Project

General

Profile

Bug #5633 » eve.json

Don Williams, 11/22/2022 03:36 PM

 
{"timestamp":"2022-11-22T15:13:19.663781+0000","flow_id":1606330235166949,"in_iface":"mon4","event_type":"alert","src_ip":"66.59.111.190","src_port":0,"dest_ip":"172.28.2.3","dest_port":0,"proto":"ICMP","icmp_type":8,"icmp_code":0,"ether":{},"community_id":"1:4qiuUiapfKrMDVDHhw0iOgvogqI=","alert":{"action":"allowed","gid":1,"signature_id":60000000,"rev":1,"signature":"GRE Tunnel Pass Test","category":"Misc activity","severity":3,"rule":"pass ip any any <> 172.28.2.3 any (msg:\"GRE Tunnel Pass Test\"; classtype:misc-activity; sid:60000000; rev:1;)"},"tunnel":{"src_ip":"172.27.1.66","src_port":0,"dest_ip":"66.59.109.137","dest_port":0,"proto":"GRE","depth":1},"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":84,"bytes_toclient":0,"start":"2022-11-22T15:13:19.663781+0000"},"payload":"cHLmPpcZDAAICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc=","payload_printable":"pr.>......\n..\r.................. !\"#$%&'()*+,-./01234567","stream":0,"packet":"RQAAVAAAQABAAdqQQjtvvqwcAgMIAEbJy2gBAHBy5j6XGQwACAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3","packet_info":{"linktype":12}}
{"timestamp":"2022-11-22T15:13:29.627723+0000","flow_id":316770600195083,"in_iface":"mon4","event_type":"alert","src_ip":"66.59.111.190","src_port":40264,"dest_ip":"172.28.2.3","dest_port":22,"proto":"TCP","ether":{},"community_id":"1:GvEAhAEKkdnTWFCXuw7HpDevs2w=","alert":{"action":"allowed","gid":1,"signature_id":60000000,"rev":1,"signature":"GRE Tunnel Pass Test","category":"Misc activity","severity":3,"rule":"pass ip any any <> 172.28.2.3 any (msg:\"GRE Tunnel Pass Test\"; classtype:misc-activity; sid:60000000; rev:1;)"},"tunnel":{"src_ip":"172.27.1.66","src_port":0,"dest_ip":"66.59.109.137","dest_port":0,"proto":"GRE","depth":1},"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":60,"bytes_toclient":0,"start":"2022-11-22T15:13:29.627723+0000"},"payload":"","payload_printable":"","stream":0,"packet":"RQAAPFXWQABABoTNQjtvvqwcAgOdSAAWMH9w5wAAAACgwhZwZi8AAAIEBZwEAggKBrElMQAAAAABAwMA","packet_info":{"linktype":12}}
{"timestamp":"2022-11-22T15:13:37.926026+0000","flow_id":275710713340234,"in_iface":"mon4","event_type":"alert","src_ip":"66.59.111.190","src_port":37675,"dest_ip":"172.28.2.3","dest_port":53,"proto":"UDP","ether":{},"community_id":"1:07ZQAeEnPuTfz/AxZbb/1SQ0Yvk=","alert":{"action":"allowed","gid":1,"signature_id":60000000,"rev":1,"signature":"GRE Tunnel Pass Test","category":"Misc activity","severity":3,"rule":"pass ip any any <> 172.28.2.3 any (msg:\"GRE Tunnel Pass Test\"; classtype:misc-activity; sid:60000000; rev:1;)"},"tunnel":{"src_ip":"172.27.1.66","src_port":0,"dest_ip":"66.59.109.137","dest_port":0,"proto":"GRE","depth":1},"dns":{"query":[{"type":"query","id":48554,"rrname":"www.gleeble.org","rrtype":"ANY","tx_id":0}]},"app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":61,"bytes_toclient":0,"start":"2022-11-22T15:13:37.926026+0000"},"payload":"vaoBAAABAAAAAAAAA3d3dwdnbGVlYmxlA29yZwAA/wAB","payload_printable":".............www.gleeble.org.....","stream":0,"packet":"RQAAPQAAQABAEdqXQjtvvqwcAgOTKwA1ACkXHb2qAQAAAQAAAAAAAAN3d3cHZ2xlZWJsZQNvcmcAAP8AAQ==","packet_info":{"linktype":12}}
(4-4/4)