-
Notifications
You must be signed in to change notification settings - Fork 438
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- update version to 0.3.5 - capture_loss - connection - dce_rpc, update ecs.yml - dhcp, update ecs.yml - dnp3, update ecs.yml - dns, update ecs.yml, fix type mismatch - dpd - files - http, update ecs.yml, fix path configuration - intel - irc - kerberos, update ecs.yml - modbus, update ecs.yml - mysql, update ecs.yml - notice - ntlm - pe - radius - rdp, update ecs.yml - rfb - sip - smb_cmd - smb_files - smb_mapping - smtp - snmp - socks - ssh - ssl, update ecs.yml - stats - traceroute - tunnel - weird - x509, update ecs.yml
- Loading branch information
Showing
85 changed files
with
501 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| FROM alpine | ||
|
|
||
| COPY ./*.log /sample_logs/ | ||
|
|
||
| ENTRYPOINT [ "/bin/sh" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1568132368.465338,"ts_delta":32.282249,"peer":"bro","gaps":0,"acks":206,"percent_lost":0.0} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| {"ts":1547188415.857497,"uid":"CAcJw21BbVedgFnYH3","id.orig_h":"192.168.86.167","id.orig_p":38339,"id.resp_h":"192.168.86.1","id.resp_p":53,"proto":"udp","service":"dns","duration":0.076967,"orig_bytes":75,"resp_bytes":178,"conn_state":"SF","local_orig":true,"local_resp":true,"missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":103,"resp_pkts":1,"resp_ip_bytes":206,"tunnel_parents":[]} | ||
| {"ts":1547188416.857497,"uid":"CAcJw21BbVedgFnYH4","id.orig_h":"192.168.86.167","id.orig_p":38340,"id.resp_h":"8.8.8.8","id.resp_p":53,"proto":"udp","service":"dns","duration":0.076967,"orig_bytes":75,"resp_bytes":178,"conn_state":"SF","local_orig":true,"local_resp":false,"missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":103,"resp_pkts":1,"resp_ip_bytes":206,"tunnel_parents":[]} | ||
| {"ts":1547188417.857497,"uid":"CAcJw21BbVedgFnYH5","id.orig_h":"4.4.2.2","id.orig_p":383341,"id.resp_h":"8.8.8.8","id.resp_p":53,"proto":"udp","service":"dns","duration":0.076967,"orig_bytes":75,"resp_bytes":178,"conn_state":"SF","local_orig":false,"local_resp":false,"missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":103,"resp_pkts":1,"resp_ip_bytes":206,"tunnel_parents":[]} | ||
| {"ts":1551399000.57855,"uid":"Cc6NJ3GRlfjE44I3h","id.orig_h":"192.0.2.205","id.orig_p":3,"id.resp_h":"198.51.100.249","id.resp_p":3,"proto":"icmp","conn_state":"OTH","local_orig":false,"local_resp":false,"missed_bytes":0,"orig_pkts":1,"orig_ip_bytes":107,"resp_pkts":0,"resp_ip_bytes":0,"tunnel_parents":[]} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1361916332.298338,"uid":"CsNHVHa1lzFtvJzT8","id.orig_h":"172.16.133.6","id.orig_p":1728,"id.resp_h":"172.16.128.202","id.resp_p":445,"rtt":0.09211,"named_pipe":"\u005cPIPE\u005cbrowser","endpoint":"browser","operation":"BrowserrQueryOtherDomains"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1476605498.771847,"uids":["CmWOt6VWaNGqXYcH6","CLObLo4YHn0u23Tp8a"],"client_addr":"192.168.199.132","server_addr":"192.168.199.254","mac":"00:0c:29:03:df:ad","host_name":"DESKTOP-2AEFM7G","client_fqdn":"DESKTOP-2AEFM7G","domain":"localdomain","requested_addr":"192.168.199.132","assigned_addr":"192.168.199.132","lease_time":1800.0,"msg_types":["REQUEST","ACK"],"duration":0.000161} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1227729908.705944,"uid":"CQV6tj1w1t4WzQpHoe","id.orig_h":"127.0.0.1","id.orig_p":42942,"id.resp_h":"127.0.0.1","id.resp_p":20000,"fc_request":"READ"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| {"ts":1547188415.857497,"uid":"CAcJw21BbVedgFnYH3","id.orig_h":"192.168.86.167","id.orig_p":38339,"id.resp_h":"192.168.86.1","id.resp_p":53,"proto":"udp","trans_id":15209,"rtt":0.076967,"query":"dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io","qclass":1,"qclass_name":"C_INTERNET","qtype":1,"qtype_name":"A","rcode":0,"rcode_name":"NOERROR","AA":false,"TC":false,"RD":true,"RA":true,"Z":0,"answers":["proxy-production-us-west1.gcp.cloud.es.io","proxy-production-us-west1-v1-009.gcp.cloud.es.io","35.199.178.4"],"TTLs":[119.0,119.0,59.0],"rejected":false} | ||
| {"ts":1567095830.680046,"uid":"C19a1k4lTv46YMbeOk","id.orig_h":"fe80::4ef:15cf:769f:ff21","id.orig_p":5353,"id.resp_h":"ff02::fb","id.resp_p":5353,"proto":"udp","trans_id":0,"query":"_googlecast._tcp.local","qclass":1,"qclass_name":"C_INTERNET","qtype":12,"qtype_name":"PTR","AA":false,"TC":false,"RD":false,"RA":false,"Z":0,"rejected":false} | ||
| {"ts":1567095830.734329,"uid":"CdiVAw7jJw6gsX5H","id.orig_h":"192.168.86.237","id.orig_p":5353,"id.resp_h":"224.0.0.251","id.resp_p":5353,"proto":"udp","trans_id":0,"query":"_googlecast._tcp.local","rcode":0,"rcode_name":"NOERROR","AA":true,"TC":false,"RD":false,"RA":false,"Z":0,"answers":["bravia-4k-gb-5c89f865c9d569ab338815b35e3acc56._googlecast._tcp.local"],"TTLs":[120.0],"rejected":false} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| version: '2.3' | ||
| services: | ||
| zeek: | ||
| tty: true | ||
| build: . | ||
| volumes: | ||
| - ${SERVICE_LOGS_DIR}:/logs | ||
| command: -c "cp /sample_logs/*.log /logs/" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1507567500.423033,"uid":"CRrT7S1ccw9H6hzCR","id.orig_h":"192.168.10.31","id.orig_p":49285,"id.resp_h":"192.168.10.10","id.resp_p":445,"proto":"tcp","analyzer":"DCE_RPC","failure_reason":"Binpac exception: binpac exception: \u0026enforce violation : DCE_RPC_Header:rpc_vers"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| {"ts":1547688796.636812,"fuid":"FMkioa222mEuM2RuQ9","tx_hosts":["35.199.178.4"],"rx_hosts":["10.178.98.102"],"conn_uids":["C8I0zn3r9EPbfLgta6"],"source":"SSL","depth":0,"analyzers":["X509","MD5","SHA1"],"mime_type":"application/pkix-cert","duration":0.0,"local_orig":false,"is_orig":false,"seen_bytes":947,"missing_bytes":0,"overflow_bytes":0,"timedout":false,"md5":"79e4a9840d7d3a96d7c04fe2434c892e","sha1":"a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436"} | ||
| {"ts":1547688801.566262,"fuid":"FShtIS1gydeSFf8M63","tx_hosts":["17.134.127.250"],"rx_hosts":["10.178.98.102"],"conn_uids":["C6sjVo23iNApLnlAt6"],"source":"SSL","depth":0,"analyzers":["X509","MD5","SHA1"],"mime_type":"application/pkix-cert","duration":0.0,"local_orig":false,"is_orig":false,"seen_bytes":2089,"missing_bytes":0,"overflow_bytes":0,"timedout":false,"md5":"b9742f12eb97eff531d94f7800c6706c","sha1":"b88d13fe319d342e7a808ce3a0a1158111fc3c2a"} | ||
| {"ts":1547688801.566262,"fuid":"F9ip9a3MDAq3XLBOn2","tx_hosts":["17.134.127.250"],"rx_hosts":["10.178.98.102"],"conn_uids":["C6sjVo23iNApLnlAt6"],"source":"SSL","depth":0,"analyzers":["X509","MD5","SHA1"],"mime_type":"application/pkix-cert","duration":0.0,"local_orig":false,"is_orig":false,"seen_bytes":1092,"missing_bytes":0,"overflow_bytes":0,"timedout":false,"md5":"48f0e38385112eeca5fc9ffd402eaecd","sha1":"8e8321ca08b08e3726fe1d82996884eeb5f0d655"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| {"ts":1547687130.172944,"uid":"CCNp8v1SNzY7v9d1Ih","id.orig_h":"10.178.98.102","id.orig_p":62995,"id.resp_h":"17.253.5.203","id.resp_p":80,"trans_depth":1,"method":"GET","host":"ocsp.apple.com","uri":"/ocsp04-aaica02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFNqvF+Za6oA4ceFRLsAWwEInjUhJBBQx6napI3Sl39T97qDBpp7GEQ4R7AIIUP1IOZZ86ns=","version":"1.1","user_agent":"com.apple.trustd/2.0","request_body_len":0,"response_body_len":3735,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["F5zuip1tSwASjNAHy7"],"resp_mime_types":["application/ocsp-response"]} | ||
| {"ts":1547707019.757479,"uid":"CMnIaR2V8VXyu7EPs","id.orig_h":"10.20.8.197","id.orig_p":35684,"id.resp_h":"34.206.130.40","id.resp_p":80,"trans_depth":1,"method":"GET","host":"httpbin.org","uri":"/ip","version":"1.1","user_agent":"curl/7.58.0","request_body_len":0,"response_body_len":32,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FwGPlr1GcKUWWdkXoi"],"resp_mime_types":["text/json"]} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1573030980.989353,"uid":"Ctefoj1tgOPt4D0EK2","id.orig_h":"192.168.1.1","id.orig_p":37598,"id.resp_h":"198.41.0.4","id.resp_p":53,"seen.indicator":"198.41.0.4","seen.indicator_type":"Intel::ADDR","seen.where":"Conn::IN_RESP","seen.node":"worker-1-2","matched":["Intel::ADDR"],"sources":["ETPRO Rep: AbusedTLD Score: 127"]} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| {"ts":1387554250.647295,"uid":"CNJBX5FQdL62VUUP1","id.orig_h":"10.180.156.249","id.orig_p":45921,"id.resp_h":"38.229.70.20","id.resp_p":8000,"command":"USER","value":"xxxxx","addl":"+iw xxxxx XxxxxxXxxx "} | ||
| {"ts":1387554250.647295,"uid":"CNJBX5FQdL62VUUP1","id.orig_h":"10.180.156.249","id.orig_p":45921,"id.resp_h":"38.229.70.20","id.resp_p":8000,"user":"xxxxx","command":"NICK","value":"molochtest","addl":"+iw xxxxx XxxxxxXxxx "} | ||
| {"ts":1387554250.706387,"uid":"CNJBX5FQdL62VUUP1","id.orig_h":"10.180.156.249","id.orig_p":45921,"id.resp_h":"38.229.70.20","id.resp_p":8000,"nick":"molochtest","user":"xxxxx","command":"JOIN","value":"#moloch-fpc","addl":" with channel key: \u0027-\u0027"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1507565599.590346,"uid":"C56Flhb4WQBNkfMOl","id.orig_h":"192.168.10.31","id.orig_p":49242,"id.resp_h":"192.168.10.10","id.resp_p":88,"request_type":"TGS","client":"RonHD/CONTOSO.LOCAL","service":"HOST/admin-pc","success":true,"till":2136422885.0,"cipher":"aes256-cts-hmac-sha1-96","forwardable":true,"renewable":true,"cert.client_subject":"CN=*.gcp.cloud.es.io,O=Elasticsearch\u005c, Inc.,L=Mountain View,ST=California,C=US","cert.server_subject":"CN=*.gcp.cloud.es.io,O=Elasticsearch\u005c, Inc.,L=Mountain View,ST=California,C=US"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1352718265.222457,"uid":"CpIIXl4DFGswmjH2bl","id.orig_h":"192.168.1.10","id.orig_p":64342,"id.resp_h":"192.168.1.164","id.resp_p":502,"func":"READ_COILS"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1216281087.437392,"uid":"C5Hol527kLMUw36hj3","id.orig_h":"192.168.0.254","id.orig_p":56162,"id.resp_h":"192.168.0.254","id.resp_p":3306,"cmd":"query","arg":"select count(*) from foo","success":true,"rows":1} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| {"ts":1320435875.879278,"note":"SSH::Password_Guessing","msg":"172.16.238.1 appears to be guessing SSH passwords (seen in 30 connections).","sub":"Sampled servers: 172.16.238.136, 172.16.238.136, 172.16.238.136, 172.16.238.136, 172.16.238.136","src":"172.16.238.1","peer_descr":"bro","actions":["Notice::ACTION_LOG"],"suppress_for":3600.0,"dropped":false} | ||
| {"ts":1551393388.426472,"note":"Scan::Port_Scan","msg":"8.42.77.171 scanned at least 15 unique ports of host 207.154.238.205 in 0m0s","sub":"remote","src":"8.42.77.171","dst":"207.154.238.205","peer_descr":"bro","actions":["Notice::ACTION_LOG"],"suppress_for":3600.0,"dropped":false} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1508959117.814467,"uid":"CHphiNUKDC20fsy09","id.orig_h":"192.168.10.50","id.orig_p":46785,"id.resp_h":"192.168.10.31","id.resp_p":445,"username":"JeffV","hostname":"ybaARon55QykXrgu","domainname":"contoso.local","server_nb_computer_name":"VICTIM-PC","server_dns_computer_name":"Victim-PC.contoso.local","server_tree_name":"contoso.local"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1507565599.578328,"id":"FtIFnm3ZqI1s96P74l","machine":"I386","compile_ts":1467139314.0,"os":"Windows XP","subsystem":"WINDOWS_CUI","is_exe":true,"is_64bit":false,"uses_aslr":true,"uses_dep":true,"uses_code_integrity":false,"uses_seh":true,"has_import_table":true,"has_export_table":false,"has_cert_table":true,"has_debug_data":false,"section_names":[".text",".rdata",".data",".rsrc",".reloc"]} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1217631137.916736,"uid":"CRe9VD3flCDWbPmpIh","id.orig_h":"10.0.0.1","id.orig_p":1645,"id.resp_h":"10.0.0.100","id.resp_p":1812,"username":"John.McGuirk","mac":"00:14:22:e9:54:5e","result":"success"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1568132339.668952,"uid":"C2PcYV7D3ntaHm056","id.orig_h":"192.168.131.1","id.orig_p":33872,"id.resp_h":"192.168.131.131","id.resp_p":3389,"result":"encrypted","security_protocol":"HYBRID","cert_count":0,"ssl":true} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1328632534.517208,"uid":"CXoIzM3wH3fUwXtKN1","id.orig_h":"192.168.1.123","id.orig_p":58102,"id.resp_h":"192.168.1.10","id.resp_p":5900,"client_major_version":"003","client_minor_version":"008","server_major_version":"003","server_minor_version":"008","authentication_method":"VNC","auth":true,"share_flag":false,"desktop_name":"\u00a0","width":800,"height":600} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| {"ts":1361916159.055464,"uid":"CPRLCB4eWHdjP852Bk","id.orig_h":"172.16.133.19","id.orig_p":5060,"id.resp_h":"74.63.41.218","id.resp_p":5060,"trans_depth":0,"method":"REGISTER","uri":"sip:newyork.voip.ms:5060","request_from":"\u0022AppNeta\u0022 <sip:116954_Boston6@newyork.voip.ms>","request_to":"<sip:116954_Boston6@newyork.voip.ms>","response_from":"\u0022AppNeta\u0022 <sip:116954_Boston6@newyork.voip.ms>","response_to":"<sip:116954_Boston6@newyork.voip.ms>;tag=as023f66a5","call_id":"8694cd7e-976e4fc3-d76f6e38@172.16.133.19","seq":"4127 REGISTER","request_path":["SIP/2.0/UDP 172.16.133.19:5060"],"response_path":["SIP/2.0/UDP 172.16.133.19:5060"],"user_agent":"PolycomSoundStationIP-SSIP_5000-UA/3.2.4.0267","status_code":401,"status_msg":"Unauthorized","request_body_len":0,"response_body_len":0} | ||
| {"ts":1105725482.965944,"uid":"ComJz236lSOcuOmix3","id.orig_h":"200.57.7.204","id.orig_p":5061,"id.resp_h":"200.57.7.195","id.resp_p":5060,"trans_depth":0,"method":"INVITE","uri":"sip:francisco@bestel.com:55060","request_from":"<sip:200.57.7.195:55061;user=phone>","request_to":"\u0022francisco@bestel.com\u0022 <sip:francisco@bestel.com:55060>","response_from":"<sip:200.57.7.195:55061;user=phone>","response_to":"\u0022francisco@bestel.com\u0022 <sip:francisco@bestel.com:55060>;tag=298852044","call_id":"12013223@200.57.7.195","seq":"1 INVITE","request_path":["SIP/2.0/UDP 200.57.7.195","SIP/2.0/UDP 200.57.7.195:55061"],"response_path":["SIP/2.0/UDP 200.57.7.195","SIP/2.0/UDP 200.57.7.195:55061","SIP/2.0/UDP 200.57.7.195","SIP/2.0/UDP 200.57.7.195:55061"],"status_code":180,"status_msg":"Ringing","request_body_len":229,"response_body_len":0} | ||
| {"ts":1105725487.022577,"uid":"CJZDWgixtwqXctWEg","id.orig_h":"200.57.7.205","id.orig_p":5061,"id.resp_h":"200.57.7.195","id.resp_p":5060,"trans_depth":0,"method":"REGISTER","uri":"sip:Verso.com","request_from":"Ivan <sip:Ivan@Verso.com>","request_to":"Ivan <sip:Ivan@Verso.com>","response_from":"\u0022Ivan\u0022 <sip:Ivan@Verso.com>","response_to":"\u0022Ivan\u0022 <sip:Ivan@Verso.com>","call_id":"46E1C3CB36304F84A020CF6DD3F96461@Verso.com","seq":"37764 REGISTER","request_path":["SIP/2.0/UDP 200.57.7.205:5061;rport"],"response_path":["SIP/2.0/UDP 200.57.7.205:5061;received=200.57.7.205;rport=5061"],"user_agent":"Verso Softphone release 1104w","status_code":200,"status_msg":"OK","request_body_len":0,"response_body_len":0} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1361916332.020006,"uid":"CbT8mpAXseu6Pt4R7","id.orig_h":"172.16.133.6","id.orig_p":1728,"id.resp_h":"172.16.128.202","id.resp_p":445,"command":"NT_CREATE_ANDX","argument":"\u005cbrowser","status":"SUCCESS","rtt":0.091141,"version":"SMB1","tree":"\u005c\u005cJSRVR20\u005cIPC$","tree_service":"IPC","referenced_file.ts":1361916332.020006,"referenced_file.uid":"CbT8mpAXseu6Pt4R7","referenced_file.id.orig_h":"172.16.133.6","referenced_file.id.orig_p":1728,"referenced_file.id.resp_h":"172.16.128.202","referenced_file.id.resp_p":445,"referenced_file.action":"SMB::FILE_OPEN","referenced_file.name":"\u005cbrowser","referenced_file.size":0} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1507565599.576942,"uid":"C9YAaEzWLL62yWMn5","id.orig_h":"192.168.10.31","id.orig_p":49239,"id.resp_h":"192.168.10.30","id.resp_p":445,"action":"SMB::FILE_OPEN","path":"\u005c\u005cadmin-pc\u005cADMIN$","name":"PSEXESVC.exe","size":0,"times.modified":1507565599.607777,"times.accessed":1507565599.607777,"times.created":1507565599.607777,"times.changed":1507565599.607777} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1507565599.576613,"uid":"C9YAaEzWLL62yWMn5","id.orig_h":"192.168.10.31","id.orig_p":49239,"id.resp_h":"192.168.10.30","id.resp_p":445,"path":"\u005c\u005cadmin-pc\u005cADMIN$","share_type":"DISK"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1543877987.381899,"uid":"CWWzPB3RjqhFf528c","id.orig_h":"192.168.1.10","id.orig_p":33782,"id.resp_h":"192.168.1.9","id.resp_p":25,"trans_depth":1,"helo":"EXAMPLE.COM","last_reply":"220 2.0.0 SMTP server ready","path":["192.168.1.9"],"tls":true,"fuids":[],"is_webmail":false} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1543877948.916584,"uid":"CnKW1B4w9fpRa6Nkf2","id.orig_h":"192.168.1.2","id.orig_p":59696,"id.resp_h":"192.168.1.1","id.resp_p":161,"duration":7.849924,"version":"2c","community":"public","get_requests":0,"get_bulk_requests":0,"get_responses":8,"set_requests":0,"up_since":1543631204.766508} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1566508093.09494,"uid":"Cmz4Cb4qCw1hGqYw1c","id.orig_h":"127.0.0.1","id.orig_p":35368,"id.resp_h":"127.0.0.1","id.resp_p":8080,"version":5,"status":"succeeded","request.name":"www.google.com","request_p":443,"bound.host":"0.0.0.0","bound_p":0} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1562527532.904291,"uid":"CajWfz1b3qnnWT0BU9","id.orig_h":"192.168.1.2","id.orig_p":48380,"id.resp_h":"192.168.1.1","id.resp_p":22,"version":2,"auth_success":false,"auth_attempts":2,"client":"SSH-2.0-OpenSSH_7.9p1 Ubuntu-10","server":"SSH-2.0-OpenSSH_6.6.1p1 Debian-4~bpo70+1","cipher_alg":"chacha20-poly1305@openssh.com","mac_alg":"umac-64-etm@openssh.com","compression_alg":"none","kex_alg":"curve25519-sha256@libssh.org","host_key_alg":"ecdsa-sha2-nistp256","host_key":"86:71:ac:9c:35:1c:28:29:05:81:48:ec:66:67:de:bd"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| {"ts":1547688736.805088,"uid":"CAOvs1BMFCX2Eh0Y3","id.orig_h":"10.178.98.102","id.orig_p":63199,"id.resp_h":"35.199.178.4","id.resp_p":9243,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp256r1","server_name":"dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io","resumed":false,"established":true,"cert_chain_fuids":["FebkbHWVCV8rEEEne","F4BDY41MGUBT6URZMd","FWlfEfiHVkv8evDL3"],"client_cert_chain_fuids":[],"subject":"CN=*.gcp.cloud.es.io,O=Elasticsearch\u005c, Inc.,L=Mountain View,ST=California,C=US","issuer":"CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US","validation_status":"ok"} | ||
| {"ts":1547688736.80509,"uid":"C3mki91FnnNtm0u1ok","id.orig_h":"10.178.98.102","id.orig_p":63198,"id.resp_h":"35.199.178.4","id.resp_p":9243,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp256r1","server_name":"dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io","resumed":false,"established":true,"cert_chain_fuids":["Fue9H32OmuitQk2zR","FpbiBP215tk2xftxM6","FEdROj1vUzTGw3BIUa"],"client_cert_chain_fuids":[],"subject":"CN=*.gcp.cloud.es.io,O=Elasticsearch\u005c, Inc.,L=Mountain View,ST=California,C=US","issuer":"CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US","validation_status":"ok"} | ||
| {"ts":1547688736.805527,"uid":"CfGBt82PzCXzHa0iek","id.orig_h":"10.178.98.102","id.orig_p":63197,"id.resp_h":"35.199.178.4","id.resp_p":9243,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp256r1","server_name":"dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io","resumed":false,"established":true,"cert_chain_fuids":["FiFLYv3UjeWyv2gcW","FvSsiB1Xi816EMagI9","FWpPS4mjGaAhTRXLf"],"client_cert_chain_fuids":[],"subject":"CN=*.gcp.cloud.es.io,O=Elasticsearch\u005c, Inc.,L=Mountain View,ST=California,C=US","issuer":"CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US","validation_status":"ok"}{"ts":1602179457.352156,"uid":"CK17Dl2SB8bZOVonSl","id.orig_h":"10.0.0.1","id.orig_p":49228,"id.resp_h":"192.168.50.1","id.resp_p":443,"version":"TLSv12","cipher":"TLS_RSA_WITH_AES_128_CBC_SHA256","resumed":false,"established":true,"cert_chain_fuids":["FOLwYQ6rs70bIMSf9"],"client_cert_chain_fuids":[],"subject":"CN=foo,OU=foo@bar,O=org,L=locality,C=LO","issuer":"CN=CA,OU=CA@example.com,O=Example Corp,L=foo,C=HI","validation_status":"self signed certificate","ja3":"74927e242d6c3febf8cb9cab10a7f889","ja3s":"80b3a14bccc8598a1f3bbe83e71f735f","resp_certificate_sha1":"5dad8b55621b6b9c30679d9d61248dd132a83c94","not_valid_before":1562022421,"not_valid_after":1577748224} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1476605878.714844,"peer":"bro","mem":94,"pkts_proc":296,"bytes_recv":39674,"events_proc":723,"events_queued":728,"active_tcp_conns":1,"active_udp_conns":3,"active_icmp_conns":0,"tcp_conns":6,"udp_conns":36,"icmp_conns":2,"timers":797,"active_timers":38,"files":0,"active_files":0,"dns_requests":0,"active_dns_requests":0,"reassem_tcp_size":0,"reassem_file_size":0,"reassem_frag_size":0,"reassem_unknown_size":0} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1361916158.650605,"src":"192.168.1.1","dst":"8.8.8.8","proto":"udp"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"ts":1544405666.743509,"id.orig_h":"132.16.146.79","id.orig_p":0,"id.resp_h":"132.16.110.133","id.resp_p":8080,"tunnel_type":"Tunnel::HTTP","action":"Tunnel::DISCOVER"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| {"ts":1543877999.99354,"uid":"C1ralPp062bkwWt4e","id.orig_h":"192.168.1.1","id.orig_p":64521,"id.resp_h":"192.168.1.2","id.resp_p":53,"name":"dns_unmatched_reply","notice":false,"peer":"worker-6"} | ||
| {"ts":1580227259.342809,"name":"non_ip_packet_in_ethernet","notice":false,"peer":"ens3f1-4"} |
Oops, something went wrong.