","qr":true,"aa":true,"rrname":"paeychyy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeychyy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.357928+0200","flow_id":2169942931720074,"pcap_cnt":314,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":160,"pkts_toclient":150,"bytes_toserver":20340,"bytes_toclient":33212,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.357928+0200","flow_id":2169942931720074,"pcap_cnt":314,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53729,"rrname":"pafachza.pirate.sea","rrtype":"NULL","tx_id":309}}
{"timestamp":"2010-08-21T04:10:55.372531+0200","flow_id":2169942931720074,"pcap_cnt":315,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":53729,"flags":"8400","qr":true,"aa":true,"rrname":"pafachza.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafachza.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.378670+0200","flow_id":2169942931720074,"pcap_cnt":316,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":161,"pkts_toclient":151,"bytes_toserver":20430,"bytes_toclient":33391,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.378670+0200","flow_id":2169942931720074,"pcap_cnt":316,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":61456,"rrname":"pafichzi.pirate.sea","rrtype":"NULL","tx_id":311}}
{"timestamp":"2010-08-21T04:10:55.393652+0200","flow_id":2169942931720074,"pcap_cnt":317,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":61456,"flags":"8400","qr":true,"aa":true,"rrname":"pafichzi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafichzi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.399378+0200","flow_id":2169942931720074,"pcap_cnt":318,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":162,"pkts_toclient":152,"bytes_toserver":20520,"bytes_toclient":33570,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.399378+0200","flow_id":2169942931720074,"pcap_cnt":318,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3647,"rrname":"pafqchzq.pirate.sea","rrtype":"NULL","tx_id":313}}
{"timestamp":"2010-08-21T04:10:55.412440+0200","flow_id":2169942931720074,"pcap_cnt":319,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":3647,"flags":"8400","qr":true,"aa":true,"rrname":"pafqchzq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqchzq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.419151+0200","flow_id":2169942931720074,"pcap_cnt":320,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":163,"pkts_toclient":153,"bytes_toserver":20610,"bytes_toclient":33749,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.419151+0200","flow_id":2169942931720074,"pcap_cnt":320,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11374,"rrname":"pafychzy.pirate.sea","rrtype":"NULL","tx_id":315}}
{"timestamp":"2010-08-21T04:10:55.433094+0200","flow_id":2169942931720074,"pcap_cnt":321,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":11374,"flags":"8400","qr":true,"aa":true,"rrname":"pafychzy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafychzy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.439945+0200","flow_id":2169942931720074,"pcap_cnt":322,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":164,"pkts_toclient":154,"bytes_toserver":20700,"bytes_toclient":33928,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.439945+0200","flow_id":2169942931720074,"pcap_cnt":322,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19101,"rrname":"paeach0a.pirate.sea","rrtype":"NULL","tx_id":317}}
{"timestamp":"2010-08-21T04:10:55.453383+0200","flow_id":2169942931720074,"pcap_cnt":323,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":19101,"flags":"8400","qr":true,"aa":true,"rrname":"paeach0a.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeach0a.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.458821+0200","flow_id":2169942931720074,"pcap_cnt":324,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":165,"pkts_toclient":155,"bytes_toserver":20790,"bytes_toclient":34107,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.458821+0200","flow_id":2169942931720074,"pcap_cnt":324,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26828,"rrname":"paeich0i.pirate.sea","rrtype":"NULL","tx_id":319}}
{"timestamp":"2010-08-21T04:10:55.471629+0200","flow_id":2169942931720074,"pcap_cnt":325,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":26828,"flags":"8400","qr":true,"aa":true,"rrname":"paeich0i.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeich0i.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.478309+0200","flow_id":2169942931720074,"pcap_cnt":326,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":166,"pkts_toclient":156,"bytes_toserver":20880,"bytes_toclient":34286,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.478309+0200","flow_id":2169942931720074,"pcap_cnt":326,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":34555,"rrname":"paeqch0q.pirate.sea","rrtype":"NULL","tx_id":321}}
{"timestamp":"2010-08-21T04:10:55.491631+0200","flow_id":2169942931720074,"pcap_cnt":327,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":34555,"flags":"8400","qr":true,"aa":true,"rrname":"paeqch0q.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqch0q.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.497039+0200","flow_id":2169942931720074,"pcap_cnt":328,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":167,"pkts_toclient":157,"bytes_toserver":20970,"bytes_toclient":34465,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.497039+0200","flow_id":2169942931720074,"pcap_cnt":328,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42282,"rrname":"paeych0y.pirate.sea","rrtype":"NULL","tx_id":323}}
{"timestamp":"2010-08-21T04:10:55.512852+0200","flow_id":2169942931720074,"pcap_cnt":329,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":42282,"flags":"8400","qr":true,"aa":true,"rrname":"paeych0y.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeych0y.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.520053+0200","flow_id":2169942931720074,"pcap_cnt":330,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":168,"pkts_toclient":158,"bytes_toserver":21060,"bytes_toclient":34644,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.520053+0200","flow_id":2169942931720074,"pcap_cnt":330,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50009,"rrname":"pafach1a.pirate.sea","rrtype":"NULL","tx_id":325}}
{"timestamp":"2010-08-21T04:10:55.532531+0200","flow_id":2169942931720074,"pcap_cnt":331,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":50009,"flags":"8400","qr":true,"aa":true,"rrname":"pafach1a.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafach1a.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.538234+0200","flow_id":2169942931720074,"pcap_cnt":332,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":169,"pkts_toclient":159,"bytes_toserver":21150,"bytes_toclient":34823,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.538234+0200","flow_id":2169942931720074,"pcap_cnt":332,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57736,"rrname":"pafich1i.pirate.sea","rrtype":"NULL","tx_id":327}}
{"timestamp":"2010-08-21T04:10:55.552183+0200","flow_id":2169942931720074,"pcap_cnt":333,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":57736,"flags":"8400","qr":true,"aa":true,"rrname":"pafich1i.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafich1i.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.558192+0200","flow_id":2169942931720074,"pcap_cnt":334,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":170,"pkts_toclient":160,"bytes_toserver":21240,"bytes_toclient":35002,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.558192+0200","flow_id":2169942931720074,"pcap_cnt":334,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":65463,"rrname":"pafqch1q.pirate.sea","rrtype":"NULL","tx_id":329}}
{"timestamp":"2010-08-21T04:10:55.572505+0200","flow_id":2169942931720074,"pcap_cnt":335,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":65463,"flags":"8400","qr":true,"aa":true,"rrname":"pafqch1q.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqch1q.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.578239+0200","flow_id":2169942931720074,"pcap_cnt":336,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":171,"pkts_toclient":161,"bytes_toserver":21330,"bytes_toclient":35181,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.578239+0200","flow_id":2169942931720074,"pcap_cnt":336,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7654,"rrname":"pafych1y.pirate.sea","rrtype":"NULL","tx_id":331}}
{"timestamp":"2010-08-21T04:10:55.593140+0200","flow_id":2169942931720074,"pcap_cnt":337,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":7654,"flags":"8400","qr":true,"aa":true,"rrname":"pafych1y.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafych1y.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.598805+0200","flow_id":2169942931720074,"pcap_cnt":338,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":172,"pkts_toclient":162,"bytes_toserver":21420,"bytes_toclient":35360,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.598805+0200","flow_id":2169942931720074,"pcap_cnt":338,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15381,"rrname":"paeach2a.pirate.sea","rrtype":"NULL","tx_id":333}}
{"timestamp":"2010-08-21T04:10:55.612004+0200","flow_id":2169942931720074,"pcap_cnt":339,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":15381,"flags":"8400","qr":true,"aa":true,"rrname":"paeach2a.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeach2a.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.618566+0200","flow_id":2169942931720074,"pcap_cnt":340,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":173,"pkts_toclient":163,"bytes_toserver":21510,"bytes_toclient":35539,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.618566+0200","flow_id":2169942931720074,"pcap_cnt":340,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23108,"rrname":"paeich2i.pirate.sea","rrtype":"NULL","tx_id":335}}
{"timestamp":"2010-08-21T04:10:55.632242+0200","flow_id":2169942931720074,"pcap_cnt":341,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":23108,"flags":"8400","qr":true,"aa":true,"rrname":"paeich2i.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeich2i.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.639250+0200","flow_id":2169942931720074,"pcap_cnt":342,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":174,"pkts_toclient":164,"bytes_toserver":21600,"bytes_toclient":35718,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.639250+0200","flow_id":2169942931720074,"pcap_cnt":342,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30835,"rrname":"paeqch2q.pirate.sea","rrtype":"NULL","tx_id":337}}
{"timestamp":"2010-08-21T04:10:55.652678+0200","flow_id":2169942931720074,"pcap_cnt":343,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":30835,"flags":"8400","qr":true,"aa":true,"rrname":"paeqch2q.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqch2q.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.658455+0200","flow_id":2169942931720074,"pcap_cnt":344,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":175,"pkts_toclient":165,"bytes_toserver":21690,"bytes_toclient":35897,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.658455+0200","flow_id":2169942931720074,"pcap_cnt":344,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38562,"rrname":"paeych2y.pirate.sea","rrtype":"NULL","tx_id":339}}
{"timestamp":"2010-08-21T04:10:55.672461+0200","flow_id":2169942931720074,"pcap_cnt":345,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":38562,"flags":"8400","qr":true,"aa":true,"rrname":"paeych2y.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeych2y.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.679360+0200","flow_id":2169942931720074,"pcap_cnt":346,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":176,"pkts_toclient":166,"bytes_toserver":21780,"bytes_toclient":36076,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.679360+0200","flow_id":2169942931720074,"pcap_cnt":346,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46289,"rrname":"pafach3a.pirate.sea","rrtype":"NULL","tx_id":341}}
{"timestamp":"2010-08-21T04:10:55.692317+0200","flow_id":2169942931720074,"pcap_cnt":347,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":46289,"flags":"8400","qr":true,"aa":true,"rrname":"pafach3a.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafach3a.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.697977+0200","flow_id":2169942931720074,"pcap_cnt":348,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":177,"pkts_toclient":167,"bytes_toserver":21870,"bytes_toclient":36255,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.697977+0200","flow_id":2169942931720074,"pcap_cnt":348,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54016,"rrname":"pafich3i.pirate.sea","rrtype":"NULL","tx_id":343}}
{"timestamp":"2010-08-21T04:10:55.712929+0200","flow_id":2169942931720074,"pcap_cnt":349,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":54016,"flags":"8400","qr":true,"aa":true,"rrname":"pafich3i.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafich3i.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.718626+0200","flow_id":2169942931720074,"pcap_cnt":350,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":178,"pkts_toclient":168,"bytes_toserver":21960,"bytes_toclient":36434,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.718626+0200","flow_id":2169942931720074,"pcap_cnt":350,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":61743,"rrname":"pafqch3q.pirate.sea","rrtype":"NULL","tx_id":345}}
{"timestamp":"2010-08-21T04:10:55.731806+0200","flow_id":2169942931720074,"pcap_cnt":351,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":61743,"flags":"8400","qr":true,"aa":true,"rrname":"pafqch3q.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqch3q.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.737394+0200","flow_id":2169942931720074,"pcap_cnt":352,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":179,"pkts_toclient":169,"bytes_toserver":22050,"bytes_toclient":36613,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.737394+0200","flow_id":2169942931720074,"pcap_cnt":352,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3934,"rrname":"pafych3y.pirate.sea","rrtype":"NULL","tx_id":347}}
{"timestamp":"2010-08-21T04:10:55.751853+0200","flow_id":2169942931720074,"pcap_cnt":353,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":3934,"flags":"8400","qr":true,"aa":true,"rrname":"pafych3y.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafych3y.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.759599+0200","flow_id":2169942931720074,"pcap_cnt":354,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":180,"pkts_toclient":170,"bytes_toserver":22140,"bytes_toclient":36792,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.759599+0200","flow_id":2169942931720074,"pcap_cnt":354,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11661,"rrname":"paeach4a.pirate.sea","rrtype":"NULL","tx_id":349}}
{"timestamp":"2010-08-21T04:10:55.772051+0200","flow_id":2169942931720074,"pcap_cnt":355,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":11661,"flags":"8400","qr":true,"aa":true,"rrname":"paeach4a.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeach4a.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.778340+0200","flow_id":2169942931720074,"pcap_cnt":356,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":181,"pkts_toclient":171,"bytes_toserver":22230,"bytes_toclient":36973,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.778340+0200","flow_id":2169942931720074,"pcap_cnt":356,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19388,"rrname":"paeich4i.pirate.sea","rrtype":"NULL","tx_id":351}}
{"timestamp":"2010-08-21T04:10:55.792077+0200","flow_id":2169942931720074,"pcap_cnt":357,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":19388,"flags":"8400","qr":true,"aa":true,"rrname":"paeich4i.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeich4i.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.797490+0200","flow_id":2169942931720074,"pcap_cnt":358,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":182,"pkts_toclient":172,"bytes_toserver":22320,"bytes_toclient":37152,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.797490+0200","flow_id":2169942931720074,"pcap_cnt":358,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27115,"rrname":"paeqch4q.pirate.sea","rrtype":"NULL","tx_id":353}}
{"timestamp":"2010-08-21T04:10:55.812335+0200","flow_id":2169942931720074,"pcap_cnt":359,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":27115,"flags":"8400","qr":true,"aa":true,"rrname":"paeqch4q.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqch4q.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.819551+0200","flow_id":2169942931720074,"pcap_cnt":360,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":183,"pkts_toclient":173,"bytes_toserver":22410,"bytes_toclient":37331,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.819551+0200","flow_id":2169942931720074,"pcap_cnt":360,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":34842,"rrname":"paeych4y.pirate.sea","rrtype":"NULL","tx_id":355}}
{"timestamp":"2010-08-21T04:10:55.832019+0200","flow_id":2169942931720074,"pcap_cnt":361,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":34842,"flags":"8400","qr":true,"aa":true,"rrname":"paeych4y.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeych4y.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.837744+0200","flow_id":2169942931720074,"pcap_cnt":362,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":184,"pkts_toclient":174,"bytes_toserver":22500,"bytes_toclient":37510,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.837744+0200","flow_id":2169942931720074,"pcap_cnt":362,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42569,"rrname":"pafach5a.pirate.sea","rrtype":"NULL","tx_id":357}}
{"timestamp":"2010-08-21T04:10:55.852872+0200","flow_id":2169942931720074,"pcap_cnt":363,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":42569,"flags":"8400","qr":true,"aa":true,"rrname":"pafach5a.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafach5a.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.860083+0200","flow_id":2169942931720074,"pcap_cnt":364,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":185,"pkts_toclient":175,"bytes_toserver":22590,"bytes_toclient":37691,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.860083+0200","flow_id":2169942931720074,"pcap_cnt":364,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50296,"rrname":"pafich5i.pirate.sea","rrtype":"NULL","tx_id":359}}
{"timestamp":"2010-08-21T04:10:55.871730+0200","flow_id":2169942931720074,"pcap_cnt":365,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":50296,"flags":"8400","qr":true,"aa":true,"rrname":"pafich5i.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafich5i.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.877841+0200","flow_id":2169942931720074,"pcap_cnt":366,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":186,"pkts_toclient":176,"bytes_toserver":22680,"bytes_toclient":37870,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.877841+0200","flow_id":2169942931720074,"pcap_cnt":366,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58023,"rrname":"pafqch5q.pirate.sea","rrtype":"NULL","tx_id":361}}
{"timestamp":"2010-08-21T04:10:55.892850+0200","flow_id":2169942931720074,"pcap_cnt":367,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":58023,"flags":"8400","qr":true,"aa":true,"rrname":"pafqch5q.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqch5q.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.898545+0200","flow_id":2169942931720074,"pcap_cnt":368,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":187,"pkts_toclient":177,"bytes_toserver":22770,"bytes_toclient":38049,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.898545+0200","flow_id":2169942931720074,"pcap_cnt":368,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":214,"rrname":"pafych5y.pirate.sea","rrtype":"NULL","tx_id":363}}
{"timestamp":"2010-08-21T04:10:55.911961+0200","flow_id":2169942931720074,"pcap_cnt":369,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":214,"flags":"8400","qr":true,"aa":true,"rrname":"pafych5y.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafych5y.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.917410+0200","flow_id":2169942931720074,"pcap_cnt":370,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":188,"pkts_toclient":178,"bytes_toserver":22860,"bytes_toclient":38228,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.917410+0200","flow_id":2169942931720074,"pcap_cnt":370,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7941,"rrname":"paeaciaa.pirate.sea","rrtype":"NULL","tx_id":365}}
{"timestamp":"2010-08-21T04:10:55.931247+0200","flow_id":2169942931720074,"pcap_cnt":371,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":7941,"flags":"8400","qr":true,"aa":true,"rrname":"paeaciaa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeaciaa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.937051+0200","flow_id":2169942931720074,"pcap_cnt":372,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":189,"pkts_toclient":179,"bytes_toserver":22950,"bytes_toclient":38407,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.937051+0200","flow_id":2169942931720074,"pcap_cnt":372,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15668,"rrname":"paeiciai.pirate.sea","rrtype":"NULL","tx_id":367}}
{"timestamp":"2010-08-21T04:10:55.952916+0200","flow_id":2169942931720074,"pcap_cnt":373,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":15668,"flags":"8400","qr":true,"aa":true,"rrname":"paeiciai.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeiciai.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.958342+0200","flow_id":2169942931720074,"pcap_cnt":374,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":190,"pkts_toclient":180,"bytes_toserver":23040,"bytes_toclient":38586,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.958342+0200","flow_id":2169942931720074,"pcap_cnt":374,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23395,"rrname":"paeqciaq.pirate.sea","rrtype":"NULL","tx_id":369}}
{"timestamp":"2010-08-21T04:10:55.972391+0200","flow_id":2169942931720074,"pcap_cnt":375,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":23395,"flags":"8400","qr":true,"aa":true,"rrname":"paeqciaq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqciaq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:55.977721+0200","flow_id":2169942931720074,"pcap_cnt":376,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":191,"pkts_toclient":181,"bytes_toserver":23130,"bytes_toclient":38765,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:55.977721+0200","flow_id":2169942931720074,"pcap_cnt":376,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31122,"rrname":"paeyciay.pirate.sea","rrtype":"NULL","tx_id":371}}
{"timestamp":"2010-08-21T04:10:55.992029+0200","flow_id":2169942931720074,"pcap_cnt":377,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":31122,"flags":"8400","qr":true,"aa":true,"rrname":"paeyciay.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeyciay.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.000148+0200","flow_id":2169942931720074,"pcap_cnt":378,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":192,"pkts_toclient":182,"bytes_toserver":23220,"bytes_toclient":38944,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.000148+0200","flow_id":2169942931720074,"pcap_cnt":378,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38849,"rrname":"pafaciba.pirate.sea","rrtype":"NULL","tx_id":373}}
{"timestamp":"2010-08-21T04:10:56.011364+0200","flow_id":2169942931720074,"pcap_cnt":379,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":38849,"flags":"8400","qr":true,"aa":true,"rrname":"pafaciba.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafaciba.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.016485+0200","flow_id":2169942931720074,"pcap_cnt":380,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":193,"pkts_toclient":183,"bytes_toserver":23310,"bytes_toclient":39125,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.016485+0200","flow_id":2169942931720074,"pcap_cnt":380,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46576,"rrname":"paficibi.pirate.sea","rrtype":"NULL","tx_id":375}}
{"timestamp":"2010-08-21T04:10:56.031631+0200","flow_id":2169942931720074,"pcap_cnt":381,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":46576,"flags":"8400","qr":true,"aa":true,"rrname":"paficibi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paficibi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.039780+0200","flow_id":2169942931720074,"pcap_cnt":382,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":194,"pkts_toclient":184,"bytes_toserver":23400,"bytes_toclient":39304,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.039780+0200","flow_id":2169942931720074,"pcap_cnt":382,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54303,"rrname":"pafqcibq.pirate.sea","rrtype":"NULL","tx_id":377}}
{"timestamp":"2010-08-21T04:10:56.055235+0200","flow_id":2169942931720074,"pcap_cnt":383,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":54303,"flags":"8400","qr":true,"aa":true,"rrname":"pafqcibq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqcibq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.058867+0200","flow_id":2169942931720074,"pcap_cnt":384,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":195,"pkts_toclient":185,"bytes_toserver":23490,"bytes_toclient":39483,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.058867+0200","flow_id":2169942931720074,"pcap_cnt":384,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62030,"rrname":"pafyciby.pirate.sea","rrtype":"NULL","tx_id":379}}
{"timestamp":"2010-08-21T04:10:56.071702+0200","flow_id":2169942931720074,"pcap_cnt":385,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":62030,"flags":"8400","qr":true,"aa":true,"rrname":"pafyciby.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafyciby.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.078317+0200","flow_id":2169942931720074,"pcap_cnt":386,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":196,"pkts_toclient":186,"bytes_toserver":23580,"bytes_toclient":39664,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.078317+0200","flow_id":2169942931720074,"pcap_cnt":386,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4221,"rrname":"paeacica.pirate.sea","rrtype":"NULL","tx_id":381}}
{"timestamp":"2010-08-21T04:10:56.092244+0200","flow_id":2169942931720074,"pcap_cnt":387,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":4221,"flags":"8400","qr":true,"aa":true,"rrname":"paeacica.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeacica.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.098524+0200","flow_id":2169942931720074,"pcap_cnt":388,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":197,"pkts_toclient":187,"bytes_toserver":23670,"bytes_toclient":39843,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.098524+0200","flow_id":2169942931720074,"pcap_cnt":388,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11948,"rrname":"paeicici.pirate.sea","rrtype":"NULL","tx_id":383}}
{"timestamp":"2010-08-21T04:10:56.112556+0200","flow_id":2169942931720074,"pcap_cnt":389,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":11948,"flags":"8400","qr":true,"aa":true,"rrname":"paeicici.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeicici.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.119973+0200","flow_id":2169942931720074,"pcap_cnt":390,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":198,"pkts_toclient":188,"bytes_toserver":23760,"bytes_toclient":40021,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.119973+0200","flow_id":2169942931720074,"pcap_cnt":390,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19675,"rrname":"paeqcicq.pirate.sea","rrtype":"NULL","tx_id":385}}
{"timestamp":"2010-08-21T04:10:56.132194+0200","flow_id":2169942931720074,"pcap_cnt":391,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":19675,"flags":"8400","qr":true,"aa":true,"rrname":"paeqcicq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqcicq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.137898+0200","flow_id":2169942931720074,"pcap_cnt":392,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":199,"pkts_toclient":189,"bytes_toserver":23850,"bytes_toclient":40200,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.137898+0200","flow_id":2169942931720074,"pcap_cnt":392,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27402,"rrname":"paeycicy.pirate.sea","rrtype":"NULL","tx_id":387}}
{"timestamp":"2010-08-21T04:10:56.153024+0200","flow_id":2169942931720074,"pcap_cnt":393,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":27402,"flags":"8400","qr":true,"aa":true,"rrname":"paeycicy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeycicy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.160288+0200","flow_id":2169942931720074,"pcap_cnt":394,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":200,"pkts_toclient":190,"bytes_toserver":23940,"bytes_toclient":40379,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.160288+0200","flow_id":2169942931720074,"pcap_cnt":394,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35129,"rrname":"pafacida.pirate.sea","rrtype":"NULL","tx_id":389}}
{"timestamp":"2010-08-21T04:10:56.173125+0200","flow_id":2169942931720074,"pcap_cnt":395,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":35129,"flags":"8400","qr":true,"aa":true,"rrname":"pafacida.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafacida.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.178532+0200","flow_id":2169942931720074,"pcap_cnt":396,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":201,"pkts_toclient":191,"bytes_toserver":24030,"bytes_toclient":40558,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.178532+0200","flow_id":2169942931720074,"pcap_cnt":396,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42856,"rrname":"paficidi.pirate.sea","rrtype":"NULL","tx_id":391}}
{"timestamp":"2010-08-21T04:10:56.192301+0200","flow_id":2169942931720074,"pcap_cnt":397,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":42856,"flags":"8400","qr":true,"aa":true,"rrname":"paficidi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paficidi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.197655+0200","flow_id":2169942931720074,"pcap_cnt":398,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":202,"pkts_toclient":192,"bytes_toserver":24120,"bytes_toclient":40737,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.197655+0200","flow_id":2169942931720074,"pcap_cnt":398,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50583,"rrname":"pafqcidq.pirate.sea","rrtype":"NULL","tx_id":393}}
{"timestamp":"2010-08-21T04:10:56.213348+0200","flow_id":2169942931720074,"pcap_cnt":399,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":50583,"flags":"8400","qr":true,"aa":true,"rrname":"pafqcidq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqcidq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.219924+0200","flow_id":2169942931720074,"pcap_cnt":400,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":203,"pkts_toclient":193,"bytes_toserver":24210,"bytes_toclient":40916,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.219924+0200","flow_id":2169942931720074,"pcap_cnt":400,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58310,"rrname":"pafycidy.pirate.sea","rrtype":"NULL","tx_id":395}}
{"timestamp":"2010-08-21T04:10:56.231655+0200","flow_id":2169942931720074,"pcap_cnt":401,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":58310,"flags":"8400","qr":true,"aa":true,"rrname":"pafycidy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafycidy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.239367+0200","flow_id":2169942931720074,"pcap_cnt":402,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":204,"pkts_toclient":194,"bytes_toserver":24300,"bytes_toclient":41095,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.239367+0200","flow_id":2169942931720074,"pcap_cnt":402,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":501,"rrname":"paeaciea.pirate.sea","rrtype":"NULL","tx_id":397}}
{"timestamp":"2010-08-21T04:10:56.252278+0200","flow_id":2169942931720074,"pcap_cnt":403,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":501,"flags":"8400","qr":true,"aa":true,"rrname":"paeaciea.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeaciea.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.258078+0200","flow_id":2169942931720074,"pcap_cnt":404,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":205,"pkts_toclient":195,"bytes_toserver":24390,"bytes_toclient":41274,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.258078+0200","flow_id":2169942931720074,"pcap_cnt":404,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8228,"rrname":"paeiciei.pirate.sea","rrtype":"NULL","tx_id":399}}
{"timestamp":"2010-08-21T04:10:56.273091+0200","flow_id":2169942931720074,"pcap_cnt":405,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":8228,"flags":"8400","qr":true,"aa":true,"rrname":"paeiciei.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeiciei.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.279301+0200","flow_id":2169942931720074,"pcap_cnt":406,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":206,"pkts_toclient":196,"bytes_toserver":24480,"bytes_toclient":41453,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.279301+0200","flow_id":2169942931720074,"pcap_cnt":406,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15955,"rrname":"paeqcieq.pirate.sea","rrtype":"NULL","tx_id":401}}
{"timestamp":"2010-08-21T04:10:56.292270+0200","flow_id":2169942931720074,"pcap_cnt":407,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":15955,"flags":"8400","qr":true,"aa":true,"rrname":"paeqcieq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqcieq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.297948+0200","flow_id":2169942931720074,"pcap_cnt":408,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":207,"pkts_toclient":197,"bytes_toserver":24570,"bytes_toclient":41634,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.297948+0200","flow_id":2169942931720074,"pcap_cnt":408,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23682,"rrname":"paeyciey.pirate.sea","rrtype":"NULL","tx_id":403}}
{"timestamp":"2010-08-21T04:10:56.311521+0200","flow_id":2169942931720074,"pcap_cnt":409,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":23682,"flags":"8400","qr":true,"aa":true,"rrname":"paeyciey.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeyciey.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.319645+0200","flow_id":2169942931720074,"pcap_cnt":410,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":208,"pkts_toclient":198,"bytes_toserver":24660,"bytes_toclient":41813,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.319645+0200","flow_id":2169942931720074,"pcap_cnt":410,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31409,"rrname":"pafacifa.pirate.sea","rrtype":"NULL","tx_id":405}}
{"timestamp":"2010-08-21T04:10:56.331481+0200","flow_id":2169942931720074,"pcap_cnt":411,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":31409,"flags":"8400","qr":true,"aa":true,"rrname":"pafacifa.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafacifa.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.336896+0200","flow_id":2169942931720074,"pcap_cnt":412,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":209,"pkts_toclient":199,"bytes_toserver":24750,"bytes_toclient":41992,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.336896+0200","flow_id":2169942931720074,"pcap_cnt":412,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39136,"rrname":"paficifi.pirate.sea","rrtype":"NULL","tx_id":407}}
{"timestamp":"2010-08-21T04:10:56.353592+0200","flow_id":2169942931720074,"pcap_cnt":413,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":39136,"flags":"8400","qr":true,"aa":true,"rrname":"paficifi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paficifi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.360564+0200","flow_id":2169942931720074,"pcap_cnt":414,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":210,"pkts_toclient":200,"bytes_toserver":24840,"bytes_toclient":42171,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.360564+0200","flow_id":2169942931720074,"pcap_cnt":414,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46863,"rrname":"pafqcifq.pirate.sea","rrtype":"NULL","tx_id":409}}
{"timestamp":"2010-08-21T04:10:56.372160+0200","flow_id":2169942931720074,"pcap_cnt":415,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":46863,"flags":"8400","qr":true,"aa":true,"rrname":"pafqcifq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafqcifq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.378085+0200","flow_id":2169942931720074,"pcap_cnt":416,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":211,"pkts_toclient":201,"bytes_toserver":24930,"bytes_toclient":42350,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.378085+0200","flow_id":2169942931720074,"pcap_cnt":416,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54590,"rrname":"pafycify.pirate.sea","rrtype":"NULL","tx_id":411}}
{"timestamp":"2010-08-21T04:10:56.392973+0200","flow_id":2169942931720074,"pcap_cnt":417,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":54590,"flags":"8400","qr":true,"aa":true,"rrname":"pafycify.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafycify.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.399428+0200","flow_id":2169942931720074,"pcap_cnt":418,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":212,"pkts_toclient":202,"bytes_toserver":25020,"bytes_toclient":42529,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.399428+0200","flow_id":2169942931720074,"pcap_cnt":418,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62317,"rrname":"paeaciga.pirate.sea","rrtype":"NULL","tx_id":413}}
{"timestamp":"2010-08-21T04:10:56.411305+0200","flow_id":2169942931720074,"pcap_cnt":419,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":62317,"flags":"8400","qr":true,"aa":true,"rrname":"paeaciga.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeaciga.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.417036+0200","flow_id":2169942931720074,"pcap_cnt":420,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":213,"pkts_toclient":203,"bytes_toserver":25110,"bytes_toclient":42708,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.417036+0200","flow_id":2169942931720074,"pcap_cnt":420,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4508,"rrname":"paeicigi.pirate.sea","rrtype":"NULL","tx_id":415}}
{"timestamp":"2010-08-21T04:10:56.432646+0200","flow_id":2169942931720074,"pcap_cnt":421,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":4508,"flags":"8400","qr":true,"aa":true,"rrname":"paeicigi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeicigi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.439158+0200","flow_id":2169942931720074,"pcap_cnt":422,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":214,"pkts_toclient":204,"bytes_toserver":25200,"bytes_toclient":42887,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.439158+0200","flow_id":2169942931720074,"pcap_cnt":422,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12235,"rrname":"paeqcigq.pirate.sea","rrtype":"NULL","tx_id":417}}
{"timestamp":"2010-08-21T04:10:56.454242+0200","flow_id":2169942931720074,"pcap_cnt":423,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":12235,"flags":"8400","qr":true,"aa":true,"rrname":"paeqcigq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeqcigq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.459959+0200","flow_id":2169942931720074,"pcap_cnt":424,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":215,"pkts_toclient":205,"bytes_toserver":25290,"bytes_toclient":43066,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.459959+0200","flow_id":2169942931720074,"pcap_cnt":424,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19962,"rrname":"paeycigy.pirate.sea","rrtype":"NULL","tx_id":419}}
{"timestamp":"2010-08-21T04:10:56.460074+0200","flow_id":2169942931720074,"pcap_cnt":425,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":19962,"flags":"8400","qr":true,"aa":true,"rrname":"paeycigy.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paeycigy.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.465912+0200","flow_id":2169942931720074,"pcap_cnt":426,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":216,"pkts_toclient":206,"bytes_toserver":25380,"bytes_toclient":43278,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.465912+0200","flow_id":2169942931720074,"pcap_cnt":426,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27689,"rrname":"pafaciha.pirate.sea","rrtype":"NULL","tx_id":421}}
{"timestamp":"2010-08-21T04:10:56.498343+0200","flow_id":2169942931720074,"pcap_cnt":427,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":217,"pkts_toclient":206,"bytes_toserver":25542,"bytes_toclient":43278,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.498343+0200","flow_id":2169942931720074,"pcap_cnt":427,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":217,"pkts_toclient":206,"bytes_toserver":25542,"bytes_toclient":43278,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:10:56.498343+0200","flow_id":2169942931720074,"pcap_cnt":427,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35416,"rrname":"12ebv82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe4\\xde4yp1\\xccu\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf4\\xd5\\xf930\\xee\\xd8WWfn\\xc1\\xe8\\xe3H\\xbe\\xe2YyCU.dv\\xc4\\xf7C\\xe4ioAG\\xbed\\xc6epR\\xbe.pirate.sea","rrtype":"NULL","tx_id":422}}
{"timestamp":"2010-08-21T04:10:56.515870+0200","flow_id":2169942931720074,"pcap_cnt":428,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":27689,"flags":"8400","qr":true,"aa":true,"rrname":"pafaciha.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafaciha.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:56.537145+0200","flow_id":2169942931720074,"pcap_cnt":429,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":218,"pkts_toclient":207,"bytes_toserver":25632,"bytes_toclient":43371,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:10:56.537145+0200","flow_id":2169942931720074,"pcap_cnt":429,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43143,"rrname":"pafacihi.pirate.sea","rrtype":"NULL","tx_id":424}}
{"timestamp":"2010-08-21T04:10:56.537316+0200","flow_id":2169942931720074,"pcap_cnt":430,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":35416,"flags":"8400","qr":true,"aa":true,"rrname":"12ebv82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe4\\xde4yp1\\xccu\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf4\\xd5\\xf930\\xee\\xd8WWfn\\xc1\\xe8\\xe3H\\xbe\\xe2YyCU.dv\\xc4\\xf7C\\xe4ioAG\\xbed\\xc6epR\\xbe.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"12ebv82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xe4\\xde4yp1\\xccu\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf4\\xd5\\xf930\\xee\\xd8WWfn\\xc1\\xe8\\xe3H\\xbe\\xe2YyCU.dv\\xc4\\xf7C\\xe4ioAG\\xbed\\xc6epR\\xbe.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:11:00.489860+0200","flow_id":2169942931720074,"pcap_cnt":431,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":219,"pkts_toclient":208,"bytes_toserver":25794,"bytes_toclient":43536,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:11:00.489860+0200","flow_id":2169942931720074,"pcap_cnt":431,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":219,"pkts_toclient":208,"bytes_toserver":25794,"bytes_toclient":43536,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:11:00.489860+0200","flow_id":2169942931720074,"pcap_cnt":431,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50870,"rrname":"1aebw82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xec\\xde4yp1\\xccK\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf4\\xd5\\xf930\\xee\\xd8WYfn\\xc1\\xc8\\xc9\\xe1r\\xbe\\xdeY5\\xda.gln\\xf7S\\xe0ioAG\\xbed\\xd7\\xc2pR\\xbe.pirate.sea","rrtype":"NULL","tx_id":426}}
{"timestamp":"2010-08-21T04:11:00.492592+0200","flow_id":2169942931720074,"pcap_cnt":432,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":43143,"flags":"8400","qr":true,"aa":true,"rrname":"pafacihi.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"pafacihi.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:11:00.493077+0200","flow_id":2169942931720074,"pcap_cnt":433,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":220,"pkts_toclient":209,"bytes_toserver":25956,"bytes_toclient":43693,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:11:00.493077+0200","flow_id":2169942931720074,"pcap_cnt":433,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":220,"pkts_toclient":209,"bytes_toserver":25956,"bytes_toclient":43693,"start":"2010-08-21T04:10:40.051082+0200"},"alert":{"action":"allowed","gid":1,"signature_id":2029995,"rev":1,"signature":"ET MALWARE Suspicious Long NULL DNS Request - Possible DNS Tunneling","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Major"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}}}
{"timestamp":"2010-08-21T04:11:00.493077+0200","flow_id":2169942931720074,"pcap_cnt":433,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58597,"rrname":"1efbx82\\xca2hb\\xbe\\xeeY\\xd6ggk\\xcf\\xde\\xde4yp1\\xcce\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf4\\xd5\\xe530\\xee\\xd4WWfn\\xc1\\xd0\\xf5\\xe1r\\xbe\\xdeY5\\xda.gln\\xf7S\\xe0i\\xcckaGd\\xdaCpR\\xbe.pirate.sea","rrtype":"NULL","tx_id":428}}
{"timestamp":"2010-08-21T04:11:00.511529+0200","flow_id":2169942931720074,"pcap_cnt":434,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":50870,"flags":"8400","qr":true,"aa":true,"rrname":"1aebw82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xec\\xde4yp1\\xccK\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf4\\xd5\\xf930\\xee\\xd8WYfn\\xc1\\xc8\\xc9\\xe1r\\xbe\\xdeY5\\xda.gln\\xf7S\\xe0ioAG\\xbed\\xd7\\xc2pR\\xbe.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1aebw82\\xca2hb\\xbe\\xeeY\\xd6ggm\\xcf\\xec\\xde4yp1\\xccK\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf4\\xd5\\xf930\\xee\\xd8WYfn\\xc1\\xc8\\xc9\\xe1r\\xbe\\xdeY5\\xda.gln\\xf7S\\xe0ioAG\\xbed\\xd7\\xc2pR\\xbe.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:11:00.532442+0200","flow_id":2169942931720074,"pcap_cnt":435,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":221,"pkts_toclient":210,"bytes_toserver":26046,"bytes_toclient":43858,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:11:00.532442+0200","flow_id":2169942931720074,"pcap_cnt":435,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":788,"rrname":"paficihq.pirate.sea","rrtype":"NULL","tx_id":430}}
{"timestamp":"2010-08-21T04:11:00.532699+0200","flow_id":2169942931720074,"pcap_cnt":436,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":58597,"flags":"8400","qr":true,"aa":true,"rrname":"1efbx82\\xca2hb\\xbe\\xeeY\\xd6ggk\\xcf\\xde\\xde4yp1\\xcce\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf4\\xd5\\xe530\\xee\\xd4WWfn\\xc1\\xd0\\xf5\\xe1r\\xbe\\xdeY5\\xda.gln\\xf7S\\xe0i\\xcckaGd\\xdaCpR\\xbe.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"1efbx82\\xca2hb\\xbe\\xeeY\\xd6ggk\\xcf\\xde\\xde4yp1\\xcce\\xc8I\\xe1\\xc1y\\xc6\\xe3\\xdd\\xcdW\\xf4\\xe0fF\\xf4\\xd5\\xe530\\xee\\xd4WWfn\\xc1\\xd0\\xf5\\xe1r\\xbe\\xdeY5\\xda.gln\\xf7S\\xe0i\\xcckaGd\\xdaCpR\\xbe.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:11:04.538177+0200","flow_id":2169942931720074,"pcap_cnt":437,"event_type":"alert","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2029994,"rev":1,"signature":"ET HUNTING Suspicious NULL DNS Request","category":"Unknown Classtype","severity":3,"metadata":{"updated_at":["2020_04_22"],"created_at":["2020_04_22"],"signature_severity":["Informational"],"deployment":["Perimeter"],"attack_target":["DNS_Server"],"affected_product":["Windows_XP_Vista_7_8_10_Server_32_64_Bit"]}},"app_proto":"dns","flow":{"pkts_toserver":222,"pkts_toclient":211,"bytes_toserver":26136,"bytes_toclient":44023,"start":"2010-08-21T04:10:40.051082+0200"}}
{"timestamp":"2010-08-21T04:11:04.538177+0200","flow_id":2169942931720074,"pcap_cnt":437,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8515,"rrname":"paficihy.pirate.sea","rrtype":"NULL","tx_id":432}}
{"timestamp":"2010-08-21T04:11:04.538369+0200","flow_id":2169942931720074,"pcap_cnt":438,"event_type":"dns","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","dns":{"version":2,"type":"answer","id":788,"flags":"8400","qr":true,"aa":true,"rrname":"paficihq.pirate.sea","rrtype":"NULL","rcode":"NOERROR","answers":[{"rrname":"paficihq.pirate.sea","rrtype":"NULL","ttl":0}],"grouped":{}}}
{"timestamp":"2010-08-21T04:10:45.047506+0200","flow_id":2169942931720074,"event_type":"flow","src_ip":"10.0.2.30","src_port":44639,"dest_ip":"10.0.2.20","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":222,"pkts_toclient":212,"bytes_toserver":26136,"bytes_toclient":44116,"start":"2010-08-21T04:10:40.051082+0200","end":"2010-08-21T04:11:04.538369+0200","age":24,"state":"established","reason":"shutdown","alerted":true}}
{"timestamp":"2020-04-23T09:06:01.169949+0200","event_type":"stats","stats":{"uptime":19,"decoder":{"pkts":438,"bytes":70492,"invalid":0,"ipv4":434,"ipv6":0,"ethernet":438,"raw":0,"null":0,"sll":0,"tcp":0,"udp":434,"sctp":0,"icmpv4":0,"icmpv6":0,"ppp":0,"pppoe":0,"gre":0,"vlan":0,"vlan_qinq":0,"vxlan":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":160,"max_pkt_size":1512,"erspan":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":0,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0}},"dce":{"pkt_too_small":0}},"flow":{"memcap":0,"tcp":0,"udp":1,"icmpv4":0,"icmpv6":0,"spare":10000,"emerg_mode_entered":0,"emerg_mode_over":0,"tcp_reuse":0,"memuse":11908960},"defrag":{"ipv4":{"fragments":0,"reassembled":0,"timeouts":0},"ipv6":{"fragments":0,"reassembled":0,"timeouts":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"tcp":{"sessions":0,"ssn_memcap_drop":0,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"no_flow":0,"syn":0,"synack":0,"rst":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"segment_memcap_drop":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"insert_list_fail":0,"memuse":6881280,"reassembly_memuse":1179648},"detect":{"engines":[{"id":0,"last_reload":"2020-04-23T09:06:01.084552+0200","rules_loaded":46870,"rules_failed":0}],"alert":260},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":0,"ftp-data":0,"tftp":0,"ikev2":0,"krb5_tcp":0,"dhcp":0,"snmp":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":1,"nfs_udp":0,"krb5_udp":0,"failed_udp":0},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":0,"ftp-data":0,"tftp":0,"ikev2":0,"krb5_tcp":0,"dhcp":0,"snmp":0,"dcerpc_udp":0,"dns_udp":434,"nfs_udp":0,"krb5_udp":0},"expectations":0},"flow_mgr":{"closed_pruned":0,"new_pruned":0,"est_pruned":0,"bypassed_pruned":0,"flows_checked":0,"flows_notimeout":0,"flows_timeout":0,"flows_timeout_inuse":0,"flows_removed":0,"rows_checked":65536,"rows_skipped":65536,"rows_empty":0,"rows_busy":0,"rows_maxlen":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0}}}
(2-2/2)