raw-data-rocknsm

1. {
2.   "_index": "test-suricata-2020.09.25",
3.   "_type": "_doc",
4.   "_id": "4ybPxXQBnXT9f-kWlRyr",
5.   "_version": 1,
6.   "_score": null,
7.   "_source": {
8.     "alert": {
9.       "action": "allowed",
10.       "severity": 1,
11.       "category": "Attempted Administrator Privilege Gain",
12.       "gid": 1,
13.       "signature": "ET EXPLOIT Possible CVE-2020-11899 Multicast out-of-bound read",
14.       "rev": 1,
15.       "signature_id": 2030387,
16.       "metadata": {
17.         "updated_at": [
18.           "2020_08_20"
19.         ],
20.         "created_at": [
21.           "2020_06_22"
22.         ],
23.         "former_category": [
24.           "EXPLOIT"
25.         ],
26.         "signature_severity": [
27.           "Major"
28.         ],
29.         "performance_impact": [
30.           "Significant"
31.         ]
32.       }
33.     },
34.     "dest_port": 5353,
35.     "in_iface": "eno1",
36.     "packet": "MzMAAAD7yLzIksXpht1gBWJsAOAR//6AAAAAAAAAGH3lIre7bz7/AgAAAAAAAAAAAAAAAAD7FOkU6QDg8A0AAAAAAAsAAAAAAAAMX3NsZWVwLXByb3h5BF91ZHAFbG9jYWwAAAwAAQhfYWlycG9ydARfdGNwwB4ADAABCF9haXJwbGF5wDIADAABBV9yYW9wwDIADAABB191c2NhbnPAMgAMAAEHX2lwcHVzYsAyAAwAAQVfaXBwc8AyAAwAAQRfcHRwwDIADAABDV9hcHBsZS1tb2JkZXbAMgAMAAEIOTczMzA4NTcEX3N1Yg5fYXBwbGUtbW9iZGV2MsAyAAwAAQ9fYXBwbGUtcGFpcmFibGXAMgAMAAE=",
37.     "flow_id": 1775958375098628,
38.     "host": "rock.test.locale",
39.     "src_ip": "fe80:0000:0000:0000:187d:e522:b7bb:6f3e",
40.     "path": "/data/suricata/eve.json",
41.     "app_proto": "failed",
42.     "@timestamp": "2020-09-25T15:09:09.844Z",
43.     "src_port": 5353,
44.     "stream": 0,
45.     "community_id": "1:drQSpCfOu4ASI9BGcy1Na9W82sw=",
46.     "packet_info": {
47.       "linktype": 1
48.     },
49.     "@version": "1",
50.     "organization": {
51.       "code": "test",
52.       "name": "test"
53.     },
54.     "proto": "UDP",
55.     "payload_printable": "............._sleep-proxy._udp.local......_airport._tcp......._airplay.2....._raop.2....._uscans.2....._ippusb.2....._ipps.2....._ptp.2....\r_apple-mobdev.2.....97330857._sub._apple-mobdev2.2....._apple-pairable.2....",
56.     "timestamp": "2020-09-25T15:09:09.616708+0000",
57.     "dest_ip": "ff02:0000:0000:0000:0000:0000:0000:00fb",
58.     "payload": "AAAAAAALAAAAAAAADF9zbGVlcC1wcm94eQRfdWRwBWxvY2FsAAAMAAEIX2FpcnBvcnQEX3RjcMAeAAwAAQhfYWlycGxhecAyAAwAAQVfcmFvcMAyAAwAAQdfdXNjYW5zwDIADAABB19pcHB1c2LAMgAMAAEFX2lwcHPAMgAMAAEEX3B0cMAyAAwAAQ1fYXBwbGUtbW9iZGV2wDIADAABCDk3MzMwODU3BF9zdWIOX2FwcGxlLW1vYmRldjLAMgAMAAEPX2FwcGxlLXBhaXJhYmxlwDIADAAB",
59.     "event_type": "alert",
60.     "type": "eve",
61.     "flow": {
62.       "pkts_toserver": 1,
63.       "bytes_toclient": 0,
64.       "pkts_toclient": 0,
65.       "start": "2020-09-25T15:09:09.616708+0000",
66.       "bytes_toserver": 278
67.     }
68.   },
69.   "fields": {
70.     "flow.start": [
71.       "2020-09-25T15:09:09.616Z"
72.     ],
73.     "@timestamp": [
74.       "2020-09-25T15:09:09.844Z"
75.     ],
76.     "timestamp": [
77.       "2020-09-25T15:09:09.616Z"
78.     ]
79.   },
80.   "highlight": {
81.     "community_id": [
82.       "@kibana-highlighted-field@1@/kibana-highlighted-field@:@kibana-highlighted-field@drQSpCfOu4ASI9BGcy1Na9W82sw@/kibana-highlighted-field@="
83.     ],
84.     "event_type": [
85.       "@kibana-highlighted-field@alert@/kibana-highlighted-field@"
86.     ]
87.   },
88.   "sort": [
89.     1601046549844
90.   ]
91. }