Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "_index": "test-suricata-2020.09.25",
- "_type": "_doc",
- "_id": "4ybPxXQBnXT9f-kWlRyr",
- "_version": 1,
- "_score": null,
- "_source": {
- "alert": {
- "action": "allowed",
- "severity": 1,
- "category": "Attempted Administrator Privilege Gain",
- "gid": 1,
- "signature": "ET EXPLOIT Possible CVE-2020-11899 Multicast out-of-bound read",
- "rev": 1,
- "signature_id": 2030387,
- "metadata": {
- "updated_at": [
- "2020_08_20"
- ],
- "created_at": [
- "2020_06_22"
- ],
- "former_category": [
- "EXPLOIT"
- ],
- "signature_severity": [
- "Major"
- ],
- "performance_impact": [
- "Significant"
- ]
- }
- },
- "dest_port": 5353,
- "in_iface": "eno1",
- "packet": "MzMAAAD7yLzIksXpht1gBWJsAOAR//6AAAAAAAAAGH3lIre7bz7/AgAAAAAAAAAAAAAAAAD7FOkU6QDg8A0AAAAAAAsAAAAAAAAMX3NsZWVwLXByb3h5BF91ZHAFbG9jYWwAAAwAAQhfYWlycG9ydARfdGNwwB4ADAABCF9haXJwbGF5wDIADAABBV9yYW9wwDIADAABB191c2NhbnPAMgAMAAEHX2lwcHVzYsAyAAwAAQVfaXBwc8AyAAwAAQRfcHRwwDIADAABDV9hcHBsZS1tb2JkZXbAMgAMAAEIOTczMzA4NTcEX3N1Yg5fYXBwbGUtbW9iZGV2MsAyAAwAAQ9fYXBwbGUtcGFpcmFibGXAMgAMAAE=",
- "flow_id": 1775958375098628,
- "host": "rock.test.locale",
- "src_ip": "fe80:0000:0000:0000:187d:e522:b7bb:6f3e",
- "path": "/data/suricata/eve.json",
- "app_proto": "failed",
- "@timestamp": "2020-09-25T15:09:09.844Z",
- "src_port": 5353,
- "stream": 0,
- "community_id": "1:drQSpCfOu4ASI9BGcy1Na9W82sw=",
- "packet_info": {
- "linktype": 1
- },
- "@version": "1",
- "organization": {
- "code": "test",
- "name": "test"
- },
- "proto": "UDP",
- "payload_printable": "............._sleep-proxy._udp.local......_airport._tcp......._airplay.2....._raop.2....._uscans.2....._ippusb.2....._ipps.2....._ptp.2....\r_apple-mobdev.2.....97330857._sub._apple-mobdev2.2....._apple-pairable.2....",
- "timestamp": "2020-09-25T15:09:09.616708+0000",
- "dest_ip": "ff02:0000:0000:0000:0000:0000:0000:00fb",
- "payload": "AAAAAAALAAAAAAAADF9zbGVlcC1wcm94eQRfdWRwBWxvY2FsAAAMAAEIX2FpcnBvcnQEX3RjcMAeAAwAAQhfYWlycGxhecAyAAwAAQVfcmFvcMAyAAwAAQdfdXNjYW5zwDIADAABB19pcHB1c2LAMgAMAAEFX2lwcHPAMgAMAAEEX3B0cMAyAAwAAQ1fYXBwbGUtbW9iZGV2wDIADAABCDk3MzMwODU3BF9zdWIOX2FwcGxlLW1vYmRldjLAMgAMAAEPX2FwcGxlLXBhaXJhYmxlwDIADAAB",
- "event_type": "alert",
- "type": "eve",
- "flow": {
- "pkts_toserver": 1,
- "bytes_toclient": 0,
- "pkts_toclient": 0,
- "start": "2020-09-25T15:09:09.616708+0000",
- "bytes_toserver": 278
- }
- },
- "fields": {
- "flow.start": [
- "2020-09-25T15:09:09.616Z"
- ],
- "@timestamp": [
- "2020-09-25T15:09:09.844Z"
- ],
- "timestamp": [
- "2020-09-25T15:09:09.616Z"
- ]
- },
- "highlight": {
- "community_id": [
- "@kibana-highlighted-field@1@/kibana-highlighted-field@:@kibana-highlighted-field@drQSpCfOu4ASI9BGcy1Na9W82sw@/kibana-highlighted-field@="
- ],
- "event_type": [
- "@kibana-highlighted-field@alert@/kibana-highlighted-field@"
- ]
- },
- "sort": [
- 1601046549844
- ]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement