Veshialle

raw-data-rocknsm

Sep 25th, 2020
1,081
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. {
  2.   "_index": "test-suricata-2020.09.25",
  3.   "_type": "_doc",
  4.   "_id": "4ybPxXQBnXT9f-kWlRyr",
  5.   "_version": 1,
  6.   "_score": null,
  7.   "_source": {
  8.     "alert": {
  9.       "action": "allowed",
  10.       "severity": 1,
  11.       "category": "Attempted Administrator Privilege Gain",
  12.       "gid": 1,
  13.       "signature": "ET EXPLOIT Possible CVE-2020-11899 Multicast out-of-bound read",
  14.       "rev": 1,
  15.       "signature_id": 2030387,
  16.       "metadata": {
  17.         "updated_at": [
  18.           "2020_08_20"
  19.         ],
  20.         "created_at": [
  21.           "2020_06_22"
  22.         ],
  23.         "former_category": [
  24.           "EXPLOIT"
  25.         ],
  26.         "signature_severity": [
  27.           "Major"
  28.         ],
  29.         "performance_impact": [
  30.           "Significant"
  31.         ]
  32.       }
  33.     },
  34.     "dest_port": 5353,
  35.     "in_iface": "eno1",
  36.     "packet": "MzMAAAD7yLzIksXpht1gBWJsAOAR//6AAAAAAAAAGH3lIre7bz7/AgAAAAAAAAAAAAAAAAD7FOkU6QDg8A0AAAAAAAsAAAAAAAAMX3NsZWVwLXByb3h5BF91ZHAFbG9jYWwAAAwAAQhfYWlycG9ydARfdGNwwB4ADAABCF9haXJwbGF5wDIADAABBV9yYW9wwDIADAABB191c2NhbnPAMgAMAAEHX2lwcHVzYsAyAAwAAQVfaXBwc8AyAAwAAQRfcHRwwDIADAABDV9hcHBsZS1tb2JkZXbAMgAMAAEIOTczMzA4NTcEX3N1Yg5fYXBwbGUtbW9iZGV2MsAyAAwAAQ9fYXBwbGUtcGFpcmFibGXAMgAMAAE=",
  37.     "flow_id": 1775958375098628,
  38.     "host": "rock.test.locale",
  39.     "src_ip": "fe80:0000:0000:0000:187d:e522:b7bb:6f3e",
  40.     "path": "/data/suricata/eve.json",
  41.     "app_proto": "failed",
  42.     "@timestamp": "2020-09-25T15:09:09.844Z",
  43.     "src_port": 5353,
  44.     "stream": 0,
  45.     "community_id": "1:drQSpCfOu4ASI9BGcy1Na9W82sw=",
  46.     "packet_info": {
  47.       "linktype": 1
  48.     },
  49.     "@version": "1",
  50.     "organization": {
  51.       "code": "test",
  52.       "name": "test"
  53.     },
  54.     "proto": "UDP",
  55.     "payload_printable": "............._sleep-proxy._udp.local......_airport._tcp......._airplay.2....._raop.2....._uscans.2....._ippusb.2....._ipps.2....._ptp.2....\r_apple-mobdev.2.....97330857._sub._apple-mobdev2.2....._apple-pairable.2....",
  56.     "timestamp": "2020-09-25T15:09:09.616708+0000",
  57.     "dest_ip": "ff02:0000:0000:0000:0000:0000:0000:00fb",
  58.     "payload": "AAAAAAALAAAAAAAADF9zbGVlcC1wcm94eQRfdWRwBWxvY2FsAAAMAAEIX2FpcnBvcnQEX3RjcMAeAAwAAQhfYWlycGxhecAyAAwAAQVfcmFvcMAyAAwAAQdfdXNjYW5zwDIADAABB19pcHB1c2LAMgAMAAEFX2lwcHPAMgAMAAEEX3B0cMAyAAwAAQ1fYXBwbGUtbW9iZGV2wDIADAABCDk3MzMwODU3BF9zdWIOX2FwcGxlLW1vYmRldjLAMgAMAAEPX2FwcGxlLXBhaXJhYmxlwDIADAAB",
  59.     "event_type": "alert",
  60.     "type": "eve",
  61.     "flow": {
  62.       "pkts_toserver": 1,
  63.       "bytes_toclient": 0,
  64.       "pkts_toclient": 0,
  65.       "start": "2020-09-25T15:09:09.616708+0000",
  66.       "bytes_toserver": 278
  67.     }
  68.   },
  69.   "fields": {
  70.     "flow.start": [
  71.       "2020-09-25T15:09:09.616Z"
  72.     ],
  73.     "@timestamp": [
  74.       "2020-09-25T15:09:09.844Z"
  75.     ],
  76.     "timestamp": [
  77.       "2020-09-25T15:09:09.616Z"
  78.     ]
  79.   },
  80.   "highlight": {
  81.     "community_id": [
  82.       "@kibana-highlighted-field@1@/kibana-highlighted-field@:@kibana-highlighted-field@drQSpCfOu4ASI9BGcy1Na9W82sw@/kibana-highlighted-field@="
  83.     ],
  84.     "event_type": [
  85.       "@kibana-highlighted-field@alert@/kibana-highlighted-field@"
  86.     ]
  87.   },
  88.   "sort": [
  89.     1601046549844
  90.   ]
  91. }
RAW Paste Data