alert-icmp-dns.json - Suricata - Open Information Security Foundation

Bug #7892 » alert-icmp-dns.json

Peter Manev, 09/11/2025 11:57 AM

    
    {

      "timestamp": "2022-02-16T03:31:59.121237+0100",

      "flow_id": 1769283870239171,

      "pcap_cnt": 13856,

      "event_type": "alert",

      "src_ip": "10.2.9.133",

      "dest_ip": "10.2.9.9",

      "proto": "ICMP",

      "ip_v": 4,

      "icmp_type": 3,

      "icmp_code": 3,

      "pkt_src": "wire/pcap",

      "alert": {

        "action": "allowed",

        "gid": 1,

        "signature_id": 1000123,

        "rev": 1,

        "signature": "TEST1 ICMP outbound unusual size and pattern Destination Unreachable",

        "category": "Unknown Traffic",

        "severity": 3,

        "source": {

          "ip": "10.2.9.133"

        },

        "target": {

          "ip": "10.2.9.9"

        },

        "metadata": {

          "created_at": [

            "2025_09_11"

          ],

          "updated_at": [

            "2025_09_11"

          ]

        }

      },

      "app_proto": "dns",

      "direction": "to_server",

      "flow": {

        "pkts_toserver": 3,

        "pkts_toclient": 2,

        "bytes_toserver": 408,

        "bytes_toclient": 340,

        "start": "2022-02-16T03:31:58.936231+0100",

        "src_ip": "10.2.9.133",

        "dest_ip": "10.2.9.9"

      },

      "payload_printable": "E..........#\n...\n....5.P.................67ee27 huaohfajuhscrrirbjgrdbofiruhbsce.store......4.........5.ns0\ncentralnic.net.\nhostmaster.O.............\\I.....",

      "stream": 0

    }

« Previous
1
2
Next »

(2-2/2)

Project

General

Profile

Suricata

Bug #7892 » alert-icmp-dns.json