⚲
Project
General
Profile
Sign in
Register
Home
Projects
Help
Search
:
Suricata
All Projects
Suricata
Overview
Activity
Roadmap
Issues
Wiki
Files
Download (6.24 KB)
Bug #7004
» eve-more-tx-ids-et-rules.json
Juliana Fajardini Reichow
, 05/09/2024 07:52 PM
{
"timestamp"
:
"2024-05-02T16:30:50.272848+0000"
,
"flow_id"
:
839593505869483
,
"pcap_cnt"
:
5
,
"event_type"
:
"dns"
,
"src_ip"
:
"10.16.1.11"
,
"src_port"
:
36926
,
"dest_ip"
:
"9.9.9.9"
,
"dest_port"
:
53
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tx_id"
:
0
,
"dns"
:{
"unchanged_tx_id"
:
1
,
"type"
:
"query"
,
"id"
:
0
,
"rrname"
:
"suricata.io"
,
"rrtype"
:
"A"
,
"tx_id"
:
0
,
"opcode"
:
0
}}
{
"timestamp"
:
"2024-05-02T16:30:50.274655+0000"
,
"flow_id"
:
839593505869483
,
"pcap_cnt"
:
7
,
"event_type"
:
"dns"
,
"src_ip"
:
"10.16.1.11"
,
"src_port"
:
36926
,
"dest_ip"
:
"9.9.9.9"
,
"dest_port"
:
53
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tx_id"
:
1
,
"dns"
:{
"unchanged_tx_id"
:
2
,
"version"
:
2
,
"type"
:
"answer"
,
"id"
:
0
,
"flags"
:
"8180"
,
"qr"
:
true
,
"rd"
:
true
,
"ra"
:
true
,
"opcode"
:
0
,
"rrname"
:
"suricata.io"
,
"rrtype"
:
"A"
,
"rcode"
:
"NOERROR"
,
"answers"
:[{
"rrname"
:
"suricata.io"
,
"rrtype"
:
"A"
,
"ttl"
:
490
,
"rdata"
:
"35.212.0.44"
}],
"grouped"
:{
"A"
:[
"35.212.0.44"
]}}}
{
"timestamp"
:
"2024-05-02T16:30:50.325221+0000"
,
"flow_id"
:
839593505869483
,
"pcap_cnt"
:
9
,
"event_type"
:
"dns"
,
"src_ip"
:
"10.16.1.11"
,
"src_port"
:
36926
,
"dest_ip"
:
"9.9.9.9"
,
"dest_port"
:
53
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tx_id"
:
2
,
"dns"
:{
"unchanged_tx_id"
:
3
,
"type"
:
"query"
,
"id"
:
0
,
"rrname"
:
"oisf.net"
,
"rrtype"
:
"A"
,
"tx_id"
:
2
,
"opcode"
:
0
}}
{
"timestamp"
:
"2024-05-02T16:30:50.327524+0000"
,
"flow_id"
:
839593505869483
,
"pcap_cnt"
:
10
,
"event_type"
:
"dns"
,
"src_ip"
:
"10.16.1.11"
,
"src_port"
:
36926
,
"dest_ip"
:
"9.9.9.9"
,
"dest_port"
:
53
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tx_id"
:
3
,
"dns"
:{
"unchanged_tx_id"
:
4
,
"version"
:
2
,
"type"
:
"answer"
,
"id"
:
0
,
"flags"
:
"8180"
,
"qr"
:
true
,
"rd"
:
true
,
"ra"
:
true
,
"opcode"
:
0
,
"rrname"
:
"oisf.net"
,
"rrtype"
:
"A"
,
"rcode"
:
"NOERROR"
,
"answers"
:[{
"rrname"
:
"oisf.net"
,
"rrtype"
:
"A"
,
"ttl"
:
207
,
"rdata"
:
"192.0.78.190"
},{
"rrname"
:
"oisf.net"
,
"rrtype"
:
"A"
,
"ttl"
:
207
,
"rdata"
:
"192.0.78.209"
}],
"grouped"
:{
"A"
:[
"192.0.78.190"
,
"192.0.78.209"
]}}}
{
"timestamp"
:
"2024-05-02T16:30:50.378909+0000"
,
"flow_id"
:
839593505869483
,
"pcap_cnt"
:
11
,
"event_type"
:
"dns"
,
"src_ip"
:
"10.16.1.11"
,
"src_port"
:
36926
,
"dest_ip"
:
"9.9.9.9"
,
"dest_port"
:
53
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tx_id"
:
4
,
"dns"
:{
"unchanged_tx_id"
:
5
,
"type"
:
"query"
,
"id"
:
0
,
"rrname"
:
"suricata.org"
,
"rrtype"
:
"A"
,
"tx_id"
:
4
,
"opcode"
:
0
}}
{
"timestamp"
:
"2024-05-02T16:30:50.383524+0000"
,
"flow_id"
:
839593505869483
,
"pcap_cnt"
:
12
,
"event_type"
:
"alert"
,
"src_ip"
:
"10.16.1.11"
,
"src_port"
:
36926
,
"dest_ip"
:
"9.9.9.9"
,
"dest_port"
:
53
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tx_id"
:
5
,
"tx_id"
:
4
,
"tx_id_pa"
:
4
,
"alert"
:{
"action"
:
"allowed"
,
"gid"
:
1
,
"signature_id"
:
1
,
"rev"
:
1
,
"signature"
:
"DNS suricata both"
,
"category"
:
""
,
"severity"
:
3
},
"dns"
:{
"query"
:[{
"unchanged_tx_id"
:
5
,
"type"
:
"query"
,
"id"
:
0
,
"rrname"
:
"suricata.org"
,
"rrtype"
:
"A"
,
"tx_id"
:
4
,
"opcode"
:
0
}]},
"app_proto"
:
"dns"
,
"direction"
:
"to_server"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
5
,
"bytes_toserver"
:
561
,
"bytes_toclient"
:
509
,
"start"
:
"2024-05-02T16:30:50.129947+0000"
,
"src_ip"
:
"10.16.1.11"
,
"dest_ip"
:
"9.9.9.9"
,
"src_port"
:
36926
,
"dest_port"
:
53
}}
{
"timestamp"
:
"2024-05-02T16:30:50.383524+0000"
,
"flow_id"
:
839593505869483
,
"pcap_cnt"
:
12
,
"event_type"
:
"alert"
,
"src_ip"
:
"10.16.1.11"
,
"src_port"
:
36926
,
"dest_ip"
:
"9.9.9.9"
,
"dest_port"
:
53
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tx_id"
:
5
,
"tx_id"
:
4
,
"tx_id_pa"
:
4
,
"alert"
:{
"action"
:
"allowed"
,
"gid"
:
1
,
"signature_id"
:
3
,
"rev"
:
1
,
"signature"
:
"DNS suricata server"
,
"category"
:
""
,
"severity"
:
3
},
"dns"
:{
"query"
:[{
"unchanged_tx_id"
:
5
,
"type"
:
"query"
,
"id"
:
0
,
"rrname"
:
"suricata.org"
,
"rrtype"
:
"A"
,
"tx_id"
:
4
,
"opcode"
:
0
}]},
"app_proto"
:
"dns"
,
"direction"
:
"to_server"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
5
,
"bytes_toserver"
:
561
,
"bytes_toclient"
:
509
,
"start"
:
"2024-05-02T16:30:50.129947+0000"
,
"src_ip"
:
"10.16.1.11"
,
"dest_ip"
:
"9.9.9.9"
,
"src_port"
:
36926
,
"dest_port"
:
53
}}
{
"timestamp"
:
"2024-05-02T16:30:50.383524+0000"
,
"flow_id"
:
839593505869483
,
"pcap_cnt"
:
12
,
"event_type"
:
"dns"
,
"src_ip"
:
"10.16.1.11"
,
"src_port"
:
36926
,
"dest_ip"
:
"9.9.9.9"
,
"dest_port"
:
53
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tx_id"
:
5
,
"dns"
:{
"unchanged_tx_id"
:
6
,
"version"
:
2
,
"type"
:
"answer"
,
"id"
:
0
,
"flags"
:
"8180"
,
"qr"
:
true
,
"rd"
:
true
,
"ra"
:
true
,
"opcode"
:
0
,
"rrname"
:
"suricata.org"
,
"rrtype"
:
"A"
,
"rcode"
:
"NOERROR"
,
"answers"
:[{
"rrname"
:
"suricata.org"
,
"rrtype"
:
"A"
,
"ttl"
:
600
,
"rdata"
:
"15.197.148.33"
},{
"rrname"
:
"suricata.org"
,
"rrtype"
:
"A"
,
"ttl"
:
600
,
"rdata"
:
"3.33.130.190"
}],
"grouped"
:{
"A"
:[
"15.197.148.33"
,
"3.33.130.190"
]}}}
{
"timestamp"
:
"2024-05-02T16:30:50.430250+0000"
,
"flow_id"
:
839593505869483
,
"pcap_cnt"
:
13
,
"event_type"
:
"alert"
,
"src_ip"
:
"9.9.9.9"
,
"src_port"
:
53
,
"dest_ip"
:
"10.16.1.11"
,
"dest_port"
:
36926
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tx_id"
:
6
,
"tx_id"
:
5
,
"tx_id_pa"
:
5
,
"alert"
:{
"action"
:
"allowed"
,
"gid"
:
1
,
"signature_id"
:
1
,
"rev"
:
1
,
"signature"
:
"DNS suricata both"
,
"category"
:
""
,
"severity"
:
3
},
"dns"
:{
"answer"
:{
"unchanged_tx_id"
:
6
,
"version"
:
2
,
"type"
:
"answer"
,
"id"
:
0
,
"flags"
:
"8180"
,
"qr"
:
true
,
"rd"
:
true
,
"ra"
:
true
,
"opcode"
:
0
,
"rrname"
:
"suricata.org"
,
"rrtype"
:
"A"
,
"rcode"
:
"NOERROR"
}},
"app_proto"
:
"dns"
,
"direction"
:
"to_client"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
6
,
"bytes_toserver"
:
561
,
"bytes_toclient"
:
575
,
"start"
:
"2024-05-02T16:30:50.129947+0000"
,
"src_ip"
:
"10.16.1.11"
,
"dest_ip"
:
"9.9.9.9"
,
"src_port"
:
36926
,
"dest_port"
:
53
}}
{
"timestamp"
:
"2024-05-02T16:30:50.430250+0000"
,
"flow_id"
:
839593505869483
,
"pcap_cnt"
:
13
,
"event_type"
:
"alert"
,
"src_ip"
:
"9.9.9.9"
,
"src_port"
:
53
,
"dest_ip"
:
"10.16.1.11"
,
"dest_port"
:
36926
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tx_id"
:
6
,
"tx_id"
:
5
,
"tx_id_pa"
:
5
,
"alert"
:{
"action"
:
"allowed"
,
"gid"
:
1
,
"signature_id"
:
2
,
"rev"
:
1
,
"signature"
:
"DNS oisf client"
,
"category"
:
""
,
"severity"
:
3
},
"dns"
:{
"answer"
:{
"unchanged_tx_id"
:
6
,
"version"
:
2
,
"type"
:
"answer"
,
"id"
:
0
,
"flags"
:
"8180"
,
"qr"
:
true
,
"rd"
:
true
,
"ra"
:
true
,
"opcode"
:
0
,
"rrname"
:
"suricata.org"
,
"rrtype"
:
"A"
,
"rcode"
:
"NOERROR"
}},
"app_proto"
:
"dns"
,
"direction"
:
"to_client"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
6
,
"bytes_toserver"
:
561
,
"bytes_toclient"
:
575
,
"start"
:
"2024-05-02T16:30:50.129947+0000"
,
"src_ip"
:
"10.16.1.11"
,
"dest_ip"
:
"9.9.9.9"
,
"src_port"
:
36926
,
"dest_port"
:
53
}}
{
"timestamp"
:
"2024-05-02T16:30:50.129947+0000"
,
"flow_id"
:
839593505869483
,
"event_type"
:
"flow"
,
"src_ip"
:
"10.16.1.11"
,
"src_port"
:
36926
,
"dest_ip"
:
"9.9.9.9"
,
"dest_port"
:
53
,
"proto"
:
"TCP"
,
"app_proto"
:
"dns"
,
"flow"
:{
"pkts_toserver"
:
8
,
"pkts_toclient"
:
6
,
"bytes_toserver"
:
627
,
"bytes_toclient"
:
575
,
"start"
:
"2024-05-02T16:30:50.129947+0000"
,
"end"
:
"2024-05-02T16:30:50.430442+0000"
,
"age"
:
0
,
"state"
:
"closed"
,
"reason"
:
"shutdown"
,
"alerted"
:
true
},
"tcp"
:{
"tcp_flags"
:
"1b"
,
"tcp_flags_ts"
:
"1b"
,
"tcp_flags_tc"
:
"1b"
,
"syn"
:
true
,
"fin"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"closed"
,
"ts_max_regions"
:
1
,
"tc_max_regions"
:
1
}}
« Previous
1
…
5
6
7
8
9
Next »
(7-7/9)
Loading...
